This week, Hawaii reeled after an emergency text alert about an impending nuclear missile attack triggered panic—and then turned out to be a false alarm. Researchers provided more details about the sophisticated Triton malware that targets industrial control systems and impacted a real-world plant last year.

The anti-fascist far-left movement known as Antifa gets some of its intelligence from a computer scientist named Megan Squire, who disseminates valuable and controversial information. Officials looking to support and further law enforcement initiatives are using the clever catchphrase "responsible encryption" in an attempt to gingerly avoid debate while describing the need for backdoors into protected data. Algorithms meant to analyze crime trends and predict future incidents don't have a particularly impressive accuracy rate. And researchers are refining an approach to automatically uncover vulnerabilities in Internet of Things Devices—ideally so they can be protected before attackers come along.

And there's more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

###Hacking Group Linked to Lebanon Used Fake Mobile Messaging Apps to Spy on Thousands of PeopleA newly identified digital espionage initiative has stolen hundreds of gigabytes of data and surveilled thousands of people in 21 countries, including the United States, Canada, France, and Germany. The spy campaign works by tricking users into installing malicious apps that appear to be trusted messaging services like WhatsApp and Signal. The phony apps seem to work normally, but are actually laced with trojans that scoop up messages, call logs, photos, location data, and anything else users send and receive.

The campaign, discovered by the Electronic Frontier Foundation and the mobile security firm Lookout, is known as Dark Caracal and seems to be the work of nation state-funded hackers. The researchers traced the sinister project to a building owned by the Lebanese General Security Directorate in Beirut. The spying has targeted well-connected or controversial figures like activists, military personnel, journalists, and lawyers.

“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional ... actors are moving toward using mobile as a primary target platform,” said Mike Murray, vice president of security intelligence at Lookout.

###LeakedSource Creator Charged With Selling Stolen Data He CollectedThis week unmasked LeakedSource creator Jordan Evan Bloom, a 27-year-old from Ontario, appeared in court on charges of trafficking in identity information and unauthorized computer use. Canadian officials say that Bloom sold data from the three billion credential pairs and pieces of personal information LeakdSource had on file. Bloom allegedly made almost $200,000 by selling personal data.

LeakedSource always billed itself as a good-faith service. The tool collected usernames, passwords and other personal information compromised in corporate breaches and organized it into a searchable database so web users could check whether their data had been compromised. Some security professionals had doubts about the service, created in 2015, largely because its creator remained anonymous. Other similar services, like Troy Hunt's Have I been pwned?, are more transparent.

LeakedSource and its social media accounts have been taken offline, but at least one mirror site hosted in Russia still exists.

###Fewer Than 10 Percent of Gmail Accounts Use Two-factor AuthenticationGoogle engineer Grzegorz Milka said at the Usenix Enigma security conference on Wednesday that fewer than 10 percent of Gmail's active users currently enable two factor authentication on their accounts. On a similarly bleak note, he cited a 2016 Pew study that only about 12 percent of people in the US use a password manager.