The last few years have seen a scourge of account takeovers across social media, with no more visible example than last year’s audacious Twitter hack. This week, Twitter, Instagram, and TikTok took part in a coordinated action to reclaim hundreds of accounts that had been used to facilitate trading of those ill-gotten handles within the so-called OGUsers community. It’s not going to solve the problem for good, but it’s at least something.
That’s more than can generally be said for streamer donation platforms Streamlabs and StreamElements, which have allowed far-right and white supremacist users to monetize their hate. Both services do take down accounts that violate their terms of service when reported, but they have yet to take proactive measures, as Twitter and Facebook have done in recent months.
Also having a hard time with moderation: Zoom, which despite introducing measures intended to stop “Zoom-bombing,” still suffers from the scourge. Researchers found that those mitigating features don’t do much good against inside jobs—a high school kid calling on 4chan to disrupt his class, for instance—which remain a prevalent source of attacks.
Speaking of attack sources, it turns out SolarWinds provided two of them. Not only did Russian hackers pull off a so-called supply chain attack by manipulating the company’s own code, Chinese hackers used a flaw in SolarWinds software to dig deeper into at least one network that they had already compromised.
Joe Biden’s got his work cut out for him fighting disinformation. A big update to how Chrome handles cookies is going to give advertisers fits, but it works out great for Google. And be sure to check out these recent feature stories: a look at the scary convergence of ubiquitous sensor data, and the second installment in our serialization of 2034, a novel about a fictional war with China that feels all too real.
And there’s more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
An Amazon transparency report this week revealed that government requests for user data shot up 800 percent between the first and second halves of 2020. The company processed 3,222 demands in the first six months of the year, and 27,664 requests in the back stretch. Surprisingly, nearly half of the requests came from the German government; Amazon turned over user data in 52 cases overall. The company did not attribute the spike to any particular cause, and it breaks out requests for Amazon Web Services data separately.
It’s very likely that Chrome auto-installs updates on your computer, but it might not hurt to double-check. Google says that it patched a so-called zero-day bug that hackers had been actively exploiting. It’s unclear if this is the same flaw that North Korean hackers had exploited as part of a broader campaign targeting security researchers, but the timing suggests that possibility, some say.
Few countries place more restrictions on internet usage than Iran, which uses its centralized control of broadband services to throttle specific sites or black out access altogether. The most recent victim of this censorship is the encrypted messenger Signal, which Iran cut off last week. But the app’s developers have engineered a workaround, putting out instructions for individuals to set up their own TLS proxies that will let people in Iran bypass the blockade. You need a little bit of know-how, but each virtual private server can support hundreds of users at once.
On the heels of lawsuits filed by Dominion Voting Systems against conspiracy theorists Rudy Giuliani and Sidney Powell, voting-tech company Smartmatic this week initiated its own defamation claims. In addition to Giuliani and Powell, Smartmatic filed suit against Rupert Murdoch’s Fox Corporation as well as Fox anchors Maria Baritromo, Lou Dobbs, and Jeanine Pirro. Smartmatic seeks at least $2.7 billion in damages, alleging that the network repeatedly spread false claims about its role in the 2020 election.
Motherboard and the University of Toronto’s Citizen Lab this week have linked a fake version of WhatsApp to an Italian surveillance company called Cy4Gate. Phishing apps offer a potentially valuable inroad for hackers, who can potentially trick victim into giving away permissions that allow deep access to their devices. This appears to have been a targeted attack, but it’s an important reminder to stick to official app stores, and be conservative about what permissions you allow, even for software you trust.
More Great WIRED Stories