Trillions of domestic phone records in the United States are tracked every year under a secretive surveillance operation, WIRED revealed this week. The Data Analytical Services program, which was previously known as Hemisphere, allows cops to request and analyze the phone records of people and others who they communicate with, including those not suspected of crimes. The surveillance system is run by the White House, with telecom firm AT&T providing phone records in response to law enforcement requests.
The crypto world kept tumbling this week. After Sam Bankman-Fried was found guilty at the start of this month, it was the turn of crypto exchange Binance and its CEO Changpeng Zhao to face scrutiny from US officials. The US Department of Justice unsealed an indictment against the company, which accuses it of violating US anti-money-laundering laws and of enabling Iran, Cuba, and Russia to launder dirty money.
If you’re in the US and have some extra time over the long holiday weekend, it’s also worth catching up on Andy Greenberg’s epic tale of the three young hackers twho brought down the internet with the Mirai botnet—and their story of redemption. Then it’s definitely time to log off.
That’s not all. Each week, we round up the security and privacy stories we didn’t report on in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
Google makes most of its money from advertising—and it doesn’t like ad blockers, which prevent millions of ads being shown on websites every day. In recent months, the company has been cracking down on ad blockers on YouTube in a big way. But that’s just the start of it.
This week YouTube confirmed it has, in some instances, introduced a five-second delay before videos load if people are using an ad blocker in their browser. “In the past week, users using ad blockers may have experienced suboptimal viewing, which included delays in loading, regardless of the browser they are using,” a YouTube spokesperson told The Verge. The company admitted the delays had been happening after some people on Reddit and Hacker News spotted slow loading times and initially thought it was because of the browser they were using.
The move follows Google announcing last week that it is going ahead with plans to change how Chrome browser extensions operate, which may limit how some popular ad blockers work. Last year the company paused its plans to roll out Manifest V3, the platform that browser extensions work on, after complaints about how it would impact some extensions. As Ars Technica reported, Google is planning on rolling out a revised version of Manifest V3 in June next year. Google says Manifest V3 is designed to make Chrome run smoothly by reducing the resources that extensions can use and improve security. However ad blockers and privacy experts have criticized how the system works and, in particular, changes to the Declarative Net Request API.
Google proposed putting restrictions on this API but has relaxed these somewhat in the new version of Manifest V3. It originally planned to allow browser extensions to make 5,000 content-filtering “rules,” but it has now increased this to 30,000 rules. AdGuard, an ad blocker, has tentatively welcomed some of the revised changes. Elsewhere, uBlock Origin, which uses around 300,000 filtering rules, has created a “lite” version of its extension in response to Manifest V3. The developer behind uBlock Origin says the lite version is not as “capable” as the full version. Meanwhile, browser makers Brave and Firefox say they are introducing work-arounds to stop ad blockers from being impacted by the changes.
Supply chain attacks, where malware is implanted in a company's legitimate software and spread to the firm's customers, can be incredibly hard to detect and can cause billions of dollars in damage if they’re successful. Hackers for North Korea are increasingly adopting the sophisticated attack method.
This week Microsoft revealed it has discovered the hermit kingdom’s hackers implanting malicious code inside an installer file for photo and video editing software CyberLink. The installer file used legitimate code from CyberLink and was hosted on the company's servers, obscuring the malicious file it contained. Once installed, Microsoft said, the malicious file would deploy a second payload. More than 100 devices have been impacted by the attack, Microsoft says, and it has attributed the attack to the North Korea-based Diamond Sleet hacking group.
After details of the attack were revealed, the UK’s National Cyber Security Centre and the Republic of Korea’s National Intelligence Service issued a warning saying that North Korea’s supply chain attacks are “growing in sophistication and volume.” The two bodies say the tactics support North Korea’s wider priorities, such as stealing money to help fund its ailing economy and nuclear programs, espionage, and stealing tech secrets.
Some flights have had to change course or lost satellite signals in midair due to electronic warfare, The New York Times reported this week. The ongoing conflicts in Ukraine and Gaza have seen GPS jamming and spoofing technologies interfere with the daily operation of flights in and around the areas. The incidents, so far, have not been dangerous. But they highlight the increase in electronic warfare capabilities—which seek to interrupt or disrupt the technologies used for communications and infrastructure—and how the technology needed to launch them is getting cheaper. Since Russia’s full-scale invasion of Ukraine in February 2022, electronic warfare tactics have become increasingly common on both sides, as drones being used for surveillance and reconnaissance have had their signals interrupted and rockets have been sent off course.
Gamaredon is one of Russia’s most brazen hacking groups—the hackers have consistently attacked Ukrainian systems. Now one piece of its malware, a worm that spreads via USB stick and is dubbed LitterDrifter, has spread internationally. The worm has been spotted in the US, Hong Kong, Germany, Poland, and Vietnam, according to researchers at security firm Check Point. The company’s researchers say the worm includes two elements: a spreading module and a second module that also communicates with Gamaredon’s servers. “It’s clear that LitterDrifter was designed to support a large-scale collection operation,” the Check Point researchers write, adding that it’s likely the worm has “spread beyond its intended targets.”
