Discovering that hackers have had stealthy access to your corporate network for three years is bad enough. Web hosting company GoDaddy this week confessed to something even worse: A group of hackers it had repeatedly spotted inside its network had returned—or never left—and have been wreaking havoc in its network since at least March 2020, despite all the company's attempts to expel them.
We'll get to that. Meanwhile, the rise of pig butchering scams has left an increasing number of victims financially destitute—and the scammers are only growing more sophisticated. This week we detailed new techniques that criminals are using to drain people’s bank accounts through social engineering and legitimate-looking financial apps that are designed to trick targets into giving the scammers their cash under the guise of bogus investments.
Speaking of bogus investments, 24 percent of new crypto tokens that gained any value in 2022 were pump-and-dump schemes, according to new findings from the cryptocurrency-tracing firm Chainalysis. The creators of these tokens hype them to draw in buyers, then sell off all their holdings once the value rises, thus tanking the price and leaving investors holding crypto that is suddenly worth nothing. Chainalysis found that one token creator was responsible for at least 264 successful pump-and-dumps last year.
Of course, what goes up must come down—especially if it's a suspicious object flying over the United States in the past two weeks. After the US shot down a Chinese spy balloon earlier this month, it went on to take out three additional unidentified aerial objects. But don’t worry, there aren’t more spy balloons than normal—the government is just paying closer attention to what’s in the sky.
While the mainstream media focused on spy balloons, another top story was emerging on TikTok and other social media platforms: a February 3 train derailment in East Palestine, Ohio, which spilled toxic chemicals into the ground and waterways and forced the small town’s residents to flee. The relative lack of news coverage, a growing list of questions about the health and environmental impacts of the spilled chemicals, and mistrust of government regulators and officials created the perfect recipe for misinformation and conspiracy theories.
The notion that the government is, at best, slow and ineffective has some truth, however. This week, US Customs and Border Protection revealed that it had finally implemented the system update necessary to cryptographically verify data on e-Passports—16 years after the US and Visa Waiver countries began issuing passports that contain RFID chips loaded with traveler details.
If you’re planning a trip but don’t want anyone to know where you’re going, we’ve compiled a complete guide to make sure you’re not accidentally sharing your location.
But that’s not all. We’ve rounded up the top security and privacy news from the week that we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.
GoDaddy revealed in a statement on Thursday it had discovered that hackers inside its systems had installed malware on its network and stolen parts of its code. The company says it became aware of the intrusion in December 2022 when customers—the company hasn't said how many—began reporting that their websites were being mysteriously redirected to other domains. GoDaddy says it's investigating the breach and working with law enforcement, who have told the company that the hackers’ “apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
It gets worse: GoDaddy revealed in an SEC filing that it believes the hackers are the same group that it found inside the company's networks in March 2020, and which had stolen the login credentials of 28,000 customers and some of GoDaddy’s staff. Then in November 2021, the hackers used a stolen password to compromise 1.2 million customers’ WordPress instances, getting access to email addresses, usernames, passwords, and, in some cases, their websites’ SSL private keys. “Based on our investigation, we believe these incidents are part of a multiyear campaign by a sophisticated threat actor group,” the filing reads.
“We apologize for any inconvenience this may have caused to any of our customers or visitors to their websites,” the company said in a statement. “We are using lessons from this incident to enhance the security of our systems and further protect our customers and their data.”
That apology—and pledge to improve security—would be more reassuring if it weren’t the third time GoDaddy confessed to being breached by the same hacker group in as many years.
The New York Field Office of the FBI has led some of the most high-profile hacking investigations in recent cybersecurity history, including the takedown of Silk Road and the hyperactive Anonymous splinter group LulzSec. Now it may be investigating itself. CNN on Friday reported that the FBI had been breached by hackers, though it had limited the intruders’ access. CNN’s sources told the news outlet that the incident had occurred at the New York Field Office and that the attack had specifically penetrated systems used in its investigation of child exploitation images. “This is an isolated incident that has been contained,” the FBI told CNN in a statement, though it noted that its investigation of the breach is ongoing.
An Israeli firm called Team Jorge claims to have used hacking and disinformation services to meddle in dozens of elections worldwide on behalf of its clients, according to an explosive, undercover investigation by a consortium of journalists. Members of the reporting group, which includes journalists from The Guardian, Le Monde, Der Spiegel, El País, Radio France, Haaretz, and The Marker, posed as prospective clients and recorded a meeting with executives from the firm. In the meeting, the execs boasted of their ability to hack Telegram and Gmail accounts, as well as wielding an army of bots that had been used to carry out social media disinformation campaigns in 33 countries, including nations in Africa, South and Central America, as well as the US and Europe. The company suggested in conversations with the undercover reporters that its hacking methods took advantage of vulnerabilities in SS7, a phone system protocol long understood to be vulnerable. The company's founder, Tal Hanan, a former member of the Israeli special forces, denied “any wrongdoing” when confronted by the journalists.
Russia has long turned a blind eye to its citizens hacking foreign targets—so long as they don't target locals. The Russian parliament, known as the Duma, is now considering a law that would officially absolve Russian hackers of legal liability for hacking “in the interests of the Russian Federation.” The proposed law, which was first reported in Russian state media, would apply to both Russian citizens in Russia and abroad, though the details of the proposal have yet to be released. The proposed legal change provides further evidence—if anyone needed it in the midst of Russia's ongoing war and cyberwar in Ukraine—that the Russian government intends to turn the country into a safe haven for hackers of every stripe, from state-sponsored to criminal to politically motivated.
Oakland's city government has become the latest US city to fall prey to ransomware, declaring a state of emergency eight days after a serious ransomware attack crippled portions of its IT systems. Though it's not clear exactly which municipal systems have been hit—911 dispatch, fire, and other emergency services seem to be unaffected—Oakland's interim city administrator, G. Harold Duffey, referred in a statement to “ongoing impacts of the network outages” from the cyberattack and said that the city was working with forensics firms on investigating the breach.
