It’s been a week since the world avoided a potentially catastrophic cyberattack. On March 29, Microsoft developer Andres Freund disclosed a backdoor he discovered in XZ Utils, a compression tool widely used in Linux distributions and countless computer systems around the world. This backdoor was inserted into the open source tool by an individual operating as “Jia Tan”, who had built a reputation as a trustworthy volunteer developer over many years of patient work. Security experts believe Jatan was the work of a nation-state actor, with clues pointing primarily to Russia, although the ultimate attribution of the attack remains unresolved.
In early 2022, a hacker known as “P4x” took down North Korea’s internet after North Korean hackers targeted him. This week, Wired magazine revealed the true identity of P4x: Alejandro Caceres, a 38-year-old Colombian-American. After successfully attacking North Korea, Caceres recommended to the U.S. military a “Special Forces” style offensive hacking team that would perform operations similar to those that made P4x famous. The Pentagon ultimately refused, but Caceres founded a startup, Hyperion Gray, and planned to further pursue his controversial approach to cyber warfare.
In mid-February, three undersea cables in the Arabian Sea were damaged, leaving millions of people without Internet access. Some have accused Yemen’s Houthi rebels of having been attacking ships in the area, but the group has denied sabotaging the cable. But insurgent attacks could still be to blame — albeit in a strange way. Wired’s analysis of satellite images, maritime data and more found that the cable was likely damaged by the stern anchor of a cargo ship bombed by Houthi rebels. The ship drifted for two weeks before finally sinking, with the cables intersecting the path of the damage.
The myth that Google Chrome’s incognito mode offers enough privacy protection can finally be busted. As part of a settlement over Google’s incognito privacy claims and practices, the company agreed to delete “billions” of records collected when users browsed in Incognito mode. It will also further clarify how much user data Google and third parties can collect when incognito mode is enabled and take further steps to protect user privacy. There are other privacy-focused browsers that can replace Chrome. But if you’re still using it, make sure you update it to patch some critical security holes.
But that’s not all. Each week, we round up security and privacy news that we don’t cover in depth ourselves. Click on the title to read the full article. And stay safe out there.
A 58-year-old hospital systems administrator pleaded guilty this week to U.S. federal charges after it was discovered that he had used another person’s name for more than 30 years. Matthew David Keirans allegedly stole William Woods’ identity in 1988 while the two were in New Mexico, according to the U.S. Attorney’s Office for the Northern District of Iowa Working on a hot dog cart in Albuquerque. Over the decades, Kellans obtained employment, bank accounts, loans and insurance, and paid taxes in Woods’ name. Kelance even has a child named Woods.
Meanwhile, the real William Woods reportedly learned in 2019 that someone was using his identity. At the time, Woods was homeless and living in Los Angeles. He contacted the bank where “William Woods” had an account and provided his actual Social Security card and California ID card to prove his identity. However, he was unable to answer security questions to gain access. The bank called Kellans, who was pretending to be Woods, and Kellans convinced bank employees that the real Woods should not have access to the accounts. After Kelance provided false documents and information to police, the Los Angeles Police Department arrested the real Woods and charged him with identity theft.
In a nightmarish twist, during the legal proceedings, the real Woods accurately insisted that “William Donald Woods” was his true identity, prompting a court to order him committed to a mental hospital. The real Woods ultimately spent 428 days in jail and 147 days in a mental hospital before being released.