A database containing information on people who applied for jobs with Democrats in the US House of Representatives was left accessible on the open web.

The sensitive personal details of more than 450 people holding “top secret” US government security clearances were left exposed online, new research seen by WIRED shows. The people’s details were included in a database of more than 7,000 individuals who have applied for jobs over the last two years with Democrats in the United States House of Representatives.

While scanning for unsecured databases at the end of September, an ethical security researcher stumbled upon the exposed cache of data and discovered that it was part of a site called DomeWatch. The service is run by the House Democrats and includes videostreams of House floor sessions, calendars of congressional events, and updates on House votes. It also includes a job board and résumé bank.

After the researcher attempted to notify the House of Representatives’ Office of the Chief Administrator on September 30, the database was secured within hours, and the researcher received a response that simply said, “Thanks for flagging.” It is unclear how long the data was exposed or if anyone else accessed the information while it was unsecured.

The independent researcher, who asked to remain anonymous due to the sensitive nature of the findings, likened the exposed database to an internal “index” of people who may have applied for open roles. Résumés were not included, they say, but the database contained details typical of a job application process. The researcher found data including applicants’ short written biographies and fields indicating military service, security clearances, and languages spoken, along with details like names, phone numbers, and email addresses. Each individual was also assigned an internal ID.

“Some people described in the data have spent 20 years on Capitol Hill,” the researcher tells WIRED, noting that the information went beyond a list of interns or junior staffers. This is what made the finding so concerning, the researcher says, because they fear that if the data had fallen into the wrong hands—perhaps those of a hostile state or malicious hackers—it could have been used to compromise government or military staffers who have access to potentially sensitive information. “From the perspective of a foreign adversary, that is a gold mine of who you want to target,” the security researcher says.

WIRED reached out to the Office of the Chief Administrator and House Democrats for comment. Some staff members WIRED contacted were unavailable because they have been furloughed as a result of the ongoing US government shutdown.

“Today, our office was informed that an outside vendor potentially exposed information stored in an internal site,” Joy Lee, spokesperson for House Democratic whip Katherine Clark, told WIRED in a statement on October 22. DomeWatch is under the purview of Clark’s office. “We immediately alerted the Office of the Chief Administration Officer, and a full investigation has been launched to identify and rectify any security vulnerabilities.” Lee added that the outside vendor is “an independent consultant who helps with the backend” of DomeWatch.

There are many unsecured and publicly accessible databases across the internet, and the researcher says that they might not have paused to investigate the DomeWatch data had they not noticed key words involving top-secret security clearances. This underscores the concern, the researcher says, that while the database is small, it contains information that would be potentially valuable in nation-state espionage. One entry, for example, listed a person who had “intelligence” and “US-China relations” experience.

“Exposed databases are a widespread, non-partisan cybersecurity problem. Left unchecked, they enable targeted espionage, fraud, and identity abuse,” says Alexander Leslie, senior advisor for government affairs at the threat intelligence firm Recorded Future, who was not involved in the research. “If accurate, this dataset would be extremely sensitive. Military histories and clearance status give adversaries precise reconnaissance and pretexting opportunities, and foreign espionage actors could further use this data for spear-phishing, impersonation, and targeted social-engineering to gain access or compromise accounts.”

According to the researcher, the data also included information about people’s political affiliations. Among the estimated 7,000 entries, there were around 4,200 people who appeared to have experience working in Congress. In total 6,300 people were marked as having Democratic Party affiliation, while 17 were listed as having Republican Party affiliation, and another 250-plus were listed as independent or other. The researcher says there were also some links to files or documents housed in other cloud storage systems.

Recorded Future's Leslie also points out that known breaches of data related to US government employment—most notably the 2015 Office of Personnel Management hack—create what he calls “long-term US national security and personnel risks.”

“This research was not targeted toward any political party or affiliation,” the researcher who found the unsecured database says. “It was just finding data, realizing that it could be vulnerable, and thinking of all the ways that not just criminals could use it, but foreign adversaries. It shouldn't be exposed.”

Hundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website

ChatGPT, Gemini, DeepSeek, and Grok are serving users propaganda from Russian-backed media when asked about the invasion of Ukraine, new research finds.

OpenAI’s ChatGPT, Google’s Gemini, DeepSeek, and xAI’s Grok are pushing Russian state propaganda from sanctioned entities—including citations from Russian state media, sites tied to Russian intelligence or pro-Kremlin narratives—when asked about the war against Ukraine, according to a new report.

Researchers from the Institute of Strategic Dialogue (ISD) claim that Russian propaganda has targeted and exploited data voids—where searches for real-time data provide few results from legitimate sources—to promote false and misleading information. Almost one-fifth of responses to questions about Russia’s war in Ukraine, across the four chatbots they tested, cited Russian state-attributed sources, the ISD research claims.

“It raises questions regarding how chatbots should deal when referencing these sources, considering many of them are sanctioned in the EU,” says Pablo Maristany de las Casas, an analyst at the ISD who led the research. The findings raise serious questions about the ability of large language models (LLMs) to restrict sanctioned media in the EU, which is a growing concern as more people use AI chatbots as an alternative to search engines to find information in real time, the ISD claims. For the six-month period ending September 30, 2025, ChatGPT search had approximately 120.4 million average monthly active recipients in the European Union, according to OpenAI data.

The researchers asked the chatbots 300 neutral, biased, and “malicious” questions relating to the perception of NATO, peace talks, Ukraine’s military recruitment, Ukrainian refugees, and war crimes committed during the Russian invasion of Ukraine. The researchers used separate accounts for each query in English, Spanish, French, German, and Italian in an experiment in July. The same propaganda issues are still present in October, Maristany de las Casas says.

Amid widespread sanctions imposed on Russia since its full-scale invasion of Ukraine in February 2022, European officials have sanctioned at least 27 Russian media sources for spreading disinformation and distorting facts as part of its “strategy of destabilizing” Europe and other nations.

The ISD research says chatbots cited Sputnik Globe, Sputnik China, RT (formerly Russia Today), EADaily, the Strategic Culture Foundation, and the R-FBI. Some of the chatbots also cited Russian disinformation networks and Russian journalists or influencers that amplified Kremlin narratives, the research says. Similar previous research has also found 10 of the most popular chatbots mimicking Russian narratives.

OpenAI spokesperson Kate Waters tells WIRED in a statement that the company takes steps “to prevent people from using ChatGPT to spread false or misleading information, including such content linked to state-backed actors,” adding that these are long-standing issues that the company is attempting to address by improving its model and platforms.

“The research in this report appears to reference search results drawn from the internet as a result of specific queries, which are clearly identified. It should not be confused with, or represented as referencing responses purely generated by OpenAI's models, outside of our search functionality,” Waters says. “We think this clarification is important as this is not an issue of model manipulation.”

Neither Google nor DeepSeek responded to WIRED’s request for comment. An email from Elon Musk’s xAI said: “Legacy Media Lies.”

In a written statement, a spokesperson for the Russian Embassy in London said that it was “not aware” of the specific cases that this report details but that it opposes any attempts to censor or restrict content on political grounds. “Repression against Russian media outlets and alternative points of view deprives those who seek to form their own independent opinions of this opportunity and undermines the very principles of free expression and pluralism that Western governments claim to uphold,” the spokesperson wrote.

“It is up to the relevant providers to block access to websites of outlets covered by the sanctions, including subdomains or newly created domains and up to the relevant national authorities to take any required accompanying regulatory measures,” says a European Commission spokesperson. “We are in contact with the national authorities on this matter.”

Lukasz Olejnik, an independent consultant and visiting senior research fellow at King’s College London’s Department of War Studies, says the findings “validate” and help contextualize how Russia is targeting the West’s information ecosystem. “As LLMs become the go-to reference tool, from finding information to validating concepts, targeting and attacking this element of information infrastructure is a smart move,” Olejnik says. “From the EU and US point of view, this clearly highlights the danger.”

Since Russia invaded Ukraine, the Kremlin has moved to control and restrict the free flow of information inside Russia: banning independent media, increasing censorship, curtailing civil society groups, and building more state-controlled tech. At the same time, some of the country’s disinformation networks have ramped up activity and adopted AI tools to supercharge production of fake images, videos, and websites.

Across the ISD’s findings, around 18 percent of all prompts, languages, and LLMs returned results linked to state-funded Russian media, sites “linked to” Russia’s intelligence agencies, or disinformation networks, the research says. Questions about peace talks between Russia and Ukraine led to more citations of “state-attributed sources” than questions about Ukrainian refugees, for instance.

The ISD’s research claims that the chatbots displayed confirmation bias: The more biased or malicious the query, the more frequently the chatbots would deliver Russian state-attributed information. The malicious queries delivered Russian state-attributed content a quarter of the time, biased queries provided pro-Russian content 18 percent of the time, while neutral queries were just over 10 percent. (In the research, malicious questions to chatbots “demanded” answers to back up an existing opinion, whereas “biased” questions were leading but more open ended).

Of the four chatbots, which are all popular in Europe and collect data in real time, ChatGPT cited the most Russian sources and was most influenced by biased queries, the research claims. Grok often linked to social media accounts that promoted and amplified Kremlin narratives, whereas DeepSeek sometimes produced large volumes of Russian state-attributed content. The researchers say Google’s Gemini “​​frequently” displayed safety warnings next to the findings and had the overall best results out of the chatbots they tested.

Multiple reports this year have claimed a Russian disinformation network dubbed “Pravda” has flooded the web and social media with millions of articles as part of an effort to “poison” LLMs and influence their outputs. “Having Russian disinformation be parroted by a Western AI model gives that false narrative a lot more visibility and authority, which further allows these bad actors to achieve their goals,” says McKenzie Sadeghi, a researcher and editor at media watchdog company NewsGuard, who has studied the Pravda network and Russian propaganda’s influence on chatbots. (Only two links in the ISD research could be connected back to the Pravda network, the findings say).

Sadeghi claims the Pravda network in particular is quick to launch new domains where propaganda is published and says it can be particularly successful when there is little reliable information on a subject—the so-called data voids. “Especially related to the conflict \[in Ukraine\], they’ll take a term where there’s no existing reliable information about that particular topic or individual on the web and flood it with false information,” Sadeghi says. “It would require implementing continuous guardrails in order to really stay on top of that network.”

Chatbots may come under more pressure from EU regulators as their user base grows. In fact, ChatGPT may have already hit the threshold to be designated a Very Large Online Platform (VLOP) by the EU once it hits 45 million average monthly users. This status triggers specific rules that tackle the risk of illegal content and their impact on fundamental rights, public security, and well-being on those sites.

Even without qualifying for specific regulation, the ISD’s Maristany de las Casas argues that there should be a consensus across companies of what sources should not be referenced or should not appear on these platforms when they are linked to foreign states known for disinformation. “It could be providing users with further context, making sure that users understand the times that these domains have a conflict and even understanding why they’re sanctioned in the EU,” he says. “It’s not only an issue of removal, it’s an issue of contextualizing further to help the user understand the sources they’re consuming, especially if these sources are appearing amongst trusted, verified sources.”

Chatbots Are Pushing Sanctioned Russian Propaganda

Plus: The Jaguar Land Rover hack sets an expensive new record, OpenAI’s new Atlas browser raises security fears, Starlink cuts off scam compounds, and more.

The cloud giant Amazon Web Services experienced DNS resolution issues on Monday leading to cascading outages that took down wide swaths of the web. Monday’s meltdown illustrated the world’s fundamental reliance on so-called hyperscalers like AWS and the challenges for major cloud providers and their customers alike when things go awry. See below for more about how the outage occurred.

US Justice Department indictments in a mob-fueled gambling scam reverberated through the NBA on Thursday. The case includes allegations that a group backed by the mob was using hacked card shufflers to con victims out of millions of dollars—an approach that WIRED recently demonstrated in an investigation into hacking Deckmate 2 card shufflers used in casinos.

We broke down the details of the shocking Louvre jewelry heist and found in an investigation that US Immigration and Customs Enforcement likely did not buy guided missile warheads as part of its procurements. The transaction appears to have been an accounting coding error.

Meanwhile, Anthropic has partnered with the US government to develop mechanisms meant to keep its AI platform, Claude, from guiding someone through building a nuclear weapon. Experts have mixed reactions, though, about whether this project is necessary—and whether it will be successful. And new research this week indicates that a browser seemingly downloaded millions of times—known as the Universe Browser—behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**After Major Outage, AWS Unpacks “Three Distinct Periods of Impact”**

AWS confirmed in a “post-event summary” on Thursday that its major outage on Monday was caused by Domain System Registry failures in its DynamoDB service. The company also explained, though, that these issues tipped off other problems as well, expanding the complexity and impact of the outage. One main component of the meltdown involved issues with the Network Load Balancer service, which is critical for dynamically managing the processing and flow of data across the cloud to prevent choke points. The other was disruptions to launching new “EC2 Instances,” the virtual machine configuration mechanism at the core of AWS. Without being able to bring up new instances, the system was straining under the weight of a backlog of requests. All of these elements combined to make recovery a difficult and time-consuming process. The entire incident—from detection to remediation—took about 15 hours to play out within AWS. “We know this event impacted many customers in significant ways,” the company wrote in its post mortem. “We will do everything we can to learn from this event and use it to improve our availability even further.”

**Cyberattack Against Jaguar Land Rover Set to Cost Around $2.5 Billion**

The cyberattack that shut down production at global car giant Jaguar Land Rover (JLR) and its sweeping supply chain for five weeks is likely to be the most financially costly hack in British history, a new analysis said this week. According to the Cyber Monitoring Centre (CMC), the fallout from the attack is likely to be in the region of £1.9 billion ($2.5 billion). Researchers at the CMC estimated that around 5,000 companies may have been impacted by the hack, which saw JLR stop manufacturing, with the knock-on impact of its just-in-time supply chain also forcing firms supplying parts to halt operations as well. JLR restored production in early October and said its yearly production was down around 25 percent after a “challenging quarter.”

**OpenAI’s Web Browser Atlas Raises Prompt Injection Fears**

ChatGPT maker OpenAI released its first web browser this week—a direct shot at Google’s dominant Chrome browser. Atlas puts OpenAI’s chatbot at the heart of the browser, with the ability to search using the LLM and have it analyze, summarize, and ask questions of the web pages you’re viewing. However, as with other AI-enabled web browsers, experts and security researchers are concerned about the potential for indirect prompt injection attacks.

These sneaky, almost unsolvable, attacks involve hiding a set of instructions to an LLM in text or an image that the chatbot will then “read” and act upon; for instance, malicious instructions could appear on a web page that a chatbot is asked to summarize. Security researchers have previously demonstrated how these attacks could leak secret data.

Almost like clockwork, AI security researchers have demonstrated how Atlas can be tricked via prompt injection attacks. In one instance, independent researcher Johann Rehberger showed how the browser could automatically turn itself from dark mode to light mode by reading instructions in a Google Document. “For this launch, we’ve performed extensive red-teaming, implemented novel model training techniques to reward the model for ignoring malicious instructions, implemented overlapping guardrails and safety measures, and added new systems to detect and block such attacks,” OpenAI CISO Dane Stuckey wrote on X. “However, prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agent\[s\] fall for these attacks.”

**Critical Vulnerability in Open Source Tool Illustrates Software Supply Chain Challenges**

Researchers from the cloud security firm Edera publicly disclosed findings on Tuesday about a significant vulnerability impacting open source libraries for a file archiving feature often used for distributing software updates or creating backups. Known as "async-tar," numerous "forks" or adapted versions of the library contain the vulnerability and have released patches as part of a coordinated disclosure process. The researchers emphasize, though, that one widely used library, "tokio-tar," is no longer maintained—sometimes called "abandonware." As a result, there is no patch for tokio-tar users to apply. The vulnerability is tracked as CVE-2025-62518.

"In the worst-case scenario, this vulnerability ... can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends," the researchers wrote. "Our suggested remediation is to immediately upgrade to one of the patched versions or remove this dependency. If you depend on tokio-tar, consider migrating to an actively maintained fork like astral-tokio-tar."

**2,500 Starlink Terminals Deactivated Around Scam Compounds, SpaceX Claims**

Over the last decade, hundreds of thousands of people have been trafficked to forced labor compounds in Southeast Asia. In these compounds—mostly in Myanmar, Laos, and Cambodia—these trafficking victims have been compelled to run online scams and steal billions for organized crime groups.

When law enforcement agencies have shut off internet connections to the compounds, the criminal gangs have often turned to Elon Musk’s Starlink satellite system to stay online. In February, a WIRED investigation found thousands of phones connecting to the Starlink network at eight compounds based around the Myanmar-Thailand border. At the time, the company did not respond to queries about the use of its systems. This week, multiple Starlink devices were seized in a raid at a Myanmar compound.

Lauren Dreyer, the vice president of Starlink’s business operations, took to X to say the company had taken some action against scam compounds abusing its technology. “In Myanmar, for example, SpaceX proactively identified and disabled over 2,500 Starlink Kits in the vicinity of suspected ‘scam centers,’” Dreyer said. “We are committed to ensuring the service remains a force for good and sustains trust worldwide: both connecting the unconnected and detecting and preventing misuse by bad actors.”

It is unclear when the Starlink devices were disabled or if the company has taken any other measures to stop the devices being used at known scam compound sites in the region.

Amazon Explains How Its AWS Outage Took Down the Web

US border patrol is asking companies to submit plans to turn standard 4x4 trucks into AI-powered watchtowers—combining radar, cameras, and autonomous tracking to extend surveillance on demand.

The US Department of Homeland Security is seeking to develop a new mobile surveillance platform that fuses artificial intelligence, radar, high-powered cameras, and wireless networking into a single system, according to federal contracting records reviewed by WIRED. The technology would mount on 4x4 vehicles capable of reaching remote areas and transforming into rolling, autonomous observation towers, extending the reach of border surveillance far beyond its current fixed sites.

The proposed system surfaced Friday after US Customs and Border Protection quietly published a pre-solicitation notice for what it’s calling a Modular Mobile Surveillance System, or M2S2. The listing includes draft technical documents, data requirements, and design objectives.

DHS did not respond to a request for comment.

If M2S2 performs as described, border patrol agents could park their vehicles, raise a telescoping mast, and within minutes start detecting motion several miles away. The system would rely heavily on so-called computer vision, a kind of “artificial intelligence” that allows machines to interpret visual data frame by frame and detect shapes, heat signatures, and movement patterns. Such algorithms—previously developed for use in war drones—are trained on thousands if not millions of images to distinguish between people, animals, and vehicles.

The development of M2S2 comes amid the Trump administration’s sweeping crackdown on undocumented immigrants across the US. As part of this push, which has sparked widespread protests and condemnation for the brutal tactics used by immigration authorities, Congress boosted DHS’s discretionary budget authority to roughly $65 billion. The GOP’s “One Big Beautiful Bill” allocates over $160 billion for immigration enforcement and border measures—most of it directed to DHS—with the funds scheduled to be distributed over multiple years. The administration has sought to increase DHS funding by roughly 65 percent, proposing the largest expansion in the agency’s history to fund new border enforcement, detention capacity, and immigration surveillance initiatives.

According to documents reviewed by WIRED, locations of objects targeted by the system would be pinpointed on digital maps within 250 feet of their true location (with a stretch goal of around 50 feet) and transmit that data across an app called TAK—a government-built tactical mapping platform developed by the US Defense Department to help troops coordinate movements and avoid friendly fire.

DHS envisions two modes of operation: one with an agent on site and another where the trucks sit mostly unattended. In the latter case, the vehicle’s onboard AI would conduct the surveillance and send remote operators alerts when it detects activity. Missions are to be logged start to finish, with video, maps, and sensor data retained for a minimum of 15 days, locked against deletion “under any circumstances.”

The data collected by the units will be classified as Controlled Unclassified Information, or CUI, a designation introduced in the last decade to replace other labels such as “For Official Use Only,” referring to information that falls below the threshold for national security classification, but whose dissemination must be tightly controlled. (DHS considers any data that could reveal operational locations, network configurations, or personal information as restricted.) Even the program’s planning and testing documents will fall under this category.

Federal contractors are invited to review the proposal and submit feedback by late November. The agency said it expects to open formal bidding in early 2026, signaling that, while M2S2 is still in its early development phase, it is on a fast track for production.

Unlike earlier programs that relied on purpose-built vehicles, M2S2 is designed to be modular, its sensors, mast, and electronics capable of being removed and installed on other vehicles in less than a day. Ruggedized routers, switches, and antennas connect over cellular, radio, or satellite links, feeding imagery and tracking data to CBP command centers. With a fleet of such vehicles, each would act as a node in a wider surveillance mesh, capable of sharing its view with other units.

In a document outlining “optional” capabilities, bidders are encouraged to propose “additional equipment configurations” not specifically requested by the agency, which could connect the mobile units to other border patrol systems and surveillance towers.

Automation is a major requirement. The system must be capable of “autonomous detection and reporting” under any lighting or weather conditions. Its onboard AI must be capable of utilizing its computer vision capabilities fast enough for a remote operator to respond to an event in real time. This framework may later lend itself to cue other DHS assets, “including electronic warfare systems and kinetic systems (e.g., interceptor drones).”

Documents reviewed by WIRED outlining the project’s data-handling requirements reveal rules that show the system’s deep integration into CBP’s digital and cybersecurity framework. Every component, from cameras to routers, will carry their own unique identifiers. Networks must meet federal cybersecurity standards, with vulnerability scans and security reviews for each unit deployed.

M2S2 continues a lineage of CBP surveillance platforms that stretch back two decades. The Mobile Surveillance Capability trucks of the 2000s offered roving camera towers and radio links. The Remote Video Surveillance Systems of the period established the fixed towers now scattered across the border. The next decade introduced off-grid autonomous surveillance towers with AI-equipped masts powered by solar panels. While previous mobile units required manual control, autonomous surveillance systems remained strictly stationary. M2S2 by comparison can be driven into unmonitored terrain, operated with or without the presence of an agent, and tie its data back into CBP’s broader surveillance web.

Additionally, CBP wants the system to use open architecture so different manufacturers can integrate new tools without new code, reflecting a push to standardize its surveillance technologies. The objective is to avoid vendor lock-in while maintaining cybersecurity accreditation. According to pre-solicitation paperwork, CBP expects to award multiple blanket purchase agreements lasting up to 10 years. Early deployments would likely target areas lacking fixed tower coverage or sectors that require quick relocation after storms or migration surges.

The capabilities described by the documents pose a unique engineering challenge: fusing moving sensors, mobile networks, and AI analytics into a durable system able to survive heat, dust, and neglect. For CBP, it marks another step toward a surveillance network that is modular, shareable, and increasingly autonomous—observing more ground, for longer, with less need for agents in the field.

DHS Wants a Fleet of AI-Powered Surveillance Trucks

WIRED recently demonstrated how to cheat at poker by hacking the Deckmate 2 card shufflers used in casinos. The mob was allegedly using the same trick to fleece victims for millions.

WIRED recently demonstrated how to cheat at poker by hacking the Deckmate 2 card shufflers used in casinos. The mob was allegedly using the same trick to fleece victims for millions.

Security researcher Joseph Tartaro demonstrates how he can insert a hacking device into a USB on the back of the shuffler that alters its code, then transmits the deck’s order via Bluetooth to a phone app.Courtesy of HACKLAB; WIRED

The Deckmate 2 automatic card shufflers used in casinos, card houses, and high-end private poker games around the world are designed to shuffle a deck in seconds with perfect, computer-generated randomness, vastly speeding up play. They're also, amazingly, sold with a camera inside that can observe every card in the deck before it's dealt—a fact that's become very convenient for poker-cheating hackers and, allegedly, members of the Cosa Nostra mafia.

On Thursday, the United States Justice Department unsealed an indictment against 31 people, including alleged members of several organized crime families along with two well-known figures in the NBA—Portland Trail Blazers coach Chauncey Billups and former player and assistant coach Damon Jones—for what prosecutors describe as their roles in a vast rigged-gambling conspiracy. Miami Heat guard Terry Rozier was charged in a separate alleged gambling scheme, along with Jones and four others.

The 31 defendants in the first indictment are charged with running a ring of high-stakes private poker games from New York to the Hamptons to Miami, allegedly luring victims with the prospect of playing with NBA stars and then fleecing them for tens or even hundreds of thousands of dollars with multiple high-tech cheating systems—among them, hacked card shufflers set up to secretly transmit exactly what cards each player would have in their hand.

According to prosecutors, the marks were taken for more than $7 million over several years of running the rigged gambling schemes. “These individuals used technology and deceit to scam innocent victims out of millions of dollars—eventually funneling money to La Casa Nostra and enriching one of the most notorious criminal networks in the world,” FBI director Kash Patel wrote in a statement.

A shot of the Deckmate 2's internals, including the camera that can be accessed to learn the deck’s order.

Courtesy of HACKLAB; WIRED

At the center of that lucrative alleged poker conspiracy is the Deckmate 2, an automated card shuffler that's nearly ubiquitous in high-end gambling establishments—and has, for at least two years, been the subject of cybersecurity controversy. At the Black Hat hacker conference in August of 2023, a team of researchers from security firm IOActive presented a proof-of-concept technique for hacking the shuffler with a small device that plugs into its exposed USB port. That tiny computer would alter the code of the shuffler to give a hacker access to its internal camera—built into the machine for the purpose of assuring that the deck is intact—and then transmit the entire deck order to a nearby phone via Bluetooth.

With a custom-built app on that phone, the researchers showed they could predict exactly what hands every player at the table would have in a game of Texas Hold'em. Even if the dealer cuts the deck, entering into the app the two cards in a cheating player's hand or the three “flop” cards exposed on the table early in a round of Texas Hold'em would tell the cheater exactly where the dealer had cut to in the deck and thus offer full knowledge of who holds the best hand.

Joseph Tartaro, at the time a security researcher at IOActive, described the technique as “100 percent full-control cheating" in a 2023 interview with WIRED. “We can, for example, just read the constant data from the camera so we can know the deck order,” Tartaro said. "When that deck goes out into play, we know exactly the hand that everyone is going to have.”

While Tartaro suggested in a later interview that a cheating player could surreptitiously plug his hacking device into a shuffler in a casino, he also noted that someone who owned or maintained the shuffler could use it to cheat even more easily. “Once you have access to the internals, it's kind of game over,” Tartaro said.

WIRED went so far as to test out this hacked-shuffler cheating technique, as shown in the video above published earlier this month. With the help of Tartaro, we used a hacked Deckmate 2 to cheat against two unsuspecting players in a live game of Texas Hold'em. By partnering with Tartaro in the game and using a system of covert hand signals that communicated his secret knowledge of the winning hand transmitted from the hacked shuffler, we ultimately cleaned out the two victims in our demo game.

The indictment claims 31 alleged members of the mob orchestrated rigged poker games with NBA players to steal millions.

Photograph: Michael M. Santiago/Getty Images

The actual alleged poker cheating ring, prosecutors have now revealed, had been using almost exactly the same hacking techniques for years. In their games, however, several alleged defendants are said to have used pre-rigged Deckmate 2 shufflers under their own control rather than hack machines owned by others via their USB port, as IOActive described. (In one case mentioned in the indictment, some defendants allegedly even stole a rigged shuffler from someone at gunpoint to use in their games.)

The hacked shufflers were programmed to transmit the knowledge of the players' hands to a remote operator, who then sent that information back to the phone of a player in the game known as a “quarterback” or “driver,” according to prosecutors. The indictment claims that the lead cheater would then use covert signals to tell other cheating players in the game how to bet or fold.

When WIRED reached out to Light & Wonder, the company that sells the Deckmate 2, a company spokesperson responded by pointing to multiple ways the company had improved the shufflers' security since IOActive first publicly exposed its vulnerabilities in 2023. The company says it updated the firmware in its shufflers to patch security flaws IOActive revealed, such as the ability to circumvent a cryptographic check of whether the shuffler's code had been altered. It also disabled the USB port in all shufflers.

Even then, poker and cheating experts point out to WIRED that, while shufflers in licensed casinos may have gotten those updates, secondhand and black-market Deckmate 2s used in unlicensed card houses or private games may not have gotten the same attention—or could be deliberately rigged by someone who set up the game.

Tartaro’s app that tells a cheater which player will have the winning hand.

Courtesy of HACKLAB; WIRED

"If there's a camera that knows the cards, there is always some kind of underlying threat. Customers are gonna be essentially at the mercy of the person setting up the machine," poker player and card house owner Doug Polk previously told WIRED. “If you're showing up in a private game and there's a shuffler, I would say you should run for the hills.”

Hacking the Deckmate 2, according to prosecutors, was only one of several cheating techniques the mobsters allegedly used, albeit the one that's described in the most detail in the indictment. The charging document also claims that they used invisibly marked cards, electronic poker chip trays, phones that could secretly read cards' markings, and even specially designed glasses and contact lenses.

While the details of those schemes weren’t spelled out by prosecutors, they're all well known in the casino security world, says Sal Piacente, a professional cheating consultant and the president of UniverSal Game Protection. Cards can, for instance, have hidden bar codes on their edges—printed invisibly, such as with infrared ink—that can be deciphered by a reader hidden in a chip tray or in a phone case laid on the table. In other cases, cards are similarly marked on their backs with ink that's only visible with special glasses or contacts.

“This kind of equipment is being used more than you would think,” Piacente says. “When you go to a private game, there's no regulation, no commission, no rules. Anything goes.”

*   The ‘womanosphere’ is reshaping the Conservative dating landscape
    
*   **Big Interview:** We spoke to Zohran Mamdani, New York’s mayoral front-runner
    

Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books _Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency_ and _Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers_. His books ... Read More

How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA

The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks.

The Universe Browser makes some big promises to its potential users. Its online advertisements claim it’s the “fastest browser,” that people using it will “avoid privacy leaks” and that the software will help “keep you away from danger.” However, everything likely isn’t as it seems.

The browser, which is linked to Chinese online gambling websites and is thought to have been downloaded millions of times, actually routes all internet traffic through servers in China and “covertly installs several programs that run silently in the background,” according to new findings from network security company Infoblox. The researchers say the “hidden” elements include features similar to malware—including “key logging, surreptitious connections,” and changing a device’s network connections.

Perhaps most significantly, the Infoblox researchers who collaborated with the United Nations Office on Drugs and Crime (UNODC) on the work, found links between the browser’s operation and Southeast Asia’s sprawling, multibillion-dollar cybercrime ecosystem, which has connections to money-laundering, illegal online gambling, human trafficking, and scam operations that use forced labor. The browser itself, the researchers says, is directly linked to a network around major online gambling company BBIN, which the researchers have labeled a threat group they call Vault Viper.

The researchers say the discovery of the browser—plus its suspicious and risky behavior—indicates that criminals in the region are becoming increasingly sophisticated. “These criminal groups, particularly Chinese organized crimes syndicates, are increasingly diversifying and evolving into cyber enabled fraud, pig butchering, impersonation, scams, that whole ecosystem,” says John Wojcik, a senior threat researcher at Infoblox, who also worked on the project when he was a staff member at the UNODC.

“They’re going to continue to double down, reinvest profits, develop new capabilities,” Wojcik says. “The threat is ultimately becoming more serious and concerning, and this is one example of where we see that.”

**Under the Hood**

The Universe Browser was first spotted—and mentioned by name—by Infoblox and UNODC at the start of this year when they began unpacking the digital systems around an online casino operation based in Cambodia, which was previously raided by law enforcement officials. Infoblox, which specializes in domain name system (DNS) management and security, detected a unique DNS fingerprint from those systems that they linked to Vault Viper, making it possible for the researchers to trace and map websites and infrastructure linked to the group.

Tens of thousands of web domains, plus various command-and-control infrastructure and registered companies, are linked to Vault Viper activity, Infoblox researchers say in a report shared with WIRED. They also say they examined hundreds of pages of corporate documents, legal records, and court filings with links to BBIN or other subsidiaries. Time and time again, they came across the Universe Browser online.

“We haven’t seen the Universe Browser advertised outside of the domains Vault Viper controls,” says Maël Le Touz, a threat researcher at Infoblox. The Infoblox report says the browser was “specifically” designed to help people in Asia—where online gambling is largely illegal—bypass restrictions. “Each of the casino websites they operate seem to contain a link and advertisement to it,” Le Touz says.

The Universe Browser itself is mostly offered for direct download from these casino websites—often being linked at the bottom of the websites, next to the logo of BBIN. There are desktop versions available for Windows, as well as an app version in Apple’s App Store. And while it is not in Google’s Play Store, there are Android APK files that allow the app to be directly installed on Android phones. The researchers say multiple parts of the Universe Browser and the code for its apps reference BBIN, and other technical details also reference the company.

The researchers reverse-engineered the Windows version of the browser. They say that while they have been unable to “verify malicious intent,” elements of the browser that they uncovered include many features that are similar to those found malware and tries to evade detection by antivirus tools. When the browser is launched, it “immediately” checks for the user's location, language, and whether it is running in a virtual machine. The app also installs two browser extensions: one of which can allow screenshots to be uploaded to domains linked to the browser.

While online gambling in China is largely illegal, the country also runs some of the world’s strictest online censorship operations and has taken action against illegal gambling rings. While the browser may most often be being used by those trying to take part in illegal gambling, it also puts their data at risk, the researchers say. “In the hands of a malicious actor—a Triad for example—this browser would serve as the perfect tool to identify wealthy players and obtain access to their machine,” the Infoblox report says.

Beyond connecting to China, running key logging, and other programs that run in the background, Infoblox’s report also says multiple functions have been disabled. “The right click, settings access and developer tools, for instance, have all been removed, while the browser itself is run with several flags disabling major security features including sandboxing, and the removal of legacy SSL protocols, greatly increasing risk when compared with typical mainstream browsers,” the company’s report says. (SSL, also known as Secure Sockets Layer, is a historic type of web encryption that protected some data transfers.)

It is unclear whether these same suspicious behaviors are present in the iOS and Android versions of the app. A Google spokesperson says the company is looking into the app and confirmed it was not available through its Google Play store. Apple did not respond to requests for comment about the app.

**Connect the Dots**

The web infrastructure around the Universe Browser led the researchers back to BBIN, a company that has existed since 1999. While it was originally founded in Taiwan, the company now has a large base in the Philippines.

BBIN, which also goes by the name Baoying Group and has multiple subsidies, describes itself as a “leading” supplier of iGaming software in Asia. A UNODC report from April, which links BBIN to the Universe Browser but does not formally name the company as Vault Viper, says the firm runs several hotels and casinos in Southeast Asia as well as providing “one of the largest and most successful” iGaming platforms in the region. Over the last decade, BBIN has sponsored or partnered with multiple major European soccer teams, such as Spain’s Atlético de Madrid, Germany’s Borussia Dortmund, and Dutch team AFC Ajax.

In recent years, multiple football clubs in England’s Premier League have faced scrutiny over sponsorship by Asian gambling companies—including by TGP Europe which was owned by Alvin Chau, the chairman and founder of SunCity Group who was sentenced in January 2023 to 18 years in prison after being found guilty of running illegal gambling operations. TGP Europe left the UK earlier this year after being fined by the country’s gambling regulator. Atlético Madrid, Borussia Dortmund, and AFC Ajax did not respond to WIRED requests for comment.

The iGaming industry develops online gambling software, such as virtual poker or other online casino games, that can easily be played on the web or on phones. “BBIN Baoying is officially an online casino game developer or ‘white label’ online casino platform, meaning it outsources its online gambling technology to other sites,” says Lindsey Kennedy, research director at The EyeWitness Project, which investigates corruption and organized crime. “The only languages it offers are Korean, Japanese and Chinese, which isn’t a great sign as online gambling is either banned or heavily restricted in all three countries.”

“Baoying and BBIN are what I would call a multi-billion dollar gray-area international conglomerate with deep criminal connections, backstopping and providing services to online gambling businesses, scams and cybercrime actors,” alleges Jeremy Douglas, chief of staff at the UNODC and its former regional representative for Southeast Asia. “Aside from what has been estimated at a two-thirds ownership by Alvin Chau of SunCity—arguably the biggest money launderer in the history of Asia—law enforcement partners have documented direct connections with Triad groups including the Bamboo Union, Four Seas, Tian Dao,” Douglas says of BBIN. (When Chau was sentenced in January 2023, court documents pointed to him allegedly owning a 66.67 percent share of Baoying).

BBIN did not respond to multiple requests for comment from WIRED. The firm’s primary contact email address it lists on its website bounced back, while questions sent to another email address and online contact forms, plus attempts to contact two alleged staff members on LinkedIn were not answered by the time of publication. A company Telegram account pointed WIRED to one of the contact forms that did not provide any answers.

The Presidential Anti-Organized Crime Commission (PAOCC) in the Philippines, which tackles organized and international crimes, did not respond to a request for comment from WIRED about BBIN.

Over the last decade, online crime in Southeast Asia has massively surged, driven partially by illegal online gambling and also a series of scam compounds that have been set up across Myanmar, Laos, and Cambodia. Hundreds of thousands of people from more than 60 countries have been tricked into working in these compounds, where they operate scams day and night, stealing billions of dollars from people around the world.

“Scam parks and compounds across the region generally host both online gambling and online scam operations, and the methodology used to lure individuals into opening online gambling accounts parallels that associated with pig-butchering scams,” says Jason Tower, a senior expert at the Global Initiative Against Transnational Organized Crime.

Last week, US law enforcement seized $15 billion in Bitcoin from one giant Cambodian organization, which publicly dealt in real estate but allegedly ran scam facilities in “secret.” One of the sanctioned entities, the Jin Bei Group in Cambodia, which US authorities accused of operating a series of scam compounds, also shows links to BBIN’s technology, Tower says. “There are multiple Telegram groups and casino websites indicating that BBIN partners with multiple entities inside the Jinbei casino,” Tower says, adding that one group on Telegram “posts daily advertisements indicating an official partnership between Jinbei and BBIN.”

Over recent years, multiple government press releases and news reports from countries including China and Taiwan, have alleged how BBIN’s technology has been used within illegal gambling operations and linked to cybercrime. “There are hundreds of Telegram posts aggressively advertising various illegal Chinese facing gambling sites that say they either are, or are built on, BBIN/Baoying technology, many of them by individuals claiming to operate out of scam and illegal gambling compounds, or as part of the highly illegal, trafficking-driven industry in Cambodia and Northern Myanmar,” says Kennedy from The EyeWitness Project.

While the Universe Browser has most likely been downloaded by those accessing Chinese-language gambling websites, researchers say that its development indicates how pivotal and lucrative illegal online gambling operations are and exposing their links to scamming efforts that operate across the world. “As these operations continue to scale and diversify, they are marked by growing technical expertise, professionalization, operational resilience, and the ability to function under the radar with very limited scrutiny and oversight,” Infoblox’s report concludes.

This ‘Privacy Browser’ Has Dangerous Hidden Features

A federal contracting database lists an ICE payment for $61,218 with the payment code for “guided missile warheads and explosive components.” But it appears ICE simply entered the wrong code.

On September 19, US Immigration and Customs Enforcement made a $61,218 payment for “guided missile warheads and explosive components,” according to the Product and Service Code (PSC) included in the payment record on a federal contracting database.

“This award provides multiple distraction devices to support law enforcement operations and ICE- Office of Firearms and Tactical Programs,” the record’s description section reads.

The Substack Popular Information mentioned this payment in a Monday article, which focused on the fact that ICE spending in the “small arms, ordnance, and ordnance accessories manufacturing” product category increased by 700 percent between 2024 and 2025. (Spending increased by about 636 percent, per WIRED’s analysis of the same category and time periods Popular Information measured.) Word of the payment also circulated on Tuesday after a post on BlueSky by Democratic Wisconsin state senator Chris Larson went viral.

It turns out, concern over ICE agents planning to use warheads is likely based on a mistake. Quantico Tactical, the company listed as the supplier of said warheads in the federal payment records, does not sell any explosive devices. (It sells a variety of firearms, switchblades, and weapon accessories.) David Hensley, founder and CEO of Quantico Tactical, told WIRED in an email that the PSC “appears to be an error.”

“Quantico Tactical does not sell, and I suspect that CBP ICE does not purchase, ‘Guided Missile Warheads,’” Hensley said, referencing Customs and Border Protection. He added that the rest of the payment record appears to be correct.

PSCs are assigned by a government agency’s contracting office, not the private contractor. Hensley declined to speculate on what the correct PSC for the payment may be. He also declined to clarify which “distraction devices” ICE purchased. However, ICE made two other payments to Quantico Tactical for “distraction devices” in September 2024 and August 2025.

The descriptions for both payment records claim that they are for training programs run by ICE’s Office of Firearms and Tactical Programs (OFTP). Both payments records use the PSC for "chemical weapons and equipment,” which includes items like "flame throwers" and "smoke generators.”

An ICE “Firearms and Use of Force” handbook from 2021 does not mention any approved use of flame throwers, but it does mention the use of "chemical munitions" such as smoke, pepper spray, and tear gas. (It notes that their use must be approved by the agency's associate director and the OFTP.) Quantico Tactical does not list smoke bombs, pepper spray, or tear gas for sale on its website, though it does list accessories like smoke-resistant goggles and holders for mace, flash grenades, and smoke bombs. It’s unclear what ICE may have purchased.

ICE did not respond to WIRED’s request for comment.

Notably, ICE has never made a purchase with the PSC for “guided missile warheads and explosive components” in the past. The 2024 Federal Procurement Data System Manual lists eight other PSCs explicitly related to guided missiles—specifically, their components, repair equipment, and the trucks and trailers that transport them. ICE has never made purchases with any of these codes with a few exceptions, all of which appear to be coding errors, according to payment records reviewed by WIRED.

There is one record of an ICE payment to “Prestige Auto Collision" in November 2007 under the PSC for “maintenance” and “repair” of guided missiles. The payment record description, however, says that a “vehicle was rear ended” and needed to be repaired before it could be driven again. (There are two other payment records to the business in January 2008 and October 2020, but both are for $0 and appear to be administrative.) WIRED was unable to contact Prestige Auto Collision, which no longer exists at the location listed in the payment record.

ICE also made one payment to "Atlantic Driving Supply Incorporated" for $115,500 in 2007 under the PSC for "guided missile components." However, the description reads “Holographic sight,” which may simply refer to day scopes and binoculars sold by the company. (There is one other payment record to Atlantic Driving Supply from May 2017, but it is for $0 and also appears to be administrative.) ADS did not respond for comment.

In recent months, ICE has hugely escalated the scale and intensity of its operations, sparking protests around the country. ICE agents have often responded with the copious use of tear gas, pepper spray, and smoke.

This phenomenon has been particularly visible in Chicago and Portland. On Saturday in Portland, ICE agents used large amounts of tear gas and pepper spray against protesters. This week, a federal judge in Chicago questioned a Trump official on ICE agents’ use of the chemical agents, which have been used in close proximity to police officers and elementary schools in the city. Recently, officers threw a smoke bomb directly into a Chicago street after cars started beeping at them.

No, ICE (Probably) Didn’t Buy Guided Missile Warheads

Experts say outages like the one that Amazon experienced this week are almost inevitable given the complexity and scale of cloud technology—but the duration serves as a warning.

A sprawling Amazon Web Services cloud outage that began early Monday morning illustrated the fragile interdependencies of the internet as major communication, financial, health care, education, and government platforms around the world suffered disruptions. As the day wore on, AWS diagnosed and began working to correct the issue, which stemmed from the company's critical US-EAST-1 region based in northern Virginia. But the cascade of impacts took time to fully resolve.

Researchers reflecting on the incident particularly highlighted the length of the outage, which started around 3 am ET on Monday, October 20. AWS said in status updates that by 6:01 pm ET on Monday “all AWS services returned to normal operations.” The outage directly stemmed from Amazon's DynamoDB database application programming interfaces and, according to the company, “impacted” 141 other AWS services. Multiple network engineers and infrastructure specialists emphasized to WIRED that errors are understandable and inevitable for so-called “hyperscalers” like AWS, Microsoft Azure, and Google Cloud Platform, given their complexity and sheer size. But they noted, too, that this reality shouldn't simply absolve cloud providers when they have prolonged downtime.

“The word _hindsight_ is key. It's easy to find out what went wrong after the fact, but the overall reliability of AWS shows how difficult it is to prevent every failure,” says Ira Winkler, chief information security officer of the reliability and cybersecurity firm CYE. “Ideally, this will be a lesson learned, and Amazon will implement more redundancies that would prevent a disaster like this from happening in the future—or at least prevent them staying down as long as they did.”

AWS did not respond to questions from WIRED about the long tail of the recovery for customers. An AWS spokesperson says the company plans to publish one of its “post-event summaries” about the incident.

“I don't think this was just a ‘stuff happens’ outage. I would have expected a full remediation much faster,” says Jake Williams, vice president of research and development at Hunter Strategy. “To give them their due, cascading failures aren't something that they get a lot of experience working with because they don't have outages very often. So that's to their credit. But it's really easy to get into the mindset of giving these companies a pass, and we shouldn't forget that they create this situation by actively trying to attract ever more customers to their infrastructure. Clients don't control whether they are overextending themselves or what they may have going on financially.”

The incident was caused by a familiar culprit in web outages—“domain name system” resolution issues. DNS is essentially the internet's phonebook mechanism to direct web browsers to the right servers. As a result, DNS issues are a common source of outages, because they can cause requests to fail and keep content from loading.

“Cloud computing is a marvel, but the heart of it is a never-ending list of complex services and dependencies that are always one configuration away from failure," says Mark St. John, chief operating officer and cofounder of the systems security startup Neon Cyber.

Speaking generally about hyperscalers, St. John echoed Williams' point that in exchange for the mature architecture and secure baseline of cloud platforms, customers cede control of their underlying digital infrastructure and the extent to which their cloud provider is or isn't investing in resilience and contingency planning at a given time. “At a certain scale, operational validation for service providers can't be a casualty of cost-cutting,” St. John says.

Thinking specifically about Monday's outage, one senior network architect at a major tech company, who requested anonymity because they are not authorized to speak to the press, also emphasized that the time it took for AWS to diagnose and remediate the issues was notable.

“It’s extraordinary that they don’t have more failures,” the source said, “but in this case it was weird that what was basically a core service—DynamoDB and the DNS around that—took so long to detect and get to a root cause.”

The Long Tail of the AWS Outage

In just seven minutes, the thieves took off with crown jewels containing with thousands of diamonds along with other precious gems.

Could the French TV series _Lupin_ have been prophetic? The show envisioned a heist at the Louvre, an event that became reality on the morning of October 19, when a group of professional thieves managed to break into the world-famous Paris museum. In just seven minutes, they stole a host of priceless French crown jewels.

The heist took place at around 9:30 am local time, shortly after the museum opened to the public. Using a truck-mounted ladder, the thieves entered the Galerie d’Apollon—located in the Louvre's Petite Galerie wing—through a second-floor window that they forced open with an angle grinder.

Upon entry, the robbers smashed open at least two display cases, took the precious artifacts, and then fled a few minutes later on two Yahama scooters, disappearing into traffic and soon turning onto the highway.

Included in the loot, according to French authorities, were eight crown jewels, almost all from the late Napoleonic era. A ninth item, Empress Eugénie's diamond- and emerald-laden crown, was found damaged nearby, evidently dropped by the fleeing criminals. The thieves did get away with a tiara also belonging to Napoleon III's wife, in full Empire style, decorated with 212 pearls, 1,998 diamonds, and another 992 rose-cut diamonds. They also took a bow brooch belonging to Empress Eugénie with 2,438 diamonds and 196 rose-cut stones. Also in the haul is a parure—a tiara with 24 Ceylon sapphires and 1,083 diamonds, accompanied by a necklace with eight impressive sapphires, more diamonds and gold work, and a pendant earring that belonged to Queen Maria Amalia.

It's difficult to put a number on what this collection of jewels is worth; they are not mere luxury items with their own specific value, but rather priceless possessions. The literal value of the gems, stones, and gold is compounded by their historical value, not to mention the fact that they are part of the heritage of the French state, which in itself makes them likely impossible to sell on the traditional market. However, it is possible that, as often happens in this type of theft, the robbers will disassemble the artifacts, melt down the precious metals, recut the jewels to make them less traceable, and sell them on the gray or black market, potentially generating tens of millions of euros.

Regardless of its outcome, the Louvre heist was a skillful operation. Some analysts say the thieves exploited vulnerabilities in the museum's security system, which has for years struggled with staffing problems, constant work in progress, and also increasing pressure from the exorbitant and growing number of visitors. A nationwide and international manhunt has now begun. At the moment there are no specific suspects, but all available images from the area (including a video that shows one of the thieves at work) are obviously being examined.

With all the surveillance footage and cameras now spread everywhere in the city, there should be plenty of material to identify possible leads. President Emmanuel Macron has strongly condemned the incident, and assured that those responsible will soon be brought to justice. Long gone, moreover, are the days when Italian decorator Vincenzo Peruggia committed what was until now considered the greatest theft in the history of the Louvre: the daring misappropriation of Leonardo's _Mona Lisa_, which took place on August 21, 1911.

That painting was returned two years later; Peruggia attempted to resell it to a Florentine art dealer who then raised the alarm. Maybe a similar stroke of luck could happen in this case as well.

_This story originally appeared on WIRED Italia and has been translated from Italian._

What to Know About the Shocking Louvre Jewelry Heist

Amazon Web Services experienced DNS resolution issues on Monday morning, taking down wide swaths of the web—and highlighting a long-standing weakness in the internet's infrastructure.

A massive cloud outage stemming from Amazon Web Services’ key US-EAST-1 region, its hub in northern Virginia, near the US Capitol, caused widespread disruptions of websites and platforms around the world on Monday morning. Amazon's main ecommerce platform and other properties, including Ring doorbells and the Alexa smart assistant, suffered interruptions and outages throughout the morning, as did Meta's communication platform WhatsApp, OpenAI's ChatGPT, PayPal's Venmo payment platform, multiple web services from Epic Games, multiple British government sites, and many others.

The outages stemmed from Amazon's DynamoDB database application programming interfaces in US-EAST-1, and AWS said in status updates that the problem was specifically related to DNS resolution issues. The “domain name system” is a foundational internet service that essentially acts as an automatic phonebook lookup to translate web URLs like www.wired.com into numeric server IP addresses so web browsers show users the right content. DNS resolution issues occur when DNS servers aren't accurately connecting these dots and, to keep with the phonebook analogy, are providing the wrong numbers for a given name, or vice versa.

“Based on our investigation, the issue appears to be related to DNS resolution of the DynamoDB API endpoint in US-EAST-1,” AWS wrote in status updates on Monday. Shortly after, the company added: “If you are still experiencing an issue resolving the DynamoDB service endpoints in US-EAST-1, we recommend flushing your DNS caches.”

An AWS spokesperson did not immediately respond when asked for details about the nature of the failure. DNS resolution issues can be malicious—known as DNS hijacking—but there is no indication that Monday's AWS outages were nefarious.

“When the system couldn't correctly resolve which server to connect to, cascading failures took down services across the internet,” says Davi Ottenheimer, a longtime security operations and compliance manager and a vice president at the data infrastructure company Inrupt. “Today's AWS outage is a classic availability problem, and we need to start seeing it more as data integrity failure.”

Problems began around 3 am ET. By 5:22 am, AWS had applied “initial mitigations” that were starting to take effect. At 6:35 am, Amazon said that it had fully addressed the underlying technical issues but that “some services will have a backlog of work to work through, which may take additional time to fully process.”

AWS has suffered other large-scale outages, including a major incident in 2023. Reliance on central cloud services from giants like AWS, Microsoft Azure, and Google Cloud Services has, in may ways, improved cybersecurity and stability around the world by creating a baseline of guardrails and best practices for all customers. But this standardization comes with major trade-offs, because the platforms become a single point of failure for large swaths of critical services.

“Failures increasingly trace to integrity,” Ottenheimer says. “Corrupted data, failed validation or, in this case, broken name resolution that poisoned every downstream dependency. Until we better understand and protect integrity, our total focus on uptime is an illusion.”

Source

Wired