Authorities pin Olympics attack on Russian spies while a new tool helps people find out if their passwords have been leaked.
Last week, Intel was in the hot seat, along with other US firms, offering explanations for the non-disclosure of Meltdown and Spectre. The chipmaker said US-CERT was not informed until after news leaked to the press because, in short, there was little they could have done.
Elsewhere, a major report into the dangers of AI misuse made for sobering reading, while the EU is apparently thinking of introducing a new law that could see companies from outside of the bloc handing over private data to aid criminal investigations.
It’s been a busy week, so time to do some catching up.
Has the Winter Olympics cyberattack fall guy been found?
The Winter Olympics has come to an end and it seems that the culprit of the cyberattack carried out just before the opening ceremony earlier in the month is Russia, according to The Washington Post.
The disruptions to the internet, broadcast systems and Olympics website were apparently an act of revenge after the Russian team’s ban due to apparent doping violations. The attackers also seemed to make their actions look to be the work of a North Korean group as a smokescreen.
An intelligence report showed that the Russian military agency, GRU, had access to as many as 300 Olympics-related computers as of early February.
Human rights worries spark in China after Apple decision
Apple will begin to host Chinese users’ iCloud accounts in a new Chinese data centre at the end of February to comply with new laws in the country.
The cryptographic keys needed to unlock an iCloud account have historically been stored in the US, but will now be stored in China so authorities can bypass the US legal system to access information.
Many are worried this decision could see dissidents and political protesters being tracked and silenced. “While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” Apple said.
Have your passwords been leaked?
If you have ever wondered if any of your passwords have been leaked, but didn’t feel like transmitting your full credentials to a server, you might like this new tool.
Troy Hunt, a security researcher, has announced his new version of ‘Pwned Passwords’. The search tool lists more than 500m passwords that have been leaked in data breaches.
It is now in use with the 1Password password manager, and only requires the first five characters of a password’s SHA-1 hash to find out if you’ve been a victim of a breach.
Embarrassment for US border security
It emerged recently that US Customs and Border Protection has not properly verified passports in more than a decade as it cannot properly read their built-in smart chip.
Ron Wyden and Claire McCaskill, senators from the Democratic Party, sent a letter demanding that the anti-forgery features in the e-passports are actually used.
Smart passports were introduced in the US in 2007, and the authorities have known of the security flaw since at least 2010.
A new Mirai variant can transform IoT devices into proxy servers
DarkReading reported that the latest iteration of the infamous Mirai malware has been christened ‘OMG’.
It can transform infected devices into proxy servers as well as carry out DDoS attacks.
Those who use the new malware can sell the access to these proxy servers to criminals so they can carry out break-ins, spread misinformation and steal under a veil of anonymity.