Security News This Week: How China Hacked US Phone Networks

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more.
Person's hands typing on smartphone
Photograph: Aleksandr Zubkov/Getty Images

How do you smuggle information into the USSR right under the nose of the KGB? Create your own encryption system, of course. That’s exactly what saxophonist and music professor Merryl Goldberg did during the 1980s. This week Goldberg revealed that she used musical notation to hide the names and addresses of activists and details of meetings on a rare trip to the Soviet Union. To do so, she cooked up her own encryption system. Each musical note and marking represented letters of the alphabet and helped disguise the sensitive information. When Soviet officers inspected the documents, no suspicions were raised.

Goldberg’s story was retold at the RSA Conference in San Francisco this week, where WIRED’s Lily Newman has been digging up stories. Also coming out of RSA: a warning that as ransomware becomes less profitable, attackers may turn to business email compromise (BEC) scams to make money—BEC attacks are already highly profitable.

Also this week, dark-web marketplace AlphaBay is about to complete its journey back to the top of the online underworld. The original AlphaBay site—home to more than 350,000 product listings, ranging from drugs to cybercrime services—was purged from the dark web in July 2017 as part of a huge law enforcement operation. However, AlphaBay’s second-in-command, an actor going by the name of DeSnake, survived the law enforcement operation and relaunched the site last year. Now AlphaBay is growing quickly and is on the verge of resuming its dominant dark-web market position.

Elsewhere, Apple held its annual Worldwide Developers Conference this week and revealed iOS 16, macOS Ventura and some new MacBooks—WIRED’s Gear team has you covered on everything Apple announced at WWDC. However, there are two standout new security features worth mentioning: Apple is replacing passwords with new cryptographic passkeys, and it’s introducing a safety check feature to help people in abusive relationships. Database firm MongoDB also held its own event this week, and while it might not have been as high-profile as WWDC, MongoDB’s new Queryable Encryption tool may be a key defense against preventing data leaks.

Also this week we’ve reported on a Tesla flaw that lets anyone create their own NFC car key. New research from the ​​Mozilla Foundation has found that disinformation and hate speech are flooding TikTok ahead of Kenya’s elections, which take place at the start of August. Elon Musk reportedly gained access to Twitter’s “fire hose,” raising privacy concerns. And we dove into the shocking new evidence televised by the House January 6 committee.

But that's not all, folks. Each week we round up the big security and privacy news we didn't cover ourselves. Click the links for the full stories, and stay safe out there.

For the past two years, state-sponsored hackers working on behalf of the Chinese government have targeted scores of communications technologies, ranging from home routers to large telecom networks. That’s according to the NSA, FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), which published a security advisory this week detailing the “widespread” hacking.

Since 2020, Chinese-backed actors have been exploiting publicly known software flaws in hardware and incorporating compromised devices into their own attack infrastructure. According to the US agencies, the attacks typically contained five steps. China’s hackers would use publicly available tools to scan for vulnerabilities in networks. They would then gain initial access through online services, access login details from the systems, get access to routers and copy network traffic, before finally “exfiltrating” victim data.

“Exploiting these vulnerabilities has allowed them to establish broad infrastructure networks to exploit a wide range of public- and private-sector targets,” the agencies say in their joint advisory.

Since the start of the war in Ukraine, Russia has been hacked at an unprecedented scale. Now, more than 100 days into the war, tensions around cyber activity are rising. On June 9, Russia’s Foreign Ministry said that its critical infrastructure and government bodies were being hit by cyberattacks and warned that it could lead to military confrontation with the West. “The militarization of the information space by the West, and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Foreign Ministry said in a statement. From the moment Russian troops entered Ukraine, questions have been raised about the potential for escalation if people outside of Ukraine are involved in cyberattacks against Russia. Last week, the head of US Cyber Command told Sky News that its military hackers have been involved in offensive operations that support Ukraine.

Phishing remains one of the most successful ways for criminals to break into people’s accounts and make money—and there’s no better example of this than a newly uncovered Facebook and Facebook Messenger phishing campaign. This week, security researchers at US firm PIXM revealed a huge network of at least 400 phishing pages that are raking in millions of views and have made its creators an estimated $59 million. The scam, which has been running since at least September 2021, directs people to false Facebook login pages where their credentials are hoovered up. What stands out, as noted by the Register, is that the phishing campaign has managed to avoid Facebook’s phishing detection methods more effectively than others.

So far in 2022, police and tech companies have been cracking down on cybercriminals with some success: Raidforums, ZLoader, and the dark-web market Hydra have all been shut down in recent months. That list got a little bit longer this week as the FBI and its international law enforcement took down a marketplace selling the personal information of around 24 million Americans, according to authorities. The SSNDOB marketplace, which was made up of four individual domains, was selling people’s names, dates of birth, and Social Security numbers. SSNDOB has existed for around a decade, and in 2013, details obtained from the organization were used in the takeover of Xbox Live accounts. It’s believed the website has made its unknown owners around $22 million since 2015.