World Leaks

—FBI Director James Comey’s announcement Friday on new emails related to Hillary Clinton, the Democratic presidential nominee, is coming under criticism. Eric Holder, the former attorney general, writing in The Washington Post Monday, called Comey’s decision “a stunning breach of protocol.” More here

—Turkey’s crackdown on the media continues after July’s failed coup. Authorities arrested the editor and several writers of Cumhuriyet, the opposition newspaper, for their alleged links to the Gulenist movement. More here

—The Cubs kept stayed alive last night, beating the Indians 3-2 in Game 5 of the World Series.

A UKRAINIAN GROUP calling itself Cyber Hunta released emails October 28 from aides close to Vladimir Putin that show Russia heavily influencing the separatist movement in Ukraine. The incident could be retaliation by the United States for Russian political hacking, which would be big enough news on its own, but there was lots more happening this week. The security community began intense debriefing in the wake of last week’s DDoS attack on the internet infrastructure company Dyn, which was powered largely by an Internet of Things botnet. It turns out that most of the devices used to mount the attack weren’t consumer IoT devices in homes but enterprise products like webcams and DVRs built for commercial use. As everyone scrambles to figure out what to do about the sorry state of IoT security, some are looking to Internet Service Providers to help protect and shrink the existing population of vulnerable devices.

Speaking of sorry situations, WIRED published exclusive insights this week into last year’s disastrous Office of Personnel Management hack. Meanwhile, law enforcement used a sound cannon against pipeline protesters on Standing Rock Reservation in North Dakota (and updates were coming to the world from livestreams on social media), the Clinton campaign wants states to get serious about reducing cyberbullying, and Trump has a disinformation campaign going to make voters skeptical of the upcoming election results. Oh, and researchers are using totally mind-blowing physics hacks to take over Android phones. Whew.

But there’s more! Each Saturday we round up the news stories that we didn’t break or cover in depth but still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.

On Thursday, a Ukrainian group calling itself Cyber Hunta released 1GB of emails from key aides close to Vladimir Putin that show Russia heavily influencing the separatist movement in Ukraine. Russia has denied involvement with that faction, which destabilized Ukraine and paved the way for the Russian takeover of Crimea, but the emails contradict the Kremlin’s official position. The email dump contained data downloaded directly from Russian aides’ Outlook accounts. Given the Obama administration’s recent indications that it would retaliate in some way against Russia for its political hacking in the US, this new incident seems like it could be a warning strike. The true nature of Cyber Hunta is not yet known, though, and a senior US intelligence official told NBC that the US “had no role” in the leak.

A hacker charged with stealing nude photos and other data from celebrities’ personal storage accounts in 2014 was sentenced to 18 months in prison this week.  Ryan Collins, a 36-year-old Pennsylvania resident, had pleaded guilty to felony charges in May. He admitted to phishing over 600 people—many, like Jennifer Lawrence and Rihanna, in the entertainment industry–to get their login credentials for different digital services. The Department of Justice saysthat it does not have evidence that Collins leaked the data, but called his scheme “sophisticated” and said that he sometimes used speciality software to download all the data in victims’ Apple iCloud backups in one sweep. Collins also had a modeling scam that he used to convince people to send him nude photographs.

New research from the security firm Trend Micro shows that many industrial operations still use wireless pagers to communicate commands to control systems. Nuclear power plants, HVAC companies, power generation stations, and chemical plants may be relying on unencrypted beeper messages to manage systems that control things like diagnostics, fire incidents, contamination, and pump flow rate. Unencrypted pager messages are cheap and easy to intercept, and Trend Micro studied more than 54 million of them. “We found that a disturbing amount of information that enterprises typically consider confidential can easily be obtained through unencrypted pager messages,” the researchers wrote.

In 2013 The New York Times did some reporting about an AT&T program called Project Hemisphere that compiled vast troves of customer communication data, which the company then made available to federal and local drug enforcement officials. The Times said the database, which contains decades of call records, was available to law enforcement for drug cases with a subpoena as part of a “partnership.” But new reporting from the Daily Beast based on internal AT&T documentation reframes Project Hemisphere as a product that the telecom has been peddling broadly to government agencies for millions of dollars a year. Accessing the database doesn’t require a warrant and gives officials access to trillions of call records, which can establish where a person was located during a call and who they were speaking to. The Beast reports that AT&T asked officials to promise that they wouldn’t reveal anything about Project Hemisphere to the public. The situation calls to mind the 2013 revelations about the National Security Agency’s own bulk call surveillance, but in fact AT&T has records dating back longer than the NSA did.

Bitcoin improves anonymity compared to, say, credit cards, but on Friday, a new blockchain-based currency launched that promises to take the incognito mode a step further. ZCash combines blockchain with cryptographic principles that the company says allow transactions to be done without a record on the ledger of which wallets sent and received currency. The system will only record that a transaction occurred. The promise of extreme privacy has buoyed ZCash futures. Mining for the currency began on Friday and the company distributed some ZCash to its investors. The original research underlying ZCash came from work in 2013 at the Johns Hopkins University applied cryptography lab led by Matthew Green. According to IEEE Spectrum, researchers say that the work underlying ZCash is very robust and sophisticated, but caution that because of its complexity there hasn’t been time yet for thorough independent vetting.

Hundreds of Counter-Terrorism Service (CTS) troops entered Bazwaya, the last village before the city limits, after launching a dawn assault on Monday.

A BBC correspondent travelling with them says there was some resistance, with car bombs targeting the convoy.

Units of the army's ninth division are meanwhile advancing from the south.

Earlier, the military announced the start of an operation to retake the side of Mosul east of the River Tigris, which flows through the city.

The BBC's Ian Pannell, who is with a CTS unit, says the assault on Bazwaya, about 3km (1.9 miles) from Mosul, began early on Monday.

Hundreds of troops in heavily-armoured Humvees, together with tanks and bulldozers, advanced on the village, supported by US-led coalition air strikes, our correspondent adds.

Within hours the head of the Iraqi military's Nineveh Operations Command, Lt-Gen Abdul Amir Yarallah, announced that they had entered Bazwaya and raised the Iraqi flag.

Our correspondent says that a column of troops is now probing different parts of Mosul's outskirts, as commanders make a plan about where to go next.

One senior officer told the Associated Press news agency that they aimed to enter the city limits later on Monday, while another told Reuters they were already fighting in the Karama district.

CTS commander Lt Gen Abdul Wahhab al-Saidi denied that the troops had entered Karama. But he did say that they were moving on Kukjali, an industrial zone west of Bazwaya that lies about 1km from Mosul's municipal boundary.

It had been expected the CTS would halt its advance until troops and allied fighters on other frontlines also reached the outskirts of Mosul.

Gen Yarallah announced earlier that the army's ninth division had taken control of the village of Ellag, 17km (10 miles) south of Mosul.

Army units also recaptured a number of villages to the south-east and north, the military said, while federal police are moving north from the town of Shura towards Hamam al-Alil.

About 50,000 Iraqi security forces personnel, Kurdish Peshmerga fighters, Sunni Arab tribesmen and Shia militiamen are involved in the two-week-old offensive to drive IS militants out of their last major urban stronghold in the country.

Mosul fell to the jihadists in June 2014 and their leader, Abu Bakr al-Baghdadi, chose a mosque in the city as a place to proclaim the establishment of a "caliphate".

Before the offensive began on 17 October, there were believed to be between 3,000 and 5,000 militants remaining in Mosul, along with up to 1.5 million civilians.

More than 17,700 residents have fled so far and, according to the UN's worst-case scenario, as many as 700,000 others could follow suit.