Security News This Week: The Pentagon Has Set Up a UFO Office

Plus: An Apple lawsuit, a GoDaddy breach, and more of the week's top security news.
UFO in the sky in a desert landscape
Photograph: Bettmann/Getty Images

Earlier this year, WIRED reported exclusively about a cold war between Taylor, the company that provides McDonald's frequently broken ice cream machines, and Kytch, a startup whose device made it easier for franchisees to fix them. This week we dug into newly revealed internal emails that appear to reveal Taylor's efforts to copy some aspects of the hacking widget. It is, you might say, a real scoop. 

We also took a look at a new type of malware, called Tardigrade, that has been targeting biomanufacturing facilities in North America. It's a sophisticated hacking tool, capable of adapting to its environment and operating on its own when cut off from its command and control server. Security researchers haven't made any attribution yet, but the industry has been relentlessly targeted by any number of sophisticated actors throughout the Covid-19 pandemic

Finally, as you recover from your turkey-induced coma, here's your regular reminder that there are few things hackers love more than a holiday weekend. Be safe out there.

And there's more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.

The Pentagon has a new office dedicated to investigating and tracking UFOs—or unidentified aerial phenomena as they’re now known. The Airborne Object Identification and Management Synchronization Group, or AOIMSG if that doesn’t quite roll off the tongue for you, will specifically focus on unexplained phenomena that pass through military airspace. The group will be directed by the under secretary of defense for intelligence and security. AOIMSG will be the successor to a Navy department called the Unidentified Aerial Phenomena Task Force. In June the Office of the Director of National Intelligence released a report on more than 140 sightings by Navy pilots and others of unidentified aerial phenomena. “Incursions by any airborne object … pose safety of flight and operations security concerns, and may pose national security challenges,” the Defense Department said in a statement. The announcement added that AOIMSG is being established “to address the challenges associated with assessing UAP occurring on or near DOD training ranges and installations.”

On Tuesday, Apple sued the notorious Israeli spyware vendor NSO Group, seeking a permanent injunction to ban the firm from using Apple software, services, or devices. The suit is also seeking more than $75,000 in damages. NSO Group is known for selling hacking tools to governments for law enforcement, but repressive regimes and other clients have used the tools aggressively and often in violation of human rights. Apple’s suit particularly focuses on NSO Group’s Pegasus spyware, which has been used in a number of damaging hacking campaigns against iPhone users. Apple has repeatedly had to scramble to patch vulnerabilities in its iOS mobile operating system, because they are under active exploitation by NSO Group customers through the firm’s tools. 

“Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users,” the company said in a statement on Tuesday. “Researchers and journalists have publicly documented a history of this spyware being abused to target journalists, activists, dissidents, academics, and government officials.”

WhatsApp separately took legal action against NSO Group in 2019, and that suit is still ongoing. Apple's approach, though, raises concerns about a potentially problematic precedent, because the company seems to be conflating hacking an operating system with hacking its developer. In other words, that hacking iOS while it is running on user devices is a direct hack of Apple itself.

Earlier this year, an international law enforcement consortium infiltrated the encrypted communication app Sky ECC to intercept and surveil messages sent by customers of the Canadian secure communication company Sky Global. As part of a series of raids based on information obtained in that dragnet, some of Sky's web domains and infrastructure were seized and the US Department of Justice issued an indictment and arrest warrant for company CEO Jean-François Eap for alleged charges under the Racketeer Influenced and Corrupt Organizations Act and for allegedly helping to distribute cocaine. The Wall Street Journal goes deep here on the international law enforcement operation that took Sky down. Sky Global and Jean-François Eap himself deny wrongdoing and maintain that the platform was a legitimate privacy tool and not intended to facilitate criminal activity.

Domain provider GoDaddy this week acknowledged a breach that it discovered on November 17. A hacker had access to GoDaddy servers since at least September 6, the company said, and was able to view the email addresses and customer numbers of 1.2 million Managed WordPress customers, database usernames and passwords of active customers, and more. It's the latest in a series of GoDaddy hacks in the past several years.


More Great WIRED Stories