Security flaws in a Subaru web portal let hackers unlock, start ignition or access a year of detailed location history for millions of cars.
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
=> More informations about this toot | View the thread
For anyone feeling nostalgic on the occasion of Ross Ulbricht's pardon, here's my interview with him (as the Dread Pirate Roberts) from 2013, just a few months before his arrest:
https://www.forbes.com/sites/andygreenberg/2013/08/14/an-interview-with-a-digital-drug-lord-the-silk-roads-dread-pirate-roberts-qa/
=> More informations about this toot | View the thread
Trump pardons Ross Ulbricht after eleven years in prison. An incredible twist in the never-ending Silk Road saga.
https://www.wired.com/story/trump-frees-silk-road-creator-ross-ulbricht-after-11-years-in-prison/
=> More informations about this toot | View the thread
Donald Trump said he would grant clemency to Ross Ulbricht, the creator of dark web drug market Silk Road, on "day one." He didn't.
Our story from November on the question of whether Trump will keep his promise: https://www.wired.com/story/silk-road-creator-ross-ulbricht-is-waiting-for-trump-to-keep-his-word-and-set-him-free/
=> More informations about this toot | View the thread
Read the full story below and consider subscribing to WIRED so we—and in particular the brilliant
@dmehro—can keep doing reporting like this.
https://www.wired.com/school-swatting-torswats-brad-dennis/
=> More informations about this toot | View the thread
In one 48 hour period, for instance, Filion swatted dozens of schools across the state of Washington, crossing counties off a map as he hit schools in each one, posted screenshots to Telegram while mocking victims.
All after the FBI knew his name.
=> More informations about this toot | View the thread
After approaching Torswats undercover, Dennis gave the FBI leads on online accounts tied to his real identity, 17-year old Alan Filion.
Yet the FBI took months after that to search Filion's home and close to a year to arrest him, even as he carried out hundreds of swattings.
=> More informations about this toot | View the thread
Working with @dmehro, who chased this story for 2+ years, we pieced together Torswats' calls, obtained audio of them, spoke to victims and emergency dispatchers traumatized by his deceptions—and tell the story of Brad Dennis, the detective who cracked the case.
=> More informations about this toot | View the thread
For two years, the serial swatter "Torswats" called in fake school shootings across the US, scrambling police, locking down schools, terrorizing hundreds of communities.
This is the untold story of his swatting rampage and the private eye who tracked him down. https://www.wired.com/school-swatting-torswats-brad-dennis/
=> More informations about this toot | View the thread
Congrats to @drsarahmjohn et al for winning an ACM Test of Time award for their seminal Bitcoin tracing paper in 2013. https://today.ucsd.edu/story/computer-scientists-earn-test-of-time-award-for-pivotal-bitcoin-crime-fighting-research
This is the research I describe in my book Tracers in the Dark and in this excerpt in Wired: https://www.wired.com/story/27-year-old-codebreaker-busted-myth-bitcoins-anonymity/
=> More informations about this toot | View the thread
Reviver, the company that's sold 65k of these plates, says it will replace its chips going forward, but can't patch this in existing plates.
Transit policymakers should understand this is a vulnerability not just in these plates, but in any system that depends on plate numbers.
=> More informations about this toot | View the thread
Digital license plates, legal to buy in some states and drive with across the US, can be jailbroken. Hackers can rewrite firmware in minutes, then change plate numbers via a Bluetooth app to evade surveillance, tolls and tickets—or make someone else pay. https://www.wired.com/story/digital-license-plate-jailbreak-hack/
=> More informations about this toot | View the thread
I dug into the origin story of the 3D-printed gun found on alleged United Healthcare CEO shooter Luigi Mangione: the FMDA 19.2, an acronym for "Free Men Don't Ask," released by the libertarian gun rights group "the Gatalog." https://www.wired.com/story/luigi-mangione-united-healthcare-3d-printed-gun-fmda-chairmanwon-v1/
=> More informations about this toot | View the thread
cracked the case
=> View attached media | View attached media
=> More informations about this toot | View the thread
Jonathan Levin is the new CEO of Chainalysis. https://www.chainalysis.com/blog/jonathan-levin-cofounder-ceo/
Levin is a co-founder of Chainalysis and a natural choice. He's also a hands-on crypto tracer. In my book Tracers in the Dark I describe, for example, how he personally charted CSAM crypto payments for the NCA in London and helped develop a secret method for finding dark web servers.
=> More informations about this toot | View the thread
Two years ago, @micahflee got banned from Twitter (and later X) for posting a link to a Mastodon account that tracked Elon Musk's private jet.
Now, in the midst of an exodus from X, he's launched a tool to archive and delete your X account so you can escape, too. https://www.wired.com/story/x-delete-posts-cyd-micah-lee/
=> More informations about this toot | View the thread
It makes sense APT28 would do this, given members of the group were arrested carrying out close-access Wifi hacking in the Netherlands in 2018 with an antenna hidden in a car. This is a logical evolution: all the advantages of Wifi-based hacking without ever leaving Russia. /fin https://www.wired.com/story/russian-spies-indictment-hotel-wi-fi-hacking/
=> More informations about this toot | View the thread
Adair found not only had Russian hackers jumped to the target network via wifi from a compromised network across the street, but also that the prior breach had also likely been carried out over wifi from a 3rd network in the same building—“daisy-chaining” wifi-based breaches. 3/4
=> More informations about this toot | View the thread
Security firm Volexity whose founder Steven Adair will speak about this at @CYBERWARCON today, calls it a "nearest neighbor attack." Adair spotted it in 2022 while investigating how hackers linked to the group APT28 had breached a customer network seeking intel on Ukraine. 2/4
=> More informations about this toot | View the thread
Russian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
=> More informations about this toot | View the thread
=> This profile with reblog | Go to agreenberg@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini