united states This week a seizure warrant was issued to Starlink relating to satellite internet infrastructure used in a scam complex in Myanmar. The action is part of a larger U.S. law enforcement interagency initiative announced this week called the District of Columbia Scam Center Strike Force.
Meanwhile, Google sued 25 people this week, alleging they are behind a “shocking” and “relentless” scam text operation that uses a notorious phishing-as-a-service platform called Lighthouse.
WIRED reported this week that the U.S. Department of Homeland Security collected data on Chicago residents accused of gang ties to investigate whether police files could feed an FBI watchlist — and then, crucially, retained the records for months in violation of domestic spying rules.
There is so much more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
China’s vast intelligence apparatus never faced a situation like Edward Snowden. So any peek inside its surveillance and hacking capabilities represents a rare find. One such glimpse has now come in the form of nearly 12,000 documents leaked from Chinese hacking contractor firm KnownSec, which first surfaced on the Chinese-language blog Mxrn.net and then were picked up by Western news outlets this week. The leak includes hacking tools such as remote-access Trojans, as well as data extraction and analysis programs. More interesting, perhaps, is the target list of more than 80 organizations from which the hackers claim to have stolen information. According to MRXN, the stolen data listed includes 95 GB of Indian immigration data, three TB of call records from South Korean telecom operator LG U Plus, and 459 GB of road-planning data obtained from Taiwan, for example. If there was any doubt about who KnownSec was doing this hacking for, the leak reportedly also includes details of its contracts with the Chinese government.
The cybersecurity community has been warning for years that state-sponsored hackers will soon begin using AI tools to supercharge their intrusion campaigns. The first known AI-powered hacking campaign has now emerged, according to Anthropic, which says it has discovered a group of China-backed hackers that is extensively using its cloud tool set at every stage of the hacking spree. According to Anthropic, hackers used the cloud to write malware and extract and analyze stolen data with “minimal human interaction.” Although the hackers circumvented its security by preventing malicious use of the cloud’s tools in the context of defensive and whitehat hacking, Anthropic says it still detected and stopped them. However, by that time, the espionage operation had successfully breached four organizations.
Still, fully AI-based hacking still isn’t necessarily for prime time, Ars Technica points out. According to Anthropic, the hackers’ infiltration rate was relatively low, as they targeted 30 organizations. The AI startup also notes that the tool hallucinated some of the stolen data that did not exist. At the moment, state-sponsored spies still have some job security.
North Koreans are raising money for Kim Jong Un’s regime by getting jobs as remote IT workers with false identities and not working alone. Four Americans pleaded guilty this week to allowing North Koreans to make payments using their identities, as well as obtaining and setting up corporate laptops for remote control for North Korean workers. Another man, Ukrainian citizen Oleksandr Didenko, pleaded guilty to stealing the identities of 40 Americans to sell to North Koreans for use in setting up IT worker profiles.
A report from 404 Media reveals that a Customs and Border Protection app that uses facial recognition to identify immigrants is being hosted by Google. The app can be used by local law enforcement to determine whether a person is of potential interest to Immigration and Customs Enforcement. While deplatforming CBP apps, Google recently removed some apps used for community discussion about ICE activity and ICE agent sightings from the Google Play Store. Google described these app removals as required under its terms of service, as the company says ICE agents are a “vulnerable group”.