The week kicked off with news that CCleaner, a popular security software tool, had itself been compromised, distributing a backdoor to hundreds of thousands of users and highlighting software’s serious supply-chain security issue. Just a few days later, it turned out that the CCleaner was designed instead to target nearly two dozen specific tech firms. That’s… not good.
Elsewhere in security news this week, Donald Trump threatened to destroy North Korea in front of the UN General Assembly, a dangerous escalation of his already incendiary rhetoric. WikiLeaks dumped a bunch of information on how Russia spies on its citizens—much of which was already publicly available. We took a look at why the Google Play Store keeps suffering malware plagues, and why you should use a PIN instead of a pattern to lock your Android phone.
Also, a new hacker group linked to Iran appears to be planting destructive malware at a variety of key targets. So there’s that.
And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories.
Hackers Breached the SEC, Gained Private Company Data
In the world of finance, where knowledge of even the slightest secret data point about a company’s fortunes can give traders an edge, it comes as no surprise that the Securities and Exchange Commission has come into hackers’ crosshairs. On Wednesday, feds revealed that hackers had taken advantage of a security vulnerability in the SEC’s software, called EDGAR, that it uses to publish companies’ financial filings. The breach, according to the Commission’s analysis, revealed financial documents that weren’t available to the public, giving hackers a potential illegal advantage in any market trading—insider trading from the outside. It’s not the first time that EDGAR has had data-control issues. In 2014, EDGAR was shown to be revealing news to some users faster than others, creating an imbalance in trading information for automated high frequency trading systems. And a year later, hackers inserted fake information on the site about a takeover of the company Avon, likely exploiting the shift in the stock’s price that news caused.
DHS Lets 21 States Know That Russia Probed Their Election Defenses Last Year
It had been reported for some time that Russian hackers targeted nearly two dozen states in last year’s presidential election (though it’s important to note that there’s no evidence of actual vote tampering). What remained unknown until Friday was which states those were—including among the states themselves. Now, the Department of Homeland Security has informed the victims that Russia targeted them, though it has yet to make the list of impacted states public. Still, it’s an important step, especially if it helps election organizers better protect their voter rolls ahead of the 2018 Congressional campaigns.
Russian Cops Take Down the Dark Web’s Longest-Lived Drug Market
The recent crackdown on dark web that ended bustling black markets AlphaBay and Hansa didn’t end with those two high-profile English-language contraband bazaars, it seems. This week, Russian authorities revealed that they’d also taken down RAMP, the Russian Anonymous Marketplace, a Russian-language market for drugs that had been online for five years, longer than any other known narcotics outlet on the dark web. A Russian Interior Ministry official told Russian news agency TASS that the takedown happened in July, when RAMP mysterious went offline. But it’s still not clear how the site was found, or if its low-profile owner, who went by the pseudonym Darkside, was arrested in the police action. When WIRED interviewed Darkside via his site’s anonymous messaging system in 2014, he said he was careful to keep his business focused on Russia only to limit attention from foreign governments. “We never mess with the CIA, we work only for Russians and this keeps us safe,” Darkside said at the time. That strategy seems to have worked for years—until it didn’t.
Ransomware Demands You Send Nude Pics
If it wasn’t yet clear that ransomware hackers are depraved sociopaths, one new form of that criminal scheme seems designed to prove it. A new strain of ransomware known as nRansom appeared this week, and demands that anyone who wants to unlock their files email ten nude photos of themselves to the hackers’ email address. “Once you are verified, we will give you your unlock code and sell your nudes on the deep web,” reads the statement that appears on infected computers’ screens, along with a picture of Thomas the Tank Engine, and the words “FUCK YOU!!!” The malware also reportedly plays the theme song from the HBO show Curb Your Enthusiasm. While the nudeware has already been included in the crowdsourced malware repositories VirusTotal and Hybrid Analysis, and some Twitter users have reported being infected, it’s not clear how widespread the infections really are—or whether the ransomware is a legitimate threat or a trolly joke.