As the Biden administration comes to a close, the White House released a 40-page executive order on Thursday aimed at shoring up federal cybersecurity protections and placing guardrails on the US government’s use of AI. WIRED also spoke with outgoing US ambassador for cyberspace and digital policy, Nathaniel Fick, about the urgency that the Trump administration not cow to Russia and China in the global race for technical dominance. Outgoing FCC chair Jessica Rosenworcel details to WIRED the threats facing US telecoms, at least nine of which were recently breached by China’s Salt Typhoon hackers. Meanwhile, US officials are still scrambling to get a handle on multiple espionage campaigns and other data breaches, with new revelations this week that a breach of AT&T disclosed last summer compromised FBI call and text logs that could reveal the identity of anonymous sources.
Huione Guarantee, the massive online marketplace that researchers say provides an array of services to online scammers, is expanding its offerings to include a messaging app, stablecoin, and crypto exchange and has facilitated a whopping $24 billion in transactions, according to new research. New findings indicate that GitHub’s efforts to crack down on the use of deepfake porn software are falling short. And WIRED did a deep dive into the opaque world of predictive travel surveillance and the companies and governments that are pumping data about international travelers into AI tools meant to detect people who might be a “threat.”
But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
China spies, the US spies, everybody spies. Mutual espionage is a geopolitical game played by virtually every nation in the world. So when the US government singles out a single hacker for espionage-focused intrusions, naming him and targeting him with sanctions, he must have spied aggressively—or effectively—enough to have made powerful people very angry.
The US Treasury on Friday imposed sanctions on Yin Kecheng, a 39-year old Chinese man accused of being involved in both the breach of nine US telecommunications companies carried out by the Chinese hacker group known as Salt Typhoon, as well as another recent breach of the US Treasury. In a statement about the news, Treasury alleges that Yin is affiliated with China’s Ministry of State Security and has been a “cyber actor” for over a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company that Treasury says is also associated with Salt Typhoon.
Salt Typhoon’s breach of US telecoms gave Chinese hackers enormous access to the real-time texts and phone calls of Americans, and was reportedly used to spy on president-elect Donald Trump and vice president-elect JD Vance, among other targets. FBI director Christopher Wray has called the telecom breaches China’s “most significant cyberespionage campaign in history.”
As the Treasury hits back at China’s spy operations, it’s also still working to determine the scope of the intrusion some of those same hackers carried out inside its network. An internal Treasury report obtained by Bloomberg found that hackers had penetrated at least 400 of the agency’s PCs and stolen more than 3,000 files in a recent breach. The espionage-focused intrusion appears to have gone after sanctions and law-enforcement related information, the report found, as well as other intelligence materials. Despite that vast access, the intruders didn’t gain access to Treasury’s emails or classified portions of its network, the report states, nor did they leave behind malware that would suggest an attempt at maintaining longer-term access.
The Justice Department revealed this week that the FBI carried out an operation to delete a specimen of malware known as PlugX from 4,200 computers around the world. The malware, which was typically transmitted to computers via infected USB drives, has persisted for at least a decade and been used at times by Chinese state-sponsored hacker groups to target Chinese dissidents. In July of last year, cybersecurity firm Sekoia and French law enforcement took over the command-and-control server behind the malware. This week, the FBI obtained a court order that allowed the bureau to send a self-destruct command to the software on infected machines.
After news earlier this week of a cyberattack in December that breached the US education technology platform PowerSchool, school districts targeted in the intrusion told TechCrunch on Thursday that attackers gained access to “all” stored student and teacher data in their accounts. PowerSchool is used by more than 60 million K-12 students in the US. Hackers gained access to the information by stealing login credentials that gave them access to the company’s customer support portal. The attack has not yet been publicly linked to a specific perpetrator. PowerSchool has not yet disclosed the exact number of victim schools nor whether all of its customers were affected.
