Russians hacked JFK Airport’s taxi dispatch in a line-skipping scheme

We at WIRED let the year end and prepare for an eventful year 2023. But 2022 will not go down without a fight.

This week, following a fresh spike in Twitter chaos, we took a close look at why the public needs real-time flight tracking, even when Elon Musk claims it’s the equivalent of doxing. The crucial transparency that this publicly available data offers far outweighs the limited value of privacy that censorship would give to the world’s rich and powerful. Unfortunately, Musk’s threats of legal action against the developer of the @ElonJet tracker have a broader chilling effect.

Meanwhile, internet outages in Iran — in response to widespread civil rights protests — are sabotaging the country’s economy, according to a new assessment by the US State Department. Due to the heavy sanctions against Iranian companies, the precise economic impact of Tehran’s internet outages is difficult to calculate. But experts agree it’s not good.

You may have encountered Pinball Zero in a recent viral TikTok video — but don’t believe everything you see. WIRED’s Dhruv Mehrotra has gotten his hands on the palm-sized device, which includes an array of antennas that allow you to copy and send signals from all sorts of devices such as RFID chips, NFC cards, and more. We found that while the Pinball Zero can’t make an ATM pay out money, it does allow you to do a lot of other things that could get you into trouble. But most importantly, it allows you to see the radio-wave-filled world around you like never before.

But that’s not all. Each week we round up the safety stories that we haven’t covered in detail ourselves. Click on the headlines to read the full stories. And stay safe out there.

Between long hours, medallion expenses, and the rise of Uber and Lyft, the life of a New York City cab driver is tough enough. Now, Russian hackers — and a few of their enterprising partners in Queens — appear to have been trying to get their own share of these drivers’ fares.

According to prosecutors, two Queens men, Daniel Abayev and Peter Leyman, worked with Russian hackers to gain access to New York’s JFK airport taxi dispatch system. They then allegedly created a group chat where drivers could secretly pay $10 to skip the sometimes hour-long line to get a pickup — about a fifth of the $52 flat rate passengers charged for rides from the airport pay to another location in NYC. The indictment against the two men does not identify the Russians or detail how they gained access to JFK’s processing system. However, it is noted that since 2019, Abayev and Leyman have allegedly planned to gain access to the system in various ways, including bribing someone to plug a USB drive containing malware into one of the dispatchers’ computers in order to find out about Wi-Fi to provide unauthorized access to their systems. Fi and stealing one of her tablet computers. “I know the Pentagon is being hacked,” Abayev wrote to his Russian contacts in November 2019, according to the indictment. “So, can’t we hack the taxi industry?[?]”

Before the system was shut down, prosecutors said it allowed drivers to make up to a thousand fraudulent line jumps a day.

It’s hardly a secret that Cyber ​​Command, the NSA’s more cyberattack-focused sister organization, is often involved in what Cybercom director Paul Nakasone has described as “hunting forward.” That means pre-emptively hacking foreign hackers to disrupt their operations, often before an event like a US election. So maybe it’s no surprise how The Washington Post reports that Cybercom targeted Russian and Iranian hackers during the 2022 midterm elections. It’s not clear exactly how these hackers were disrupted, but an official said that post Office that operations usually go after the basic tools the hackers use to work, including their computers, internet connections, and malware. In some cases, this third-party malware is detected by Cybercom abroad and shared with potential US targets for easier detection.

While foreign hacking of US elections has waned since its peak in 2016 – when Russia hacked the Democratic National Committee, the Clinton campaign, and many other targets – it has by no means gone away. Cybersecurity firm Mandiant reported this week that Russia’s military intelligence agency GRU attacked election websites with distributed denial-of-service attacks during the midterm elections, apparently despite Cyber ​​Command’s efforts.

On Monday, federal prosecutors indicted two men — one from Wisconsin, the other from North Carolina — for alleged participation in a swatter program that targeted the owners of more than a dozen compromised Ring home security door cameras over a period of a week took. According to the indictment, Kya Christian Nelson, 21, and James Thomas Andrew McCarty, 20, used login credentials from leaked Yahoo accounts to access Ring accounts of individuals across the country. The defendants then called law enforcement, allegedly making false reports and claiming to dispatchers that a violent incident took place at the victim’s home, and then livestreamed the police’s response to the hoax. In several of the incidents, according to the indictment, the two men taunted responding officers and victims through the Ring device microphone.

Nelson, who was known by the alias “ChumLul,” is currently incarcerated in Kentucky on an unrelated case. McCarty, who went by the alias “Aspertaine,” was arrested last week on federal charges filed in the District of Arizona. Nelson and McCarty are both accused of conspiring to intentionally access computers without permission. Nelson was also charged with two counts of willfully accessing a computer without authorization and two counts of aggravated identity theft. If convicted, they each face up to five years in prison, and Nelson faces an additional seven years on the additional charges.

In March 2017, Netflix tweeted a simple message: “Love shares a password.” Now, five years later, that sentiment is fading. according to a Wall Street Journal According to this week’s report, the streaming service plans to crack down on password sharing in early 2023. Netflix has been testing ways to prevent households in Latin America from sharing passwords throughout 2022, and the report suggests it’s ready to expand the measures. Netflix says more than 100 million viewers watch its TV shows and movies using other people’s passwords, and it wants to convert those views into cash. “Make no mistake, I don’t think consumers will love it right away,” he said diary Netflix co-CEO Ted Sarandos told investors earlier this year. Elsewhere, the UK government’s Intellectual Property Office said it believes sharing passwords for online streaming services could breach copyright laws. However, it is unlikely that anyone will ever be prosecuted.

The Roomba J7 home robot uses PrecisionVision Navigation to avoid objects in your home – like piles of clothes on the floor or accidental piles of dog poop. The robot can do this in part using a built-in camera and computer vision. However there MIT Technology Review As reported this week, gig economy workers in Venezuela have posted photos of the robots online – including a picture of a woman on the toilet. The photos and videos were taken in 2020 by a development version of the J7 robot and shared with a startup that hires workers to tag the images to help train computer vision systems. The users of the development machines had agreed to the transfer of their data. Roomba maker iRobot, which is being bought by Amazon, said it is ending its contract with the startup that leaked the images and is investigating what happened. However, the incident highlights some of the potential privacy risks with the massive datasets used to train artificial intelligence applications.

All Kelly Conlon wanted to do was go see the Rockettes with her daughter’s Boy Scout troop. But thanks to a facial recognition system from Madison Square Garden Entertainment, Conlon was summarily kicked out of Radio City Music Hall for being unknowingly banned. According to MSG Entertainment, the problem is that Conlon is an attorney at a law firm that is currently pursuing litigation against the company. (Conlon said she was not personally involved in this lawsuit.) “They knew my name before I told them. They knew the company I was associated with before I told them. And they told me not to be there,” Conlon told NBC New York. MSG Entertainment, meanwhile, defended the attorney’s designation as necessary to avoid an “inherently adverse environment.” The episode heightens concerns about the use of facial recognition technology, which remains so under-regulated that a company can use it to punish its enemies. Happy Holidays!

Leave a Reply

Your email address will not be published. Required fields are marked *