As the Biden administration draws to a close, the White House has released a 40-page executive order on Thursday aims to strengthen federal cybersecurity protections and placing guardrails on the use of AI by the US government. WIRED also spoke with the outgoing U.S. Ambassador for Cyberspace and Digital Policy, Nathaniel Fick, on the urgency that the Trump administration not intimidate Russia and China in the global race for technical domination. Outgoing FCC Chairwoman Jessica Rosenworcel details to WIRED threats to US telecommunications, at least nine of which were recently breached by Chinese Salt Typhoon hackers. Meanwhile, U.S. officials are still scrambling to get a handle on multiple spying campaigns and other data breaches, with new revelations this week that an AT&T breach came to light last summer. Compromised FBI call and text logs that could reveal identities of anonymous sources.
Huione Garantie, the massive online marketplace that researchers say provides a range of services to online fraudsters, is expanding its offerings to include a messaging app, stablecoin and crypto exchange and has facilitated $24 billion in transactionsaccording to new research. New findings indicate that GitHub’s efforts to crack down on the use of deepfake pornography fail. And WIRED took a deep dive into the opaque world of predictive travel surveillance and data-pumping companies and governments on international travelers in AI tools intended to detect people who could pose a “threat”.
But wait, there’s more! Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
China is spying, the United States is spying, everyone is spying. Mutual espionage is a geopolitical game played by virtually every nation in the world. So when the U.S. government singles out a single hacker for espionage-focused intrusions, names him, and targets him for sanctions, he must have spied aggressively — or effectively — enough to make powerful people angry.
The U.S. Treasury on Friday imposed sanctions on Yin Kecheng, a 39-year-old Chinese man accused of being involved in both the breach of nine U.S. telecommunications companies by the Chinese hacker group known as Salt Typhoon, as well as as in another recent breach of the US Treasury. In a statement regarding the news, Treasury says Yin is affiliated with China’s Ministry of State Security and has been a “cyber actor” for more than a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company that Treasury says is also associated with Salt Typhoon.
The Salt Typhoon breach of US telecommunications gave Chinese hackers enormous access to Americans’ real-time text messages and phone calls, and was allegedly used to spy on President-elect Donald Trump and Vice President-elect JD Vance, among other targets. FBI Director Christopher Wray called telecommunications breaches “largest cyberespionage campaign in China’s history.”
As Treasury responds to China’s spying operations, it is also working to determine the extent to which some of these same hackers have infiltrated its network. An internal Treasury report obtained by Bloomberg found that hackers broke into at least 400 agency computers and stole more than 3,000 files in a recent breach. The espionage-focused intrusion appears to have targeted sanctions and law enforcement-related information, according to the report, as well as other intelligence documents. Despite this broad access, the intruders did not gain access to Treasury emails or classified parts of its network, the report said, nor did they leave behind malware suggesting an attempt to maintain security. longer-term access.
The Justice Department revealed this week that the FBI conducted an operation to remove a malware specimen known as PlugX from 4,200 computers worldwide. The malware, which was typically delivered to computers via infected USB drives, has persisted for at least a decade and has sometimes been used by Chinese state-sponsored hacking groups to target Chinese dissidents. In July last year, cybersecurity company Sekoia and French law enforcement took over the command and control server behind the malware. This week, the FBI obtained a court order authorizing the bureau to issue a self-destruct command to software on infected machines.
Following news earlier this week of a December cyberattack that breached U.S. education technology platform PowerSchool, school districts targeted by the intrusion told TechCrunch on Thursday that the attackers gained access to “all” data stored about students and teachers in their accounts. PowerSchool is used by more than 60 million K-12 students in the United States. The hackers accessed the information by stealing login credentials that gave them access to the company’s customer support portal. The attack has not yet been publicly linked to a specific perpetrator. PowerSchool has not yet disclosed the exact number of victim schools or whether all of its customers were affected.