Controversial gunshot-detection company ShotSpotter has deployed more than 25,000 microphones across 170 cities worldwide. This week, WIRED and South Side Weekly revealed the company may continue to provide gunshot data to police in cities even after contracts have ended. Internal emails seen by the publications suggest ShotSpotter sensors may have stayed online despite law enforcement deals having expired, raising questions about what will happen to 2,500 microphones in Chicago when its contract runs out at the end of the year.
Elsewhere, Change Healthcare finally admitted to paying a ransom to the AlphV hackers, also known as BlackCat, that extorted the medical company. Weeks ago, WIRED revealed the attackers were paid $22 million, one of the largest ransomware payments ever. However, in a statement this week the company admitted for the first time that it paid the ransom as part of its effort “to do all it could to protect patient data from disclosure.” Some of that data still found its way onto the dark web.
In another successful grift, researchers have found animators in North Korea creating artwork for major Hollywood studios. A misconfigured North Korea cloud server, discovered at the end of last year, contained thousands of animation files, notes, and working documents for productions of shows that stream on Amazon Prime Video and Max. The companies likely didn’t know workers from the Hermit Kingdom were creating the artwork, but it’s another example of how North Korea is using skilled workers to circumvent sanctions and make the regime money.
Meanwhile, Cisco revealed this week that some of its devices, named Adaptive Security Appliances, have been targeted by state-sponsored hackers who leveraged two unknown vulnerabilities in the systems. The assault, named ArcaneDoor, seems to have had an espionage focus and sources believe that the attackers may be China’s state-supported hackers.
The November presidential elections may be a considerable time away, but the upcoming US president will have increased surveillance capabilities. This week Joe Biden endorsed a contentious bill extending and strengthening Section 702 of the Foreign Intelligence Surveillance Act. FISA authorizes intelligence agencies to gather Americans’ calls, emails, and more when seeking foreign intelligence. Detractors argue that the revisions are “a gift to any president who may wish to spy on political enemies.”
That’s not the end of it. We compile the security and privacy updates every week that we didn’t extensively cover ourselves. Please click the headlines to read the full stories. Protect yourself out there.
In January, an Instagram account in Baltimore, Maryland, published a supposed audio recording of local school principal Eric Eiswert making racist and antisemitic comments. In response, Baltimore County Public Schools promptly launched an investigation into the incident. However, this week, police arrested a previous athletic director at Pikesville High School after they stated he employed artificial intelligence software to produce the fraudulent audio clip of Eiswert. The audio included comments about “ungrateful Black kids” and derogatory remarks directed toward the Jewish community.
Dazhon Darien, the former staff member, was arrested after being stopped in possession of a gun at an airport when officials saw there was an outstanding arrest warrant, the Baltimore Banner reported. The media organization reports that Darien was charged with disrupting school activities and stalking. The fake clip was allegedly made in retaliation for the principal investigating Darien over irregular payments to his roommate.
Matt Jancer
Boone Ashworth
David Nield
Scott Gilbertson
Police reports, the Banner says, indicate that the audio clip had a “profound” impact on the school principal. “It not only led to Eiswert’s temporary removal from the school but also triggered a wave of hate-filled messages on social media and numerous calls to the school,” police reports said.
Voice-cloning technology, which can fall under the broader banner of deepfake technology, has rapidly improved within the last year. Cloning tools can recreate someone’s voice to a relatively realistic level using just a few seconds of real audio. The systems have increasingly been used to impersonate politicians and scam people over the phone.
Your car knows a lot about you—from where and how you drive, to your weight and how you sit. This week, following a series of revelations from New York Times reporter Kashmir Hill, General Motors announced it will end its “Smart Driver” program and unenroll all customers. Until the reports from the Times, GM was sharing data with data brokers LexisNexis and Verisk, which shared it with insurers and led to high payments for some people. The OnStar Smart Driver program had been designed to promote safer driving, GM said. However, many people were not aware they had been enrolled in the system. Ten lawsuits have been filed so far about the Smart Driver program and how it shared data.
In January 2020, Google announced it would discontinue third-party cookies from Chrome within two years, joining other browsers like Safari, Brave, Firefox in eliminating this tracking technology. Now, in April 2024, Google has delayed this change for a third time and stated it willtake place in 2025. Google’s proposed cookie substitute has undergoneclose examination by UK’s competition and privacy regulators, with some critics suggesting cookies are simply being replaced by another tracking device and this could further profit Google’s ad business.
Keonne Rodriguez and William Lonergan Hill, founders of crypto-mixing service Samourai Wallet, wereindicted by US prosecutors this week on accusations of operating an unlicensed money transfer business and plotting to launder money. The firm handled $2 billion in “illegal transactions” and “enabled more than $100 million in money laundering,”as per Damian Williams, the US Attorney for the Southern District of New York, among other detectives. Each charge can lead to a maximum of 20 years in prison. This decision comes as US prosecutors attempt to control crypto mixing services, which could be employed to conceal capital or facilitate illegal activities. Bitcoin Fog, Helix, and Tornado Cash have seenconsequences in recent years.
The Citizen Lab of the University of Toronto uncoveredsecurity weaknesses this week in eight Chinese keyboard apps that have the potential of leaking anything typed. They believe this could affect up to a billion people. The researchers scrutinized apps from key tech companies and phone manufacturers like Baidu, Honor, Huawei, Samsung, and Tencent. “The majority of these vulnerable apps could be exploited simply by a passive network eavesdropper,” the teamnotes, stating most of the affected companies patched the vulnerabilities upon notification.