Security News This Week: Verizon Reportedly Wants a $1 Billion Discount on the Yahoo Deal
Remember that Yahoo hack that compromised half a billion email accounts? Verizon does, too. And according to the New York Post, Big Red wants a billion-dollar discount on its $4.8 billion takeover offer for the lack of disclosure and general headache that comes with one of the biggest breaches in history. And that’s just one Yahoo story this week!
In the other, a Reuters report revealed that Yahoo had given law enforcement access to its email servers, allowing the NSA or FBI to scrape the emails of its users looking for a specific string of characters. The controversial acquiescence reinforced that encryption can create its own unique set of tensions. Though not for Facebook, apparently; the company flipped the switch on end-to-end encryption for Messenger this week, and that is something you should definitely use.
Elsewhere it was a week of leaks and hacks, hacks and leaks. A group called OurMind hacked Buzzfeed over an exposé of its members (or member, as it turns out). A purported hack of the Clinton Foundation turned out to be bogus, though it still fulfilled its likely goal of sowing disinformation. A security contractor not named Snowden has been charged with sneaking top-secret documents out of the NSA. And in another case of déjà vu, the feds want to crack another dead terrorist’s locked iPhone.
Meanwhile, online porn’s about to get safer, Trump continues to say worrying things about “the cyber,” Silk Road proprietor Ross Ublricht might end up with less than a life sentence, and we made a plea for transparency in the clemency system.
And there’s more: Each Saturday we round up the news stories that we didn’t break or cover in depth but still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Yahoo’s fortunes have not improved this week, based on a New York Post report that Verizon wants a $1 billion markdown on its $4.8 billion agreement to buy the ailing tech giant. The move comes after news two weeks ago that Yahoo had been hacked in 2014—compromising data from an astonishing 500 million accounts—and a report this week that the company had been scanning its email users’ messages since 2015 for specific search terms chosen by US law enforcement. The goal of the deal is to unite Verizon-owned AOL and Yahoo to compete with the ad businesses of Facebook and Google, but the Post’s sources say that AOL CEO Tim Armstrong has reservations about going through with the purchase given so much bad news from Yahoo. Verizon could just be angling for a lower sale price, but the company certainly has some leverage given the intensity of the negative news surround Yahoo.
Remember that NSA contractor who took secret docs? He may not have actually leaked them. Though he did violate information security protocols by bringing classified data home, he doesn’t seem to have a political or other motive to leak and is known for being extremely invested in his NSA job. His ex-wife also tells the New York Times that he is “a bit of a hoarder.” As one administration official put it, “Let’s just say he’s only a psycho hoarder and he keeps this stuff with his old copies of National Geographic and his collection of lunchboxes. … That’s still extremely troubling to anyone in national security.”
Good news for anyone who has been plagued by scam calls claiming to be from the IRS: On Wednesday, Indian police arrested 70 people who were managing about 700 call-center workers where thousands of calls per day tricked Americans out of money. The callers would contact US numbers and tell whomever picked up that they owed additional taxes. The callers would threaten people with arrest or prison if they didn’t pay. Though it’s not yet clear how much money the scam made, it was clearly doing well enough to attract and retain hundreds of English-speaking callers. The Treasury Inspector General for Tax Administration says it has gotten over 1.7 million complaints about these types of scams in the last three years, and says that 8,800 victims have been swindled out of more than $47 million. Indian police are investigating the role of the 70 alleged managers as well as the potentially criminal involvement of the hundreds of callers.
Trend Micro has discovered a family of rotten apps that snuck its way into Google Play, including one that’s been downloaded at least 100,000 times. The malware, known as “DressCode,” gives attackers access to networks devices connect to. That’s especially bad for smartphones hooked into their business networks. With the kind of access DressCode can enable, hackers can steal data, attack servers, or recruit devices for botnets.
Google has reported taken “necessary steps to remove the compromised apps,” which included games, phone performance boosters, and more. “Mod GTA 5 for Minecraft PE” appears to have been the breakout star, with between 100,000 and 500,000 downloads. A Trend Micro screenshot shows it had a three-star rating before it was removed.
The bridge and tunnel crowd already has to deal with the twin horrors of terrible traffic and being a frequent punchline. Add to that list of woes facial recognition cameras, part of Governor Andrew Cuomo’s sweeping plans to revitalize New York City’s entrance and exit points. “At each crossing, and at structurally sensitive points on bridges and tunnels, advanced cameras and sensors will be installed to read license plates and test emerging facial recognition software and equipment,” says the governor’s statement, which leaves out little details like who can access the images, how and where they’ll be stored and secured, and whether he’s had a chance to run this by civil liberties groups.