As the Biden administration nears its end, the White House on Thursday released a 40-page executive order aimed at strengthening federal cybersecurity protections and putting in place guardrails for the US government’s use of artificial intelligence. WIRED also spoke with Nathaniel Feek, the outgoing US ambassador for cyberspace and digital policy, about the urgency for the Trump administration to ignore Russia and China in the global race for technological dominance. Outgoing FCC Chairman Jessica Rosenworcel details the threats facing US telecoms, at least nine of which were recently breached by China’s Salt Typhoon hackers. Meanwhile, U.S. officials are still trying to address multiple spying campaigns and other data breaches, with new revelations this week that an AT&T breach disclosed last summer compromised FBI calls and text reports that could Reveal the identity of anonymous sources.
Huione Guarantee, the massive online marketplace that researchers say offers a range of services to online fraudsters, is expanding into messaging apps, stablecoins and crypto exchanges, facilitating a whopping $24 billion in transactions, according to new research. New findings show that GitHub’s efforts to crack down on the use of deepfake porn software have failed. and WIRED into the murky world of predictive travel surveillance and companies and governments pumping international traveler data into artificial intelligence tools to identify who might be a “threat.”
But wait, there’s more! Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe there
Chinese spies, American spies, all spies. Mutual espionage is a geopolitical game played by almost every nation in the world. So when the U.S. government singles out a hacker for espionage-focused intrusions, names him, and targets him with sanctions, he must have spied so aggressively—or effectively—that it made powerful people very angry.
The U.S. Treasury Department on Friday imposed sanctions on Yin Kecheng, a 39-year-old Chinese man accused of involvement in the hacking of nine U.S. telecommunications companies by the Chinese hacking group Salt Typhoon, as well as another recent breach. did In a statement on the news, the Treasury Department claims that Yin is affiliated with China’s Ministry of State Security and has been a “cyber actor” for more than a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company the Treasury Department says is also linked to Salt Typhoon.
Salt Typhoon’s intrusion into US telecommunications gave Chinese hackers extensive access to Americans’ text messages and phone calls in real time and reportedly spied on President-elect and Vice President-elect Donald Trump, among other targets. FBI Director Christopher Wray has called the telecommunications breaches China’s “most significant cyber espionage campaign in history.”
As the Treasury responds to China’s espionage operation, it is still working to determine the scope of some of the same hackers’ penetration within its network. An internal Treasury Department report obtained by Bloomberg shows that hackers broke into at least 400 of the agency’s personal computers and stole more than 3,000 files in a recent breach. The report found that the intrusion appeared to be focused on post-sanctions espionage and law enforcement information, as well as other intelligence material. Despite this broad access, the intruders did not gain access to Treasury Department emails or classified parts of its network, nor did they leave behind malware that would suggest an attempt to maintain long-term access, the report said.
The Justice Department revealed this week that the FBI has conducted an operation to remove a malware sample known as PlugX from 4,200 computers worldwide. The malware, which was usually delivered to computers via infected USB drives, has been around for at least a decade and has at times been used by Chinese government-sponsored hacker groups to target Chinese dissidents. In July of last year, cybersecurity firm Sekoia and French law enforcement seized the command and control server behind the malware. This week, the FBI obtained a court order allowing the agency to send software on infected devices a self-destruct command.
After news broke of a December cyberattack that breached the US education technology platform PowerSchool, the school districts that were targeted told TechCrunch on Thursday that the attackers accessed “all” of the school’s stored information. Students and teachers gained access to their accounts. PowerSchool is used by more than 60 million K-12 students in the United States. Hackers gained access to the information by stealing login credentials that would have given them access to the company’s customer support portal. The attack has not yet been publicly linked to a specific actor. PowerSchool has not yet disclosed the exact number of schools affected or whether all of its customers were affected.
