Sec jfk taxis 978846126

Russians hacked JFK airport taxi dispatch into a queue-jumping scheme

This week, following a new wave of chaos on Twitterwe dived exactly why the public needs real-time flight tracking, even though Elon Musk claims it’s the equivalent of doxing. The crucial transparency provided by this publicly available data far outweighs the limited privacy value that censorship would give to the world’s rich and powerful. Unfortunately, threats of legal action from Musk against tracker developer @ElonJet are having wider chilling effects.

Meanwhile, Internet blackouts in Iran, a response to widespread civil rights protests,they are sabotaging the country’s economy, according to a new assessment by the US State Department. Due to heavy sanctions against Iranian entities, the exact economic impact of Internet blackouts in Tehran is difficult to calculate. But experts agree it’s not good.

You may have come across Flipper Zero in a recent viral TikTok video, but don’t believe everything you see. Dhruv Mehrotra from WIRED got his hands on the handheld device, which packs a series of antennas that allow you to copy and transmit signals from all kinds of devices, such as RFID chips, NFC cards and more. We found that while Flipper Zero can’t, for example, withdraw money from an ATM, it does allow you to do many other things that could get you into trouble. But most importantly, it allows you to see the radio wave-filled world around you like never before.

But that is not all. Every week we round up the security stories we haven’t dug into ourselves. Click on the titles to read the full stories. And stay safe out there.

Russians hacked New York airport taxi dispatch

Between long hours, medallion costs, and the rise of Uber and Lyft, the life of a New York City cab driver is tough enough. Now it appears that the Russian hackers, and a couple of their enterprising partners in Queens, were trying to get their share of those drivers’ fares.

According to prosecutorsTwo men from Queens, Daniel Abayev and Peter Leyman, have been working with Russian hackers to gain access to the taxi dispatch system for New York’s JFK airport. They then allegedly created a group chat where drivers could secretly pay $10 to skip the sometimes hours-long line to be assigned to a pickup—about a fifth of the $52 flat rate passengers pay for rides from airport to other parts of New York. The indictment against the two men does not name the Russians or detail exactly how they gained access to JFK’s mailing system. But he notes that since 2019, Abayev and Leyman have allegedly schemed to gain access to the system by multiple methods, including bribing someone to insert a malware-laden USB drive into one of the shipping operators’ computers, gaining unauthorized access. to their systems via Wi-Fi and by stealing one of their tablets. “I know the Pentagon has been hacked,” Abayev wrote to his Russian contacts in November 2019, according to the indictment. “So, we can’t hack the taxi industry[?]”

Before the program was shut down, prosecutors say it allowed up to 1,000 fraudulent line hops a day for drivers,

Cyber ​​Command hit Russian and Iranian hackers during US midterm

It’s hardly a secret that Cyber ​​Command, the more cyber-attack-focused sister organization to the NSA, is often engaged in “forward hunting,” as Cybercom director Paul Nakasone has described it. This means preemptively hacking into foreign hackers to disrupt their operations, often before an event like a US election. So maybe it’s no surprise, like The Washington Post reports that Cybercom targeted Russian and Iranian hackers during the 2022 midterm elections. It’s not clear exactly how those hackers were stopped, but an official told the To send that operations typically go after the basic tools hackers use to operate, including their computers, Internet connections, and malware. In some cases, foreign malware is discovered by Cybercom overseas and shared with potential targets in the United States to make it more easily detectable.

While foreign hacking of US elections has declined since its peak in 2016, when Russia hacked the Democratic National Committee, the Clinton campaign, and many other targets, it has by no means disappeared. Cybersecurity firm Mandiant reported this week that Russia’s military intelligence agency GRU appears to have targeted election websites with distributed denial-of-service attacks during the midterm elections, despite cyber efforts. command.

Swatter hacked ring cameras to surveil the victims, police say

Federal prosecutors on Monday charged two men, one from Wisconsin, the other from North Carolina, with allegedly participating in a swatting program that, over the course of a week, targeted the owners of more than one dozen compromised Ring security cameras. According to the indictment, Kya Christian Nelson, 21, and James Thomas Andrew McCarty, 20, used login credentials from leaked Yahoo accounts to access the Ring accounts of people across the country. The defendants then allegedly phoned false reports to law enforcement agencies claiming dispatchers that a violent incident was taking place at the victim’s home, and then streamed the police response to the hoax. In several of the incidents, the two men taunted police officers and victims who responded through the microphone of the Ring device, according to the indictment.

Nelson, who went by the name “ChumLul,” is currently incarcerated in Kentucky in an unrelated case. McCarty, known by the alias “Aspertaine,” was arrested last week on federal charges filed in the District of Arizona. Nelson and McCarty are both accused of conspiring to intentionally access computers without authorization. Nelson was also charged with two counts of willfully accessing a computer without authorization and two counts of aggravated identity theft. If convicted, each of them could face up to five years in prison, with Nelson facing another seven years on the additional charges.

Netflix will limit password sharing early next year

In March 2017, Netflix tweeted a simple message: “Love is sharing a password.” Now, five years later, that feeling is coming to the end of her life. According to a Wall Street Journal relationship this week, the streaming service plans to crack down on password sharing in early 2023. Netflix has been testing ways to prevent households in Latin America from sharing passwords throughout 2022, and the report suggests it’s ready to expand the measures . Netflix says over 100 million viewers watch its TV shows and movies using other people’s passwords and wants to convert those views into cash. “Make no mistake, I don’t think consumers are going to love it right off the bat,” the magazine Netflix co-CEO Ted Sarandos told investors earlier this year. Elsewhere, the The British Government’s Intellectual Property Office has confirmed this believes that sharing passwords for online streaming services may violate copyright laws. However, it is unlikely anyone will ever be prosecuted.

Images of Roomba’s AI training data have been leaked on social media

The Roomba J7 home robot uses “PrecisionVision Navigation” to avoid objects in the house, such as piles of clothes on the floor or accidental piles of dog poop. The robot is able to do this in part using a built-in camera and computer vision. However, how MIT Technology Review reported This week, gig economy workers in Venezuela posted photos of the robots online, including an image of a woman on the toilet. The photos and video were captured by a development version of the J7 robot in 2020 and shared with a startup that hires workers to label images, helping train computer vision systems. Those using the development machines had agreed to have their data shared. The maker of Roomba iRobot, which was bought by Amazon, said it was terminating its contract with the startup that leaked the images and was investigating the incident. However, the incident highlights some of the potential privacy risks with the vast data sets used to train AI applications.

Facial Recognition Gets Lawyer Started By Radio City Music Hall

All Kelly Conlon wanted to do was watch the Rockettes with her daughter’s Girl Scout troop. But thanks to a facial recognition system operated by Madison Square Garden Entertainment, she Conlon was summarily ejected from Radio City Music Hall because she was unknowingly banned from the venue. The problem, according to MSG Entertainment, is that Conlon is an attorney at a law firm who is currently engaged in litigation against the company. (Lei Conlon said she is not personally involved in that litigation.) “They knew my name before I told them. They knew the company I was associated with before I told them. And they told me I wasn’t allowed to be there,” Conlon told NBC New York. MSG Entertainment, meanwhile, defended the lawyer’s expulsion as necessary to avoid an “inherently adverse environment.” adds to concerns over the use of facial recognition technology, which remains so underregulated that a company can use it to punish its enemies.Happy Holidays!