ICE Has Spyware Now

As the United States under Donald Trump continues to upend geopolitics and prompt potential diplomatic realignment around the world, China held an extensive military parade in Tiananmen Square on Wednesday that put its latest high-tech weaponry on display. And after announcing his desire to rebrand the US Department of Defense as the so-called US Department of War and signing an executive order about the change on Friday, Defense.gov began redirecting to War.gov.

Meanwhile, Trump has repeatedly attacked US election processes and voting infrastructure, prompting election experts to issue urgent warnings that under the US Constitution, the president has no power to direct how states conduct voting—much less initiate federal control of US elections.

A company owned by retired Marine sniper Dan LaLota won a $30,000 no-bid contract from the US Department of Homeland Security this month to offer sniper and combat training. LaLota told WIRED this week that his brother, GOP congressman Nick LaLota, did not play a role in helping his firm land the contract.

A new type of “infostealer” malware is conducting sextortion scams by monitoring victims’ browsing habits for mature content and then taking screenshots of the adult material while also taking webcam photos of the target as they view the content.

If you need a primer on the new generation of secure password replacements—known as “passkeys”—we’ve got you covered on what they are and how to use them. And whether you’re all in on passkeys or just first thinking about how to organize your passwords, we’ve got an update on our guide to the best password managers.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

ICE Can Use Paragon Spyware After Trump White House Rescinds Biden Order

Immigrations and Customs Enforcement, the Department of Homeland Security agency given an unprecedented $170 billion under the Trump administration’s “big beautiful bill” and charged with carrying out mass deportations, will soon have another powerful tool at its disposal: spyware. The Trump administration this week rescinded a Biden administration order that blocked the ICE from obtaining hacking tools sold by Paragon, the Israeli firm with which it signed a $2 million contract last September. Now ICE will have access to the company’s spyware, including tools for remotely breaking into phones and obtaining their contents and messages.

Paragon has been compared to the more notorious Israeli spyware firm NSO Group, with similar examples of its tools being used to spy on journalists and activists: WhatsApp said earlier this year that it had discovered Paragon’s spyware being used against activists and journalists in Europe, and two Italian media outlets filed a criminal complaint with prosecutors seeking an investigation into the hacking incidents. As a result of that blowup, Italian intelligence services canceled a contract with the company, according to Israeli news outlet Haaretz.

The Biden administration considered spyware used to hack phones controversial enough that it was tightly restricted for US government use in an executive order signed in March 2024. In Trump’s no-holds-barred effort to empower his deportation force—already by far the most well-funded law enforcement agency in the US government—that’s about to change, and the result could be a powerful new form of domestic surveillance.

Security Companies Impacted in Hacking Campaign Against AI Chatbot Maker

Multiple tech and security companies—including Cloudflare, Palo Alto Networks, Spycloud, and Zscaler—have confirmed customer information was stolen in a hack that originally targeted a chatbot system belonging to sales and revenue generation company Salesloft. The sprawling data theft started in August, but in recent days more companies have revealed they had customer information stolen.

Toward the end of August, Salesloft first confirmed it had discovered a “security issue” in its Drift application, an AI chatbot system that allows companies to track potential customers who engage with the chatbot. The company said the security issue is linked to Drift’s integration with Salesforce. Between August 8 and August 18, hackers used compromised OAuth tokens associated with Drift to steal data from accounts.

Google’s security researchers revealed the breach at the end of August. “The actor systematically exported large volumes of data from numerous corporate Salesforce instances,” Google wrote in a blog post, pointing out that the hackers were looking for passwords and other credentials contained in the data. More than 700 companies may have been impacted, with Google later saying it had seen Drift’s email integration being abused.

On August 28, Salesloft paused its Salesforce-Salesloft integration as it investigated the security issues; then on September 2 it said, “Drift will be temporarily taken offline in the very near future” so it can “build additional resiliency and security in the system.” It’s likely more companies impacted by the attack will notify customers in the coming days.

Seal Team 6 Tried—and Failed—to Plant a Spy Device in North Korea

Obtaining intelligence on the internal workings of the Kim regime that has ruled North Korea for three generations has long presented a serious challenge for US intelligence agencies. This week, The New York Times revealed in a bombshell account of a highly classified incident how far the US military went in one effort to spy on the regime. In 2019, SEAL Team 6 was sent to carry out an amphibious mission to plant an electronic surveillance device on North Korean soil—only to fail and kill a boatful of North Koreans in the process. According to the Times’ account, the Navy SEALs got as far as swimming onto the shores of the country in mini-subs deployed from a nuclear submarine. But due to a lack of reconnaissance and the difficulty of surveilling the area, the special forces operators were confused by the appearance of a boat in the water, shot everyone aboard, and aborted their mission. The North Koreans in the boat, it turned out, were likely unwitting civilians diving for shellfish. The Trump administration, the Times reports, never informed leaders of congressional committees that oversee military and intelligence activities.

Phishing Training Doesn’t Really Work, Study Suggests

Phishing remains one of the oldest and most reliable ways for hackers to gain initial access to a target network. One study suggests a reason why: Training employees to detect and resist phishing attempts is surprisingly tough. In a study of 20,000 employees at the health care provider UC San Diego Health, simulated phishing attempts designed to train staff resulted in only a 1.7 percent decrease in the staff’s failure rate compared to staff who received no training at all. That’s likely because staff simply ignored or barely registered the training, the study found: In 75 percent of cases, the staff member who opened the training link spent less than a minute on the page. Staff who completed a training Q&A, by contrast, were 19 percent less likely to fail on subsequent phishing tests—still hardly a very reassuring level of protection. The lesson? Find ways to detect phishing that don’t require the victim to spot the fraud. As is often noted in the cybersecurity industry, humans are the weakest link in most organizations’ security—and they appear stubbornly determined to stay that way.

World Largest Sports Streaming Piracy Site Shut Down

Online piracy is still big business—last year, people made more than 216 billion visits to piracy sites streaming movies, TV, and sports. This week, however, the largest illegal sports streaming platform, Streameast, was shut down following an investigation by anti-piracy industry group the Alliance for Creativity and Entertainment and authorities in Egypt. Before the takedown, Streameast operated a network of 80 domains that saw more than 1.6 billion visits per year. The piracy network streamed soccer games from England’s Premier League and other matches across Europe, plus NFL, NBA, NHL, and MLB matches. According to the The Athletic, two men in Egypt were allegedly arrested over copyright infringement charges, and authorities found links to a shell company allegedly used to launder around $6.2 million in advertising revenue over the past 15 years.