Iran is in a nationwide internet shutdown, with only the country’s regime-created intranet available, plunging Iranians into digital darkness and making it difficult for humanitarian aid workers, journalists and others to disseminate information in and out of the country. As attacks on Tehran began last weekend, an apparently hacked prayer app sent messages to Iranians across the country telling them to “surrender” and “help is on the way.”
Meanwhile, GPS attacks such as jamming – not to mention physical threats – are increasing in the Strait of Hormuz, threatening shipping vessels. Security camera hacking has emerged as part of the war strategy. And missile-interception systems throughout the Middle East are under strain — and in some cases being destroyed in the attacks.
Trump fired Department of Homeland Security Secretary Kristi Noem this week. His tenure was marked by aggressive anti-immigration tactics and the killing of two American protesters by ICE and CBP. A highly sophisticated iPhone hacking tool kit that was likely originally created for the US government is in the hands of scammers in several other countries as well, who have likely used the tool to infect thousands of phones or more. Some US lawmakers are calling for an investigation into the threat of the decades-old side-channel hacking technique. And WIRED learned how music streaming CEO Eli Habib created the open-source global threat map World Monitor in his spare time.
There is so much more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
United States Customs and Border Protection has admitted for the first time that it bought phone location data from the giant, surveillance-heavy online advertising industry. The agency’s approval was included in a document, called a Privacy Threshold Analysis, which was obtained by 404 Media through a Freedom of Information Act request. The document relates to a test that CBP ran between 2019 and 2021.
The publication reports that CBP has purchased data related to real-time bidding processes. When you see ads online or in apps, they are often shown to you after an automated, instantaneous auction, where advertisers bid to show you that specific ad. The most nebulous part of the advertising industry may be collecting data from your device, including your phone’s identifying details and location data; After this it is repackaged and sold to companies and institutions. The data has been called a “gold mine” for tracking people’s daily activities.
CBP did not respond to 404 Media’s request for comment on whether it was still purchasing the data; However, ICE reportedly plans to purchase access to another system called WeBlock, which allows it to monitor entire neighborhoods for mobile phone activities.
Court documents this week revealed that the FBI was able to identify a protester in Atlanta after obtaining information from the Swiss encrypted email service Proton Mail. A court document reviewed by 404 Media shows that payment information linked to Proton email addresses was provided to US law enforcement by Swiss authorities after being requested under the Mutual Legal Assistance Treaty (MLAT), which allows agencies to share data internationally.
Swiss authorities requested Proton under Swiss laws for payment information linked to the email address defendtheatlantafirst@protonmail.com, which was linked to the protests in Atlanta. This information was then provided to US law enforcement officials under international agreements, and they were able to identify an individual associated with the account.
<a href