Tech Vigil an unique Technology Blog

Cyber Saturday—Investigating Jeff Bezos’ Sexts, Huawei FBI Sting, Facebook’s Outspoken ex-Security Chief

How did the National Enquirer acquire the richest man inside the international’s sexts?

While the reality remains a carefully guarded mystery, lots of theories were floated. Gavin de Becker, the sagacious safety consultant granted carte blanche to investigate the state of affairs with the aid of Jeff Bezos, the extremely-billionaire founding father of Amazon, alleged adulterer, and goal of the Enquirer’s prurient exposé, supposedly believes his boss turned into now not hacked. That’s what Manuel Roig-Franzia, a feature writer with the Washington Post, a publication Bezos owns, says de Becker instructed him anyway, including that de Becker believes the leak may additionally had been “politically influenced.” In a current interview on MSNBC, Roig-Franzia added that de Becker, with whom Roig-Franzia says he has chatted notably approximately Bezos’ catch 22 situation, is wonderful the opportunity “that a central authority entity may have gotten keep” of Bezos’ textual content messages after which, somehow, these texts located their manner into said tabloid.

Considering for a second that this is probably proper, which regime would possibly have executed so? Michael Sanchez, an avid Trump supporter and brother of Lauren Sanchez, Bezos’ mistress, has reputedly discussed with de Becker the opportunity that the president, an avowed Bezos opponent, enlisted allied intelligence offerings, which include the ones run by using the UK and Israel, to dig up the dirt. It’s a fantastical situation that stretches the creativeness past all elasticity. Bezos, then again, appeared to intimate in an essay at the blogging website Medium that the intrusion should have concerned any other state actor. Specifically, Bezos dwelled on connections between American Media Inc., the Enquirer’s discern, and Saudi Arabia. (The recent homicide of Washington Post columnist Jamal Khashoggi by means of Saudi marketers, and the dominion’s mentioned penchant for mobile adware, lend plausibility.)

To be clean: I haven’t any privileged records about the entity in the back of this whodunnit caper; I will notice, however, a worthwhile contribution toward the howdunnit. In all of the hypothesis, a weblog publish by way of Rob Graham, CEO of Errata Security, a hacking store, stood out. Using a reasonably-priced, online “human beings finder” service, he became able to find out feasible touch facts for Bezos’ ladylove, along with email addresses, telephone numbers, and the names of close household. Entering Sanchez’s e mail addresses right into a database of compromised login credentials—the latest mega-leak dubbed “Collection #1”—turned up related passwords. If Sanchez reused compromised passwords to at ease Bezos’ love notes, this could explain the dallying duo’s undoing. If that’s proper, then the methods at the back of this intrusion might not have concerned superb-sophisticated undercover agent-craft so much as teenage hacker hello-jinx.

Again, I have no idea how those leaks have been procured, or who did it, but Graham’s findings propose at the least one viable, simple explanation. If the safety of each events to a communique isn’t as much as snuff, every body suffers. “If you send horny messages and you’re a celeb, there are massive parts of the hacker underground who focus on looking to scouse borrow them,” Graham notes—a assertion that isn’t an endorsement, but a reality. Through password reuse and phishing attacks, “getting movie star nude images within reason easy.” He adds: “there may be no cause to consider conspiracy theories right now.”

People inquisitive about shielding their very own privateness might do not forget the subsequent recommendation: Segment your statistics via the use of multiple electronic mail accounts dissociated from your actual-lifestyles identity. Secure your digital debts with strong and particular passwords—and use a device like HaveIBeenPwned to ensure none of these has been compromised. Adopt two-aspect authentication as an brought layer of protection. And sooner or later, coach confidantes in the deserves and techniques of right digital safety. (Heck, you would possibly even advise they sign on for this newsletter.)

If a nation country goes after you, it’s in all likelihood sport over. But there are steps you can take to make it tougher for run-of-the-mill hackers to get their arms to your sweets.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s day by day tech publication. Fortune reporter Robert Hackett here. You may additionally attain Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.Me), PGP encrypted e-mail (see public key on my Keybase.Io), Wickr, Signal, or however you (securely) decide upon. Feedback welcome.

THREATS
Diamonds are forever. Chinese telephone-maker allegedly tried to thieve diamond-lined glass technology from Akhan Semiconductor, a small U.S.-primarily based technology firm, suggested Bloomberg Businessweek. The tale capabilities scenes from an FBI sting operation focused on a Huawei executive on the Consumer Electronics Show in Las Vegas a month in the past. It’s doubtful whether or not the saga will result in any criminal moves. On a related word: President Donald Trump is predicted to signal an executive order banning Huawei system from 5G networks inside the U.S., in line with Politico.

IWaymen. Indictments against alleged serial SIM swappers, a form of phone fraud famous amongst cryptocurrency thieves, were unsealed in Northern California this week. The prices are the contemporary aimed toward a good circle of admitted and suspected culprits. Meanwhile, thieves have become clever approximately how to break into iCloud-locked telephones—via phishing, duping unwitting Apple Store employees, and reprogramming phone CPUs.

‘X’ marks the spot. Last month Motherboard exposed a blackmarket for region statistics by means of paying a bounty hunter to provide the coordinates of virtually any cellular telephone within the U.S. Based totally completely on its number. Apparently, the situation is far worse than that preliminary report made it seem: Hundreds of bounty hunters have had get admission to to even extra accurate GPS statistics than originally concept. “The news suggests how widely to be had Americans’ sensitive area statistics turned into to bounty hunters,” Motherboard writes.

The house always wins. A messy one: Atrient, a maker of so-known as loyalty kiosks, where gamblers can register to earn rewards at casinos, bought vulnerability-ridden products that did not relaxed human beings’s private statistics, cybersecurity blog Secjuice said. When a couple of protection researchers tried to alert Atrient that it had to patch its holes, the enterprise is said to have given them the runaround for months. Later, whilst the pair approached an Atrient govt in individual at a convention to express their issues, the government allegedly assaulted considered one of them. (After the incident, Atrient tweeted that the security researchers had been no-right hackers undertaking foul play, but the enterprise later deleted the statements…)
ACCESS GRANTED
Face(e book) the tune. The blunt way of Alex Stamos, Facebook’s outspoken former chief safety officer, is said to have rubbed executives the wrong way for the duration of his short stint on the media giant, writes Roger Parloff, a former Fortune colleague, on this juicy profile for Yahoo Finance. Reportedly, Stamos clashed with senior leaders, such as Sheryl Sandberg, Facebook’s leader operating officer, as he treated Russian disinformation and election interference campaigns. Stamos, who Fortune named to its 2015 forty Under 40 listing, is “a complex guy we are able to be listening to about, and from, for years to come,” Parloff says, noting that the cybersecurity guru is now spearheading a democracy-protective research institute at Stanford University.