WIRED

How the Iranian Government Shut Off the Internet

WIRED

Photograph: AFP/Getty Images

Amid widespread demonstrations over rising gasoline prices, Iranians began experiencing internet slowdowns over the last few days that became a near-total internet and mobile data blackout on Saturday. The government is apparently seeing to silence protestors and quell unrest. So how does a country like Iran switch off internet to a population of more than 80 million? It’s not an easy thing to do.

Though some countries, namely China, architected their internet infrastructure from the start with government control in mind, most don’t have a central set of levers they can pull to influence country-wide access to content or connectivity. But regimes around the world, including those in Russia and Iran, have increasingly been retrofitting traditional private and decentralized networks with cooperation agreements, technical implants, or a combination to give officials more influence. In countries like Ethiopia, Venezuela, and Iraq, along with disputed regions like Kashmir, government-led social media blocking and more extensive outages have become the norm.

“This is the most wide-scale internet shutdown that we’ve seen in Iran,” says Adrian Shahbaz, research director at the pro-democracy group Freedom House, which tracks internet censorship and restriction worldwide. “It’s surprising to see the Iranian authorities block all internet connections rather than only international internet connections, because the latter is a tactic that they’ve used in the past. It could mean they are more fearful of their own people and worry that they cannot control the information space amidst these economic protests.”

The process to block an entire country’s internet connectivity depends on the set-up. Places like Ethiopia that have relatively limited internet proliferation typically have just one government-controlled internet service provider, perhaps alongside some smaller private ISPs. But all usually gain access from a single undersea cable or international network node, creating “upstream” choke points that officials can use to essentially block a country’s connectivity at its source.

Full article

WIRED

Security News This Week: Government Officials Hacked Via WhatsApp

WIRED

This week saw the cybersecurity world taking big strides against some of the world’s most aggressive hackers. In a dramatic and potentially precedent-setting move, WhatsApp, the Facebook-owned messaging platform, sued the Israeli surveillance contractor NSO Group for allegedly targeting 1,400 of WhatsApp’s users with malicious phone calls crafted to infect devices with data-grabbing malware. Meanwhile, over in United States Congress, lawmakers are still struggling to deal with increasingly ubiquitous ransomware attacks that often target vulnerable organizations like local governments and hospitals.

Microsoft reported findings that the Russian hacking group Fancy Bear (also called APT28 or Strontium) has targeted at least 16 antidoping agencies around the world in the lead-up to the 2020 Tokyo Olympics. Russian hackers have barraged the Olympics for three years now, including a particularly stealthy and insidious digital attack on the Pyeongchang Winter Games in 2018.

Full article

WIRED

TikTok, Under Scrutiny, Distances Itself From China

WIRED

TikTok, the app that revolves around sharing short video clips, is in a unique position. It’s arguably the first international social media platform to have built a massive audience in the United States, where it’s been downloaded more than 110 million times since its founding in 2017. TikTok has offices in California near competitors like Snapchat, Instagram, and YouTube, but it’s owned by ByteDance, a Chinese tech giant. As tensions between the US and China continue to escalate, that fact has become a headache for TikTok. Now the company is taking steps to distance itself publicly from its counterparts in Beijing.

This week, Senators Chuck Schumer (D-New York) and Tom Cotton (R-Arkansas) sent a letter to US intelligence officials asking them to investigate whether TikTok poses “national security risks.” In their letter, sent to Joseph Maguire, the acting director of national intelligence, the senators expressed concern about the data TikTok collects on US users and whether that information could potentially be shared with the Chinese Communist Party. They also questioned whether Tiktok censors content on its platform and said the app is a “potential counterintelligence threat we cannot ignore.”

It wasn’t the first time this month that lawmakers have questioned the security and content moderation practices of TikTok. Two weeks ago, Senator Marco Rubio (R-Florida) called for the Committee on Foreign Investment to investigate ByteDance’s 2017 acquisition of Musical.ly, a lip-syncing app popular in the US that was later merged with TikTok. On Twitter, Rubio said he was concerned TikTok is “censoring content in line with #China’s communist government directives.”

Full article

WIRED

Flock Safety Says Its License Plate Readers Reduce Crime. It’s Not That Simple

WIRED

On the surface, it appears as though a simple fix—installing relatively discrete license-plate readers—had an enormous positive impact. That’s the narrative Flock Safety has put forward. The company proudly touted the results of the Cobb County pilot in a press release it sent to WIRED this week, and advertises on its website that it solves “up to five crimes an hour.”

But experts say it’s not that simple, and that establishing a causal relationship between any given variable and fluctuating crime rates is no easy task. “I am not saying that the readers did not have an effect on crime—it is just that we cannot attribute any reduction in crime to the readers themselves,” says Alex Piquero, a professor of criminology at the University of Texas, Dallas.

Even police agree. “To make it very clear, we are not 100 percent positive that Flock cameras were the difference,” notes VanHoozer. “What we did see, though, is an incredible decrease in crime, starting when we put these cameras down there.”

Full article

WIRED

Facebook’s New Privacy Feature Comes With a Loophole

WIRED

By default, Facebook tracks what you do even when you’re not on Facebook, like the products you shop for, the political candidates you donate to, and the porn you watch, using tools like Facebook Pixel, a small piece of code deposited on millions of websites across the internet. The social network uses that information to target you with personalized ads—a business model that is now worth billions of dollars.

But that model has also come under increased scrutiny as privacy advocates, lawmakers, and pundits continue to question why anyone should trust Facebook with their data. In the aftermath of the Cambridge Analytica scandal last year, Facebook promised that users would soon have more control over their information using a “Clear History” tool, which would delete people’s off-platform browsing records. More than a year later, the company finally announced Monday it’s rolling out the feature, now called “Off-Facebook Activity.” People in Ireland, South Korea, and Spain will have access to the long-anticipated tool first, and it will be rolled out in the coming months to all Facebook users.

Full article

WIRED

Security News This Week: WannaCry Hero Marcus Hutchins Won’t Go to Jail for Old Hacking Crimes

WIRED

Chris Ratcliffe/Bloomberg/Getty Images
Follow the entire thread!

In May 2017, a young hacker who goes by the sobriquet MalwareTech singlehandedly saved the world from the devastating WannaCry ransomware outbreak. Three months later, police arrested MalwareTech—real name Marcus Hutchins—over his involvement in creating a piece of malware that helped cybercriminals steal from banks. Hutchens had pleaded guilty to the charges in April. But at a sentencing hearing Tuesday, Judge J.P. Stadtmueller made clear that Hutchins’s WannaCry heroics far outweighed the crimes of his youth, letting him off with a sentence of time served. In other words, Hutchins is free to return to his home in the UK. For a fuller account, and some invaluable insights from Stadtmueller, read Marcy Wheeler’s thread on Twitter.

Full article

WIRED

How to Protect Our Kids’ Data and Privacy

WIRED

YouTube is currently under investigation by the Federal Trade Commission following complaints that the platform improperly collected data from young users. It’s unclear how much data this might be, but there’s reason to believe it could be a lot. For many kids, YouTube has replaced television; depending on how parents use online platforms, children could begin to amass data even before birth.

Full article

WIRED

Ransomware Hits Georgia Courts As Municipal Attacks Spread

WIRED

Ransomware has no shortage of cautionary tales and wakeup calls from the past decade. But for local governments, this past year has been a particularly brutal reminder of the threat. Following a 2018 attack that paralyzed the City of Atlanta for weeks, more than half a dozen cities and public services across the country have fallen to ransomware so far in 2019, on a near-monthly basis; the Administrative Office of the Georgia Courts became the latest victim on Saturday, when an attack knocked its systems offline.

Full article

WIRED

A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata

WIRED

For anyone who’s worried that their phone might be hacked to track their location, who they call and when, and other metadata that describes the intimate details of their life, one cyberespionage group has provided a reminder that hackers don’t necessarily even need to reach out to your device to gain that access. It may be far easier and more efficient for sophisticated stalkers to penetrate a mobile provider, and use its data to surveil whichever customers they please.

Full article

WIRED

Security News This Week: Telegram Says China Is Behind DDoS

WIRED

As protests erupted in the streets of Hong Kong this week, over a proposed law that would allow criminal suspects to be extradited to mainland China, the secure messaging app Telegram was hit with a massive DDoS attack. The company tweeted on Wednesday that it was under attack. Then the app’s founder and CEO Pavel Durov followed up and suggested the culprits were Chinese state actors. He tweeted that the IP addresses for the attackers were coming from China.

Full article