Of course, international conflict is not just taking place in the physical realm. This week, a hacker group linked to Iran’s intelligence ministry seriously disrupted the systems of US-based medical technology company Stryker. The attack, carried out by the group currently known as Handala, has been particularly active since Hamas’ attack on Israel on October 7, 2023. We detailed how Handala has spread chaos with “opportunistic” attacks that look like hacktivism but are believed to be part of an Iranian state-backed campaign.
Hacking is not the only type of war-related cyber attack disrupting life in the Middle East and beyond. The rise in GPS attacks has made some basic activities like using navigation apps or ordering food from a delivery service almost impossible for people in countries near Iran.
Meta took steps this week to further crack down on the spate of scammers on its platforms, including Facebook and Instagram. In addition to new warnings for people using Meta apps, the company said it removed about 11 million accounts linked to “criminal scam centers” last year.
The US Department of Homeland Security quietly ousted two of the agency’s privacy officials after they raised questions about mislabeling of some records related to surveillance technologies and other technology, preventing them from being released to the public. Experts described the mislabeling as “illegal.” And a new bill in Congress aims to prevent the FBI’s access to Americans’ private communications without warrants, and end the government’s practice of buying people’s data in a way that critics say violates Fourth Amendment protections.
But that’s not all! Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
Three years ago, a hacker broke into a server filled with emails, images, and other miscellaneous documents stored on a mysterious server. The hacker became so alarmed by the materials, which included images of child abuse, that the intruder left a message threatening to turn the evidence over to the FBI.
What the hacker didn’t know is that the server Was The FBI and the data it stored were, in fact, the entire repository of evidence collected in the criminal case of convicted sex offender Jeffrey Epstein, known today as the Epstein Files.
Reuters reported this week that a foreign hacker inadvertently accessed those files when they were left open on an FBI server at a child exploitation forensics lab due to a security oversight, which later became the subject of an internal FBI investigation. The FBI confirmed the incident to Reuters, calling it “isolated”, but Reuters could not determine what the consequences were for the hacker or whether any data was stolen or manipulated. However, when the hacker threatened to report the owners of the child abuse material, agents from the bureau proceeded to meet with the hacker in a video call to explain the situation, and showed FBI credentials to prove his authenticity.
While it promised to help men stop watching porn and allow them to keep track of when they do so, the app Quitter ended up with very detailed masturbation records of hundreds of thousands of users. Then it left them exposed online – and even after a warning from an independent security researcher. The researchers told 404 Media in January that they accessed data from about 600,000 of Quitter’s users, about 100,000 of whom appeared to be minors. The data exposed includes their age, how often they masturbate, and details of their porn habits and experiences. The security researcher warned the company about the security issue last September, and the app’s co-creator said it would be fixed “in the next hour.” Instead, it did not heal for months. (404 Media waited until the fix was confirmed to name the app, to avoid helping identify hackers a target for data theft and potential extortion.) Meanwhile, the app’s creators were featured in a New York Magazine profile about their lifestyle, which includes driving a supercar and living in a Miami mansion.
Amid Iran’s missile and drone attacks across the Middle East in retaliation for the US and Israel’s bombing campaign, a 60-year-old British man has been detained and charged by Dubai Police with filming an Iranian missile attack on his phone. The man is one of 21 people charged with publishing or sharing videos related to missile attacks under the UAE’s cybercrime laws, which prohibit the publication of videos that threaten public safety, according to Detained in Dubai, an organization that provides legal aid in the country. “We are seeing more and more people being charged under the UAE’s cyber crime regulations,” CEO Radha Sterling, who was detained in Dubai, told the BBC. He said the arrest was likely part of an effort to maintain “it’s safe for tourists” in Dubai, even as war escalates in the region.
The Netherlands’ two intelligence agencies, the General Intelligence and Security Service and the Defense Intelligence and Security Service, issued a joint cybersecurity notice warning the public that Russian state hackers are conducting a “large-scale global cyber campaign” to access the Signal and WhatsApp accounts of individuals of interest to the Russian government, including Dutch government employees and potentially journalists.
The Dutch notice said Russian hackers may have specifically targeted Signal because its reputation as a secure app makes it an “attractive channel” for communications with government officials.
<a href