This Week in Getting Hacked: Don't Hack Back Edition

Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…

Remember Silk Road? Well, a former Secret Service agent stole almost 1,500 bitcoin (an approximate value of $10.4 million) while he was working the case. And we know that because he was arrested and sentenced.

Shaun W. Bridges is his name and he has been sentenced to 24 months in prison for money laundering and he had to forfeit the money. And he would have gotten away with it too if it wasn’t for that meddling government he worked for.

Keith Alexander, a retired general who headed the NSA for nine years has stated that companies shouldn’t hack back whenever they’re hacked because a hack-back can lead to a hack-war and it’s just a whole mess.
Alexander has said:

“If it starts a war, you can’t have companies starting a war. That’s an inherently governmental responsibility, and plus the chances of a company getting it wrong are fairly high.”

In what should be a surprise to absolutely no one, US Deputy Attorney General Rod Rosenstein says that encryption that the government doesn’t have access to is “unreasonable.”
The remarks come off of authorities in the FBI being unable to gain access to the Sutherland Springs shooter’s seized iPhone. So, we kind of get that. But as we all know with cybersecurity, give the powers-to-be an inch and they usually take a mile. We won’t open up that can of worms here, but data-privacy is and should stay private. It’s up to the encryption companies to come to a compromise with the authorities under special circumstances so that everyone’s rights are not infringed. But that’s only this bloggers take.

The Intel Management Engine that’s in almost every computer since 2008 can be compromised pretty easily! Because why wouldn’t it be.
The aforementioned IME is basically a CPU on top of a CPU which serves as a kind of “black box” for your computer. However, Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB.
That’s right. Just a USB. Cool. Here’s a tweet from one of their employees:

Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci pic.twitter.com/cRPuO8J0oG

— Maxim Goryachy (@h0t_max) November 8, 2017

And finally….
A self-driving bus crashed in Vegas this week and this comes as one of those rare hybrid physical/digital security stories that we love here on TWIGH.

Not only is the self-driving bus the cutest little bus you’ll ever see, but it and it’s friends have run accident free for a while now. Until this week.
The bus encountered a delivery truck which was blocking traffic trying to back into a drop-off location. The bus did as it should and waited a safe distance for the truck to clear, but then the truck started to back up. The bus’s programming didn’t know what to do so it just sat there while the truck bumped into it.
That’s it. Seriously. This made major headlines. Stop it people. Self-driving cars are going to be awesome.

That’s it for this week! See you next time and definitely don’t click on any weird links.