Security News This Week: A Link to This Site Can (Technically) Land You in Russian Prison

A SINGLE MISTAKE WHEN USING A MAJOR APP might endanger countless users. Such was the situation with Diksha, a government-run educational software operated by the Indian Ministry of Education that exposed the private data of millions of students and teachers nationwide. The information, which included complete names, email addresses, and phone numbers, was available to the general public for at least a year and probably longer, putting people affected at risk of phishing scams and other scams.

In terms of cybercrime, the LockBit ransomware group has long functioned covertly due to its careful targeting and methodical operation. However, during the past year, a string of blunders and drama have brought it to public attention, perhaps endangering its capacity to carry on with impunity.

The practice of encrypting everything on your computer is not limited to thieves, though. This week, we covered how to put your files on macOS and Windows under digital lock and key. Do you know what is solely the purview of criminals? Four of the five crypto exchanges that helped criminals withdraw $1.1 billion in 2022, according to a Chainalysis analysis released this week, were used to aid money laundering.

Wealthy people like Elon Musk might have cause to rejoice. The @ElonJet account used to follow the Tesla and Twitter CEO’s private plane using data from the flight-tracking company ADS-B Exchange has sold out. Jetnet, a private equity-owned aviation intelligence company, now owns the company. ADS-B supporters, including the founder of @ElonJet, are currently abandoning ship in the expectation that the new owner will be more inclined to comply with censorship demands from parties like Elon Musk and the Saudi royal family.

That’s not all, though. We compile the stories we didn’t have time to fully cover each week. To read the complete stories, click on the headlines. And be careful out there.

A Link to News Site Meduza Could (Technically) Land You in Russian Prison

As Russia’s disastrous invasion of Ukraine has played out over the last year, the Kremlin has increased its grip on domestic and Russian-language media in order to quell anti-war protests. Meduza, the top independent Russian news website by some criteria, is the latest casualty of the campaign.

On Thursday, the Russian government added Meduza to its list of “undesirable organizations,” effectively outlawing any collaboration or promotion of the news outlet. The country’s general prosecutor went so far as to write in a statement that Meduza “poses a threat to the foundations of the constitutional system and the security of the Russian Federation.”

The new law makes it illegal for anybody in Russia to work for the news organization, speak to its journalists, post a link to its website, or even just “like” one of its social media posts. Meduza has long been based in Latvia to protect it from Russia’s media restrictions and reprisals. According to Russian law, the first infraction of those prohibitions is a misdemeanor defense, punishable by a fine, but further infractions are a felony defense, punishable by years in prison.

Meduza has advised Russians and anyone traveling to Russia to be careful to delete social media posts in which they link to or promote its content, even though a prison term is probably unlikely for anyone not actively involved in the news organization’s work—the majority of violations of the law have so far resulted in a fine. No matter how the rule is applied, it will undoubtedly have a chilling effect, and the harsh ban on Meduza reflects yet another little step in Russia’s long, sluggish descent into dictatorship.

FBI Thwarts Hive Ransomware Hackers

The FBI announced this week that it had foiled the operations of one of the world’s most prolific and disruptive ransomware groups, known as Hive, taking down its dark-web site and recovering decryption keys to unlock the systems of victims who were facing $130 million in total ransom demands.

“We hacked the hackers,” deputy US attorney general Lisa Monaco told reporters in a press conference. In previous years of its extortion-fueled cybercrime spree, Hive victimized more than 80 networks and collected over $100 million in ransom payments, according to the FBI.

But working with numerous law enforcement agencies, including German and Dutch federal police, the FBI surreptitiously gained access to the group’s systems, surveilling and ultimately disrupting them. Despite that win, no arrests were mentioned in the splashy announcement, signaling that—as is usual in ransomware cases—Hive’s hackers are likely located in non-extradition countries beyond the reach of Western law enforcement.

FBI Confirms North Korean Hackers Stole $100 Million From Harmony Bridge

The FBI has formally named North Korea as a suspect in the current scourge of huge breaches and thefts in the bitcoin sector. In its investigation of a cryptocurrency heist that stole $100 million last year, the Bureau charged two hacker groups long thought to be associated with Kim Jong Un’s regime, known as APT38 or Lazarus—the latter of which is sometimes used as a broader umbrella term for multiple North Korean hacker units.

The hackers targeted the Horizon bridge owned by the US crypto company Harmony, a mechanism used to allow cryptocurrency transfers. Bridges have become more profitable targets for thieves, with hundreds of millions of dollars in digital money stolen from them in recent years.

Aside from the name-and-shame statement, the FBI also stated that some of the stolen currency was seized when the hackers attempted to launder it, and it pointed to crypto addresses where approximately $40 million of the stolen wealth is still kept.

NY Attorney General Probing Madison Square Garden Over Its Use of Face Recognition

If Madison Square Garden didn’t want a legal scandal as a result of its experiment with employing face recognition technology to identify persons it wanted to bar from its stadium, perhaps it shouldn’t have begun by prohibiting lawyers.

Following revelations that MSG used facial recognition to bar attorneys from multiple firms involved in lawsuits against the venue from attending its events—and then enforced that ban with controversial facial recognition technology—New York Attorney General Letitia James wrote to MSG’s owners demanding more information about its surveillance practices.

The letter, which implies that the lawyer ban is intended to discourage people from launching cases against MSG, inquired about the reliability of the face recognition system MSG is using and whether it has bias checks. “Anyone with a ticket to an event should not be anxious about being denied admittance incorrectly based on their appearance.”

James wrote in a statement, “we’re urging MSG Entertainment to reverse this policy.