A bitcoin investor is suing AT&T for $240m after it allegedly ported his phone number to a hacker, allowing the criminal to steal $24m in cryptocurrency.
Michael Terpin is suing the phone giant [PDF] for the value of the three million electronic coins plus $216m in punitive damages after he claims an AT&T employee at a store in Connecticut agreed, in person, to transfer his personal phone number to a new SIM card, despite the account having "high risk" protection following an earlier hacking effort.
The anonymous hacker then used his access to Terpin's phone number to bypass security on his cryptocurrency accounts (thanks to two-factor authentication sent by text) and transferred millions of dollars to a different account: an approach known as "SIM swap fraud."
Terpin claims AT&T admitted to him that the employee in question agreed to shift the SIM despite the security requirement that they ask for a valid form of ID and having ignored an additional "VIP" requirement that they provide a special six-digit passcode before changes are allowed on the account.
That six-digit extra security step was introduced after Terpin says his account had been targeted—and hacked—six months earlier through the same approach. That time, he says, a hacker made no less than 11 in-store attempts to steal his SIM information before finally succeeding.
On both occasions, the first Terpin knew of the hack was when his phone went dead. The second time, he says he instantly knew what had happened and immediately tried to contact AT&T to shut the phone down—but was stymied by the fact it was a Sunday and "AT&T's fraud department apparently does not work on Sundays." By the time he regained access, $23.8m in bitcoin had gone missing.
By failing to follow procedures and given the extra security on his accounts, Terpin claims that AT&T has broken multiple laws and lists no less than sixteen claims for relief ranging from negligence to breach of contract to insufficient security and providing unlawful access to personal information.
AT&T for its part has promised to fight the lawsuit. A representative said, "We dispute these allegations and look forward to presenting our case in court."
Sent to us by: Roy W. Nash
A security plug-in for the Firefox browser is under fire after users discovered it was collecting and uploading their online activity.
The outcry began after Mozilla featured the Web Security extension on its blog with a post titled "Make Your Firefox Browser a Privacy Superpower." The plug-in, developed by German company Creative Software Solutions, bills itself as a tool for blocking malicious pages and phishing sites.
It also, allegedly, logs what web pages the user visits. Shortly after the post went up, uBlock Origin developer, Raymond Hill, noticed that the plug-in was gathering and transmitting the address of visited websites to a server in Germany.
Word got back to Mozilla, and the org moved to strike the link to Web Security from its blog and investigate the matter.
The reference to the extension has been removed from the blog post as part of the investigative process.
The developer of the plugin, Creative Software Solutions' managing director, Fabian Simon, says that the collection of browsing information is only done to check a site against Web Security's global blacklist.
He says his company does not know why Mozilla pulled the link to Web Security, but Creative plans to submit an updated version of the extension for review, to prove that it is not doing anything untoward.
Sent to us by: Roy W. Nash
After a number of well documented hiccups, Linux 4.18 is now available.
The release includes a raft of new toys, including support for the Snapdragon 845 chipset found in high-end mobile phones and a small number of Windows 10 laptops. The inclusion should mean that the normal “I’ll wipe that and install Linux” comment that follows many a hardware review can now be applied to Microsoft’s latest and greatest Arm-based devices too.
Other notable enhancements include support for the Raspberry Pi 3B and 3B+ computers along with some early work on upcoming AMD and Intel graphics chipsets in the form of the Vega 20 and Icelake 11 chips, respectively.
The gift that keeps on giving, Spectre, also gets some attention, with mitigations for the V4 variant on 64 bit Arm architectures and V1/V2 mitigations on aging 32 bit Arm hardware.
Other hardware, such as USB 3.2 and Type-C, also see improvements, plus new support for a wider array of sound chips.
Sent to us by: Roy W. Nash
You’re not the only one feeling run down by the news of the day. The folks at Google apparently believe we could all use a dose of good news at times, too. The company has announced it is testing a new Google Assistant feature called “Tell me something good” that will allow users to hear a summary of more uplifting news stories.
Google says "the stories will focus on people who are “solving problems for our communities and our world."
To activate the feature, Assistant users in the U.S. can say, “Hey Google, tell me something good” to kick off the daily briefing of happy stories.
Google offers some examples of what the “good news” may include, like a story about how Georgia State University stopped students from slipping through the cracks; or how backyard beekeepers in East Detroit are bringing back the dwindling bee population; or how Iceland curbed teen drinking.
The stories are selected and summarized by the nonpartisan nonprofit Solutions Journalism Network—an organization that helps train journalists to better cover how people are responding to problems and how those actions can have positive results.
The stories themselves, meanwhile, will be chosen from a wide range of media outlets.
Google acknowledges this feature won’t be some sort of “magic bullet.” But the company says, “it’s an experiment worth trying because it’s good info about good work that may bring some good to your day.”
The Google Assistant feature works on any Assistant-enabled devices including mobile phones, smart displays, or Google Home devices.
Sent to us by: Robbie Ferguson