The Internet Archive is under attack. In addition to a slew of lawsuits against the organization that built and maintains the Wayback Machine, hackers this week breached the Internet Archive, stole 31 million user account credentials, and defaced its website—all while archive.org is struggling. stay online due to a number of distributed denial-of-service attacks. As of Friday, the site remained “temporarily offline.”
In a dark twist of fate, a judge this week cleared the way for the US Treasury Department to seize 69,000 bitcoins stolen from the Silk Road dark web market; Currently, the former IRS investigator who personally seized the bitcoins, Tigran Gambaryan, remains in a Nigerian prison cell on charges related to the actions of his current employer, embattled crypto exchange Binance. Members of Congress and other officials have called for the US government to do more to secure Gambaryan’s release given his direct role in a series of major criminal cases and pioneering crypto-investigation methods. As for those seized Silk Road bitcoins, they are now worth $4.4 billion and will likely be sold.
Security researchers this week described a malicious malware that infiltrates Linux machines and uses various techniques to evade detection. Called Perfctl, the malware disguises itself by creating files similar to those commonly found within Linux environments, using tricks to prevent administrative tools from recording their activities, and more. All of this is done with the goal of staying on the infected machine to continue performing various malicious actions. Researchers estimate that millions of Linux devices could be vulnerable.
Finally, we’ve broken down the ways Google decided to do that not disable third-party tracking cookies in its Chrome browser may continue to impact your privacy.
And it doesn’t end there. Each week, we cover security and privacy issues that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe there.
Police using honeypots to catch cybercriminals is nothing new. But creating an entirely new cryptocurrency to catch pump and dump developers? Now that is something special. The US Department of Justice revealed this week that the FBI is creating a new Ethereum-based crypto token, NexFundAI, specifically to defraud people who manipulate crypto markets and defund.
Although the investigation eventually led to the indictment of 18 people and other entities for alleged fraud and manipulation of the crypto markets, the explosion of the system also affected other ordinary investors who were accused of crimes, although US officials did not provide details about those. funds. The American prosecutor involved in this case told reporters that the investigation has earned a total of $25 million, which will be returned to investors. Trading on NexFundAI has since been disabled.
National Public Data, a data vendor based in Florida, is having a bad year. In August, hackers published the 2.9 billion records stolen from NPD last December that included names, mailing addresses, phone numbers, email addresses, and Social Security numbers—a huge number that the hackers claim affected “every person in the USA, CA, and in the UK. ” Then came the inevitable lawsuits against NPD, which is now filing for bankruptcy. Those proceedings revealed new information, including the fact that NPD was owned by one person, Salvatore Verini, Jr, who operated the business out of his home with $2,500 worth of equipment. A document filed in bankruptcy court by one of NPD’s creditors says the breach may have affected “hundreds of millions” of people.
Discord users in Russia and Turkey this week found they were unable to connect to the online chat app. Authorities in both countries later revealed that Discord had been blocked for alleged illegal activities. The Russian Internet regulator, Roskomnadzor, said in a statement that the ban “is necessary to prevent the use of the messenger for terrorist and extremist purposes, the employment of citizens on their commission, the sale of drugs, regarding the placement of illegal information.” of alleged child abuse hosted on Discord’s servers. According to BleepingComputer, some Discord users in those countries were able to access the app using a VPN that relayed their communications through foreign IP addresses—which may be good news for the Russian military that is reportedly being blocked.
Law enforcement’s use of facial recognition technology to crack down on crimes against Americans is more widespread than previously known, according to an investigation recently published by The Washington Post. Records obtained by the Post found that police in 15 states have used facial recognition devices in “more than 1,000 investigations over the past four years.” Although it appears to be widely used, police departments often seek to hide the fact that they use this technology, which has been found to falsely identify people who have been charged with crimes they did not commit. As an assistant public defender in Minnesota told Post reporters, police may be hiding their use of facial recognition because they “want to avoid a lawsuit about the reliability of the technology.”