Computer scientist Ali Abedi thinks Wi-Fi is too polite, and like your small-town friend visiting New York, says hi to too many strangers.

Combining two tactics, Abedi and University of Waterloo, Ontario, researchers exposed Wi-Fi’s too-friendly feature: Connected devices, when receiving an initial packet, provide an acknowledgement—one that can reveal a gadget’s exact location if a drone gets involved.

By equipping an unmanned aircraft with a radio, the team located the electronics within a building, without having to go inside. The feat does not demonstrate an immediate threat, according to some network-security professionals, but perhaps one that signals a new opening for attackers.

“It used to be that you had to have physical access to areas to be able to exploit these kinds of vulnerabilities...I think the prominence of drones in modern society almost obviates that to a certain extent,” Justin Klein Keane, director of security operations for the MorganFranklin Consulting advisory, told IT Brew. The drone market is expected to double by 2026.

Wake up, take off. With a wireless-transmitter beacon, the team blasted a signal to nearby smart machines, shaking the devices from their sleep mode.

“We exploit that technique to wake up all of the devices and force them to send some packet, and as soon as they send the packet, their MAC address is revealed,” said Abedi, an adjunct professor during his time at Waterloo who is now a postdoctoral researcher at Stanford University.

With target destinations found, the drone takes off and sends introductory packets to the addresses. By calculating the time required to receive and return an acknowledgment, the researchers determined device coordinates.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Police recently took a swing at LockBit, one of the most prominent ransomware gangs on the planet, with the high-profile arrest of a member in Ontario, Canada.

In October, Canadian authorities working with their French, US, and Europol counterparts captured Mikhail Vasiliev, a national of both Canada and Russia, and charged him with conspiracy to “intentionally damage protected computers and to transmit ransom demands.” They intend to extradite him to the US to face charges.

LockBit—the name of both the gang and its signature malware—was first spotted in the wild in 2019. The malware is distributed under the ransomware-as-a-service model, where its developers lease it out to other organizations for a slice of the profits, and LockBit has appeared particularly focused on assuring potential partners of its trustworthiness and excellent customer service. The Department of Justice (DOJ) alleges the group made tens of millions from attacks involving at least $100 million in demands.

According to a criminal complaint posted by the DOJ, investigators recovered computers across two raids containing extensive evidence such as alleged target lists. During the latter raid, police say they interrupted Vasiliev before he could lock a laptop containing a Bitcoin wallet and running a browser navigated to the LockBit login page.

Security firm MalwareBytes’s Threat Intelligence team recently released a report naming LockBit by far the most active among the ransomware strains it tracked in August 2022, with 62 identified attacks. The Record’s ransomware tracker, updated on the tenth of each month, lists well over 1,000 LockBit attacks since 2019.

MalwareBytes’s analysis also suggested that gangs like LockBit might be moving away from encrypting systems—due to an alleged drop in the number of victims willing to pay up—towards simply extorting them with threats to release stolen data.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: 90%. That’s how much Zoom stock has zoomed downwards since its pandemic peak. (Reuters)

Quote: “The ambitions of Microsoft and OpenAI go way beyond GitHub and Copilot…They want to train on any data anywhere, for free, without consent, forever.”—Matthew Butterick, a programmer suing Microsoft for scanning open-source code for its Copilot AI coding assistant (the New York Times)

Read: Meta’s AI Cicero achieves human-level performance in the Diplomacy board game. (Ars Technica)

Recognize: Burnout is real—and healthcare IT is no exception. IT Brew connected with an industry veteran to talk about ways to provide relief to a team that’s working 24/7. Hint: Recognition is key. Read more.

Build on GitHub: Every company is a software company now, and with over 90 million developers, GitHub is the place for anyone from anywhere to build anything. Find a plan that works for your team here.*

^{*This is sponsored advertising content.}