Security News This Week: Reddit Bans Its Home for Dark Web Discussions
Hard as it is to believe, it was only a week ago that reports first broke—in The Guardian and The Observer, along with The New York Times—that Trump-affiliated data company Cambridge Analytica harvested the data of 50 million unwitting Facebook users to create so-called psychographic political ads. Were we ever so young!
The Cambridge Analytica story only got worse, as an undercover sting video from the UK’s Channel 4 News showed company executives discussing extortion, fake news, and other unsavory tactics. Cambridge CEO Alexander Nix later denied engaging in that sort of activity, but the company has suspended him, pending further investigation.
If all of this has left you worried about Facebook and your data, which it should, here’s our complete guide to protecting privacy on your account—or deleting it altogether.
Believe it or not, there was non-Facebook news this week too! (Although if you want even more Facebook news, here’s a comprehensive guide to our coverage.) Google’s sister company Jigsaw introduced a free, homebrew VPN called Outline that makes private browsing easy. And Google itself rolled out a set of tools to keep its cloud clients safe, including from their own misconfiguration messes.
Tumblr Friday also finally came clean about the Russian propagandists who flooded its platform during the 2016 election, months after Facebook, Twitter, and Google testified before Congress about their comparable woes. In other election news, the stars may have finally aligned for people to stop talking about how to secure the vote and actually start taking concrete action.
Also Friday, the US has indicted nine Iranians for a sweeping string of cyberattacks against hundreds of universities around the world. And as we hurtle toward the technological future, let Meltdown and Spectre be a reminder of the tremendous costs of getting things wrong.
But, wait, there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
To buy drugs on the dark web, you’ve got to fire up the ol’ Tor browser and know where to look. To talk about the dark web, you just had to head to Reddit’s r/DarkNetMarkets community for the latest Alphabet gossip. That is, until Wednesday, when Reddit shut it and related subreddits down, citing policy violations. That’s over 160,000 dark web fans suddenly without a public watering hole. Which, in the long run, might save everyone from some subpoena hassles down the road anyway.
The city of Atlanta fell victim to a ransomware rampage Thursday that hobbled city services and may have put people’s financial accounts at risk. It’s unclear whether the city was specifically targeted, or was caught up by a particularly virulent ransomware strain. On Friday, City Hall employees were told not to turn on their computers, and the Atlanta airport shut off the Wi-Fi in response.
After spending a heartbeat or two as national security advisor, H.R. McMaster is out of the Trump administration. Former United Nations ambassador John Bolton is in. There’s not much more to say here, other than to note that John Bolton seems open to if not outright encouraging of entering the United States into wars with any number of adversaries, including Iran and North Korea. So, you know, buckle up.
It can be hard out there for security researchers. The very nature of their work—poking around the sensitive code of companies—exposes them to potential legal liability. Dropbox this week has given them a safe harbor, updating its vulnerability disclosure policy to make clear that the company welcomes external research, and won’t take legal action against research conducted in good faith. Every other company: Do this! It’ll make us all safer, and everyone will say nice things about you at dinner parties.