Latest news with #MattBurgess
WIRED
26-05-2025
- WIRED
A Starter Guide to Protecting Your Data From Hackers and Corporations
Matt Burgess Sophie Johal Michaela Neville May 26, 2025 6:30 AM Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here's a simple guide for you—and anyone who claims they have nothing to hide. Photo-illustration: Anjali Nair; Getty Images With President Donald Trump's return to the White House and the US government's digital surveillance machine more powerful than ever, digital privacy should be top of mind. But the digital security world can be confusing—and there's the larger question of why. You may think, if I'm just a regular person, why is my digital privacy important? Then there are the practical questions. What's the best password manager? How can you keep your digital life under wraps at the border? And what kind of VPN should you be using? Is AI scraping my data? WIRED senior writer and security expert Matt Burgess spoke with readers in a Reddit AMA this month about the basics of keeping your digital footprint locked down. Here's what to know and why it's important. What is your advice for a quick win in terms of improving digital security for the everyday person? Or for someone who isn't tech-savvy? I think the one big thing people can do to improve their security is make sure that multifactor authentication is turned on for as many online accounts as possible. That way if anyone gets access to your password or login details, they'll also need to have another way to authenticate the login attempt (such as the codes generated by an authentication app), and it's highly unlikely that hackers will have access to that. Other quick and relatively straightforward changes you can make are to use privacy-friendly browsers and search engines and to use a password manager (the one on your phone or browser is better than nothing at all) and create unique passwords for each service you use. There are so many privacy tips out there, and it all feels important, but trying to do everything at once can be overwhelming. What are the things people should prioritize when making changes to their online habits? Improving privacy is something that's ongoing, and if you try to do everything at once then it's too off-putting. Take it one small step at a time. If I was starting now, I'd go with: Switching to a more privacy-focused browser. I alternate between Brave, Firefox and Safari. Then using a privacy-focused search engine too (such as DuckDuckGo). Trying to use services that minimize data collection (for instance, messaging app Signal doesn't collect user data and is the gold standard of end-to-end encryption). What's a good non-US-based VPN? Our favorite VPN at WIRED is currently Proton VPN, which is based in Switzerland. Proton VPN also offers the best free VPN. Unlike most services, ProtonVPN's free version gives full access to all the regular plan's features. It is limited to a single device, and there are only three server locations (Japan, Netherlands, and the US), but everything else is the same. If your needs are limited and you want to keep costs down, this is a good option. See our full guide to VPNs here. How do I deal with having to have a new account for every service and website? Should I be using new email addresses? A new email address for every account is a big undertaking! I'd recommend having an email address for the accounts that are most important to you and then having one that you use to sign up for things that are less important. There are also services that will let you create 'burner' emails that you can use to sign-up with services, and if you use an Apple device there's a 'Hide My Email' setting. What tips would you offer to those looking to keep their digital privacy while crossing the US border (or otherwise entering or exiting the States)? It really depends on what levels of risk you as an individual could face. Some people traveling across the border are likely to face higher scrutiny than others—for instance nationality, citizenship, and profession could all make a difference. Even what you've said on social media or in messaging apps could potentially be used against you. Personally, the first thing I would do is think about what is on my phone: the kind of messages I have sent (and received), what I have posted publicly, and log out (or remove) what I consider to be the most sensitive apps from my phone (such as email). A burner phone might seem like a good idea, although this isn't the right idea for everyone and it could bring more suspicion on you. It's better to have a travel phone—one that you only use for travel that has nothing sensitive on it or connected to it. My colleague Andy Greenberg and I have put together a guide that covers a lot more than this: such as pre-travel steps you can take, locking down your devices, how to think about passwords, and minimizing the data you are carrying. It's here. Also, senior writer Lily Hay Newman and I have produced a (long) guide specifically about phone searches at the US border. Would you recommend against having a device like Alexa in your home? Or are there particular products or steps you can take to make a smart device more secure? Something that's always listening in your home—what could go wrong? It's definitely not great for overall surveillance culture. Recently Amazon also reduced some of the privacy options for Alexa devices. So if you're going to use a smart speaker, then I'd look into what each device's privacy settings are and then go from there. How do you see people's willingness to hand over information about their lives to AI playing into surveillance? The amount of data that AI companies have—and continue to—hoover up really bothers me. There's no doubt that AI tools can be useful in some settings and to some people (personally, I seldom use generative AI). But I would generally say people don't have enough awareness about how much they're sharing with chatbots and the companies that own them. Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—often with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people's posts are looking to get in on the AI gold rush by selling or licensing that information. For the everyday person, I'd warn them not to enter personal details or sensitive business information! We also have a more thorough guide here. Are personal data removal services worthwhile, or are they just another vector for data thieves? Whether data removal services are worthwhile or not probably depends on where you are based in the world: I'm in Europe where there's GDPR and stricter privacy laws, and when I have used a data removal service, it hasn't turned up too much. But in the US, there's no comprehensive federal privacy law—that really should change—and they may be more useful. Much of what can be done by data removal services, you can also do yourself. Consumer Reports recently did a good evaluation of data removal services. What is your preferred response for people who claim they have nothing to hide? I think in a lot of cases when people claim they have nothing to hide, they often jump to thinking about illegal or malicious things. When in fact, privacy, for me, isn't about 'hiding' things at all. You should be able to have the space—both in the physical and digital world—to not be surveilled or have your actions tracked. People should be able to act without intrusion from others—that doesn't mean you're hiding anything, but you just don't want to share everything you do with everyone (or anyone). And really that's why privacy is considered a fundamental human right. I actually like a lot of the answers that people sent in to Amnesty International about how they respond to the point of 'not having anything to hide.' With files from Scott Gilbertson.
The Sun
20-05-2025
- Entertainment
- The Sun
I had the dream husband for 4 years but one day something clicked & I realised I was a lesbian – my life was a lie
A WOMAN has revealed how she left her "dream" husband, house and career behind when she realised she was gay and found new love - just like Pitch Perfect's Anna Camp. Lauren Burgess, 39, thought she had the perfect life until stress led her to therapy which led her to realise she was a lesbian. 10 10 10 In February 2021 she took the plunge and left her husband, Matt, 42, after four years of marriage to travel the West coast of America in a van with her dog, Ted, a Goldendoodle. The business and wealth strategist from Joshua Tree, California, met Amanda Sartoris, 35, a strength and conditioning coach from Venice, through a mutual friend in January 2023, and fell in love. Lauren remains on good terms with her ex-husband, Matt, 42, a financial consultant from Englewood, Colorado - but is focusing on her new life with her girlfriend. Pitch Perfect actress Anna Camp was seen passionately kissing her girlfriend Jade Whipkey for the first time since their love affair was revealed, this week. Camp was previously married to her Pitch Perfect co-star Skylar Astin, but they separated in 2019 less than three years after the wedding. "It was so hard, but Matt was supportive and understanding," said Lauren. "It felt very selfish, and I had a lot to grieve. She added: "Matt is an amazing person and I still have a lot of care there for him. "It's been really hard, but I had to follow my dreams." Lauren had thought she was genuinely happy in her life until she came down with chronic hives in April 2018. I always thought I fancied men then became a lesbian at 33 - strangers think my girlfriend's my MUM but it's true love "I would go to bed every night grateful and content," she said. "I had a home and a job I was passionate about, but I worked very long hours which caused me to come in hives. "I was in and out of hospital until my therapist told me I needed to drop something to get better." When Covid hit in March 2020 Lauren found herself becoming depressed. "I could hardly get out of bed," she said. 10 "Matt and I started having marriage therapy and we discussed travelling. "But all of a sudden he changed his mind and had the confidence to tell me that it wasn't what he wanted." Lauren decided that it was something she still wanted to pursue, and she bought a van on Craigslist to travel 'for a couple of weeks'. She had "experimented" with women in college but thought it was "just a bit of fun." "I'd been seeing a lot of people of social media taking about their sexuality and I began to realise that I might be bisexual," she said. "But on the trip it all clicked and I realised I was definitely gay. "It all made sense. "I knew I had to go back to my husband and talk about getting a divorce." 10 Lauren separated from Matt in February 2021 and took her belongings and went travelling along the West Coast of America ending up in Joshua Tree, California. She met Amanda in Venice Beach, California. "We had both just recently moved to Venice," Lauren explained. "We ended up meeting for coffee and kept running into each other and eventually just ended up hitting things off and spent every moment we could out surfing and eventually fell in love." 10 After a year, the couple traveled down through Baja Mexico in a van, until the heat forced them to head back. Lauren returned to Joshua Tree and Amanda to Venice, but they've made their long-distance relationship work through compromise. "We spend part of our time up here, part of our time down in Venice, surfing, working, that whole thing," she said. Lauren and Matt "stay in touch and co-parent" their dog, Ted. As for children, Lauren says she and Amanda are prioritising their careers - but they have talked about it. She said: "We've definitely talked about starting a family in the future and growing a family life by the beach." She added: "I thought I was living the life of my dreams before but now I really am." 10 Top dating trends of 2025 Swamping: When you find someone you can comfortably share your 'swamp' with and let go of the pressure to be anything but your true authentic self. No-habiting: When you choose to wait longer to move in with your partner because you value your personal space. Fiscal Attraction: When you won't settle for less and you're seeking a match who is financially secure and who you find attractive. Rejuve-dating: When you cast away the blues and grow from past experiences so you can fully embrace the future of your dating journey. Thrift-matised: When you like to go on dates but hit that sweet spot between being cheap and frugal. Hidden gems, loyalty cards - these are all your type on paper. Loud-dating: Cutting to the chase, being open and to the point with what you want so you don't waste your time. Marmalading: When you literally put your other half 'before anything else', much like Britain's most beloved bear's love for marmalade. Digital Ex-pression: The stage after a break-up when you are done grieving and turn to social media to share how you are healing to confidently get back out on the dating scene. Fine-wining: Proactively finding people to date who are older than you and who've aged just like a fine wine.
WIRED
19-05-2025
- Entertainment
- WIRED
Who Even Is a Criminal Now?
May 19, 2025 6:00 AM WIRED loves a rogue. Except rogues ruined the internet. Is there any salvaging the rebellious spirit without destroying everything? At WIRED, we've had a long-running obsession with rogues. This is, after all, a publication that was founded in the early '90s, born of a desire to champion the subversive, disruptive advent of the internet—and the hackers, hustlers, and blue-sky lunatics consumed by the possibilities of a digitized and interconnected planet. Of course, WIRED had no idea, then, just what those rogues would ultimately unleash: a proliferation of bad actors wreaking havoc across the web; a booming industry of online conspiracy theorists whose dangerous convictions threaten everything from the health of our children to the strength of our democracies; and a coterie of tech billionaires with checkbooks and megaphones that reach from Silicon Valley all the way to the White House. Yes, rogues built the internet and inspired a technological revolution. Now, a mutated and much more powerful version of that same lawless spirit threatens to undo much of the incredible progress that technology and scientific inquiry have unlocked. DOGE Boys: I'm looking at you. In this edition of WIRED, we're finding plenty of ways to show you just how roguish, how crooked, and how precarious our world has become. Matt Burgess brings you the inside story of Nigeria's Yahoo Boys and the 'scam influencer' teaching them how to pull sophisticated digital cons on American victims. From Andy Greenberg, a timeline of ghost guns culminating in the one that Luigi Mangione allegedly used to murder a health care CEO in broad daylight—an act that's turned Mangione into the internet's most beloved rogue in recent memory. (Scroll down to watch what happened when Andy tried to re-create that weapon himself.) And from Evan Ratliff, the sweeping, bone-chilling saga of the Zizians, a group of gifted young technologists who became the world's first AI-inflected death cult and allegedly killed six people over several violent, chaotic years. Scam influencers? DIY guns? AI death cults? Yes, things are rough out there. But we wouldn't be WIRED without finding—and even creating—a little bit of roguish fun amid the gloom. Elsewhere in this issue, we'll introduce you to a new and inspiring era of anti-establishment rebellion that's taking root: Amber Scorah, the cofounder of a nonprofit that helps whistleblowers safely share information with the masses, is one such example. Another is Bluesky CEO Jay Graber, who sat down with Kate Knibbs to elaborate on her vision for a democratized social internet. Plus, our Gear experts will show you the slickest, most villainous products to outfit your supervillain lair. If you take one thing from our Rogues Issue, I hope it's this: 'Rogue' is by no means a pejorative—even if it feels like more nasty bad actors than ever, perched in the highest seats of power, are running roughshod over pretty much everything. In fact, I'd argue that this moment calls for more rogues rather than fewer. The idealistic rogues. The indefatigable rogues. The new iteration of blue-sky lunatics who can imagine what a better world should look like—and are willing to fight the status quo to get us there. So be the rogue you want to see in the world, and know that WIRED, with every ounce of rebel spirit in our DNA, will be right there with you.
WIRED
03-05-2025
- Business
- WIRED
Hacking Spree Hits UK Retail Giants
Matt Burgess Lily Hay Newman Dhruv Mehrotra May 3, 2025 6:30 AM Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death. Researchers unveiled a cluster of vulnerabilities in Apple's wireless media streaming platform AirPlay this week that leave millions of third-party devices like speakers and TVs vulnerable to takeover if an attacker is on the same Wi-Fi network as the victim gadget. These 'AirBorne' vulnerabilities have all been patched—including some that potentially impacted Apple's Mac computers—but, in practice, third-party devices may not all get fixes, and even if they do, patch adoption could be low. Records reviewed by WIRED show that utilizing car subscription features can substantially raise your risk of being subjected to government surveillance, because such services generate troves of data that are valuable to law enforcement. WIRED also did a deep dive on North Korea's yearslong campaign to place IT workers inside companies in North American, the United Kingdom, and Europe. The schemes are more effective than ever as scammers incorporate AI into their workflows. WhatsApp designed a special cloud processing platform called Private Processing to allow new AI tools to work in the secure messenger without compromising its end-to-end encryption. Experts warn, though, that it could create enticing targets for hackers. And we have a guide for navigating the privacy risks of using ChatGPT's new image generator to do seemingly fun and innocuous projects like making an action figure version of yourself. But wait, there's more! Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Three British Retailers Hacked in Spate of Cyberattacks Three separate retailers in the UK—including the supermarket Co-op and thedepartment stores Marks & Spencer and Harrods—have all revealed they have recently been subject to cyberattacks, with the intrusions and widespread impact seemingly ongoing. Toward the end of April, Marks & Spencer revealed it had been the victim of a 'cyber incident.' Over the following two weeks, it has been forced to pause online orders within its apps, some food has been missing from its shelves, and it has paused recruitment and other 'normal processes.' Staff at Co-op have been told to keep webcams turned on during remote meetings and check who is attending calls, after shutting down parts of its IT systems in response to its own hack. Harrods, meanwhile, told customers to 'not do anything differently at this point.' At the time of writing, none of the retailers have detailed the specific nature of the cyberattacks or the full scale of the impacts. It is also unclear if the attacks are linked. Bloomberg has reported a ransomware cartel dubbed DragonForce has claimed it and its partners were behind the attacks. The so-called cartel provides 'infrastructure and tools' to hackers but 'doesn't require affiliates to deploy its ransomware,' according to research from security firm Secureworks. The hacked companies did not respond to Bloomberg about the claims. Bleeping Computer originally reported that the threat actors known as Scattered Spider were allegedly behind the attack on Marks & Spencer. The publication reported that the company's servers were encrypted by ransomware, with the intrusion beginning as early as February. The attribution to Scattered Spider has not been confirmed by Marks & Spencer. Over the past two years, Scattered Spider has emerged as one of the most prolific and dangerous sets of hackers currently operating. The threat actors are not a well-defined group of hackers. Instead, they're more a loose collective that uses social engineering—such as phishing and voice calls—to gain initial access into company networks. Scattered Spider members are often English-speaking, teenaged, and can be members of the heinous criminal group the Com. The hackers have been active since June 2022 and have targeted more than 100 companies—including the high-profile hacks on Caesar's Entertainment and MGM Resorts in 2023. France (Finally) Names Russian Hackers for the First Time French authorities have condemned Russia's military intelligence agency, accusing it of orchestrating a series of high-profile cyberattacks—including the hacking of Emmanuel Macron's 2017 presidential campaign, a brazen 2015 assault on the TV channel TV5 Monde, and recent intrusion attempts targeting organizations involved in preparing the 2024 Paris Olympic Games. French authorities have also disclosed the name and location of a GRU unit tied to the notorious hacking group APT28—information that had never before been officially released. Unit 20728 is based in the southern Russian city of Rostov-on-Don and operates out of the "166th Information Research Center." This marks the first time French officials have publicly assigned blame to a foreign intelligence service following an internal attribution process. The timing is significant, coming as Paris positions itself at the forefront of Europe's support for Ukraine. US Moves to Crack Down on 'Largest Illicit Marketplace' The Trump administration has taken the first step toward blacklisting a Cambodian financial conglomerate at the center of a global money laundering network. On Thursday, the Treasury Department designated Huione Group as a money-laundering operation, alleging that the company and its affiliates have laundered more than $4 billion for criminals, including North Korean hackers and online scammers. These scammers—who defraud victims through bogus investments and other schemes—rely on Huione and its affiliates to move funds abroad to evade both law enforcement and anti-money-laundering systems. The proposed action represents the most significant effort yet to crack down on Huione, which is tied to what experts believe to be the 'largest illicit marketplace': Huione Guarantee. According to WIRED's January report, the marketplace has likely facilitated over $24 billion in gray-market transactions. Experts believe the platform operates as a one-stop shop for scammers, offering everything from victim contact lists and deepfake tools to fake investment websites and other illicit services. New Microsoft Accounts Won't Need Passwords Anymore Slowly but surely, the password is dying. Over the past two years, passkeys—a stronger method of authentication that doesn't require you to remember or use a password—have become more common. The rollout of the technology has been piecemeal, but big tech companies have worked for years to create the alternative, which is more secure than passwords. This week, Microsoft announced that people setting up new accounts with the company won't have to create passwords at all. 'New Microsoft accounts will now be 'passwordless by default,'' the company wrote in a blog post. Microsoft is also pushing people further away from passwords and will 'detect' the best way for people to lo in to their accounts if they have set up alternatives to passwords.
WIRED
05-03-2025
- WIRED
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers
Lily Hay Newman Matt Burgess Mar 5, 2025 6:00 AM New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime. PHOTO-ILLUSTRATION: WIRED STAFF; GETTY IMAGES Cheap TV streaming boxes seem like one of the most straightforward gadgets out there, but they can come with hidden costs. In 2023, researchers revealed that tens of thousands of Android TV boxes being used in homes, schools, and businesses were equipped with secret backdoors that allowed them to be used in a host of cybercrime and online fraud. Now, the same researchers have found that the China-based ecosystem behind the compromised devices and the illicit activities they're used for—collectively dubbed Badbox 2.0—is fueling a next-generation campaign that's broader in scope and even more sneaky. At least 1 million Android-based TV streaming boxes, tablets, projectors, and after-sale car infotainment systems are infected with malware that conscripts them into a scammer-controlled botnet, according to new research shared exclusively with WIRED by the cybersecurity firm Human Security. The compromised devices are used for a range of advertising fraud and in so-called residential proxy services, which allow their operators to use victim internet connections for routing and masking web traffic. And all of this activity happens behind the scenes without the owners of compromised devices having any idea of how their streaming boxes are being used. 'This is all completely unbeknownst to the poor users that have bought this device just to watch Netflix or whatever,' Gavin Reid, Human's chief information security officer, tells WIRED. 'Ad fraud including click fraud is all happening behind the scenes, but the main way they are monetizing the million devices is reselling this proxy service. Victims don't know that they're a proxy, they never agreed to be a proxy service, but they're being used for that. Any bad thing you want to do, scraping, whatever it is, these proxy services are an enabler for that.' The researchers found that the majority of infected devices are in South America, particularly Brazil. The impacted devices often use generic names and aren't produced by known brands. For example, there are dozens of impacted streaming boxes, but the majority of Badbox 2.0 targets are in the 'TV98' and 'X96' device families. Virtually all of the targeted devices are designed using Android's open source operating system code, meaning they run versions of Android but aren't part of Google's ecosystem of protected devices. Google collaborated with the researchers to address the ad fraud component of the activity, though. The company says it worked to terminate publisher accounts associated with the scams and block the ability of those accounts to generate revenue through Google's advertising ecosystem. 'Malicious attacks like the one described in this report are expressly prohibited on our platforms,' Google spokesperson Nate Funkhouser told WIRED in a statement. 'Bad actors' tactics are constantly evolving. Partnering with organizations like HUMAN helps us share threat intelligence and expands our collective ability to identify and take swift action against bad actors, as we did here.' In the original Badbox campaign, scammers focused on installing backdoored firmware in streaming boxes before they arrived in the hands of consumers. The Badbox 2.0 campaign is significant, the researchers say, because it reflects a major change in tactics. Rather than focusing on low-level firmware infections, Badbox 2.0 involves more traditional software-level malware distributed through common tactics like drive-by downloads, in which victims accidentally download malware without realizing it. Researchers from multiple firms say that the campaign seems to come from a loosely connected ecosystem of fraud groups rather than one single actor. Each group has its own versions of the Badbox 2.0 backdoor and malware modules and distributes the software in a variety of ways. In some cases, malicious apps come preinstalled on compromised devices, but in many examples that the researchers tracked, attackers are tricking users into unknowingly installing compromised apps. The researchers highlight a technique in which the scammers create a benign app—say, a game—post it in Google's Play Store to show that it's been vetted, but then trick users into downloading nearly identical versions of the app that are not hosted in official app stores and are malicious. Such 'evil twin' apps showed up at least 24 times, the researchers say, allowing the attackers to run ad fraud in the Google Play versions of their apps, and distribute malware in their imposter apps. Human also found that the scammers distributed over 200 compromised, re-bundled versions of popular, mainstream apps as yet another way of spreading their backdoors. 'We saw four different types of fraud modules—two ad fraud ones, one fake click one, and then the residential proxy network one—but it's extensible,' says Lindsay Kaye, Human's vice president of threat intelligence. 'So you can imagine how, if time had gone on and they were able to develop more modules, maybe forge more relationships, there is the opportunity to have additional ones.' Researchers from the security firm Trend Micro collaborated with Human on the Badbox 2.0 investigation, particularly focusing on the actors behind the activity. 'The scale of the operation is huge,' says Fyodor Yarochkin, a Trend Micro senior threat researcher. He added that while there are 'easily up to a million devices online' for any of the groups, 'This is only a number of devices that are currently connected to their platform. If you count all the devices that would probably have their payload, it probably would be exceeding a few millions.' Yarochkin adds that many of the groups involved in the campaigns seem to have some connection to Chinese gray market advertising and marketing firms. More than a decade ago, Yarochkin explains, there were multiple legal cases in China in which companies had installed 'silent' plugins on devices and used them for a diverse array of seemingly fraudulent activity. 'The companies that basically survived that age of 2015 were the companies who adapted,' Yarochkin says. He notes that his investigations have now identified multiple 'business entities' in China which appear to be linked back to some of the groups involved in Badbox 2. The connections include both economic and technical links. 'We identified their addresses, we've seen some pictures of their offices, they have accounts of some employees on LinkedIn,' he says. Human, Trend Micro, and Google also collaborated with the internet security group Shadow Server to neuter as much Badbox 2.0 infrastructure as possible by sinkholing the botnet so it essentially sends its traffic and requests for instructions into a void. But the researchers caution that after scammers pivoted following revelations about the original Badbox scheme, it's unlikely that exposing Badbox 2.0 will permanently end the activity. 'As a consumer, you should keep in mind that if the device is too cheap to be true, you should be prepared that there might be some additional surprises hidden in the device,' Trend Micro's Yarochkin says. 'There is no free cheese unless the cheese is in a mousetrap.'
