The United States and Israel’s war with Iran has now been ongoing for two weeks, and the bombs continue to fall. But many of Iran’s missiles are failing to hit their targets. WIRED’s team in the Middle East detailed how countries in the Gulf region are intercepting these weapons.
Of course, the international conflict is not just happening in the physical realm. This week, a hacker group tied to Iran’s Ministry of Intelligence severely disrupted the systems of US-based medical technology company Stryker. The attack, carried out by a group currently known as Handala has been particularly active since the wake of the October 7, 2023, Hamas attack on Israel. We detailed how Handala has sown chaos with “opportunistic” attacks that look like hacktivism but are believed to be part of an Iranian state-backed campaign.
Hacking isn’t the only type of war-linked cyberattack disrupting life in the Middle East and beyond. The rise of GPS attacks have made some basic activities, like using navigation apps or ordering food from a delivery service, nearly impossible for people in countries near Iran.
Meta this week took steps to further crack down on the flood of scammers on its platforms, including Facebook and Instagram. In addition to new warnings for people using Meta apps, the company said it took down nearly 11 million accounts linked to “criminal scam centers” last year.
The US Department of Homeland Security quietly ousted two of the agency’s privacy officials after they questioned the mislabeling of certain records related to surveillance technologies and other tech in ways that would prevent their release to the public. Experts called the mislabeling “illegal.” And a new bill in Congress aims to stop the FBI’s practice of warrantlessly accessing Americans’ private communications, and end the government’s practice of buying people’s data in ways that critics say circumvents Fourth Amendment protections.
But that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Three years ago, a hacker broke into a server full of emails, images, and other assorted documents stored on a mysterious server. The hacker was so appalled by the materials, which appeared to contain child abuse images, that the intruder left a message threatening to turn over the evidence to the FBI.
What that hacker didn’t know, it turns out, is that the server was the FBI’s—and the data it stored was, in fact, the full trove of evidence collected in the criminal case of convicted sex offender Jeffrey Epstein, what’s known today as the Epstein files.
Reuters reported this week that a foreign hacker inadvertently broke into those files after they were left exposed on an FBI server at its Child Exploitation Forensic Lab due to security oversights that later became the subject of an internal FBI investigation. The FBI confirmed the incident to Reuters, calling it “isolated,” but Reuters couldn’t determine what the consequences were for the hacker or if any of the data was stolen or manipulated. When the hacker threatened to report the owners of the child abuse materials, however, the bureau’s agents went so far as to meet the hacker in a video call to explain the situation, flashing FBI credentials to prove their bona fides.
When it promised to help men quit watching porn by letting them keep track of when they do, the app Quittr ended up with very detailed records of hundreds of thousands of users’ detailed masturbation records. Then it exposed them online—and left them exposed even after a warning from an independent security researcher. The researcher told 404 Media back in January that they accessed Quittr’s data on around 600,000 users, about 100,000 of whom appeared to be minors. The exposed data included their age, how frequently they masturbate, and their descriptions of their porn habits and experiences. The security researcher warned the company about the security issue last September, and the app’s cocreator said that it would be fixed “in the next hour.” Instead, it remained unfixed for months. (404 Media waited until the fix was confirmed to name the app, to avoid helping hackers identify a target for data theft and possible extortion.) Meanwhile, the app’s creators were featured in a New York Magazine profile about their lifestyle, which includes driving supercars and living in a Miami mansion.
Amidst Iran’s missile and drone strikes across the Middle East in retaliation for the US and Israel’s bombing campaign, one 60-year-old British man has been detained and charged by Dubai police for filming an Iranian missile attack with his phone. According to Detained in Dubai, an organization that offers legal assistance in the country, the man is one of 21 people charged with publishing or sharing videos related to the missile strikes under the United Arab Emirates’ cybercrime laws, which prohibit publication of videos that disturb public security. “We’re seeing more and more people being charged under the UAE’s cybercrime rules,” Detained in Dubai CEO Radha Stirling told the BBC, adding that the arrest was likely part of an attempt to “maintain the facade that it is safe for tourists” in Dubai, even as the war in the region escalates.
Two of the Netherlands’ intelligence agencies, the General Intelligence and Security Service and the Defence Intelligence and Security Service, issued a joint cybersecurity notice warning the public that Russian state hackers have been running a “large-scale global cyber campaign” to access the Signal and WhatsApp accounts of persons of interest to the Russian government, including Dutch government employees and potentially journalists.
The Dutch notice says that the Russian hackers might have targeted Signal in particular because its reputation as a secure app makes it an “attractive channel” for government officials to communicate.
