Plus: US feds charge alleged masterminds behind infamous forum, Scattered Spider targets airlines, and hackers open a valve at a Norwegian dam.

WIRED published a shocking investigation this week based on records, including audio recordings, of hundreds of emergency calls from United States Immigration and Customs Enforcement (ICE) detention centers. The calls—which include reports of incidents of staff sexual assaults, suicide attempts, and head injuries—indicate a system inundated by life-threatening incidents, delayed treatment, and overcrowding.

In a 6-3 decision on Friday, the US Supreme Court upheld a Texas porn ID law, finding that age verification for explicit sites is constitutional. In a dissent, Justice Elena Kagan warned that this determination ignores First Amendment precedent and will have privacy implications for adults.

Looking at the US bombing of Iranian nuclear sites last weekend, President Donald Trump posted initial announcements of the strikes on the social Network Truth Social, which then began suffering intermittent outages. And WIRED reported on assessments of the damage to the nuclear sites based on satellite photos taken before and after the bombing.

Meanwhile, Taiwan is scrambling to make its own unmanned aerial vehicles domestically as drones increasingly become a crucial weapon of war. The urgency comes as a potential conflict with China looms. And Telegram launched a purge of Chinese cryptocurrency markets last month, banning black markets that sold tens of billions of dollars in crypto-scam-related services. Now, though, the markets are rebranding and bouncing back with no further action from the communication platform.

But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Immigration and Customs Enforcement (ICE) is now using a mobile app called Mobile Fortify that allegedly allows agents to identify individuals by pointing a smartphone at their face or capturing contactless fingerprints, 404 Media reports. The app reportedly taps into government databases, including Customs and Border Protection’s Traveler Verification Service and a DHS biometric intelligence system, in an attempt to match facial images taken in the field against prior government-collected records. ICE says the tool is intended to help officers identify “unknown subjects,” but civil liberties advocates tell 404 Media that it may open the door to surveillance-driven profiling and wrongful arrests.

Nathan Freed Wessler of the ACLU told the site, “Face recognition technology is notoriously unreliable, frequently generating false matches and resulting in a number of known wrongful arrests across the country. Immigration agents relying on this technology to try to identify people on the street is a recipe for disaster. Congress has never authorized DHS to use face recognition technology in this way, and the agency should shut this dangerous experiment down."

**US Feds Charge Group of Alleged Hackers Behind a Notorious Cybercrime Forum**

Global law enforcement this week announced the bust of a group of alleged cybercriminal hackers accused of carrying out years of profit-focused data breaches and running a notorious cybercriminal forum and market known as Breachforums. French authorities arrested four members of the group who went by the names “ShinyHunters,” “Hollow,” “Noct,” and “Depressed,” though the police sources who shared the news with the French newspaper Le Parisien didn’t reveal the suspects’ real names. The US Justice Department, meanwhile, criminally charged Kai West, a young British man, with carrying out a broad, years-long hacking spree under the handle “Intelbroker” that inflicted $25 million total damage against victims before he was arrested in February. In addition to hacking and selling vast troves of stolen data, the group—or at least some subset of its members—appears to have served as administrators for Breachforums, a notorious sales forum for cybercriminal information and tools that was shut down in a law enforcement operation in 2023 but was later relaunched by its staff.

**Scattered Spider Hackers Shift Their Targeting to the Airline Industry**

The loose cybercriminal gang known as Scattered Spider has carried out data theft and ransomware incidents for years, most recently targeting the grocery industry, other retailers, and the insurance industry in the US and the UK. Now cybersecurity analysts at Mandiant and Palo Alto Networks say the group is turning their attention to the aviation and transportation sector. Specifically, hackers were behind a cybersecurity incident last week that took down some IT systems and the mobile app for Canadian airline WestJet, Axios reports. Now Hawaiian Airlines has said it’s experiencing a “cybersecurity incident” affecting its network, though it hasn’t yet revealed more details or any evidence that Scattered Spider is responsible. Cybersecurity firms tracking the group warn that other potential aviation and transportation industry targets should be on the lookout for the group, which often uses sophisticated social engineering to trick staff into letting them bypass multi-factor authentication and gain a foothold on target systems.

**Hackers Breach a Norwegian Dam to Open Valve**

Here’s a curiosity that we missed a couple weeks ago: A rare industrial control system hijacking incident in which an unknown hacker appears to have messed with the computer systems that control the Lake Risevatnet dam in southwest Norway, opening a valve to its maximum setting. The tampering, the motivation for which was far from clear, increased the dam’s water flow by nearly 500 liters a second, but didn’t come close to approaching a dangerous level. No one appears to have spotted the change for close to four hours. Officials told the Norwegian energy news outlet Energiteknikk, which broke the story, that a weak password on a web-accessible control panel allowed the unauthorized access.

ICE Rolls Facial Recognition Tools Out to Officers' Phones

In a 6-3 decision, the Supreme Court held that age verification for explicit sites is constitutional. In a dissent, Justice Elena Kagan warned it burdens adults and ignores First Amendment precedent.

If you try to access Pornhub, one of the world’s biggest websites, from any of 17 US states, you’ll be blocked. Pornhub’s parent company, Aylo Holdings, has restricted access in response to a slew of laws that says Pornhub itself should be responsible for checking that every visitor is over 18. Now, the United States Supreme Court has made a decision on a key age verification law, which could have ramifications for the entire country and the wider internet as a whole.

On Friday, in a 6–3 decision that could reshape the landscape of online privacy and free speech, the Supreme Court upheld in full the Texas age verification law—one of the first passed in the country—requiring many websites publishing pornographic content to check that all visitors are over 18. The law, TX HB1181, says sites that are “more than one-third sexual material” can face fines of up to $10,000 per day if they don’t put in place age verification systems, plus extra penalties of up to $250,000. It also states websites should display health warnings about the potential health risks of pornography.

Writing for the majority, Justice Clarence Thomas said that because the law "simply requires proof of age to access content that is obscene to minors, it does not directly regulate adults’ protected speech," adding, "adults have no First Amendment right to avoid age verification."

In her dissent, Justice Elena Kagan argued that the Texas law imposes a direct and unconstitutional burden on adults’ access to protected speech. “A State may not care much about safeguarding adults’ access to sexually explicit speech; a State may even prefer to curtail those materials for everyone,” she wrote, “but the First Amendment protects those sexually explicit materials, for every adult.”

The ruling marks a major victory for Texas attorney general Ken Paxton, who defended the law amid fierce opposition from digital rights groups and the adult entertainment industry.

Legislators in Texas passed HB1181 in early 2023, but it was struck down in the US District Court for the Western District of Texas for potentially being unconstitutional before the law went into effect. Adult industry group the Free Speech Coalition, among others, challenged the Texas law on the grounds that it violates the First Amendment by restricting adults’ access to constitutionally protected speech. In March last year, a Fifth Circuit appeals court upheld the Texas law before the Free Speech Coalition took the case to the Supreme Court in a January hearing.

In recent years, a wave of age verification laws have been proposed in states across the country. More than half of US states have passed or have tried to pass age verification laws, according to a tracker published by the Free Speech Coalition.

“Efforts to regulate online pornography are often the opening move in broader campaigns to censor the internet,” Jess Miers, a visiting assistant professor of law at the University of Akron School of Law, said before the decision. “While this case focuses on mandatory age verification for adult content, state lawmakers are hoping it provides a legal foundation to impose sweeping restrictions on a wide range of online material.”

Attempts to get pornographic websites to implement age checks—more than just clicking a button saying you are over 18—have been accelerating over the past decade, since government officials in the UK passed laws on age verification checks only to delay and abandon them in 2019. Since then, though, a wave of companies and technologies selling age-checking software has rapidly expanded and matured. Adult websites and pornographers aren’t against introducing robust age checks; they say they don’t want children to be exposed to illicit content.

Multiple methods of age verification, which is often called age assurance, have been proposed or developed in recent years, with regulators and governments around the world pushing for them to be used to stop children accessing content that may not be suitable for them. These age verification methods can include, but aren’t limited to, checking someone’s identity against government ID, providing banking details, or using face-checking systems that can predict someone’s age.

Typically, third-party companies are developing the age-checking methods, with adult websites paying to use their services. This can mean people do not directly share their ID documents or other details used to verify their age directly with pornography websites or the companies that own them. Some companies, including Pornhub owner Aylo Holdings and Meta, have argued that age checks should happen by Google and Apple on their respective app stores. Those companies don’t agree.

Repeatedly, privacy and civil liberties experts have stated that any data collection or understanding of how people consume pornography could have devastating consequences if there’s a data breach or information is leaked. (One ID verification company suffered a data breach last year.) Unscrupulous companies could also sell or share data, privacy advocates say.

Last week, the preliminary results of an age checking trial in Australia, which has passed laws to ban under-16s from social media apps, found such systems may not be effective. Plus, age checks can often be easily circumvented by using a VPN. Aylo has claimed that current age verification proposals aren’t effective and push people to smaller websites, which may have fewer safety tools in place to moderate images and videos.

Despite potential concerns, laws mandating companies use age verification systems are being introduced around the world, and multiple companies are adopting the systems. Since 2022, Instagram has been using facial age estimation software to check people’s ages. In April, chat app Discord announced it is testing face scans in the UK and Australia. Regulators in Germany have been pursuing age checks—going as far as to fine individuals posting on X (then Twitter) in 2023—for years. Last week, Pornhub returned to France—it pulled services relating to the country’s age checking at the start of June—after a court ruling limited the law. And by July this year, porn sites and social media platforms operating in the UK are required to introduce “robust” age checks. Pornhub owner Aylo announced on Thursday that it would adopt "government approved age assurance methods” to comply with the law.

With the Supreme Court’s Friday decision, the threat to pornography and sexual expression in the country may be more grave. The Heritage Foundation’s Project 2025 plan, which has been partially followed by the US government, has suggested criminalizing pornography and shutting down its producers. Earlier this year, Senator Mike Lee of Utah proposed the Interstate Obscenity Definition Act, which could redefine what’s considered “obscene” content and potentially ban pornography entirely.

“Once the state has the authority to restrict access to adult content, it will almost certainly broaden the definition of ‘material harmful to minors,’” Miers says. “This could include reproductive health information, LGBTQ+ resources, and educational content related to race, gender, or diversity.”

_Additional reporting by Dell Cameron._

US Supreme Court Upholds Texas Porn ID Law

Records of hundreds of emergency calls from ICE detention centers obtained by WIRED—including audio recordings—show a system inundated by life-threatening incidents, delayed treatment, and overcrowding.

‘They're Not Breathing’: Inside the Chaos of ICE Detention Center 911 Calls

Last month, Telegram banned black markets that sold tens of billions of dollars in crypto scam-related services. Now, as those markets rebrand and bounce back, it’s done nothing to stop them.

One month ago, the messaging app Telegram summarily beheaded the online industry of Chinese-language crypto scam services: It banned virtually all accounts related to the first and second most popular marketplaces for vendors offering money laundering, stolen data, and a variety of other illicit wares to the vast criminal enterprises carrying out investment scams from compounds across Southeast Asia.

Then, Telegram watched impassively as those black marketeers rebranded, rebuilt, and returned to business as usual on the messaging service's platform.

On Monday, crypto tracing firm Elliptic published a new report showing how the industry of Telegram-based Chinese-language black markets for crypto scammers has bounced back in the wake of Telegram's takedown last month of the two biggest of those bazaars, known as Haowang Guarantee and Xinbi Guarantee. Before Telegram banned the two markets' channels and usernames on May 13, they had together enabled a staggering $35 billion in transactions, much of which represented money laundering by crypto scam operations that steal billions from Western victims and force tens of thousands of people to carry out scams in forced labor compounds across Cambodia, Myanmar, and Laos. Since Telegram's purge, however, Elliptic has found that other smaller markets have now grown to almost entirely fill the vacuum those two key marketplaces left behind—and Telegram appears to have no plans to stop them.

In particular, one market called Tudou Guarantee, partially owned by Huione Group, the same parent company as the now-defunct Haowang Guarantee, has more than doubled in size, likely taking in many of the scammer-friendly services displaced by Telegram's bans and again enabling those fraudsters' billions of dollars a year in illicit revenue. Its main channel now has 289,000 users by Elliptic's count, close to the 296,000 users that Haowang Guarantee had at the time Telegram banned it. Xinbi Guarantee, too, has relaunched on new channels and regained hundreds of thousands of users, Elliptic says. In terms of sales, Tudou is now enabling around $15 million a day in crypto payments, close to the $16.4 million Haowang was facilitating daily, according to Elliptic.

“Telegram recognized this was illicit activity and the kind they didn't want to be hosting, and so they deleted the channels and banned the associated usernames. But it was clear that these people wouldn't just give up, that they would transfer to different marketplaces,” says Tom Robinson, Elliptic's cofounder. “These scammers have inflicted misery on millions of victims around the world, stealing billions of dollars. Unless these marketplaces are actively pursued, they will continue to flourish.”

Elliptic shared posts with WIRED from Tudou Guarantee—now by some measures the biggest black market on the internet—which show examples of money laundering services, offers of scam website development, and vendors selling stolen personal data that scammers use for targeting. Another Tudou post explicitly offers prostitution, including references to possible minors: “Students, queens, lolita,” the post states next to pictures of young women. “All available!!”

WIRED reached out to Tudou Guarantee for comment via an administrator's Telegram account but didn't receive a response.

Before they were taken down by Telegram, Xinbi Guarantee and Haowang Guarantee displayed similar posts offering explicitly illegal services in all those categories and more. Like the newly ascendant Tudou Guarantee, those other “Guarantee” marketplaces didn't directly sell services, but instead offered escrow and deposit features that prevent vendors from defrauding customers.

When WIRED asked Telegram in May about a report from Elliptic that focused on Xinbi Guarantee's criminal offerings, Telegram responded with a broad purge: It banned not only Xinbi's accounts but also those of Haowang Guarantee, the much larger market that had persisted for three years, enabled around $27 billion in transactions, and sold scam industry services as explicit as the batons and shackles used to imprison forced laborers in scam compounds.

In a statement sent to WIRED at the time, Telegram spokesperson Remi Vaughn wrote that “communities previously reported to us by WIRED or included in reports published by Elliptic have all been taken down,” and added that “criminal activities like scamming or money laundering are forbidden by Telegram's terms of service and are always removed whenever discovered.”

Since then, however, Elliptic has continued to share its findings about apparent money laundering activity on ten other markets, including Tudou Guarantee, in a Telegram group that included a WIRED reporter and a Telegram spokesperson. Yet Telegram didn't take down any of the accounts related to the black markets Elliptic highlighted. Xinbi Guarantee has, in fact, rebuilt at new accounts without even rebranding. It still hasn't faced new account bans, despite Telegram itself stating that the market's content violated its terms of service.

In a statement to WIRED, a Telegram spokesperson defended the company's apparent decision not to ban the rebounding black markets. “The channels in question predominantly involve users from China, where rigid capital controls often leave citizens with little choice but to seek alternative avenues for moving funds internationally,” the statement reads. "We assess reports on a case-by-case basis and categorically reject blanket bans—particularly when users are attempting to circumvent oppressive restrictions imposed by authoritarian regimes. We remain unwavering in our commitment to safeguarding user privacy and defending fundamental freedoms, including the right to financial autonomy.”

Elliptic's Robinson rejects that argument. “We've been researching these marketplaces for nearly two years now, and they're not about helping people achieve financial autonomy,” Robinson says. “These are marketplaces that primarily facilitate money laundering for the proceeds of fraud and other illicit activity."

Erin West, a former prosecutor who now leads the nonprofit Operation Shamrock, an organization focused on disrupting crypto scam operations, states her accusation against Telegram more simply. “These are bad guys, enabling bad-guy business on their bad-guy platform,” West argues. “They have the ability to shut down a scam economy and the trafficking of human beings. Instead, they’re hosting Craigslist for crypto scammers.”

Telegram's seemingly inconsistent approach to banning crypto-scam black markets may have less to do with its principles of “financial autonomy” than with trying not to run afoul of the US government, says Jacob Sims, a visiting fellow at Harvard University's Asia Center. In early May, the US Treasury's Financial Crimes Enforcement Network officially labeled Huione Group a “primary money laundering concern.” Sims argues that designation, which referred directly to Haowang Guarantee but not Tudou Guarantee, may have spurred Telegram to take action—and that it may take another similar move at the government level to push Telegram to act again.

“Ultimately, last month's crackdown shows how disruptive Telegram can be when it does cooperate, but it also shows how fast the scammers are going to adapt,” Sims says. “There's no real legal culpability that tech companies have for what happens on their platform unless there's a specific case brought to their attention by law enforcement. And so, until that changes, I just don't know what incentive they have to be proactive.”

_Updated at 2:30 pm ET, June 23, 2025: Clarified the period during which Haowang Guarantee had approximately 296,000 users._

Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

Unmanned vehicles are increasingly becoming essential weapons of war. But with a potential conflict with China looming large, Taiwan is scrambling to build a domestic drone industry from scratch.

In the span of just a few years, drones have become instrumental in warfare. Conflicts in Ukraine, Iran, Nagorno-Karabakh, Sudan, and elsewhere have shown how autonomous vehicles have become a quintessential part of modern combat.

It’s a fact that Taiwan knows all too well. The island nation, fearing imminent invasion from China, has both the need, know-how, and industry necessary to build a robust and advanced drone program.

Yet Taiwan, which has set an ambitious target of producing 180,000 drones per year by 2028, is struggling to create this industry from scratch. Last year, it produced fewer than 10,000.

“Taiwan definitely has the ability to make the best drones in the world,” says Cathy Fang, a policy analyst at the Research Institute for Democracy, Society, and Emerging Technology (DSET).

So why doesn’t it?

**Designing a Hellscape**

Fang and her colleagues published a lengthy report on June 16 that reveals just how sluggish Taiwan’s drone industry has been. According to their research, the country has produced between 8,000 and 10,000 unmanned aerial vehicles (UAVs) over the past year, with “structural challenges” standing in the way of the current rate and the ambitious goal. Their study found that Taiwan’s drone production has been stymied by “high manufacturing costs, low domestic procurement, and minimal foreign government orders.”

Fang and other DSET researchers briefed WIRED on the details of their report in their Taipei offices in May.

Taiwan has lived under the threat of Chinese invasion for decades, but recent years have turned it into a more immediate possibility. Beijing has made clear that it intends to complete its aggressive modernization of the People’s Liberation Army by 2027; Taiwanese officials say invasion could come that early but almost certainly before Premier Xi Jinping’s current term in office ends in 2029.

While there are competing views about what form, exactly, Chinese military aggression could take, military analysts in Taiwan fear it could be a full combined arms onslaught: From air and sea at first, followed by a full land invasion.

That means Taiwan has an imperative to come up with innovative solutions to defend itself, and fast. As one American commander remarked in 2023, Taiwan’s self-defense will mean turning the Taiwan Strait into a “hellscape”—bombarding incoming Chinese ships and planes with swarms of uncrewed aerial and naval vehicles. This strategy doesn’t need to destroy the considerable Chinese navy and air force outright, but it does need to frustrate Beijing’s advances long enough for Taiwan’s allies to rally to its defense.

Taipei is already doing some of this right. In 2022, the government launched the Drone National Team, a program meant to match government and industry to scale up the nascent field. In particular, the team was dispatched to learn lessons from Ukraine, whose defensive strategy has relied heavily on small, tactical, cheap UAVs capable of carrying out multiple missions and integrating closely with ground units. Today, the country boasts a massive domestic drone industry, with Kyiv planning to buy 4.5 million small drones this year, on top of its long-range uncrewed missile program, its autonomous land vehicles, and its uncrewed naval drones.

But Ukraine also shows the disadvantage at which Taiwan finds itself. In a secret workshop in Kyiv, a Ukrainian drone maker told WIRED that he had no choice but to source his antennas and chips from China. Taiwanese chips were too expensive.

**Competing With DJI**

“We are not able to compete with DJI,” Fang says, referring to the massive Chinese drone manufacturer.

Other countries that have scaled up their drone programs recently have accepted Chinese technology in their supply chain—either as an asset or a necessary evil. But Taiwan, for obvious reasons, is leery of including any Chinese tech.

That makes drone manufacturing hard. China maintains a massive advantage in producing certain critical pieces of these UAVs—including the gimbals, optical sensors, and antennas. To buy that equipment, Taiwan needs to find allied suppliers, often at considerable cost.

Taiwan has even had difficulty leveraging its advantages. The country has an advanced battery industry, for example—but it’s heavily reliant on Chinese critical minerals. The island nation also boasts the world’s most impressive semiconductor industry: It produces 60 percent of the world’s semiconductors and 90 percent of the advanced semiconductors. But, Fang says, Taiwan does not produce any chips specifically for use on drones.

“Taiwanese drone makers are buying chips from Qualcomm and Nvidia, but those chips are not specifically for drones,” she says. “Those are communication chips, sensor chips, those are for more general use.” And even those general chips are significantly more expensive than their Chinese competitors, sometimes by a factor of 10.

“We definitely have the ability to make them,” Fang adds. “But the reason why these companies are not involved in this market is because the scale is just too small.”

It’s a catch-22: Taiwanese companies can’t increase production and reduce costs until they get more orders, but they can’t get more orders because their costs are too high.

“We need more government procurement from Taiwan itself,” Fang says. Thus far, the nation’s defense ministry has ordered fewer than 4,000 drones, although it plans to purchase tens of thousands more in the years to come. It owes to the fact, analysts say, that financing the kind of defense spending that Taiwan needs remains politically difficult. Earlier this year, opposition lawmakers in the Legislative Yuan passed a budget that slashed planned defense spending.

If Taiwan’s industry has any hope of growing by the scale the country needs, Fang says there’s a clear answer: America.

**Building an Army of Drones**

DSET has a number of recommendations, both for Taiwan and America, on how to establish this ambitious new industry. For starters, they argue, America needs to start actually supporting Taiwan’s local industry.

To date, no Taiwanese drone manufacturer has secured access to the Department of Defense’s “blue list”—its roster of trusted drone suppliers. Earning a spot on that list could mean millions or billions of dollars in orders from the Pentagon.

There has been some trade in the other direction. The US has supplied Taiwan with about 1,000 drones, mostly the smaller AeroVironment Switchblade loitering munition as well as a small number of the MQ-9 Reaper long-range drones.

The US has also been shipping some novel technology to Taiwan, including access to its Replicator Initiative: an autonomous drone swarm capability designed to find and destroy targets at sea.

But, DSET argues, some of these capabilities have been more a product of what the US thinks Taiwan needs. Washington could be more effective if it developed partnerships with Taiwanese industry, DSET contends, and make longer-term decisions about what Taipei needs for its self-defense. Finally, DSET writes, Washington should drop its tariffs—on Taiwanese UAVs, at the very least.

Taiwan itself has even more work to do. DSET recommends establishing a more detailed roadmap for what capabilities it wants and needs and how it intends to get there. While plenty of focus will be on the small, first-person-view drones—the kind increasingly ubiquitous in conflicts worldwide—Taiwan will need to expand into other kinds of technology.

While Taipei has identified a wide range of capabilities it hopes to acquire, DSET found it has been mostly procuring smaller surveillance drones.

Both Russia and Iran have recently shown how long-range uncrewed vehicles can be made at scale and significantly cheaper than traditional missiles. Perhaps more importantly, the DSET report argues, Taiwan needs to be able to plug into American needs and procurement programs—and America prioritizes longer-range systems.

The preponderance of these drones has also heightened the need for defenses, particularly around electronic warfare. Taipei is investing in anti-drone systems, Fang says, but it remains an “emerging concept.” (A defense analyst told WIRED that Taiwan is simply “not prepared to fight in a complex electromagnetic environment.”)

One of the weak points in China’s invasion will be its landing crafts. Beijing has been feverishly building a fleet of barges that would be able to transport troops and tanks across the Taiwan Strait. Taiwan has been developing domestically made submarines with the hope of sinking those barges before they arrive—that capability would be augmented significantly by autonomous or uncrewed submersibles.

Ukraine has pioneered its own models of semiautonomous uncrewed naval vehicles, which have successfully sunk Russian warships and damaged the Kerch Bridge in Crimea.

As Western nations get ambitious about how to mass-produce cost-effective and high-impact defense strategies, many are looking toward uncrewed vehicles as a silver bullet. But, as Taiwan shows, this is all easier said than done.

If Taiwan gets this wrong, DSET argues, “Taiwan risks falling into a gray zone of limited interoperability and unscalable production.” Meanwhile, “the US risks failing to develop trusted regional manufacturing capacity at the speed required to compete with China's drone diplomacy and defense exports.”

It may seem like an insurmountable challenge, especially for a nation facing an existential threat from a much bigger neighbor. But, as Fang points out, Ukraine was in the same situation. “Ukraine? They didn’t even imagine that kind of capacity three years ago,” she says. But a “sense of survival” kicked in, and Kyiv stood up the world’s most impressive indigenous drone manufacturing industry.

Taipei “is, right now, in low mode,” Fang says. “Because we are still not at war. But I don't want to underestimate our capacity, even though we are in a peacetime.”

Taiwan Is Rushing to Make Its Own Drones Before It's Too Late

The US concentrated its attack on Fordow, an enrichment plant built hundreds of feet underground. Aerial photos give important clues about what damage the “bunker-buster” bombs may have caused.

When the United States bombed Iran in the early hours of Sunday local time, it targeted three facilities central to the country’s nuclear ambitions: the Fordow uranium enrichment plant, the Natanz nuclear facility, and the Isfahan nuclear technology center. Newly released satellite images show the impact of the attack—at least, what can be seen on the ground.

The brunt of the bombing focused on Fordow, where US forces dropped a dozen GBU-57 massive ordnance penetrators as part of its “Midnight Hammer” operation. These 30,000-pound “bunker-buster” bombs are designed to penetrate as deep as 200 feet into the earth before detonating. The Fordow complex is approximately 260 feet underground.

That gap accounts for some of the uncertainty over exactly how much damage the Fordow site sustained. President Donald Trump shared a post on his Truth Social platform following the attack that declared “Fordow is gone,” and later said in a televised address that “Iran’s key nuclear enrichment facilities have been completely and totally obliterated.” His own military, however, was slightly more circumspect about the outcome in a Sunday morning briefing. “It would be way too early for me to comment on what may or may not still be there,” said general Dan Caine, chairman of the Joint Chiefs of Staff.

Satellite imagery can inherently only tell you so much about a structure that is situated so far below the surface of the earth. But before and after imagery is the best publicly available information about the bombing’s impact.

A satellite image from before the US bombing of Fordow.

Photo: MAXAR Technologies/Handout via Reuters

A satellite image from after the US bombing of Fordow.

Photo: MAXAR Technologies/Handout via Reuters

“What we see are six craters, two clusters of three, where there were 12 massive ordnance penetrators dropped,” says Jeffrey Lewis, director of the East Asia Nonproliferation Program at the Middlebury Institute's James Martin Center for Nonproliferation Studies. “The idea is you hit the same spot over and over again to kind of dig down.”

The specific locations of those craters matter as well, says Joseph Rodgers, deputy director and fellow at the Center for Strategic and International Studies’ Project on Nuclear Issues. While the entrance tunnels to the Fordow complex appear not to have been targeted, US bombs fell on what are likely ventilation shafts, based on satellite images of early construction at the site.

“The reason that you’d want to target a ventilation shaft is that it’s a more direct route to the core components of the underground facility,” says Rodgers.

That direct route is especially important given how deep underground Fordow was built. The US military relies on “basically a computer model” of the facility, says Lewis, which tells them “how much pressure it could take before it would severely damage everything inside and maybe even collapse the facility.” By bombarding specific targeted areas with multiple munitions, the US didn’t need bombs capable of penetrating the full 260 feet to cause substantial damage.

“They’re probably not trying to get all the way into the facility. They’re probably just trying to get close enough to it and crush it with a shockwave,” Lewis says. “If you send a big enough shockwave through that facility, it’s going to kill people, break stuff, damage the integrity of it.”

A closer satellite view shows the impact craters and a nearby support structure.

Photo: MAXAR Technologies/Handout via Reuters

It’s also notable what US bombs didn’t hit. The oblong white building in satellite images of Fordow is likely key support infrastructure for the facility, potentially providing everything from air-conditioning to backup power generation. “The US didn’t even bother targeting it. That clearly indicates to me that they weren’t trying to temporarily shut down the facility,” Rodgers says. “We targeted these apparent ventilation shafts so that we could structurally destroy or do as much damage as we could rather than temporarily try to shut down Fordow.”

Once a long-held secret, Fordow's existence was first officially acknowledged by the Iranian government in 2009. The facility is believed to be capable of enriching uranium to 60 percent. From there, experts say, it can relatively quickly be further enriched to 90 percent, the level needed for constructing nuclear weapons.

The US bombing came more than a week after Israel launched a series of attacks on Iran with the stated goal of stopping Tehran’s nuclear program. Israel lacks munitions capable of reaching deeply buried facilities like Fordow, which appears to be why the US entered the fray.

It is currently unclear how impactful this weekend’s bombing campaign will be on Iran’s long-term nuclear ambitions. Lewis says the strike was “tactically brilliant, but strategically incomplete,” because Iranians still have nuclear material that can be enriched to weapons-grade levels. “They still have underground facilities where they could do that, and they still have the ability to produce centrifuge components, so they can still make the centrifuges for the facilities.”

Further complicating the assessment of the Fordow damage is that satellite images from earlier last week show a significant amount of activity at the site, including more than a dozen trucks going to and from it. “I think there were some defense operations going on,” says Rodgers. “They probably brought those dump trucks in to try to seal off the tunnel entrances, to help protect against attacks.” There’s also the possibility that Iran was able to move nuclear material out of the facility before the attack, limiting the bombing’s usefulness.

Ultimately, Iran’s nuclear program has likely “been damaged,” Lewis says. “It has not been eliminated.”

What Satellite Images Reveal About the US Bombing of Iran's Nuclear Sites

The social network started experiencing global outages within minutes of Donald Trump posting details of a US military strike on Iran.

Truth Social malfunctioned on Saturday night amid President Donald Trump’s announcement that the United States had bombed Iran’s nuclear facilities.

Starting around 8 pm ET on Saturday, attempts to load the social network, which is owned by Trump Media & Technology Group (TMTG), displayed error messages. “Network failed,” a message on Truth Social reads. “Please try again.”

Trump’s initial Truth Social announcement that the United States had entered Israel’s war against Iran posted at 7:46 pm ET, stating that the US had waged a “very successful attack on the three Nuclear sites in Iran, including Fordow, Natanz, and Esfahan.” Trump’s account on the social media platform X posted a screenshot of the bombing announcement at 7:53 pm ET.

“All planes are now outside of Iran air space. A full payload of BOMBS was dropped on the primary site, Fordow,” Trump continued. “All planes are safely on their way home. Congratulations to our great American Warriors. There is not another military in the World that could have done this. NOW IS THE TIME FOR PEACE! Thank you for your attention to this matter.”

Trump frequently shares posts to Truth Social about issues of national and international importance. The president appeared to post multiple times after news of the US bombings against Iran were first announced. Trump’s stake in Truth Social’s parent company, TMTG, is currently worth more than $2 billion.

DownDetector, a website that crowdsources service outages, saw an influx of reports of Truth Social going down around 8 pm. The reason for the apparent outage was not immediately clear. NetBlocks, which monitors internet accessibility, posted on BlueSky just before 9 pm ET: “Truth Social is experiencing international outages for many users after US President Donald Trump announces strikes on three nuclear sites in Iran; incident not related to country-level internet disruptions or filtering.”

Truth Social did not immediately respond to WIRED’s requests for comment.

US and Iranian officials, speaking on the condition of anonymity, confirmed to The New York Times that US forces had conducted airstrikes on the Fordo and Natanz facilities. The condition of the US targets were not yet confirmed as of just before 9 pm ET.

Israel first began bombing targets in Iran on June 13. The two countries have repeatedly targeted each other since.

On Wednesday, Truth Social reportedly sent an email to at least some users encouraging them to follow Trump’s account. The email read in part, “If you aren’t following President Donald J. Trump on Truth Social, you’re missing an essential resource for navigating world affairs today.”

Trump will hold a televised address at 10 pm ET, according to the White House press secretary, Karoline Leavitt.

Truth Social Crashes as Trump Live-Posts Iran Bombing

Plus: Ukrainian hackers reportedly knock out a key Russian internet provider, China’s Salt Typhoon hackers claim another victim, and the UK hits 23andMe with a hefty fine over its 2023 data breach.

Amid Israeli airstrikes this week and the imminent threat of further escalations by the United States, Iran started severely limiting internet connectivity for its citizens, limiting Iranians' access to crucial information and intentionally pushing them toward domestic apps that may not be secure. Meanwhile, the Israel-tied hacking group known as Predatory Sparrow is waging cyberwar on Iran’s financial system, attacking Iran’s Sepah Bank and destroying more than $90 million in cryptocurrency held by the Iranian crypto exchange Nobitex.

With the US still reeling from last weekend's violent shooting spree in Minnesota targeting Democratic state lawmakers and their families, an FBI affidavit indicates that the suspected shooter allegedly used data broker sites to find targets’ addresses and potentially other personal information about them. The finding highlights the potential dangers of widely available personal data.

This week, WIRED published its How to Win a Fight package, which includes our roundup of tools for tracking the Trump administration’s attacks on civil liberties, plus the most up-to-date versions of our guides to protecting yourself from government surveillance, protesting safely in the age of surveillance, and protecting yourself from phone searches at the US Border. While you're at it, don't forget to print your own copy of the How to Win a Fight zine! Better yet, print two and leave one at your local coffee shop or library.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Israel Reports That Iran Is Hacking Security Cameras for Spying**

Israeli officials said this week that Iran is compromising private security cameras around Israel to conduct espionage as the two countries exchange missile strikes after an initial Israeli barrage. A former Israeli cybersecurity official warned on public radio this week that Israelis should confirm that their home security cameras are protected by strong passwords or shut them down. “We know that in the past two or three days, the Iranians have been trying to connect to cameras to understand what happened and where their missiles hit to improve their precision,” Refael Franco, the former deputy director general of the Israel National Cyber Directorate, said. Like many internet-of-things devices, surveillance cameras are notoriously vulnerable to takeover if they are not secured with strong account protections. They have previously been targeted in other conflicts for intelligence gathering.

**Ukrainian Hack Reportedly Caused Comms Blackouts, Data Deletion in Russia**

The Kyiv Post reported this week that hackers from Ukraine’s Main Intelligence Directorate (HUR) launched a cyberattack against Russian internet service provider Orion Telecom that disabled 370 servers, took down roughly 500 network switches, and wiped backup systems to hinder recovery. The attacks reportedly caused internet and television outages. Orion Telecom reportedly said that it was recovering from a large DDoS attack and would quickly restore service. The attack came on June 12, the national holiday known as Russia Day. “Happy holiday, disrespectful Russians," the attackers wrote in a message circulated on Telegram groups. "Soon you’ll be living in the Stone Age—and we’ll help you get there. Glory to Ukraine.” The attackers claim to be part of Ukraine's BO Team hacking group. Sources told the Kyiv Post that Russian security agencies working on the country's war against Ukraine use Orion Telecom and were affected by the connectivity outages.

**Viasat ID’ed as Another Victim in China’s Salt Typhoon Telecom Hacking Spree**

Bloomberg reported this week that the satellite communication firm Viasat discovered a breach earlier this year perpetrated by China's Salt Typhoon espionage-focused hacking group. In early December, US authorities revealed that Salt Typhoon hackers had embedded themselves in major US telecoms, including AT&T and Verizon. After revelations last year of the group's extensive telecom hacking spree in the US and elsewhere, WIRED reported in February that Salt Typhoon was still actively breaching new victims. Viasat says it has been cooperating with federal authorities to investigate its breach.

**23andMe Hit With UK Fine Over 2023 Data Breach**

The United Kingdom's Information Commissioner’s Office (ICO) said this week that it issued a £2.31 million ($3.1 million) fine to the beleaguered genetic testing company 23andMe as a result of the company's damaging 2023 data breach. Attackers were able to access user accounts and their data using stolen login credentials, because at the time 23andMe did not require that users set up two-factor authentication, which the ICO says violated the UK's data protection law. The company has since mandated this protection for all users. More than 155,000 UK residents had their data stolen in the breach, according to the ICO, which said that 23andMe “did not have additional verification steps for users to access and download their raw genetic data” when the breach occurred.

Israel Says Iran Is Hacking Security Cameras for Spying

Iran is limiting internet connectivity for citizens amid Israeli airstrikes—pushing people towards domestic apps, which may not be secure, and limiting their ability to access vital information.

For years, the Iranian regime has been building the technology and infrastructure needed for it to control, censor, and shut down internet access for more than 80 million Iranians. In 2019, the country shut off internet access as police sought to silence protesters, while in 2022 WhatsApp and Instagram connections were severed following protests after the death of 22-year-old Mahsa Amini in police custody. Each shutdown deprives people of information and has huge economic costs. Now as the conflict between Israel and Iran approaches the end of its first week, internet connections within Iran have been restricted again, limiting people’s access to information and stopping them connecting with loved ones who may be in peril.

Hours after Israel’s Air Force bombed targets in Iran on June 13, escalating the shadow conflict between the two countries, the first reports of self-imposed internet disruptions inside Iran emerged. Iran’s Ministry of Communication, according to semi-official state news agency Tasnim, said “temporary restrictions” had been imposed due to the “special conditions” the country was facing. Since then, Israel and Iran have traded fire, continually raising the stakes in the conflict. US president Donald Trump has indicated, but not confirmed, that the United States could support further Israeli efforts to destroy Iranian nuclear facilities.

Internet connectivity in Iran saw a 54 percent drop on June 13, says Doug Madory, director of internet analysis at monitoring firm Kentik. Then, days later on June 17, there was an additional 49 percent drop from the already lower level of connectivity. After internet connections were briefly restored back to where they were earlier on Tuesday, it dropped again on Wednesday by another 90 percent, Madory says. “Numerous Iranian service providers \[are\] now offline in second national Internet blackout in as many days,” Madory posted on BlueSky on Wednesday. Multiple internet companies in Iran have been impacted by the restrictions, including cell providers.

“Things went to overdrive since yesterday,” says a researcher with internet freedom effort Project Ainita, who asked not to be named for safety reasons. “For a second day in a row, they have cut international connectivity, and this time it's even more severe than yesterday, affecting all domestic news sites as well.” Other internet monitoring efforts such as Cloudflare Radar and Netblocks have also observed the multiple internet shutdowns in recent days, with Netblocks calling the most recent a “near-total” blackout. Iranian news agency Khabar posted on its Telegram channel that international internet access in the country had been “temporarily restricted to prevent enemy abuse,” citing the Ministry of Communications.

Iran has reportedly also told officials to stop using internet-connected devices and claimed citizens should delete WhatsApp, which has previously introduced ways to circumvent censorship. Government officials have also said the shutdowns are to try to prevent potential cyberattacks. However, the widespread measures to control and restrict connectivity have left people in Iran struggling to communicate and find out vital information about the state of the conflict. The shutdowns come at a time when Trump has said the almost 10 million people living in the Iranian capital, Tehran, should “immediately evacuate” the area.

“This extensive censorship and internet disruption primarily serve the regime’s goal of maintaining control, especially over information,” says Mahsa Alimardani, a digital rights analyst of Iranian origin and the associate director of technology, threats, and opportunities at international human rights nonprofit Witness. “These internet blocks are jeopardizing people’s safety mainly in Tehran.”

Alimardani says that it appears mobile data services are patchy, and for many people virtual private networks, which can be used to avoid censorship, have stopped working. This means it has been difficult to reach people in the country and potentially for information to get out, Alimardani says. “Some family that left Tehran today were offline and disconnected from the internet and finally found some connectivity when they were 200 kilometers outside of Tehran in another province,” Alimardani explains. “My connections are primarily with people using home broadband Wi-Fi, but even that has been unstable.”

Over the last decade, countries have increasingly taken the draconian step of fully or partially shutting down internet connectivity for citizens in times of perceived crisis. There were 296 shutdowns last year, according to Access Now, an internet rights nonprofit that tracks the actions—the highest number of any on record. Shutdowns are often linked to repressive governments trying to restrict protests that could damage them, to limit people’s ability to gather and communicate freely, as part of conflicts, and even to try and stop cheating in exams.

“The internet is a lifeline, we have seen this in many places under conflict,” says Hanna Kreitem, director of internet technology and development at the Internet Society, which has been tracking the blackouts in Iran. Kreitem says that when the connectivity in Iran first started to drop on June 13, he heard from people with relatives in Iran that their services had significantly slowed down. “People under fire use it to get news, request help, learn of safer areas, and communicate with loved ones. And for people outside to learn about what is going on and know about their loved ones.”

To limit connectivity, countries use multiple different technical approaches. Iran has been developing its own internet alternative, an intranet system called the National Information Network, known as the NIN, for years. The NIN, according to analysis by Freedom House, allows “tiers” of internet access and lets the government censor content and push people towards home-grown Iran apps, such as alternatives messaging apps, that may have “weak privacy and security features.” (Freedom House rates Iran as “not free” in its most recent measures of internet freedom, highlighting persistent shutdowns, increasing costs, and efforts to push people to the domestic internet.)

Amir Rashidi, the director of digital rights and security at the Iran-focused human rights organization Miaan Group, says that amid the recent shutdowns, there have been increased efforts to push people towards Iranian apps. “In a climate of fear, where people are simply trying to stay connected with loved ones, many are turning to these insecure platforms out of desperation,” he posted online, telling WIRED that a messaging app called Bale appears to be getting attention. “Since they are hosted on NIN, they will work even during shutdown,” he says.

Iran is not the first country to restrict people’s access to the internet—and uncensored information—with the potential justification of protecting cybersecurity or security more broadly, says Lukasz Olejnik, an independent consultant and visiting senior research fellow at the Kings’ College London’s Department of War Studies. As global internet shutdowns have soared over the last decade, Olejnik says, officials in Myanmar, India, Russia, and Belarus have all cited security reasons for implementing blackouts.

“Internet shutdowns are largely ineffective against real-world state-level cyberattacks,” Olejnik says. He explains that military and critical infrastructure systems, like energy networks or transport systems, will typically operate on separate networks and not be accessible from the open internet. “Professional cyber operations could use other means of access, albeit it could indeed make it difficult to command and control some of the deployed malware (if this was the case),” Olejnik says. “What it would block primarily would be access to information for the society.”

Witness’ Alimardani says the technical details supporting any claims that the internet restrictions are meant to protect cybersecurity are “unclear,” and ultimately, the goal of these efforts may be to control people within Iran. “The official narrative from state news channels portrays a strong war against Israel and a path to victory,” Alimardani says. “Free and open access to media would undermine this narrative, and at worst, could incite Iranians to revolt, further eroding the regime's power.”

Iran’s Internet Blackout Adds New Dangers for Civilians Amid Israeli Bombings

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.

The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system.

Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violations and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them.

“These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,” the hackers posted to X. “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

The incident follows another Predatory Sparrow attack on Iran's finance system on Wednesday, in which the same group targeted Iran's Sepah bank, claiming to have destroyed “all” the bank's data in retaliation for its associations with Iran's Islamic Revolutionary Guard Corps, and posting documents that appeared to show agreements between the bank and the Iranian military. “Caution: Associating with the regime's instruments for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health,” the hackers wrote. “Who's next?”

Sepah Bank's website was offline yesterday but appeared to be working again today. The bank didn't respond to WIRED's request for comment. Nobitex's website was offline today and the company couldn't be reached for comment.

As is often in the case in the fog of an unfolding war and its accompanying cyberattacks, what effects Predatory Sparrow's cyberattacks have had remain unclear. But Hamid Kashfi, an Iranian cybersecurity researcher living in Sweden and the founder of the cybersecurity firm DarkCell, says he has heard from contacts in Iran that Sepah's online banking and ATMs have been offline since the attacks began, causing widespread disruption to civilians' ability to access their funds. “There has been a lot of collateral damage,” Kashfi says. “It just seems to be straight up causing damage and chaos. I can't think of what other logic would be behind it. Yes, they provide services to the military. But they do for millions of regular joes and civilians as well.”

In the Nobitex attack, blockchain analysis reveals some of the details of Predatory Sparrow's sabotage: According to Elliptic, the eight-figure sum stolen from the exchange was moved to a series of crypto addresses that all started with variations on the phrase “FuckIRGCterrorists.” Those so-called “vanity” addresses typically can't be created in any way that offers control or recovery of funds held there, so Elliptic concludes that moving funds to those addresses was instead a pointed method of destroying the money. “The hackers clearly have political rather than financial motivations,” says Tom Robinson, Elliptic's cofounder. “The crypto they stole has effectively been burned.”

Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen's Houthi rebels, and the Palestinian Islamic Jihad group. “It's also an act of sabotage, by attacking a financial institution that was pivotal in Iran's use of cryptocurrency to evade sanctions,” Robinson says.

Predatory Sparrow has long been one of the most aggressive cyberwarfare-focused groups in the world. The hackers, who are widely believed to have links to Israel's military or intelligence agencies, have for years targeted Iran with an intermittent barrage of carefully planned attacks on the country's critical infrastructure. The group has targeted Iran's railways with data-destroying attacks and twice disabled payment systems at thousands of Iranian gas stations, triggering nationwide fuel shortages. In 2022, it carried out perhaps the most physically destructive cyberattack in history, hijacking industrial control systems at the Khouzestan steel mill to cause a massive vat of molten steel to spill onto the floor, setting the plant on fire and nearly burning staff there alive, as shown in the group's own video of the attack posted to its YouTube account.

Exactly why Predatory Sparrow has now turned its attention to Iran's financial sector—whether because it sees those financial institutions as the most consequential or merely because its banks and crypto exchanges were vulnerable enough to offer a target of opportunity—remains unclear for now, says John Hultquist, chief analyst on Google's threat intelligence group and a longtime tracker of Predatory Sparrow's attacks. Almost any conflict, he notes, now includes cyberattacks from hacktivists or state-sponsored hackers. But the entry of Predatory Sparrow in particular into this war suggests there may yet be more to come, with serious consequences.

“This actor is very serious and very capable, and that's what separates them from many of the operations that we'll probably see in the coming weeks or months,” Hultquist says. “A lot of actors are going to make threats. This is one that can follow through on those threats.”

_Updated June 18, 2025, at 10:52 am EDT: Added additional context and comments from cybersecurity researcher Hamid Kashfi._

Source

Wired