A destabilizing hack-and-leak operation hits Moldova

by James · January 10, 2023

There was a really wild week in the tech industry as new details emerged about the collapse of the FTX cryptocurrency exchange and Elon Musk kicked an ever-increasing number of Twitter employees out of the company. Cryptocurrency trackers have been trying to understand what happened to nearly half a billion dollars worth of cryptocurrency that was withdrawn from FTX last weekend. It appears that some of it may have been seized by authorities in the Bahamas, but the mystery is still unraveling.

Meanwhile, the wheels have increasingly come off the bus on Twitter. Earlier this week, for example, some users didn’t receive important two-factor authentication codes sent over SMS, and it’s unclear if the issue has been fully resolved. With staff shortages and so much upheaval, we took a look at what the consequences would be if Twitter suffered a massive data breach or other major security attack at this precarious moment.

New research suggests telehealth sites too often put addiction patient data at risk, with tracking technology fooling sites focused on substance abuse. And we have part four in the series “The hunt for the dark web’s biggest kingpin”, which tells the story of the rise and fall of the dark web marketplace AlphaBay. This installment tells how law enforcement agents of the Dutch National High-Tech Crime Unit took over and ran the dark web marketplace Hansa and follows American and Thai police as they close in on AlphaBay’s protagonist, Alpha02, on the verge of attempting a dramatic arrest.

But wait, there’s more! Each week we highlight the news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. And be safe out there.

A major hack-and-leak operation in Moldova has released alleged Telegram correspondence from at least two politicians, sparking scandal and accusations of corruption. The website, dubbed “Moldova Leaks”, has also threatened to release more data on government officials and politicians. The website published alleged messages from Moldova’s Minister of Justice, Sergiu Litvinenco, and Defense and National Security Adviser to President Dorin Recean over the past two weeks. Some of the conversations suggest that other Moldovan officials have won rigged elections or have been wrongly installed in their positions, and the leaks appear particularly aimed at undermining anti-corruption officials. Moldova’s pro-Russian political opposition has been quick to spread claims based on leaks that Litvinenco, Recean and others must be removed from office.

The Moldovan Justice Ministry said the leaked data was stolen, but added that some of it had been manipulated. Litvinenco and other Moldovan government officials have said Russia is behind the operation. “The purpose of this forgery is to divert the public’s attention from the real problems faced by criminal groups in Moldova and their connections with foreign services,” Litvinenco wrote on Facebook. At the end of October, Washington Post reported efforts by Russia’s FSB security agency to undermine Moldova’s pro-European government.

Google will pay a total of $391.5 million to 40 US states following an investigation into the tech giant’s location tracking practices. The investigation, a collaboration between state attorneys general, looked into whether Google had deceived users and covered up its location tracking activities. “Consumers thought they had turned off location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers,” said Oregon Attorney General Ellen Rosenblum. Washington Post. “We settled an investigation by 40 US attorneys general based on outdated product policies that we changed years ago,” Google wrote in a blog post about the deal on Monday. “In addition to a financial settlement, we will be making updates in the coming months to provide even better control and transparency over location data.”

Thousands of mobile apps in Google Play and the Apple App Store include code modules from a company called Pushwoosh that claims to be based in Washington, DC, but which Reuters reports is actually based in Russia. The Centers for Disease Control and Prevention incorporated Pushwoosh code into seven of its public apps and removed the service after learning of Reuters’ findings. The CDC said it had been misled about where Pushwoosh was headquartered. In March, the US Army also removed an app used by soldiers at a prominent US combat training base because it contained Pushwoosh code. In marketing materials and US regulatory filings, the company claims to be based in California, Maryland or DC, but it actually pays taxes in Russia and is headquartered in Novosibirsk, Siberia. The company apparently had about 40 employees and reported revenue of 143,270,000 rubles (about $2.4 million) in 2021. While it is unclear whether Pushwoosh has ever abused its position in apps distributed in the United States or elsewhere, the Russian government a track record of conducting “software supply chain” attacks for intelligence gathering as well as destructive attacks on enemies.

Data and privacy regulators in Norway, France and Germany have all warned that World Cup participants should not download Qatar’s two World Cup apps or should do so on a wiped device if necessary. Officials warn that the apps are invasive, collect significantly more data than they should and more than they claim in their privacy policies. “One of the apps collects data on whether and with which number a phone calls,” Germany’s data protection commission said in a notice this week. “The other app actively prevents the device it is installed on from going into sleep mode. It is also obvious that the data used by the apps not only remains local to the device, but is also transferred to a central server.” The World Cup events start this weekend.

Updated Monday 21 November 2022 at 11:15 PM ET to credit the original Moldovan hack-and-leak English-language reporting to Risky business news.