A Link to News Site Meduza Can (Technically) Land You in Russian Prison

when you run With a large app, a single mistake is enough to put countless people at risk. Such is the case of Diksha, a public education app by the Indian Ministry of Education that exposes the personal details of about 1 million teachers and millions of students across the country. The data, which included things like full names, email addresses, and phone numbers, was publicly available for at least a year and likely longer, potentially exposing those affected to phishing attacks and other scams.

Speaking of cybercrime, the LockBit ransomware gang has long operated under the radar thanks to their professional approach and choice of targets. But over the past year, a series of missteps and drama have thrust it into the spotlight and potentially threatened its ability to continue with impunity.

However, encrypting everything on your computer is not just the domain of criminals. This week we explained how to protect your files with digital lock and key on both macOS and Windows. You know what’s only the domain of criminals? Money laundering, which is primarily facilitated by just five crypto exchanges, four of which helped scoffers pay out $1.1 billion in 2022, according to a Chainalysis report released this week.

Billionaires like Elon Musk could have reason to celebrate. Flight tracking platform ADS-B Exchange, which provided data for @ElonJet account that tracked Tesla CEO’s private plane and Twitter, is sold out. The company is now owned by private equity-owned aviation news service Jetnet. Fans of ADS-B, including the creator of @ElonJet, now assume the new owner will be more likely to bow to censorship requests from the likes of Musk and the Saudi royal family.

But that’s not all. Each week we round up the stories that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

As Russia’s disastrous invasion of Ukraine last year unfolded, the Kremlin has also stepped up its repression of domestic and Russian-language media to quash anti-war sentiment. In a way, the latest victim of this crackdown is Russia’s leading independent news website: Meduza. On Thursday, the Russian government added Meduza to its list of “undesirable organizations,” effectively banning any collaboration or sponsorship of the news agency. The country’s Attorney General went so far as to write in a statement that Meduza “poses a threat to the foundations of the constitutional system and the security of the Russian Federation.”

While Meduza has long been based in Latvia to protect it from Russia’s media restrictions and retaliation, the new measure makes it a crime for anyone in Russia to work for the news agency, speak to its journalists, link to its website post or even “like” as much as one of his social media posts. A first violation of these restrictions is a misdemeanor defense under Russian law, punishable by a fine, but repeated violations are a crime, with a possible year’s imprisonment.

While imprisonment may be unlikely for someone not actively involved in the news organization’s work – most violations of the law have so far resulted in a fine – Meduza has warned Russians and anyone traveling to Russia to be mindful of posts delete them from social media linking to or promoting their content. Regardless of how the law is enforced, its deterrent effects will undoubtedly be significant, and the draconian ban on Meduza is another small step on Russia’s long, slow slide toward totalitarianism.

The FBI announced this week that it has thwarted the operations of one of the world’s most prolific and disruptive ransomware groups, known as Hive, by shutting down its dark web site and recovering decryption keys to unlock victims’ systems who faced $130 million in total ransom demands. “We hacked the hackers,” US Assistant Attorney General Lisa Monaco told reporters at a news conference. In the past few years of its extortion-fueled cybercrime, Hive has harassed more than 80 networks and collected more than $100 million in ransom payments, according to the FBI. But in cooperation with numerous law enforcement agencies, including the German and Dutch federal police, the FBI secretly gained access to, monitored and eventually disrupted the group’s systems. Despite this victory, no arrests were mentioned in the eye-popping announcement, suggesting that – as is common in ransomware cases – Hive’s hackers are likely to be in non-extradition countries, out of reach of Western law enforcement.

The FBI has officially pointed the finger at a usual suspect in the ongoing plague of massive breaches and thefts of the cryptocurrency world: North Korea. In its investigation into a heist that stole $100 million worth of cryptocurrency last year, the FBI accused two hacker groups long believed to be linked to Kim Jong Un’s regime as APT38 or Lazarus – the latter is sometimes referred to as a broader umbrella term for several North Korean hacking entities. These hackers targeted US crypto firm Harmony’s Horizon “bridge,” a system used to facilitate transfers from one cryptocurrency to another. Bridges have increasingly become lucrative targets for thieves, who have stolen hundreds of millions worth of digital currencies from them in recent years. Aside from its name-and-shame announcement, the FBI also says some of the stolen currency was confiscated when the hackers attempted to launder it, and the agency pointed to crypto addresses where about $40 million of the stolen loot remains be kept.

If Madison Square Garden didn’t want a legal scandal from its experiment in using facial recognition technology to identify people it wanted to ban from its venue, maybe it shouldn’t have started by banning attorneys. Following revelations that MSG had used facial recognition to bar attorneys from several law firms involved in lawsuits against the venue from attending its events — and then enforced that ban using controversial facial recognition technology — New York Attorney General Letitia James sent one in Letter to MSG’s owners requesting more information about its surveillance practices. The letter, which suggests the bar ban is intended to deter people from filing lawsuits against MSG, asked about the reliability of the facial recognition technology used by MSG and whether it had safeguards against bias. “Anyone with a ticket to an event should not have to worry about being unfairly denied entry because of their appearance,” James wrote in a statement, “and we urge MSG Entertainment to reverse that policy.”