A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

As 2020 comes to a close, it is perhaps only fitting that the US government and private sector are both scrambling to grasp and mitigate the fallout of a massive hacking spree widely attributed to Russia. There will be more news to come about the SolarWinds supply chain attack and possible other elements of the extensive campaign, but in the meantime officials, security practitioners, and researchers are all puzzling over questions of where to draw the line on global espionage and how to deter destructive and otherwise unacceptable hacking.
To understand where things stand today, it's important to take a look back at the Trump administration's approach to cybersecurity policy, its merits (some of them accidental), and its shortcomings. Read on below for president-elect Joe Biden's first substantive commentary on how his administration may approach the increasingly crucial, yet tricky, question of how to enforce effective global norms in cyberspace.

And there's more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there!

International Takedown Shutters ‘Favorite’ Criminal VPNOn Tuesday, Europol, the US Department of Justice, and other international law enforcement agencies announced a coordinated sting against a virtual private network, Safe-Inet, which is popular with ransomware groups, spearphishers, and stolen data vendors. The effort involved seizing three domains used to distribute the VPN—safe-inet.com, safe-inet.net and insorg.org—and neutering other parts of its infrastructure, so users can't access the service and visitors to the sites simply see law enforcement notifications of their removal. Officials did not provide details about which hacking groups used the VPN, but they said it specialized in “bulletproof” protection, meaning the VPN was tailored to supporting uninterrupted criminal campaigns and ignoring or attempting to diffuse abuse complaints and even law enforcement requests. “Criminals can run, but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them,” Edvardas Šileris, head of Europol’s European Cybercrime Centre, said in a statement.
Reporters Hit With iMessage Exploit and Likely NSO Group SpywareNew research from Citizen Lab at University of Toronto's Munk School of Global Affairs and Public Policy indicates that suspected government hackers out of Saudi Arabia and the United Arab Emirates compromised the personal smartphones of 36 Al Jazeera journalists and one from Al Araby TV. The targeted campaign used an interaction-less or “zero-click” iPhone exploit for the initial attack, a hacking technique that is particularly dangerous because it requires no input from the target and is therefore difficult to defend against. The hackers then used a notorious piece of NSO Group spyware, known as Pegasus , to deeply compromise and surveil the victims' data and digital activity. The exploit chain, dubbed Kismet, affected iOS 13.5.1 and the iPhone 11, which was current at the time of the attacks, along with other iOS versions and iPhones. It is not believed to impact iOS 14.
Incendiary Election-Fraud Website Attributed to IranThe Department of Homeland Security and the Federal Bureau of Investigation have connected a website titled “Enemies of the People” to Iranian actors. The site included information like supposed addresses of state and federal election officials, including FBI director Christopher Wray, and voting equipment makers. The purpose was to promote accusations that the individuals caused President Donald Trump's loss in the recent US presidential election. The website is no longer accessible, but it formerly included photos of the featured targets superimposed with bull’s eyes. Though Russian actors have been back in the news lately, Iranian hackers have been active throughout 2020 and had a particular focus on the US presidential campaign season.
President-Elect Biden Comments on SolarWinds Supply Chain AttackPresident-elect Joe Biden gave the first hints about how his administration might approach cybersecurity issues and digital espionage on Tuesday. During an address in Wilmington, Delaware, Biden criticized the Trump administration for hanging back on making a public attribution about the perpetrators in the SolarWinds supply chain attack. He also said that the Department of Defense has limited the briefings the Biden transition team receives about the situation, “so I know of nothing that suggests it’s under control.” Biden added, "Cyberattacks must be treated as a serious threat by our leadership at the highest level. That means making clear … who’s responsible for the attack and taking meaningful steps to hold them to account." The incoming president also said that his administration will work to establish “international rules of the road on cybersecurity."
  • 📩 Want the latest on tech, science, and more? Sign up for our newsletters !

  • Get rich selling used fashion online—or cry trying

  • The 8 best books about artificial intelligence to read now

  • Hold everything: Stormtroopers have discovered tactics

  • I tested positive for Covid-19. What does that really mean ?

  • Gift ideas for people who just need a good night’s sleep
  • 🎮 WIRED Games: Get the latest tips, reviews, and more

  • 🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones