CBP Used Online Ad Data to Track Phone Locations
United States and Israel last week launched a war in Iran that has already killed more than 1,200 Iranians and spread across the Middle East. There are many unknowns about US President Donald Trump’s goals as the conflict enters its second week and the situation appears poised to trigger an energy crisis with repercussions around the world.
Iran is facing a nationwide internet blackout and only the regime-built intranet is available, plunging Iranians into digital darkness and making it difficult for aid workers, journalists and others to disseminate information both inside and outside the country. As strikes on Tehran began last weekend, an apparently hacked prayer app sent messages saying “surrender” and “help is on the way” to Iranians across the country.
Meanwhile, GPS attacks like jamming – not to mention physical threats – are increasing in the Strait of Hormuz, threatening shipping vessels. Hacking security cameras has become part of the war scenario. And missile interception systems across the Middle East are strained and, in some cases, destroyed in strikes.
Trump ousted Department of Homeland Security Secretary Kristi Noem this week. His tenure was marked by aggressive anti-immigration tactics and the killing of two American protesters by ICE and CBP. A highly sophisticated iPhone hacking toolkit, likely originally designed for the U.S. government, is in the hands of several other countries as well as crooks who have likely used the tools to infect tens of thousands of phones or more. Some US lawmakers are calling for an investigation into the threat posed by this decades-old side-channel hacking technique. And WIRED explained how music streaming CEO Elie Habib built the open-source global threat map World Monitor in his spare time.
And there’s more. Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
U.S. Customs and Border Protection has, for the first time, admitted to purchasing phone location data from the sprawling and heavily monitored online advertising industry. The agency’s acknowledgment was included in a document, called Privacy Threshold Analysis, obtained by 404 Media through a Freedom of Information Act request. The document concerns a trial conducted by CBP between 2019 and 2021.
The publication reports that CBP purchased data related to real-time bidding processes. When you see ads online or in apps, they are often presented to you after automated, instant auctions in which advertisers bid to show you that specific ad. The darker parts of the advertising industry may collect data from your device, including your phone’s identifying details and location data; this is then repackaged and sold to companies and entities. Data has been called a “gold mine” for tracking people’s daily activities.
CBP did not respond to 404 Media’s request for comment on whether it is still purchasing the data; However, ICE reportedly plans to purchase access to another system, called Webloc, which can monitor entire neighborhoods for cell phone movements.
The FBI was able to identify a protester in Atlanta after finally obtaining information from the Swiss encrypted email service Proton Mail, court documents revealed this week. A court document reviewed by 404 Media shows that payment information linked to a Proton email address was provided to U.S. law enforcement by Swiss authorities after a request was made under a Mutual Legal Assistance Treaty (MLAT), which allows agencies to share data internationally.
Swiss authorities requested the data under Swiss laws from Proton for payment information linked to the email address defensetheatlantaforest@protonmail.com, which was associated with the protests in Atlanta. This information was then provided to U.S. law enforcement officials under international agreements, and they were able to identify an individual linked to the account.
