Hackers Dox ICE, DHS, DOJ, and FBI Officials
In a superb Researchers at UC San Diego and the University of Maryland revealed this week that satellites leak a wealth of sensitive data entirely unencrypted, from calls and text messages on T-Mobile to in-flight Wi-Fi browsing sessions to military and law enforcement communications, according to a new study. And they did it with just $800 worth of commercially available equipment.
Facial recognition systems are seemingly everywhere. But what happens when this surveillance and identification technology doesn’t recognize your face as such? WIRED spoke with six people with different faces who say flaws in these systems are preventing them from accessing essential services.
Authorities in the United States and United Kingdom this week announced the seizure of nearly 130,000 bitcoins from an alleged Cambodian fraud empire. At the time of the seizure, the cryptocurrency fortune was worth $15 billion, the largest sum of money ever confiscated in the United States.
Control of a significant portion of America’s election infrastructure is now in the hands of a single former Republican operative, Scott Leiendecker, who just bought the voting machine company Dominion Voting Systems and owns Knowink, an electronic poll records company. Election security experts are currently more perplexed about the implications than worried about the possibility of foul play.
While a new type of attack could allow hackers to steal two-factor authentication codes from Android phones, the most significant cybersecurity development of the week was the breach of security company F5. The attack, which was carried out by a “sophisticated” threat actor believed to be linked to China, poses an “imminent threat” of breaches against government agencies and Fortune 500 companies. Finally, we’ve sifted through the mess that is iPhone VPNs and found the only three worth using.
But that’s not all! Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
In recent years, perhaps no hacker group has caused more chaos than “The Com,” an informal collective of primarily cybercriminal gangs whose subgroups like Lapus$ and Scattered Spider have carried out cyberattacks and ransomware extortion operations targeting victims from MGM casinos to Marks & Spencer grocery stores. They have now turned their sites over to US federal law enforcement.
On Thursday, a member of the free Com collective began publishing on Telegram a series of identification documents of federal civil servants. One spreadsheet, according to 404 Media, contained what appeared to be personal information on 680 Department of Homeland Security officials, while another included personal information on 170 FBI officials and yet another doxxed 190 Justice Department officials. In some cases, the data included names, email addresses, phone numbers and addresses – in some cases, officials’ homes rather than where they worked. The user who posted the data noted in their posts a DHS statement that Mexican cartels had offered thousands of dollars to identify agent information, apparently mocking the unverified claim.
“Mexican cartels hmu we drop all the doxes where’s my 1 million,” wrote the user who posted the files, using the abbreviation for “hit me” and apparently demanding a million dollars. “I want my MEXICO MONEY.”
Over the past year, at least, the FBI has set up a “secret” task force that may have worked to dismantle Russian ransomware gangs, according to reports published this week in the French newspaper Le Monde and the German newspaper Die Zeit. The publications claim that late last year, the mysterious Group 78 presented its strategy at two different meetings of European officials, including law enforcement officials and judicial officials. Little is known about the group; However, its potentially controversial tactics appeared to prompt usually quiet European officials to speak out about the existence and tactics of Group 78.
Late last year, according to reports, Group 78 focused on the Russian-speaking ransomware gang Black Basta and presented two approaches: conducting operations inside Russia to disrupt gang members and attempt to force them out of the country; and also to “manipulate” Russian authorities into pursuing Black Basta members. Over the past few years, Western law enforcement agencies have taken increasingly disruptive action against Russian ransomware gangs – including infiltrating their technical infrastructure, attempting to ruin their reputations, and issuing a wave of sanctions and arrest warrants – but taking covert action in Russia against ransomware gangs would be unprecedented (at least common knowledge). The Black Basta group has fallen dormant in recent months after the leak of 200,000 of its internal messages and the identification of its alleged leader.
Over the past few years, AI-based license plate recognition cameras, placed on the side of the road or in police cars, have collected billions of images of vehicles and their specific locations. The technology is a powerful surveillance tool that, unsurprisingly, has been adopted by law enforcement officials across the United States, raising questions about how access to cameras and data can be abused by officials.
This week, a letter from Senator Ron Wyden revealed that a division of ICE, the Secret Service and Navy criminal investigators all had access to Flock Safety’s camera data. “I now believe that abuses of your product are not only likely but inevitable, and that Flock is incapable and indifferent to preventing them,” Wyden’s letter to Flock said. Wyden’s letter follows growing reports that government agencies, including CBP, had access to Flock’s 80,000 cameras. “In my opinion,” Wyden wrote, “local elected officials can better protect their constituents from the inevitable abuse of Flock cameras by removing Flock from their communities. »
