Ransomware Attacks Are Getting Worse

Despite years worth of efforts to eliminate the scourge of ransomware targeting schools, hospitals, and critical infrastructure worldwide, experts are warning that the crisis is only heating up, with criminal gangs growing ever more aggressive in their tactics. The threat of real-world violence now looms, some experts warn, as the data stolen grows increasingly sensitive and millions in potential profits hang in the balance. “We know where your CEO lives,” read a message reportedly received by one victim. Attacks targeting the medical sector are blooming in response to the $44 million payout by Change Healthcare this March.

United States lawmakers and intelligence officials are circling their wagons following the revelation of Israel’s involvement in a malign influence campaign that targeted US voters—an attempt by America’s Middle East ally to artificially boost support for an increasingly unpopular war that was kicked off by Hamas’ unprecedented Oct. 7th attack. The sock-puppet operation, which was launched by an Israeli contractor on X, Facebook, and Instagram and utilized OpenAI’s ChatGPT software, impersonated mostly Black Americans and targeted “Black and Democratic” lawmakers. A weeks’ worth of efforts by WIRED to get answers from US officials who may have been notified about the operation prior to a vote on enhancing military aide to Israel went ignored. Strikingly, the National Security Council denied having ever heard of it.

Frank McCourt, a real estate mogul and former owner of the Los Angeles Dodgers, explained why he’s spearheading an effort to purchase TikTok, which the United States is slated to ban unless its current owner, ByteDance, decides to sell the platform to a US company—a decision that will undoubtedly require the consent of the Chinese government. McCourt sees the internet as being imperiled by closed-off platforms like Facebook and X and is embracing the growing interest in decentralized networks. Decentralized platforms such as Mastodon have been popular among a subset of users for many years, allowing people to effectively own their own social networks and moderate them according to their own rules. These private networks are free to connect with others using the same software but can also sever connections to communities that embrace harmful content. (Think of these user-controlled networks as “islands” with diplomatic ties between them.) McCourt says purchasing and decentralizing TikTok could be the first step in raising the internet out of the siloed swamp that it is today thanks to Meta and its competitors.

But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A bombshell Reuters investigation has unearthed a malign influence campaign launched by the US military at the height of the 2020 Covid-19 pandemic. The campaign utilized sock-puppet accounts on X, Facebook, and Instagram and was focused on convincing citizens of the Philippines that vaccines produced by China were dangerous and—preying on the religious beliefs of Muslims—full of pig parts. Infectious disease experts expressed dismay at the Pentagon’s actions. According to Reuters, the campaign was ordered to an end by the Biden White House shortly after the president’s inauguration, though the Pentagon was apparently slow to enact the commander in chief’s orders. The private contractor responsible for producing the Pentagon’s disinformation was recently awarded a $493 million US government contract.

ProPublica recounts how, in 2016, a top cybersecurity specialist raised alarms about a cloud-based vulnerability at Microsoft, a major US government contractor. The weakness threatened to expose national security secrets among other sensitive data. The specialist “pleaded” with the company to address the problem, but his concerns were dismissed by the tech giant as it strived to secure a multibillion-dollar government contract in the cloud computing space. Frustrated, the specialist quit the company and, months later, as predicted, Russian hackers carried out SolarWinds, one of the largest cyberattacks in US history. The reporting brings into question testimony by Microsoft president Brad Smith, who assured Congress in 2016 there was no way the hackers had exploited his company’s software.

Three Black men jailed in the US for crimes they didn’t commit—after having been falsely identified by police face-recognition software—are speaking out against pending legislation in California that lawmakers claim would protect citizens from such egregious mistakes. The men say the bill, which passed with unanimous support from the state assembly last month and now is under scrutiny in its upper chamber, would have done nothing to stop them from being falsely arrested. Said one of the men: “In my case, as in others, the police did exactly what AB 1814 would require them to do,” adding, “Once the facial recognition software told them I was the suspect, it poisoned the investigation. This technology is racially biased and unreliable and should be prohibited.”

While much of the scrutiny facing the data broker industry concerns its power to monitor people’s movements and attendance at sensitive locations such abortion clinics and mental health facilities, there’s another issue at play: Much of the data it markets is “inaccurate trash,” The Record reports. A chief privacy officer at Acxiom, a leading third-party data broker, acknowledged as much in an interview last month, saying the “inferences” drawn by his company are, at best, “informed guesses.” Experts are growing increasingly concerned about the downstream effects, with some highlighting how insurance companies are relying more and more on data brokers to inform how much customers should pay. Another expert tells The Record that data brokers may be incentivized not to scrutinize the data too closely, noting that customers aren’t too worried if a fraction of it leads them to false assumptions.