When a piece of unprecedented malicious software rampages through thousands of critical networks around the world, it tends to get our full attention. And this week's digital plague, known as Petya (or NotPetya or Nyetya) proved especially vicious. It paralyzed thousands of computers, including those of Ukrainian government agencies, transportation infrastructure, and companies, as well as international targets including Danish shipping firm Maersk and US pharmaceutical giant Merck. It avoided the mistakes made by the hackers behind the last global ransomware outbreak known as WannaCry, skipping the sort of "kill-switch" that neutered that earlier ransomware crisis. And some researchers are starting to believe it may have been just another offensive in Ukraine's long-running cyberwar with Russia, though this time with collateral damage felt around the world.
But Petya wasn't the only news in the hacker world this week. A group of researchers revealed that it's disturbingly easy to hack entire wind farms. WikiLeaks continued its trickle of leaks from the CIA's vault of hacking tools, revealing how the agency uses target computers' Wi-Fi to geolocate them. The repeated leaks of that sort of top-secret information from agencies like the CIA and NSA has made it clearer that the US government can't be trusted to protect any secret backdoor to encrypted systems. And former WIRED editor Kevin Poulsen built a tool to circumvent President Trump's habit of blocking his critics on Twitter.
And there's more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
As Petya took hold of thousands of the world's computers, the $265 billion dollar Danish shipping behemoth Maersk was one of the most high-profile victims. And the shipping news outlet Splash got the inside story of how the company was forced to adapt to being locked out of its computer networks around the world. From Mobile, Alabama, to India, the firm switched to manual tracking of its loading and unloading of cargo. In New Zealand and Australia, for instance, Splash reports that Maersk staff used handwritten records and (apparently offline) Excel spreadsheets to catalogue shipments. Meanwhile, at least some of Maersk's facilities, like the Port Elizabeth, New Jersey operations of its sister company APM, were shut down altogether until it could recover from the ransomware ordeal.
The Justice Department's annual report on its wiretapping activities of the last year slipped in a major outlier: In one narcotics case, a single wiretap order last year led to the interception of 3.3 million phone calls made by at least 26 people in Pennsylvania. Eventually 12 of those criminal suspects were arrested, but the report notes that they haven't yet faced trial, or been convicted of any crimes. The wiretaps, which lasted two months, represent easily one of the most surveillance-intensive cases of domestic law enforcement in years, and it cost $335,000.
Israeli hacking firm NSO came to prominence last year when its million-dollar Pegasus spyware was used to infect the iPhone of now-imprisoned United Arab Emirates activist Ahmed Mansoor. Now Citizen Lab, whose researchers helped to expose that rare iPhone attack, has found that Mexicans have been targeted with NSO's hacking tools, too. Citizen Lab has, since the beginning of this year, been revealing how journalists, activists, researchers, and scientists have been targeted with NSO's spyware including those investigating the corruption of the Mexican government and fighting for a soda tax. Now, Citizen Lab has found that three more Mexican politicians have been targeted.
In the subcultural world of iPhone hacking, the iPhone Dev Team were once legendary. In 2007, they were the first to "jailbreak" the iPhone, defeating its security mechanisms so anyone could install unauthorized apps---before the app store even existed. But Motherboard revealed this week that the iPhone Dev Team secretly had an Apple staffer among them named Brian Byer. Byer had started the year before as an Apple security engineer, and had concealed his Apple job from his fellow elite iPhone hackers. Byers died last year, and it's not clear whether he shared any of the Dev Team's secrets with Apple---or Apple's secrets with the Dev Team. That double agent tidbit is just a small part of Motherboard's history of the rise and fall of the jailbreaking movement, which arguably altered the nature of smartphones forever before fading into obscurity, as Apple and app-makers adopted the features that once required hacks to install.
