The Mysterious Shortwave Radio Station Stoking US-Russia Nuclear Fears


Since early this year, RIA-Novosti has published roughly one story per week on UVB-76, suggesting its coded messages are related to missile strikes on Iran, the war in Ukraine, and negotiations with Trump.

RT, which had once pooh-poohed the idea that UVB-76 was part of Moscow’s nuclear deterrence, began regularly posting its broadcasts on X, writing in April that the station often broadcasts “coded alerts pre-major events”—particularly around phone calls between Trump and Putin—and suggesting that it operates as a “nuke failsafe.”

Chatter about the station grew on Telegram, the messaging app popular in Russia. Channels claimed that UVB-76 grew active “during periods of escalation” of military activity and that it served as a kind of oracle, sending its coded messages “before global events.” Some of these channels, some with millions of subscribers, are themselves close to the Russian Ministry of Defense.

“In the time of tension between Russia and the West,” Goldmanis says, “such articles are ideal for mounting tension and fear.” There is some irony in the fact that Russians seem to be spooking themselves with tales of their own military communications network, but he argues that it speaks to a deeper fear in Russia: “Fear of losing the war, fear of the state collapse, fear of Western nuclear action, fear of their own government and military.”

All of this domestic shadowboxing, in turn, drove international headlines. The British tabloid The Sun proclaimed that Russia’s “doomsday radio station” had transmitted its “cryptic ‘nuke’ code.” Belgium’s Het Laatste Nieuws reported that the radio messages had caused “heightened alertness among military analysts worldwide.” Politika, a Serbian daily newspaper, penned a lengthy article that claimed that UVB-76 “put fear in the hearts of NATO generals and the Pentagon,” which have been powerless to crack its code. (That article was republished in Russian by RT’s foreign translation service.)

Amid this new attention, Moscow’s communications regulator Roskomnadzor—responsible for monitoring, regulating, and censoring all mass media, including both shortwave radio and the internet—commented on UVB-76 for the first time. A spokesperson for the agency didn’t say much, telling RT that information about the frequency and its purpose “is not publicly available.”

As public interest increased, UVB-76 kept churning out messages. On May 23, an operator read out the code “БЕЗЗЛОБИЕ,” roughly translated to “the absence of malice,” and “ХРЮКОСТЯГ,” or “oink,” followed by a series of numbers. This message, in particular, caught the attention of Dmitry Medvedev.

Medvedev has served as both president and prime minister of Russia and now serves on the hawkish Security Council of Russia as deputy chairman. Analysts at the Institute for the Study of War say Medvedev is frequently deployed by the Kremlin to “inflammatory rhetoric, often including nuclear blackmail, into the information space to spread fear among Western decision-makers and discourage future military aid to Ukraine.”

“Doomsday Radio: May’s ‘lack of malice’ has been replaced by a fierce ‘oink,’” Medvedev wrote on his Telegram channel. Invoking a wave of Ukrainian drone attacks that had roiled Moscow, Medvedev levied thematic insults against the Ukrainians and their backers in Europe: “Pigs,” “hogs,” and “boars.” He ended the post: “Password: ‘БЕЗЗЛОБИЕ.’ Answer: ‘ХРЮКОСТЯГ,’” the two UVB-76 codewords.

“Spasms of the Dead Hand”

Coincidental or intentional, Russia’s new fascination with UVB-76 comes just as it attempts to ratchet up fear of nuclear armageddon. To do that, Moscow is turning to that bit of Cold War lore: The Dead Hand.

Throughout the Cold War, there was a pervasive idea that the Soviets had built some kind of doomsday device. Popularized by films like Fail Safe and Dr. Strangelove, the idea went that Moscow had developed the ability to launch its ballistic missiles, even if all the Communist Party leadership were dead. Such a response could effectively end life on Earth.

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More


Four days before he leaves office, US president Joe Biden has issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence, and punishes foreign hackers.

The 40-page executive order unveiled on Thursday is the Biden White House’s final attempt to kickstart efforts to harness the security benefits of AI, roll out digital identities for US citizens, and close gaps that have helped China, Russia, and other adversaries repeatedly penetrate US government systems.

The order “is designed to strengthen America’s digital foundations and also put the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, told reporters on Wednesday.

Looming over Biden’s directive is the question of whether president-elect Donald Trump will continue any of these initiatives after he takes the oath of office on Monday. None of the highly technical projects decreed in the order are partisan, but Trump’s advisers may prefer different approaches (or timetables) to solving the problems that the order identifies.

Trump hasn’t named any of his top cyber officials, and Neuberger said the White House didn’t discuss the order with his transition staff, “but we are very happy to, as soon as the incoming cyber team is named, have any discussions during this final transition period.”

The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems. To put some teeth behind the requirement, the White House’s Office of the National Cyber Director is “encouraged to refer attestations that fail validation to the Attorney General” for potential investigation and prosecution.

The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

Another part of the directive focuses on the protection of cloud platforms’ authentication keys, the compromise of which opened the door for China’s theft of government emails from Microsoft’s servers and its recent supply-chain hack of the Treasury Department. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.

To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.

Cybercriminals Pose a Greater Threat of Disruptive US Election Hacks Than Russia or China


Russian, Chinese, and Iranian state-backed hackers have been active throughout the 2024 United States campaign season, compromising digital accounts associated with political campaigns, spreading disinformation, and probing election systems. But in a report from early October, the threat-sharing and coordination group known as the Election Infrastructure ISAC warned that cybercriminals like ransomware attackers pose a far greater risk of launching disruptive attacks than foreign espionage actors.

While state-backed actors were emboldened following Russia’s meddling in the 2016 US presidential election, the report points out that they favor intelligence-gathering and influence operations rather than disruptive attacks, which would be viewed as direct hostility against the US government. Ideologically and financially motivated actors, on the other hand, generally aim to cause disruption with hacks like ransomware or DDoS attacks.

The document was first obtained by the national security transparency nonprofit Property of the People and viewed by WIRED. The US Department of Homeland Security, which contributed to the report and distributed it, did not return WIRED’s requests for comment. The Center for Internet Security, which runs the Election Infrastructure ISAC, declined to comment.

“Since the 2022 midterm elections, financially and ideologically motivated cyber criminals have targeted US state and local government entity networks that manage or support election processes,” the alert states. “In some cases, successful ransomware attacks and a distributed denial-of-service (DDoS) attack on such infrastructure delayed election-related operations in the affected state or locality but did not compromise the integrity of voting processes … Nation-state-affiliated cyber actors have not attempted to disrupt US elections infrastructure, despite reconnaissance and occasionally acquiring access to non-voting infrastructure.”

According to DHS statistics highlighted in the report, 95 percent of “cyber threats to elections” were unsuccessful attempts by unknown actors. Two percent were unsuccessful attempts by known actors, and 3 percent were successful attempts “to gain access or cause disruption.” The report emphasizes that threat intelligence sharing and collaboration between local, state, and federal authorities help prevent breaches and mitigate the fallout of successful attacks.

In general, government-backed hackers may stoke geopolitical tension by conducting particularly aggressive digital espionage, but their activity isn’t inherently escalatory so long as they are abiding by espionage norms. Criminal hackers are bound by no such restrictions, though they can call too much attention to themselves if their attacks are too disruptive and risk a law enforcement crackdown.

Hackers Threaten to Leak Planned Parenthood Data


Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned thanks to a cryptographic flaw that can’t be patched. The company has rolled out some mitigation measures—and the attack itself is relatively difficult to pull off. But it may be time to invest in a new dongle.

That’s not all, folks. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

At the end of August, cybercriminals from the ransomware group RansomHub appear to have hacked into the systems of Planned Parenthood’s Montana branch. The organization this week confirmed it had suffered from a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline, reporting the incident to law enforcement.

Days after the incident took place, RansomHub claimed to be behind the attack, posting Planned Parenthood on its leak website. The criminal group said it would publish 93 GB of data. It is unclear what, if anything, the ransomware group has obtained, but Planned Parenthood clinics can hold a huge array of highly sensitive data about patients, including information on abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were impacted following a similar ransomware incident in 2021.)

In recent months, RansomHub has emerged as one of the most active ransomware-as-a-service groups, following the law enforcement disruption of LockBit. According to an FBI and Cybersecurity and Infrastructure Security Agency alert at the end of August, the group is “efficient and successful” and has stolen data from at least 210 victims since it formed in February. “The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.

The Nigeria-based scammers known as the Yahoo Boys run almost every scam in the playbook—from romance scams to pretending to be FBI agents. Yet there’s little-more devious than the increase in sextortion cases linked to the West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in US jail for running sextortion scams, following their extradition earlier this year. It is the first time Nigerian scammers have been prosecuted for sextortion in the US, the BBC reported.

The Ogoshi brothers, who pleaded guilty in April, have been linked to the death of 17-year-old Jordan DeMay, who took his life six hours after he started talking to the scammers, who posed as a girl, on Instagram. The teenager had been duped into sending the brothers explicit images, and after he had done so, they threatened to post the images online unless he paid them hundreds of dollars. US prosecutors said the brothers sexually exploited and extorted more than 100 victims, with at least 11 of them being minors. There has been a huge spike in sextortion cases in recent years.

In June, the US Commerce Department banned the sale of Kaspersky’s antivirus tools over national security concerns about its links to the Russian government. (Kaspersky has, for years, denied connections). The firm later fired its workers and said it was closing its US business. This week, cybersecurity company Pango Group announced it is purchasing Kaspersky Lab’s US antivirus customers, according to Axios. This equates to around 1 million customers, who will be transitioned to Pango’s antivirus software Ultra AV. Ahead of the Kaspersky deal, parent company Aura also announced it was spinning out Pango Group into its own business. Pango’s president said customers would not need to take any action and that it would allow subscribers to continue to receive updates after September 29, when Kaspersky updates will stop.

For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material—something that would potentially undermine encrypted messaging apps that provide everyday privacy to billions of people. The plans have been highly controversial and were shelved earlier this year. However, the proposed law, which has been dubbed “chat control,” reappeared in legislators’ in-trays this week. The Council of the EU, which is currently chaired by Hungary, wants to pass legislation by October, but reports say strong resistance to the plans still remain.