Hackers Threaten Release of Planned Parenthood Data: What You Need to Know

Your devices may be revealing a lot more about your life than you realize.

During the Democratic National Convention in Chicago last month, we embarked on an experiment to discover how much data is circulating unseen around us. Equipped with a fanny pack filled with radios, a hotspot enhanced with code from the Electronic Frontier Foundation, and an Android phone equipped with the app Wiggle, WIRED reporters captured signals from around 300,000 devices at and near the DNC. This collection process showed over 2,500 police body cameras, disclosing the deployment strategies of the Chicago Police Department during protests and unveiling the surveillance potentials of our personal gadgets used by both police and protesters.

Thanks to a content moderation litigation, Elon Musk’s X has been unavailable in Brazil for the past week. Unlike authoritarian nations like Iran that have tight control over internet channels, Brazil’s fragmentation across about 20,000 ISPs complicates efforts to fully block a social network, making the process highly disorderly.

On the topic of Musk’s ventures, SpaceX is expanding its clientele for the Starlink satellite internet service to include the United States Navy. Beyond connecting sailors to loved ones, Starlink aims to ensure global connectivity for US warships.

Russia’s military intelligence agency, GRU, is known for having some of the most aggressive hacking teams on the planet. Now, it’s added a new one: GRU Unit 29155—a unit notorious for coup attempts, bombings, and other physical attacks—has a cyber warfare team of its own, according to the US and other Western governments. Dubbed Cadet Blizzard, the hacking team is said to have carried out attacks against Ukraine using destructive Whispergate malware, defaced Ukrainian government websites, and leaked information while posing as a hacktivist group. It all adds up to more evidence of the increasingly blurry lines between cyber and kinetic warfare.

Activists in Japan have been waging a pressure campaign against a company many people don’t know exists. The FANUC Corporation makes industrial robots, which are used for a wide variety of purposes. The activists claim this includes weapons manufacturing—specifically weapons used by Israel in its war in Gaza—and believe the company is violating export laws and its own policies. (FANUC denies both accusations.) Whatever the case, the controversy reveals how difficult it can be to untangle ethical issues from a global supply chain.

Health care companies are among the biggest targets for criminal hackers. But sometimes, the security issues come from the inside. Therapy sessions and other sensitive patient records were recently left exposed in a misconfigured database operated by Confidant Health, which provides addiction recovery care and other mental health services. The company says it secured the database immediately after a researcher alerted them to the fact that it was publicly accessible online, but it’s still a reminder of just how many of our deepest secrets can find their way into the open by accident.

Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned thanks to a cryptographic flaw that can’t be patched. The company has rolled out some mitigation measures—and the attack itself is relatively difficult to pull off. But it may be time to invest in a new dongle.

Every week, we highlight the security and privacy incidents that we couldn’t cover in detail. Click on the headlines to explore the full articles and remember to stay guarded.

In late August, the ransomware collective known as RansomHub reportedly infiltrated the networks of Planned Parenthood’s Montana operations. This week, the organization confirmed a “cybersecurity incident” occurred on August 28, leading to immediate network isolation and law enforcement notification by the staff.

A few days following the attack, RansomHub announced responsibility, threatening to leak 93 GB of data on their website. The specifics of the information the group might have accessed remain vague, but Planned Parenthood facilities often contain extensive confidential patient data, such as details related to abortion services. A similar attack in 2021 affected approximately 400,000 Planned Parenthood patients in Los Angeles. Read more about that incident here.

Recently, RansomHub has risen to prominence among ransomware-as-service providers, especially after the law enforcement takedown of LockBit. An FBI and Cybersecurity and Infrastructure Security Agency alert issued in late August describes the group as “efficient and successful,” having compromised data from at least 210 victims since its inception in February. This group employs a dual-threat tactic of both encrypting victim systems and stealing data to leverage against them.

The notorious scammers based in Nigeria, often referred to as the Yahoo Boys, are involved in a variety of fraudulent activities ranging from romance scams to impersonating FBI agents. However, their participation in sextortion schemes has emerged as particularly malicious. Recently, the Nigerian brothers Samuel Ogoshi and Samson Ogoshi received sentences of over 17 years in a US prison for conducting sextortion scams, marking a significant legal action as it’s the first prosecution of Nigerian scammers for sextortion in the US, according to the BBC.

The Ogoshi brothers, who entered guilty pleas earlier in April, have been linked to the tragic death of 17-year-old Jordan DeMay. The young man committed suicide six hours after beginning an interaction on Instagram with the scammers, who masqueraded as a girl. After tricked into sending them explicit images, the scammers extorted him for hundreds of dollars under the threat of publishing the images online. The brothers reportedly sexually exploited and extorted over 100 victims, including at least 11 minors, contributing to the witnessed surge in sextortion cases in recent years.

Meanwhile, the US Commerce Department has recently prohibited the sale of Kaspersky’s antivirus tools amidst national security worries linked to the Russian government—a claim Kaspersky has repeatedly denied. Following this, Kaspersky announced it would shut down its US operation. The cybersecurity firm Pango Group has decided to acquire Kaspersky Lab’s US antivirus customers, which involves approximately 1 million users who will transition to Pango’s Ultra AV software, as stated by Axios.

For a long time now, the EU has been working to implement new child protection laws that would involve scanning private chats for child sexual abuse material—a move that could potentially weaken encrypted messaging services that ensure privacy for a vast user base. Although initially put on hold, the so-called “chat control” legislation has resurfaced on the EU agenda. Despite the Hungarian presidency’s push for its approval by October, significant opposition remains.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

YubiKeys: The Security Gold Standard with a Cloning Vulnerability

Next Article

Top Dragon Age Book Deals to Snatch Before the Release of Dragon Age: The Veilguard

Related Posts