Laser warfare, among all the long-unfulfilled imaginings of science fiction writers, is right up there with flying cars. Now it is finally becoming a reality. After decades of research, the U.S. military is actively deploying laser defense systems in the Middle East to shoot down drones launched by adversaries such as Yemen’s Houthi rebels, one of several recent deployments of laser technology in real combat situations.
In less church pew–church pewOn security, debate continues over extending Section 702 of the Foreign Intelligence Surveillance Act, signed by President Biden last month, as 20 civil liberties organizations sent a letter to the Department of Justice demanding more clarity on when the NSA can demand that the US technology companies cooperate in their wiretapping. Elsewhere, WIRED obtained emails showing how New York City decided to implement a gun detection system called Evolv on the subway despite false positive rates as high as 85 percent.
Meanwhile, at the Google I/O developer conference, the search giant unveiled a new AI-based feature in Android that is designed to detect if a phone has been stolen and automatically lock it. And we delve into the stakes for privacy and financial surveillance raised by the $2.3 billion Tornado Cash money laundering case, whose co-founder was convicted and sentenced to more than five years in prison on Tuesday. .
Thats not all. Each week, we round up the security and privacy news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
The system known as SS7, which connects cellular networks managed by different providers, and its most recent update called Diameter have long been considered a serious security and privacy problem. Researchers have warned that hackers who can gain access to a mobile provider’s system or even create their own have the ability to redirect mobile data, allowing them to track people or listen to their communications. Now a US official is raising the alarm that this technique has been used numerous times against real victims in the United States.
As first reported by 404 Media, CISA Senior Telecommunications Advisor Kevin Briggs responded to questions from the Federal Communications Commission in a public presentation, confirming that he has seen multiple cases of Americans being tracked through SS7 or Diameter, including one person whose location was Follow-up with the technique in March 2022 and three more the following month. He also warned that there were indications that many more people had been attacked, but that spies had used techniques to mask their exploitation of the system.
The revelation sounds like a clear warning that telecommunications (and their regulators) must do more to block a known critical vulnerability that leaves hundreds of millions of Americans exposed to espionage. “Much more could be said,” Briggs cryptically concluded his statement, “but this brings an end to my public comments.”
The post-pandemic era of the virtual workplace has led to a strange new problem: North Korean tech workers secretly infiltrating American companies as remote workers to make money for the world’s most authoritarian regime. This week, the Justice Department announced three arrests, including an American woman in Arizona and a Ukrainian man in Poland, who allegedly helped thousands of North Korean workers based in China and Russia obtain jobs at Western companies, often with requests for fraudulent employment and stolen identities. A third man, a Vietnamese national, was arrested in Maryland for allegedly offering his own identity to the North Koreans as a cover. In total, North Korean workers landed jobs at more than 300 companies, including a high-end retail chain and a major Silicon Valley technology company, and cumulatively earned at least $6.8 million, the Justice Department said. Much of that money was funneled into Kim Jong-Un’s regime, including his weapons programs.
Since Teslas are massive collections of cameras on wheels, they have always had the potential to serve as powerful surveillance devices. But Tesla drivers probably weren’t expecting all that video surveillance. Reuters revealed this week that Tesla staff have collected and circulated videos recorded by car cameras, including everything from mundane shots turned into memes, to a violent video of a boy on a bicycle being hit by the car, even a completely naked man. approaching his vehicle. (They also included a video showing a submarine used in a James Bond movie in Elon Musk’s garage, filmed with cameras in the Tesla CEO’s own car.) Tesla assures customers in its privacy fine print that videos collected by Tesla staff remain anonymous and are not linked to any particular vehicle. But seven former employees told Reuters that the videos are linked to location data that could likely be used to identify vehicle owners.
BreachForums has long been one of the most well-known gathering places for cybercriminals to sell hacking tools and stolen data. Now it has been taken down (for the second time in two years) in an FBI operation that also seized the Telegram channel for the forum and that of its alleged operator, who calls himself Baphomet. That raid follows the arrest of the site’s previous administrator, Conor Brian Fitzpatrick, last year, when the FBI seized an earlier incarnation of the site. That older version of BreachForums replaced an older cybercriminal marketplace called RaidForums. Given that history, BreachForums’ latest crash is perhaps “the least surprising cybersecurity news of the year.” writes Troy Hunt, security entrepreneur and creator of HaveIBeenPwned.
