This week marked the arrival of Amazon Sidewalk, a mesh network which asks your Echo and Ring devices to share bandwidth with others nearby. Since the company chose everyone without asking, here’s a quick guide on how you can deactivate Amazon Sidewalk, and why you might want to do it.
One thing you can’t turn off is ransomware, which continues to hit vulnerable businesses around the world. This includes another company in the pipeline industry, LineStar Integrity Services, which was hacked around the same time as Colonial Pipeline. In the case of LineStar, the ransomware group leaked company data to the dark web; the the radical transparency group DDoSecrets then also published it, by hiding certain sensitive information. We also looked at the role insurance companies played in ransom payments, and why they are unlikely to be the ones break a vicious circle.
In other “unsolvable arguments” news, the FBI added an unexpected wrinkle to the encryption debate when court documents revealed the agency had spent the last few years manage an encrypted telephone network for criminals. So much for “becoming black”. Speaking of which, several major sites around the world refused to upload on Tuesday morning, a outage that turned out to be from Fastly, a content delivery network provider that most people haven’t even heard of. (And it actually came from setting up a Fastly client, which triggered a bug that the CDN introduced a few weeks ago.)
Hackers Stole A Lot Of Data From EA, including source code; we explored why this is so valuable to the makers of video game cheats. A mysterious malware stole 26 million passwords. And believe it or not, there are steps you can take to protect your files from ransomware, which we have taken the liberty to detail for you.
And that’s not all ! Each week, we collect all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.
Since 2018, Google has been looking for to gradually remove the URL in the Chrome browser. It’s about security; criminals can too easily create URLs that impersonate legitimate sites, push malicious downloads on users, etc. In 2019, the Chrome team detailed the ways in which they wanted to automatically flag fragmentary URLs. And in June of last year, the browser took a significant step forward for the user by hiding parts of a URL in the address bar. A year later, the company decided to move on. “This experiment did not displace relevant security metrics, so we are not going to launch it”, wrote Chrome security engineer Emily Stark on Monday, adding a scowl-faced emoticon. And so, URLs live another day, on Chrome and everywhere else.
The New York Times reported this week that former President Donald Trump’s Justice Department researched and obtained data from Apple that belonged to “at least two House Intelligence Committee Democrats, aides and family members.” Apple said in a statement Friday that it did not know the nature of the investigation at the time, and that it had been placed under a non-disclosure agreement. Apple says it also did not provide the content of the emails or images, instead limiting the information it provided to “account subscriber information.”
The DOJ announced this week that it had managed to seize $ 2.3 million of the $ 4.4 million DarkSide ransomware bundle had wrung out of Colonial Pipeline. It’s a rare victory in the broader fight against ransomware, but it also comes with some important unanswered questions. To know, how did they get the private key to the wallet in which the bitcoin was kept? After all, bitcoin tracing is not the hard part, as the blockchain records all transactions and has a long memory.
A busy week for the Feds! This week, the DOJ announced that it had seized Slilpp, the awkwardly named online marketplace for stolen login credentials. Slilpp has been around for almost a decade and is said to have caused more than $ 200 million in losses in the United States alone. At the time it was retired, its inventory included 80 million stolen connections from more than 1,400 companies. This is a significant pullback, but it is unlikely to slow down the sale of stolen credentials, given the number of quickly criminals find new forums in which to do business.
More great WIRED stories