Welp, Uber got hacked. The attacker, who claims to be 18 years old, appears to have gained full access to Uber’s systems. And while the company has confirmed the breach, it’s downplaying the incident by claiming it “has no evidence” that the attacker accessed users’ trip logs or other sensitive data. For a breach of this severity, relatively few details were available as of late Friday afternoon, so be ready for the other shoe to drop.
Earlier in the week, former Twitter security chief Peiter “Mudge” Zatko testified before the US Senate Judiciary Committee to further detail his claims against the company. Blowing the whistle carries serious security risks, but Zatko’s efforts appear to be having the intended effect. As WIRED contributor Matt Laslo reported, the hearing has reignited US lawmakers’ ambitions to better regulate Big Tech.
This week also saw the release of Apple’s iOS 16, which has two new security features that we hope you’ll never need to use. We spoke with Ukraine’s cyberwar chief, Yurii Shchyhol, who provided an optimistic update on the digital battlefront in the country’s war with Russia. And we dove into the contentious fight in the US Congress over the passage of a new federal privacy law that has some unexpected opposition.
But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.
If you’ve crossed a US border in recent years, there’s a chance all your text messages, contacts, call records, and more are now stored in a database built by Customs and Border Protection—even if you’re a US citizen. Senator Ron Wyden, an Oregon Democrat, revealed this week that CBP copies data from as many as 10,000 devices per year. Agents search these phones, tablets, and computers without warrants. And the content taken off the devices is stored in a central database accessible to 2,700 Department of Homeland Security personnel, according to information CBP commissioner Chris Magnus provided to Wyden. CBP defended the practice as being “in accordance with statutory and regulatory authorities,” while Wyden condemned it as an “egregious violation” of citizens’ constitutional rights.
The fact that we are constantly being surveilled—and surveilling ourselves—shouldn’t be a shocker. But it’s one thing to know you’re being watched and quite another to see it in action. That eerie feeling is at the center of Belgian artist Dries Depoorter’s new project, The Follower. Using AI, geotagged Instagram photos, and publicly accessible surveillance cameras, Depoorter found CCTV video footage of the exact moments people snapped their Instagram pics. It’s a potent reminder that someone, somewhere could be spying on you anytime you’re out in public (and another reason to not add geotags to photos you share online).
The US Department of Justice this week indicted three Iranian nationals for allegedly carrying out a series of ransomware attacks that targeted a swath of entities in at least five countries, including the US, UK, Russia, Israel, and Iran. Victims in the US include utility companies in Mississippi and Indiana, according to the Justice Department, as well as a township and an accounting firm, both in New Jersey. Other targets include entities in the health care sector and a domestic violence center. The people accused of the ransomware attacks—Mansur Ahmadi, Ahmad Khatibi, and Amir Hossein Nickaein—are now on the FBI’s Most Wanted list, and the US State Department has issued a $10 million reward for information that helps lead to their “identification or location.”
Parents and teachers were aghast this week after a prankster hacked the popular school messaging app Seesaw and spammed users with the infamous image known as “goatse.” (Don’t Google it.) While the company didn’t say how many of its millions of users were affected, NBC News reports that school districts in Illinois, New York, Oklahoma, and Texas said they were exposed to the image. Seesaw spokesperson Sunniya Saleem confirmed that “specific user accounts were compromised by an outside actor” and that the company is taking the matter “extremely seriously” as it attempts to “prevent further spread of these images from being sent or seen by any Seesaw users.”