The United States issued a seizure warrant to Starlink this week related to satellite internet infrastructure used in a scam compound in Myanmar. The action is part of a larger US law enforcement interagency initiative announced this week called the District of Columbia Scam Center Strike Force.
Meanwhile, Google moved this week to sue 25 people that it alleges are behind a “staggering” and “relentless” scam text operation that uses a notorious phishing-as-a-service platform called Lighthouse.
WIRED reported this week that the US Department of Homeland Security collected data on Chicago residents accused of gang ties to test if police files could feed an FBI watchlist—and then, crucially, kept the records for months in violation of domestic espionage rules.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
China’s massive intelligence apparatus has never quite had its Edward Snowden moment. So any peak inside its surveillance and hacking capabilities represents a rare find. One such glimpse has now arrived in the form of about 12,000 documents leaked from the Chinese hacking contractor firm KnownSec, first revealed on the Chinese-language blog Mxrn.net and then picked up by Western news outlets this week. The leak includes hacking tools such as remote-access Trojans, as well as data extraction and analysis programs. More interesting, perhaps, is a target list of more than 80 organizations from which the hackers claim to have stolen information. The listed stolen data, according to Mrxn, includes 95 GB of Indian immigration data, three TB of call records from South Korean telecom operator LG U Plus, and a mention of 459 GB of road-planning data obtained from Taiwan, for instance. If there were any doubts as to whom KnownSec was carrying out this hacking for, the leak also reportedly includes details of its contracts with the Chinese government.
The cybersecurity community has been warning for years that state-sponsored hackers would soon start using AI tools to supercharge their intrusion campaigns. Now the first known AI-run hacking campaign has surfaced, according to Anthropic, which says it discovered a group of China-backed hackers using its Claude tool set extensively in every step of the hacking spree. According to Anthropic, the hackers used Claude to write malware and extract and analyze stolen data with “minimal human interaction.” Although the hackers bypassed Claude’s guardrails by couching the malicious use of its tools in terms of defensive and whitehat hacking, Anthropic says it nonetheless detected and stopped them. By that time, however, the spy campaign had successfully breached four organizations.
Even so, fully AI-based hacking still isn’t necessarily ready for prime time, points out Ars Technica. The hackers had a relatively low intrusion rate, given that they targeted 30 organizations, according to Anthropic. The AI startup also notes that the tools hallucinated some stolen data that didn’t exist. For now, state-sponsored spies still have some job security.
The North Koreans raising money for the regime of Kim Jong Un by getting jobs as remote IT workers with false identities aren’t working alone. Four Americans pleaded guilty this week to letting North Koreans pay to use their identities, as well as receiving and setting up corporate laptops for the North Korean workers to remotely control. Another man, Ukrainian national Oleksandr Didenko, pleaded guilty to stealing the identities of 40 Americans to sell to North Koreans for use in setting up IT worker profiles.
A report from 404 Media shows that a Customs and Border Protection app that uses face recognition to identify immigrants is being hosted by Google. The app can be used by local law enforcement to determine whether a person is of potential interest to Immigration and Customs Enforcement. While platforming the CBP app, Google has meanwhile recently taken down some apps in the Google Play Store used for community discussion about ICE activity and ICE agent sightings. Google justified these app takedowns as necessary under its terms of service, because the company says that ICE agents are a “vulnerable group.”
