The week started with a figurative bang, as a list of questions Robert Mueller’s team have for Trump leaked to The New York Times. They all point to one inevitable conclusion: That Mueller almost certainly already knows how all of this ends.
Speaking of endings, Cambridge Analytica and its related companies shut down this week, the continued fallout of the revelation months ago that the company had improperly acquired the data of up to 87 million Facebook users in the lead-up to the 2016 presidential election. And your time with your Twitter password has hopefully come to and as well; you’ll want to change it, since the company stored them in plaintext on internal logs.
We also took a look at a breakthrough in the famously clever Rowhammer attack, which takes advantage of how memory chips leak electricity, that now lets it remotely compromise some Android smartphones. Nigerian email scammers are doing better than ever, thanks to cleverly targeting small businesses. And we separated the hype from the helpful in AI’s role in cybersecurity.
And there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
More than two years ago, we took a look at how consumer drones were increasingly going to pose a security threat. We did not, though, predict that they would be used to swarm a hostage rescue team, as reportedly happened last winter in an unspecified US city. The drones surrounded and took “high-speed low passes” at the agents, according to a report in Defense One, and also surveilled them, meaning the criminals could not only disrupt their actions, but monitor them, both from afar. That type of counter-surveillance has turned out to be one of the top illicit uses of drones, which at least beats some of the more violent alternatives.
Two of the absolute best genres of story—beating the lottery and exploiting pseudo-random-number-generators—collide in one terrific New York Times feature. We won’t get into many more details here, since the joy is in discovery, but it’s well worth taking the time to read through this $16.5 million mystery.
As a country that exists in relative isolation from the rest of the world, North Korea has to rely on more homegrown technologies than most. That includes its SiliVaccine antivirus software, which has two particularly interesting traits. First, it appears to largely rip off decade-old antivirus software from Japanese company TrendMicro. Next, the sample that research firm Check Point analyzed came bundled with malware, which sort of defeats the purpose.
For years, people who live under oppressive regimes have benefited from a technique called domain fronting to route their traffic around censors. It works by hiding traffic inside encrypted connections to CDNs or other major internet services. Encrypted messaging service Signal, in particular, had used Amazon and Google cloud services to enable users in countries like Egypt and Iran to continuing to use it unimpeded. Now, though, those internet giants have tamped down on the service; Amazon even threatened to suspend Signal’s account if it continued. It’s unclear what recourse people have now; Signal, at least, hasn’t yet come up with a workaround.