Just when you thought the catastrophic Equifax breach was entirely in the rearview, the Department of Justice this week charged four Chinese military hackers with the theft. That's 147.9 million people's Social Security numbers and other personal information in China's hands. Add it to the compromises of the Office of Personnel Management, Anthem, and Marriott—all also linked to China—and it's clear that the country has amassed an unprecedented trove of data that it can use for intelligence purposes for years to come.
In other international law enforcement news, the DoJ also alleged that Huawei perpetrated years of rampant intellectual property theft. We also took a look at the real reason the US is so afraid of Huawei creating potential backdoors: American intelligence agencies have a long history of doing that very thing.
With all that alleged geopolitical hacking afoot, it's a good thing that Google this week announced that it would give away security keys to campaigns for free, as well as tutorials on how to actually use them. Those campaigns should also consider reading our guide to sending files securely online; if you want end-to-end encryption, Firefox Send is a good place to start.
In domestic news, the US Department of Homeland Security is apparently buying up cell phone location data to boost its immigration enforcement. While that might raise your hackles, it also raises interesting questions about digital privacy, especially in light of the Supreme Court's decision in Carpenter v. United States two years ago that limited the use of cell site data by law enforcement. Also interested in tracking: Conservative news sites, which plant far more cookies in your browser than their liberal counterparts do. Meanwhile, security researchers found a series of serious flaws in the Voatz voting app, although the company denies that they could have led to vote manipulation.
Finally, if you're not using encrypted messaging app Signal yet, now's the time to start. The company has put a $50 million infusion towards building out features that make it not just secure, but accessible to normals.
The good people at DoNotPay have previously automated the arduous processes of fighting parking tickets and canceling subscriptions. This week, they added robocalls to their target list with Robo Revenge, a sort of digital sting operation. Robo Revenge generates a burner credit card number to give to the scammer on the other end of the line, who'll give up their contact information as part of the transaction. The service will then automatically create legal documents and provide instructions on how to sue the unwanted caller for up to $3,000. Instead of feeling helplessly bombarded by calls, you can finally fight back. You can access Robo Revenge now through DoNotPay's website or app.
In what appears to be a first, the Department of Justice arrested an Ohio man in connection with a cryptocurrency laundering scheme. Larry Harmon allegedly ran Helix, a bitcoin mixer that operated on the dark web, concealing the origins of hundreds of millions of dollars' worth of illicit transactions. Take it as another in a series of reminders that cryptocurrency transactions aren't nearly as private as you might think.
The FIDO Alliance wants to kill passwords. The consortium focuses on promoting and developing other forms of authentication that aren't quite so problematic. To do that effectively, it needs the buy-in of all the major tech companies, which it pretty much had with the exception of Apple. Good news! The Cupertino holdouts officially signed on this week, meaning you can expect FIDO's seamless logins to eventually work across whatever devices you happen to own.
By now you hopefully understand that Macs do indeed get malware. In fact, according to new research from security firm Malwarebytes, Macs saw more malware threats per device than their PC counterparts in 2019, and was up 400 percent year over year. The good news—or maybe we should just say better news—is that most of that malware is adware, which is annoying but relatively harmless compared to ransomware and other ills. Still, remember that just because you're on an Apple device doesn't mean you can go around clicking shady links with impunity.