The biggest story in tech this week—and maybe this year—was net neutrality, which the FCC effectively abolished by rolling back Obama-era rules that prevented the creation of internet “fast lanes.” They did so despite overwhelming evidence that the mandatory public comment period was overrun with bots, form letters, and over maladies. How bad was it? We tracked down all 39 Nicholas Thompsons who commented, and could only confirm that three were humans.
This week also saw the resolution of last year’s biggest cybersecurity story, the DDoS attack that took down much of the internet for the East Coast one Friday afternoon last fall. The culprits, who pleaded guilty Wednesday, turned out to be acting not on behalf of a nation-state, but in service of a Minecraft hustle.
We also took a look at what might be behind Apple’s recent high-profile security lapses, as well as new malware that targeted a critical infrastructure company in the Middle East. It’s only the third observed malware that’s built to cause physical damage, and also an escalation over previous efforts like Stuxnet and Crash Override, in that it targets the safety systems that help prevent direct harm to humans.
An exclusive look at ISIS’s weapons supply chain shows where the Islamic State gets its advanced munitions. And Moxie Marlinspike, the creator of end-to-end encrypted chat app Signal, is backing a new cryptocurrency called MobileCoin, which aspires to be the first of its kind that’s easy to actually, you know, use.
But, wait, there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
A variation of a hack called the ROBOT Attack left Facebook susceptible to stolen user accounts until a trio of researchers brought it to their attention. By exploiting weakness in website encryption that’s been around since 1998, an attacker could pull off a man-in-the-middle attack to steal user information—including passwords that would give the hacker full control of a given account.
The researchers say that while Facebook fixed the bug, almost one in three of the top 100 most-trafficked sites on the web remain vulnerable. It’s not the easiest hack to pull off, especially at scale, but it’s still concerning that such an old trick still affects so many sites—many of which don’t appear to be in a rush to fix it.
Now would also be a good time—not that there's ever a bad one—to double check your Facebook privacy and security settings generally; the video below walks you through the process with a quick step by step.
Security firm Secureworks says it has caught the Lazarus Group, North Korea’s cyber arm, in the middle of a spearphishing campaign targeting cryptocurrency executives. Using a fake job opening as a lure, the phishing emails were designed to plant malware on target computers, including a remote access trojan that allowed for the installation of further malware at a later date. It’s also of a piece with North Korea’s broader bitcoin aspirations lately; the isolated kingdom is widely seen as having taken a keen interest in cryptocurrency recently, as a way to surreptitiously add to its war chest.
After giving Kaspersky Labs security products the boot months ago, the US government finally made that exile the law of the land. The company has drawn suspicion over possible ties to the Russian government, especially after it extracted sensitive files from an NSA worker’s home computer. The US still hasn’t presented concrete evidence of inappropriate ties, and at this point likely never will, but given how much access antivirus software has to machines, “better safe than sorry” seems like a reasonable approach.
A Twitter spam wave from an app called Twitter Video—hint, it’s not actually a Twitter app—has caused users to inadvertently tweet a video called “Baby Poops in His Onesie, But Dog’s Response Leaves Millions of People in Hysterics” from their accounts. The lessons here are twofold: Don’t grant permissions to apps you haven’t fully vetted, and never doubt the internet’s ability to provide perfect a metaphor for the current level of discourse.
