Wired Security Spoken Edition

In offices and universities all across the country Thursday, the same threat appeared in email inboxes: Pay $20,000 worth of bitcoin, or a bomb will detonate in your building. Police departments sent out alerts. Workers from Los Angeles to Raleigh, North Carolina, evacuated their cubicles in the middle of the day. All over Twitter, people posted screenshots of the emails, many different versions of which appear to have been blasted out. Learn about your ad choices: dovetail.prx.org/ad-choices

This has not been Facebook's proudest year for privacy and security. The company faced the massive Cambridge Analytica data misuse and abuse scandal in April and beyond. It also disclosed its first data breach in October, which compromised information from 30 million accounts. But Facebook has at least one security-focused bright spot it can point to in 2018: its bug bounty. Bug bounties are programs that let security researchers submit potential flaws and vulnerabilities in a company's software. Learn about your ad choices: dovetail.prx.org/ad-choices

The massive data breach that affected 500 million Marriott customers feels like a recent event, given that the company just discovered and disclosed it over the last four months. But it's important to remember that the attack began much earlier, especially as Reuters and others have reported that state-sponsored Chinese hackers were behind it. If that attribution holds up, China's broader hacking campaign against the US in 2014 will go down as a historic assault. Learn about your ad choices: dovetail.prx.org/ad-choices

We are deep into the worst case scenarios. But as new sentencing memos for Trump associates Paul Manafort and Michael Cohen make all too clear, the only remaining question is how bad does the actual worst case scenario get? The potential innocent explanations for Donald Trump’s behavior over the last two years have been steadily stripped away, piece by piece. Learn about your ad choices: dovetail.prx.org/ad-choices

In October, Google dramatically announced that it would shut down Google+ in August 2019, because the company had discovered through an internal audit (and a simultaneous Wall Street Journal exposé) that a bug in Google+ had exposed 500,000 users' data for about three years. Maybe it should have pulled the plug sooner. On Monday, Google announced that an additional bug in a Google+ API, part of a November 7 software update, exposed user data from 52.5 million accounts. Learn about your ad choices: dovetail.prx.org/ad-choices

Nearly after a month after the midterm elections, details on a hack of the Republican National Congressional Committee reveals that meddling in the midterms was much worse than it seemed on election day. The hack probably should have been the biggest news of the week, but for a little distracting—and important!—thing called the Mueller probe. Learn about your ad choices: dovetail.prx.org/ad-choices

Australia's parliament passed controversial legislation on Thursday that will allow the country's intelligence and law enforcement agencies to demand access to end-to-end encrypted digital communications. This means that Australian authorities will be able to compel tech companies like Facebook and Apple to make backdoors in their secure messaging platforms, including WhatsApp and iMessage. Learn about your ad choices: dovetail.prx.org/ad-choices

I first came across the imposter Facebook page by accident. The page was made to look like that of my employer, Vietnam Veterans of America, complete with our organization's registered trademark and name. As an Iraq veteran and the office’s designated millennial policy guy, I was helping run VVA's social media accounts. Learn about your ad choices: dovetail.prx.org/ad-choices

As the founder and director of a nonprofit animal shelter on the East Coast, Alana has spent most of the past decade caring for pets that might otherwise be euthanized. Her work also resonates with people online—the Facebook page for the shelter has more than 1.3 million followers. But in August, she noticed something strange: A series of unfamiliar posts began appearing on the page, and no one at the shelter could say where they were coming from. Learn about your ad choices: dovetail.prx.org/ad-choices

Though sporadic hacker intrusions and phishing campaigns targeted political entities in the lead-up to November's midterm elections, things seemed pretty quiet overall on the election-meddling front in the US. Certainly no leaks or theatrics rose to the level of Russia's actions during the 2016 presidential election. But a belatedly revealed breach of the National Republican Congressional Committee shows just how bad the attack on the 2018 election really was. Learn about your ad choices: dovetail.prx.org/ad-choices

It sounds good in theory. A bill introduced last week by two members of the New York City Council would punish people who send harassing, sexually explicit photos and videos with up to a year of jail time or a $1,000 fine. One unfortunately growing trend the bill hopes to thwart? "Cyber flashing," a type of digital harassment where creeps use Apple's AirDrop feature to send dick pics and other lewd images straight to the home screens of unsuspecting strangers via Bluetooth and Wi-Fi. Learn about your ad choices: dovetail.prx.org/ad-choices

The push to encrypt traffic throughout the web has resulted in safer and more secure browsing across millions of sites. But not everywhere uses the so-called Transport Layer Security that keeps HTTPS-enabled sites safe from prying eyes. Including, it turns out, Apple’s iTunes and iOS App Store infrastructure, which runs its downloads over unencrypted connections. Typically you can tell when a website uses HTTPS encryption by the little green padlock on the left side of the URL bar. Learn about your ad choices: dovetail.prx.org/ad-choices

By now, you’ve probably heard of PewDiePie, a Swedish comedian and video game commentator who has been the most followed creator on YouTube for years. But you might not be as familiar with T-Series, an almost equally popular Indian media company. For months, T-Series and PewDiePie, whose real name is Felix Kjellberg, have been dueling over who will be the king of YouTube. In October, PewDiePie even released a diss track about T-Series, which has been viewed more than 47 million times. Learn about your ad choices: dovetail.prx.org/ad-choices

Early Friday morning, the hotel behemoth Marriott announced a massive hack that impacts as many as 500 million customers who made a reservation at a Starwood hotel. Marriott acquired the Starwood hospitality group in September 2016, which operates numerous hotel brands including Sheraton, Westin, Aloft, and W Hotels. But the intrusion that caused the enormous data breach predates Marriott's acquisition, beginning in 2014. Learn about your ad choices: dovetail.prx.org/ad-choices

Tension has existed for decades between law enforcement and privacy advocates over data encryption. The United States government has consistently lobbied for the creation of so-called backdoors in encryption schemes that would give law enforcement a way in to otherwise unreadable data. Meanwhile, cryptographers have universally decried the notion as unworkable. But at a cybercrime symposium at the Georgetown University Law School on Thursday, deputy attorney general Rod Rosenstein renewed the call. Learn about your ad choices: dovetail.prx.org/ad-choices

Just a little over two hours separated President Trump angrily tweeting, “Did you ever see an investigation more in search of a crime?” and special counsel Robert Mueller announcing his latest evidence of new crimes Thursday morning. Former Trump lawyer Michael Cohen pleaded guilty for lying to Congress about the status of the real estate developer’s hotel deal in Moscow. Learn about your ad choices: dovetail.prx.org/ad-choices

The port of San Diego. The city of Atlanta. Kansas Heart Hospital. Those are just a few of the more than 200 municipalities, universities, hospitals, and other targets that have fallen victim to SamSam, a pernicious strain of ransomware that has spent the past three years rampaging throughout the US. On Wednesday, the Justice Department indicted two Iranian men allegedly behind the attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

In recent years, hacks against the power grid have gone from a mostly theoretical risk to a real-world problem. Two large-scale blackouts in Ukraine caused by Russian cyberattacks in 2015 and 2016 showed just how feasible it is. But grid hacking comes in less dramatic forms as well—which makes Russia's continued probing of US critical infrastructure all the more alarming. Learn about your ad choices: dovetail.prx.org/ad-choices

History may show that Monday ranks among the most consequential days yet of Robert Mueller’s 18-month special counsel investigation into Russian interference in the 2016 presidential election. Learn about your ad choices: dovetail.prx.org/ad-choices

Here's an easy thing you can do right now to improve your digital security hygiene. Pull out your iPhone, open Settings, go into the Siri settings, and turn off Access When Locked. That's it! Do it on your iPad while you're at it. Go ahead and do it for your family and friends, too, at holiday functions when you need to deflect personal questions. Everybody wins! In the battle of the smart assistants, every tech giant hopes to hook you on its voice-activated helper. Learn about your ad choices: dovetail.prx.org/ad-choices