Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.

Apple’s NameDrop feature in iOS 17 is having a bit of a viral moment. Across the United States, police departments are warning adults to turn off the contact-sharing feature on their iPhones and their children’s devices. In addition, a widely shared TikTok video, with over 2 million views, describes how the feature lets strangers at the gym or on the bus steal all your information. The catch? It’s not true. You shouldn’t worry about NameDrop being some huge security risk.

First announced at the company’s developer conference in June, NameDrop is an extension of Apple’s AirDrop functionality. When NameDrop is turned on, two iPhone users can activate the feature by holding the top ends of their smartphones together. Then a contact card with your email and phone number may pop up on your own device. After that, you can tap **Share** or **Receive Only**. If you choose to share your contact information, it will be sent to the other device. End the transaction by tapping **Done** in the top left corner of your screen.

Contact sharing will be canceled if the two smartphones are moved apart anytime during the process or if you decide to lock your iPhone using the power button. Even though NameDrop is auto-enabled when you update to iOS 17, it’s crucial to note that consent is required throughout the process. Some random person on the street can’t just bump into you for a few seconds, and then walk away with your phone number.

Still want to turn off the NameDrop feature for your iPhone? Start by opening your **Settings**, then tap **General** and **AirDrop**. Go to the section labeled **Start Sharing By** and toggle **Bringing Devices Together** to the left. On this page, you can also change the settings for who can AirDrop information to your phone.

The iPhone isn’t the only Apple product that can use NameDrop. If you own a newer Apple Watch, you can receive the contact info from iPhones as well as other Apple Watches. To instigate a watch-to-watch transfer, you’ll need to open **Contacts** and tap on your image. Choose **Share** and hold your watches close together. (Holding hands is not required to complete the NameDrop.) Voluntarily follow the same steps listed above to share your info.

Apple calls the image that pops up during a NameDrop your Contact Poster. It’s not just for NameDrops; the Contact Poster lets you control what appears when a text or call lands on a friend’s or family member’s phone. It’s highly customizable, with a range of color choices, and the option to display a selfie, memoji, or just your name. Check out this guide for in-depth tips to personalize it.

Even though you shouldn’t worry very much about the NameDrop feature on your iPhone, it’s important to be aware of how your smartphone can leak personal data. A good place to start is by checking to see whether you’re sharing location data in a way you don’t actually intend to. Another basic step to keep your iPhone secure is to update the software as soon as the new option becomes available, so Apple can patch potential exploits.

You Don’t Need to Turn Off Apple’s NameDrop Feature in iOS 17

What you look for online is up to you—just make sure no one else is taking a peek.

When it comes to looking something up on the web, most of us default to “googling” it—Google's search engine has become so dominant that it's now a verb, in the same way that Photoshop is. But using Google for your searches comes with a privacy trade-off.

Google's business is, of course, based on advertising, and every search you make feeds into the profile of you that it uses to target the ads you see around the web. While Google isn't telling marketing firms what searches you're running, it is using those queries to build up a picture of you that ads can be sold against. As such, Google can be a real snoop about collecting all your data and using it to personalize your ads and the search results you get.

There are ways to increase your privacy on Google’s platforms, like using privacy-focused browsers, using privacy-focused alternatives to Google Maps, auto-deleting your web history after a certain time period, or simply limiting the amount of data the company collects in the first place, by opting out of features like web-based email and location awareness. (And you should know that using your browser's incognito mode isn’t as sneaky as you think it is.) If you're serious about getting off the data collection grid, there’s a bevy of other privacy-focused search options at your disposal. So if you want to use a search engine that doesn't keep track of your queries, serve your data to advertisers, or change your search results based on what it thinks you’ll like, you’ve got some options.

DuckDuckGo

DuckDuckGo is simple, secure, and private.

DuckDuckGo via David Nield

The granddaddy of Google alternatives, DuckDuckGo has made private search its raison d'être for more than 15 years. The service is a little harder to recommend these days, after a kerfuffle in 2022 where the company was caught in an apparent partnership with Microsoft that allowed the tech behemoth’s tracking scripts to run unimpeded on the DuckDuckGo browser. After outcry from privacy advocates, DuckDuckGo walked back that stance a few months later, and it now says it does indeed block Microsoft’s trackers.

If you can move past that particular ugly duckling, the service is still far more private than Google. DuckDuckGo says it collates information in search results from over 400 sources. It doesn’t draw from Google, but it does pull from places like Bing and Wikipedia. What it doesn’t do is personalize search results based on data it collects from users. Like Google, DuckDuckGo displays ads, but they’re not tailored to what it thinks you’ll like based on your search history.

DuckDuckGo can be installed into just about any browser via a browser extension. It also has a full browser available on desktop for Mac and Windows. There are also mobile apps on both iOS and Android that work as browsers while incorporating DuckDuckGo’s search engine.

On the browser and app alike, the service automatically tracks and blocks all the data-scraping efforts from the websites you visit. Press the shield button in the browser bar to see what sites have tried to collect your data or track your travels across the web. Another feature blocks trackers and data requests in other apps on your phone. DuckDuckGo says it can’t block certain scripts and trackers on the websites that run them (like Facebook, for example), but tapping that little button quickly lets you know what’s being blocked and what’s not.

Brave Search

Brave isn't going to keep track of what you're looking for.

Brave via David Nield

The privacy-focused browser extension provider Brave has its own dedicated search engine. The company launched the service in 2021. Like the other services on this list, Brave says its Search product doesn’t track your searches or log your data. It's impressively comprehensive—as much for its security and privacy as for the results you get.

Simply put, no logs of your queries are kept by the search engine. While that might make for a slightly less convenient user experience—Google might automatically know you're more interested in the Miami Dolphins than actual dolphins, for instance—it does mean that you can search without worrying that you're going to see any related advertising.

"It's impossible for us to share, sell, or lose your data, because we don’t collect it in the first place," says Brave. While the service might eventually become ad-supported, those adverts won't know anything about you or what you've been looking for on the web, making it distinctly different from Google's offering.

Brave also has a service in beta called Goggles that lets users customize their own page rankings to make search results more relevant to each person. It can have some issues, such as being a bit complicated and also could lead to people creating their own little filter bubbles—inadvertently or otherwise.

You can download the Brave Browser for desktop, or get its mobile apps on Android and iOS. You can also access the Brave search engine from any web browser and any device. You don't have to use the Brave browser to use it.

Kagi

The prospect of paying for a search engine might seem odd if you’re used to unlimited Googling on a whim. But that’s exactly the service Kagi is offering.

If you’re willing to pay for yet another subscription, Kagi is a premium search experience worth trying. You can customize how search results are displayed and how links are organized and accessed. There’s also a robust array of search operators and keyboard shortcuts to use. Kagi’s privacy policy is similar to the other services on this list, in that it doesn’t track your online movements or collect your data. It also doesn’t show ads, which feels like such a relief in the era of endless pop ups and sponsored posts.

The pricing plan is simple. There is a free tier, which allots you 100 searches per month before cutting you off. From there you can pay $5 per month for 500 searches, or get unlimited searches $10 a month. All plans, even the free ones, require you to make an account.

Kagi is available as a browser extension for Firefox, Google Chrome, and Safari. Kagi’s Orion browser is available on the Mac, and it also has an iOS app.

Startpage

Want Google’s search results but without Google? Startpage may be the answer. The company serves up Google’s search results without you being tracked. “Startpage submits your query to Google anonymously, then returns Google results to you privately,” the company says on its website. It adds that Google “never sees you and does not know who made the request”.

Startpage, which was founded in the Netherlands in 2006, says that it doesn’t store people’s personal data or search history, and your IP address is removed by its servers. The company also says it blocks price trackers and prevents advertisers from showing you ads based on your online history. (It does show ads from Google’s search results). Its search results also let you click to open an anonymous view of them, which it claims works like a VPN.

The experience isn’t exactly the same as Google search, but the results are. For instance, if you search for something in the news—maybe Elon Musk, if you must—Google will show you a carousel of the latest news stories before its search results. Google also includes Musk’s latest tweets, videos of him, and photos. When you’re using Startpage, the clutter is removed and you just get URLs.

Mojeek

Mojeek doesn’t use search results from other search engines. Instead, the British search engine, which launched in 2006, is building its own index of the web. It’s doing this in the same way as Google and Bing. The company’s crawlers, which trawl the web and collect information about pages, have indexed more than six billion web pages.

This crawling isn’t as extensive as Google’s—back in 2013 Google said it was indexing 30 trillion web pages, 100 billion times a month—but Mojeek says its approach means it is fully in control of the search results it shows. The company argues there should be alternative indexes to those controlled by Big Tech. “Making and altering our own algorithm from scratch to display high quality and unbiased results is essential,” the company said in 2018.

But that’s not the only difference to Google. Mojeek also says it doesn’t track people. The search results you see are based entirely on the words that you type in, the company says, and it doesn’t collect IP addresses, search history or the clicks that you make.

Limiting Google

You can break the connection between Google Chrome and your Google account.

Google via David Nield

It's worth bearing in mind that if you're using Google Chrome and you're signed into Google, you may well be syncing your DuckDuckGo or Brave searches back to your Google account. Your Google web history and your Chrome browsing history (if you're signed into Google) will match up most of the time, because Google keeps them in sync by default, partly to make it easier to use Google across multiple devices.

To stop this from happening in Chrome, click the three dots in the top right-hand corner, then choose **Settings**. If you see that you're signed into your Google account at the very top, click **Turn off**—this will break the connection between Google and your browser, and you'll be given the option to delete all the data that's stored locally on your device (including your browsing history, bookmarks, and stored passwords).

Perhaps an easier option is to simply switch to another browser altogether—as we've already mentioned, Brave, DuckDuckGo, and Kagi all have them. Other good cross-platform alternatives to Chrome are Microsoft Edge, Mozilla Firefox, Opera and Safari from Apple—but whichever one you switch to, be sure to check out the settings for deleting your browsing history as you go. (All of these browsers have simple-to-use options for this.)

Whichever browser you decide to use, opening up a private or incognito window while you're searching will prevent those searches from being logged inside the browser—as soon as you close the window, the search is gone forever. Bear in mind that these modes don't necessarily stop online companies from tracking your queries though. (If you sign into your Google account while in private mode, Google will still be able to track you.)

If you can't bring yourself to be parted from the search results that Google serves up, you can at least make sure that they're not remembered for too long. Open up your Google account settings page on the web, then click **Data & Privacy** and scroll down to **Web & App Activity.** You can choose either **Manage activity** to remove history and searches manually, or select the **Auto-delete** option to have this data wiped automatically once it's been stored for a certain amount of time.

Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage

Plus: North Korean supply chain attacks, a Russian USB worm spreads internationally, and more.

Trillions of domestic phone records in the United States are tracked every year under a secretive surveillance operation, WIRED revealed this week. The Data Analytical Services program, which was previously known as Hemisphere, allows cops to request and analyze the phone records of people and others who they communicate with, including those not suspected of crimes. The surveillance system is run by the White House, with telecom firm AT&T providing phone records in response to law enforcement requests.

The crypto world kept tumbling this week. After Sam Bankman-Fried was found guilty at the start of this month, it was the turn of crypto exchange Binance and its CEO Changpeng Zhao to face scrutiny from US officials. The US Department of Justice unsealed an indictment against the company, which accuses it of violating US anti-money-laundering laws and of enabling Iran, Cuba, and Russia to launder dirty money.

If you’re in the US and have some extra time over the long holiday weekend, it’s also worth catching up on Andy Greenberg’s epic tale of the three young hackers twho brought down the internet with the Mirai botnet—and their story of redemption. Then it’s definitely time to log off.

That’s not all. Each week, we round up the security and privacy stories we didn’t report on in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Google makes most of its money from advertising—and it doesn’t like ad blockers, which prevent millions of ads being shown on websites every day. In recent months, the company has been cracking down on ad blockers on YouTube in a big way. But that’s just the start of it.

This week YouTube confirmed it has, in some instances, introduced a five-second delay before videos load if people are using an ad blocker in their browser. “In the past week, users using ad blockers may have experienced suboptimal viewing, which included delays in loading, regardless of the browser they are using,” a YouTube spokesperson told The Verge. The company admitted the delays had been happening after some people on Reddit and Hacker News spotted slow loading times and initially thought it was because of the browser they were using.

The move follows Google announcing last week that it is going ahead with plans to change how Chrome browser extensions operate, which may limit how some popular ad blockers work. Last year the company paused its plans to roll out Manifest V3, the platform that browser extensions work on, after complaints about how it would impact some extensions. As Ars Technica reported, Google is planning on rolling out a revised version of Manifest V3 in June next year. Google says Manifest V3 is designed to make Chrome run smoothly by reducing the resources that extensions can use and improve security. However ad blockers and privacy experts have criticized how the system works and, in particular, changes to the Declarative Net Request API.

Google proposed putting restrictions on this API but has relaxed these somewhat in the new version of Manifest V3. It originally planned to allow browser extensions to make 5,000 content-filtering “rules,” but it has now increased this to 30,000 rules. AdGuard, an ad blocker, has tentatively welcomed some of the revised changes. Elsewhere, uBlock Origin, which uses around 300,000 filtering rules, has created a “lite” version of its extension in response to Manifest V3. The developer behind uBlock Origin says the lite version is not as “capable” as the full version. Meanwhile, browser makers Brave and Firefox say they are introducing work-arounds to stop ad blockers from being impacted by the changes.

Supply chain attacks, where malware is implanted in a company's legitimate software and spread to the firm's customers, can be incredibly hard to detect and can cause billions of dollars in damage if they’re successful. Hackers for North Korea are increasingly adopting the sophisticated attack method.

This week Microsoft revealed it has discovered the hermit kingdom’s hackers implanting malicious code inside an installer file for photo and video editing software CyberLink. The installer file used legitimate code from CyberLink and was hosted on the company's servers, obscuring the malicious file it contained. Once installed, Microsoft said, the malicious file would deploy a second payload. More than 100 devices have been impacted by the attack, Microsoft says, and it has attributed the attack to the North Korea-based Diamond Sleet hacking group.

After details of the attack were revealed, the UK’s National Cyber Security Centre and the Republic of Korea’s National Intelligence Service issued a warning saying that North Korea’s supply chain attacks are “growing in sophistication and volume.” The two bodies say the tactics support North Korea’s wider priorities, such as stealing money to help fund its ailing economy and nuclear programs, espionage, and stealing tech secrets.

Some flights have had to change course or lost satellite signals in midair due to electronic warfare, _The New York Times_ reported this week. The ongoing conflicts in Ukraine and Gaza have seen GPS jamming and spoofing technologies interfere with the daily operation of flights in and around the areas. The incidents, so far, have not been dangerous. But they highlight the increase in electronic warfare capabilities—which seek to interrupt or disrupt the technologies used for communications and infrastructure—and how the technology needed to launch them is getting cheaper. Since Russia’s full-scale invasion of Ukraine in February 2022, electronic warfare tactics have become increasingly common on both sides, as drones being used for surveillance and reconnaissance have had their signals interrupted and rockets have been sent off course.

Gamaredon is one of Russia’s most brazen hacking groups—the hackers have consistently attacked Ukrainian systems. Now one piece of its malware, a worm that spreads via USB stick and is dubbed LitterDrifter, has spread internationally. The worm has been spotted in the US, Hong Kong, Germany, Poland, and Vietnam, according to researchers at security firm Check Point. The company’s researchers say the worm includes two elements: a spreading module and a second module that also communicates with Gamaredon’s servers. “It’s clear that LitterDrifter was designed to support a large-scale collection operation,” the Check Point researchers write, adding that it’s likely the worm has “spread beyond its intended targets.”

Google’s Ad Blocker Crackdown Is Growing

Security researcher Barrett Lyon, who makes visualizations of the internet's network infrastructure, is back with a new piece chronicling the rise of the IPv6 protocol.

When you're browsing online, you probably don't pay close attention to the URLs in the address bar of your browser, much less the IP addresses of the sites you're visiting or your own internet connection. But behind the scenes, the Internet Protocol is the key network communication and routing mechanism that's underlying everything you see and do. The mainstream internet was based on IP version 4, or IPv4, but this network had technical limitations including too few IP addresses to support the global explosion of internet use. So in the 2010s, the web community embarked on a massive migration effort to begin supporting the next-generation network known as IPv6.

As you read WIRED.com, though, the technical side of the internet still probably all feels pretty abstract and far away. Wanting to essentially “see” IPv6 for himself, security researcher Barrett Lyon set out to chart the topography and growth of the newer network alongside the classic IPv4. Lyon has been making kaleidoscopic visualizations of the internet since 2003, and he collectively calls this work Opte. But this is the first time the project has contrasted the IPv4 and IPv6 networks over time.

“I wanted to map IPv6, which begins as a little tiny scrap of a thing, and juxtapose it with IPv4, or what some might call ‘the real internet’" Lyon tells WIRED. “The most surprising thing is toward the end of the video, you see that IPv6 has accelerated in growth and adoption, and you can see that eventually it's going to be more robust and more prevalent and eclipse IPv4. Eventually, we’ll have this network we’ve been using for 35 years that will no longer be important.”

The IPv6 internet at the end of September.

Courtesy of Barrett Lyon

Lyon uses what are known as Border Gateway Protocol routing tables—basically maps of the best and most efficient routes for data to travel across the internet—to generate the Opte visualizations. The data comes from University of Oregon's RouteViews Archive Project.

As the images came back for IPv6, Lyon says, he was surprised to see the regions of the world that had adopted IPv6 more enthusiastically or more slowly. The tech community in the United States, for example, was slower to incorporate IPv6 than that in the European Union.

Opte also visualizes a leapfrog effect when newer, highly networked technologies like artificial intelligence platforms come online using IPv6 without the legacy infrastructure of digital systems that have been around for decades and slowly revised and improved.

“IPv4 has been around for so long, and it's fascinating to see technological advances on that network, but IPv6 supports bigger networks by default like AI networks, that are growing at exponential rates where these computers all need to talk to each other,” Lyon says.

The IPv4 internet at the beginning of October.

Courtesy of Barrett Lyon

Lyon points out that watching IPv4 and the rise and transition to IPv6 through Opte not only illustrates the current moment of the internet, but also begins to shed light on where things may go next.

“What this comparison hints at is that there will be new protocols after IPv6 that need to exist in order to enable new technologies that we haven’t thought of yet,” he says. “Even more intricate protocols to support features like space communications or big AI farms. There will be some point in time where even IPv6 won’t be sufficient to support what society needs from the internet.”

Go on a Psychedelic Journey of the Internet's Growth and Evolution

There’s a devastating amount of heavy news these days. Psychology experts say you need to know your limits—and when to put down the phone.

Scrolling through social media can feel like a nightmare these days. You’re reading about the horrors of the Israel-Hamas war, and then you’re reading about the horrors of the war between Ukraine and Russia. You’re learning about the latest devastating climate news. Democracy is under threat in America. It can feel like everything is falling apart.

This, of course, can have a significant effect on your mental health. You start to feel overwhelmed. Not only are you dealing with the regular stresses of daily life—your job, your finances, your personal relationships—but now you’re thinking about the most serious problems the world is facing. Social media algorithms tend to elevate the most contentious content, so these feeds are showing you things that will elicit a visceral response—they’re putting the doom in doomscrolling.

According to psychology experts, this has become a serious problem. People are ingesting too much negative news, and it’s not only affecting them personally but impacting society at large. People can handle some bad news, but what if it’s a lot of bad news? And what if a lot of people are doing this while trying to function in the world together?

Matthew Price, a professor of psychological science at the University of Vermont, says that stress is cumulative. One thing starts stressing you out, and then it’s another thing, and then one more thing. Suddenly, you’re spiraling. He says the stress can continue throughout your day even when you’ve stopped bingeing on bad news on social media.

“Some of the work that we have done has shown it definitely increases your stress in the moment. It could increase your stress throughout the rest of your day,” Price says. “When you doomscroll, it gets much easier to reach your limit than I think you would if you weren’t doing that.”

Price says ingesting a lot of negative news can cause anxiety and depression, at least for some period of time, but it’s especially likely to “exacerbate” anxiety, depression, and PTSD in people who have a history of experiencing those conditions. He says that people often doomscroll because there’s something bad going on and they want to find a way to fix the problem they’re reading about.

“When we’re doomscrolling, we’re kind of looking for the resolution to the issue. Read some more posts. Read some more articles. If I get more information, then maybe I’ll understand the problem,” Price says, describing the doomscrolling cycle.

This doesn’t just affect individuals. When a lot of people are experiencing the stress of the news of the world at once, it can make them more likely to “snap at each other,” Price says. We may not realize it, but the reason that guy was rude to you at Starbucks might be that he has read too many damn scary news articles.

“When you have multiple people who are struggling, they’re going to have a harder time communicating together,” says Bethany Teachman, a professor of psychology at the University of Virginia. “We have to think of these things from a systemic perspective or we’re not going to be very effective at making change.”

Teachman says doomscrolling can “skew our sense of what’s going on.” You start to think everything and everyone is the worst, but it’s quite possible little of it is actually affecting you personally. Perhaps terrible news from around the world would not be changing your daily life unless you were reading about it, and it’s important to recognize when it’s time to log off.

“We do need to stay informed, but when we move past informed to feeling overwhelmed and often paralyzed and feeling like we’re under constant threat, it’s clearly crossed over into a negative place,” Teachman says. “I think part of what’s happening is most of the news stories tend to be negative, so it gives us this sense that we’re in a constant state of danger and that we are vulnerable and the world is a very dangerous place.”

In terms of solutions, Teachman says people need to limit their exposure to social media and the news to keep their lives balanced. It’s OK to read some news to stay informed and check out what people are saying online, but it can get unhealthy if you overdo it. Once you’ve read enough to know what’s going on, think of other things that you enjoy doing and that help you maintain your mental health, she says.

“It’s not about ‘this is a bad thing and this is a good thing.’ It’s about how you engage with it and how it fits in with the rest of what’s going on in your life,” Teachman says. “How are you living the rest of your life, and what are the impacts on that?”

If you’re feeling overwhelmed by the news, Teachman says it’s important to consider what your values are and how you can act on those values in your daily life. Think about who you want to be and what you want to accomplish. This can focus your mind when you’re feeling overwhelmed.

If you’re not feeling like you’re who you want to be right now, she says, think of small things you can do to get closer to becoming that person. Think about the things you can do to get closer to that goal so you’re more capable of handling stress and feeling mentally well, and about the things you can do to help solve the problems you’re worried about.

“Take a step back from your social media. Take a step back from your phone. Take a step back from the stressors unless the thing that’s stressful is imminently going to harm you,” Price says. “And get more local.”

Price says that acting locally on issues you’re concerned about can help you maintain your mental health because otherwise things can feel too far away and too difficult to solve. Maybe you can’t end a war, but perhaps you can help some people in your community or get your community to do something that helps a bigger problem.

People are overwhelmed. They’re tired. Sometimes you want to just curl up in a ball and pull your comforter over your head. Teachman says that’s the worst thing you can do for your mental health. It’s important to connect with people to maintain your mental health, she says, and sometimes you can connect with people and be part of the solution to a problem at the same time.

It's Time to Log Off

From Russia to Iran, the feds have charged Binance with allegedly conducting well over $1 billion in transactions with sanctioned countries and criminal actors.

For years, the world's largest cryptocurrency exchange, Binance, has been dogged by rumors of malfeasance and federal investigations. Today, in a set of accusations that will rock the already tumultuous world of crypto, the US Department of Justice revealed criminal charges against the company and its chief executive, Changpeng Zhao, claiming they enabled the laundering of vast flows of dirty money across the globe, from Cuba to Iran to Russia.

The indictment against Binance, unsealed ahead of a press conference by US attorney general Merrick Garland, accuses the company of billions of dollars of transactions that violated US anti-money-laundering laws, including well over a billion dollars of actual criminal transactions and sanctions evasions. Separate indictments specifically charge Zhao and former chief compliance officer Samuel Lim with allowing those illicit transactions to take place.

Garland announced Tuesday that Zhao had pleaded guilty to a felony money-laundering violations charge and that the company had agreed to pay a $4.3 billion fine as part of a settlement with the DOJ. Zhao has also stepped down from his role running the company and agreed to pay a $150 million fine. Lim must pay $1.5 million as part of the settlement.

“Binance prioritized its profits over the safety of the American people,” Garland said during the press conference. “Binance became the world’s largest cryptocurrency exchange in part because of the crimes it committed. Now it is paying one of the largest corporate penalties in US history."

The charging documents describe a company that allegedly turned a blind eye, sometimes willfully and knowingly, prosecutors claim, to the trading of funds from sanctioned countries and regions like Iran, Cuba, Syria, and Russian-occupied areas of Ukraine such as Crimea and Donbas, as well as the now defunct criminal dark-web market Hydra.

“Their illicit financing problems were overwhelming to an unsolvable degree,” a former Binance executive tells WIRED, echoing the charges. The former executive was granted anonymity because they are not authorized to speak about internal company matters. “It was a nightmare trying to get a handle on all the sanctions evasions taking place. The execs were more and more hostile to compliance teams trying to mitigate a lot of issues that they were seeing.”

The indictment alleges, for instance, that Binance allowed more than 1.1 million transactions between US persons and Iranians—each one an alleged sanctions violation—totaling to a value of nearly $900 million. It also alleges $106 million in direct flows of money from the Russian dark-web market Hydra, which offered narcotics, stolen data, and money-laundering services, to Binance accounts.

US prosecutors claim Binance processed around $275 million in both deposits and withdrawals to BestMixer, a cryptocurrency “mixing” service designed to make cryptocurrency transactions harder to trace, before Dutch law enforcement shut down that service in May 2019 as part of a money-laundering investigation. The charging document goes on to allege that Binance users included ransomware gangs, hackers who had plundered crypto from other exchanges, and scammers. In comments at Tuesday's press conference, US treasury secretary Janet Yellen added that Binance had facilitated transactions with terrorist groups “including Hamas,” which the US designates as a terrorist organization, as well as purveyors of child sexual abuse material.

For years after its founding in 2017, the prosecutors say, Binance had virtually no know-your-customer requirements, in violation of US money-laundering laws, despite offering its services to US users. In the indictment against Zhao, he’s accused of encouraging the company to operate in a “grey zone,” telling employees that it was “better to ask forgiveness than permission.”

Even once Binance appeared to enact more stringent know-your-customer rules for users in 2021, the indictment alleges, the company often ignored sanctions violations or knowingly allowed users to circumvent its money-laundering checks. More than 12,500 users, the indictment claims, listed Iranian phone numbers on their accounts but were allowed to continue trading on the exchange.

“Iran is very tricky,” a Binance staffer wrote in an internal communication at one point, according to the indictment. “We definitely do not want to acknowledge we have them onboard … our official stance is we gotten rid of all of them \[sanctions\] and blocked.”

Binance's investigations and compliance team, according to the charging document, was instructed to check on a user's “VIP level" before banning their account for violations—or to even give VIP users new accounts despite known violations. In one internal conversation, a Binance staffer allegedly told another to warn a VIP user to “be careful with his flow of funds, especially from darknet markets like hydra,” according to prosecutors. The staffer allegedly added that the user “can come back with a new account \[but\] this current one has to go, it's tainted.”

In one particularly damning message read by Garland, a compliance executive allegedly joked, “Is washing drug money too hard these days? Come to Binance. We got cake for you.”

Rumors and reports of Binance's use by criminals have circulated for years. Reuters reported in June 2022 that Binance had enabled more than $2.35 billion in money laundering by hackers and drug traffickers, which Binance denied. In December of last year, Reuters wrote that the Department of Justice was considering criminal charges against the company.

The charges and settlement come on the heels of the fraud conviction of Sam Bankman-Fried, the former CEO of FTX, which once rivaled Binance as one of the biggest cryptocurrency exchanges in the world. “In just the past month, the Justice Department has successfully prosecuted the CEOs of two of the world’s largest cryptocurrency exchanges in two separate criminal cases," Garland said in Tuesday's press conference. "The message here should be clear: Using new technology to break the law does not make you a disruptor, it makes you a criminal.”

DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations

The North Atlantic Fellas Organization is trying to shut down Trump’s flailing social media platform before the 2024 election—by shitposting.

As former president Donald Trump’s Truth Social social media platform teeters on the brink of financial collapse, a group of shitposting cartoon dogs known for mocking Russia’s war efforts in Ukraine has infiltrated the platform. They’re trying to bring it down from the inside before the 2024 US election.

The North Atlantic Fella Organization (NAFO) is an online activist group founded last year to combat pro-Russia propaganda related to the invasion of Ukraine. Last month, the group turned its attention to Trump’s social network and launched a campaign to take over the trending topics section on the website. The group says that the operation, which included 50 “NAFO commandos,” as members targeting Truth Social call themselves, was so successful that those running the campaign now have a long-term goal: Take down Truth Social completely.

“The goal we have in mind, which is lofty, is to help bring the platform down ahead of the 2024 election,” Rock Kenwell, the pseudonymous leader of the NAFO commandos, tells WIRED. “We know it's going to be an aggregator for extremism and probably violence the way things are looking at this point.”

Describing the Truth Social platform’s current environment, Kenwell compared the challenge of combating the spread of pro-Trump messaging on the platform with “dealing with your racist uncle that nobody wants at the Thanksgiving dinner table because he’s just obnoxious and looking to fight with everybody.”

Truth Social was launched in early 2022 by Trump, who had been kicked off of mainstream platforms for inciting violence. Trump claimed that the network would challenge “Big Tech platforms” like Facebook, Instagram, and Twitter as a free speech platform open to everyone, but in the 18 months since it started, the site has failed to attract anyone outside of Trump sycophants and QAnon conspiracy groups, and has instead become the butt of late night comedy. Last week, a filing to the US Securities and Exchange Commission (SEC) showed that the platform had lost $31 million since it launched.

“It's a very easy platform to manipulate. It's a very primitive, social media environment,” adds Kenwell.

Kenwell, along with other members of NAFO, posts anonymously to avoid blowback from the individuals and groups they are targeting. They also represent themselves online by using various cartoons of the Shiba Inu, a Japanese breed of dog that became a popular internet meme in 2013.

While most of NAFO’s activity takes place on X, the website formerly as Twitter, Kenwell had considered targeting Truth Social after he was inspired in part by a campaign earlier this year run by three friends—including the founder of the Birds Aren’t Real satirical conspiracy movement—who managed to get the #DeSantis2024 hashtag trending on Truth Social before it suddenly shut down.

But Kenwell was finally convinced to take action when he saw the Biden campaign join Truth Social. Biden’s campaign team joined Truth Social in October and briefly surged past the Trump campaign account in terms of followers, though the Trump account, with almost 65,000 followers, has since surpassed the Biden account, which currently has almost 56,000 followers.

On October 31, Kenwell launched his campaign to try and take over the trending topics section on Truth Social by using anti-MAGA hashtags. Just 50 members were involved in the initial wave, but they successfully got hashtags that could be misinterpreted as pro-MAGA onto the trending list, including misspelt phrases like #StollenElection or #ErectionFraud. This goal was achieved in a matter of hours, according to screenshots shared with WIRED of the platform’s trending topics.

In the space of 10 days, the Commandos posted over 8,200 “Truths” containing their anti-Trump hashtags. “These guys are way easier to trigger than the Russian spambots over on Twitter,” wrote NAFO member Pinkeye McGrew in a private Truth Social group hours after the operation began.

The campaign was orchestrated in this private group, and everyone in the group shared (or “reTruthed”) each other’s posts to make it look like there were a lot more people involved.

The hashtags were eventually removed from the trending list, but Kenwell claims the campaign had an even greater impact on the platform: “We actually made Truth Social take down new app downloads from the app store,” Kenwell says. “We made them shut off new account registration just after our campaign began.”

Truth Social was in fact unavailable to download from the app store, and new registrations were closed around the time the campaign took place. However, this has periodically happened at other times on Truth Social and WIRED could not independently verify that the NAFO campaign was responsible for closing new registrations.

Truth Social did not respond to WIRED’s requests for comment about NAFO’s campaign to impact Truth Social’s trending list, why it closed registrations around this time, and whether the decision was linked to NAFO’s campaign.

The success of the campaign did, however, entice around 200 NAFO members to sign up for future anti-Truth Social campaigns, Kenwell tells WIRED.

NAFO is planning to spread pro-Ukraine content on the platform later this month. “The thing is to get the word out in that environment about the realities of what's happening in Ukraine because, it being a MAGA environment, they are pro-Russia, they're very anti-Ukraine,” Kenwell says.

Next, the group will take aim at the few advertisers who have decided to pay Trump to sell gold, alternative medicine, and Trump merchandise on his platform.

Kenwell says he has a database of around 50 Truth Social ads queued up and ready to be faked and deployed at once. “So, all of a sudden, it's just a glut of fake ads,” Kenwell says. “It's really easy to fake ads on Truth Social … If we can take any ad and get a couple of thousand false versions of that ad running, nobody can really identify what is the original ad anymore and what's fake.”

While the operation was being conducted by anonymous accounts, the campaign was far from top secret. On X, Kenwell detailed exactly what the group was doing and how new members could join in a thread he called the NAFO Commandos Quick Start Guide.

Though a few of the NAFO accounts have been taken down—including a spoof Russian Embassy account, which was taken down for pretending to be an official government agency—Kenwell says he’s not worried about being kicked off Truth Social.

"We don't care, because we'd just try again, we'd make new accounts and get back on there again,” Kenwell says. “Anyway, I don't believe that they have the capability or the personnel to deal with something like this on an ongoing basis.”

Inside the Operation to Bring Down Trump’s Truth Social

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter WIRED obtained that was sent by US senator Ron Wyden to the Department of Justice (DOJ) on Sunday, challenging the program’s legality.

According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs’ departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure—a maze of routers and switches that crisscross the United States.

In a letter to US attorney general Merrick Garland on Sunday, Wyden wrote that he had “serious concerns about the legality” of the DAS program, adding that “troubling information” he’d received “would justifiably outrage many Americans and other members of Congress.” That information, which Wyden says the DOJ confidentially provided to him, is considered “sensitive but unclassified” by the US government, meaning that while it poses no risk to national security, federal officials, like Wyden, are forbidden from disclosing it to the public, according to the senator’s letter.

AT&T spokesperson Kim Hart Jonson declined WIRED’s request to comment on the DAS program, saying only that the company is required by law to comply with a lawful subpoena.

There is no law requiring AT&T to store decades’ worth of Americans’ call records for law enforcement purposes. Documents reviewed by WIRED show that AT&T officials have attended law enforcement conferences in Texas as recently as 2018 to train police officials on how best to utilize AT&T’s voluntary, albeit revenue-generating, assistance.

In 2020, the transparency collective Distributed Denial of Secrets published hundreds of gigabytes of law enforcement data stolen from agencies around the US. A WIRED review of the files unearths extraordinary detail regarding the processes and justifications that agencies use to monitor the call records of not only criminal suspects, but of their spouses, children, parents, and friends. While DAS is managed under a program devoted to drug trafficking, a leaked file from the Northern California Regional Intelligence Center (NCRIC) shows that local police agencies, such as those in Daly City and Oakland, requested DAS data for unsolved cases seemingly unrelated to drugs.

In one instance, an officer with the Oakland Police Department asked for a “Hemisphere analysis” to identify the phone number of a suspect by analyzing the calls of the suspect’s close friends. In another, a San Jose law enforcement officer asked the Northern California Regional Intelligence Center to identify a victim and material witness in an unspecified case. One officer, soliciting information from AT&T under the program, wrote: “We obtained six months of call data for \[suspect\]'s phone, as well as several close associations (his girlfriend, father, sister, mother).” The records do not indicate how AT&T responds to every request.

Leaked law enforcement files further show that a range of officials—from a US Postal Service inspector to a New York Department of Corrections parole officer—participated in DAS training sessions. Other participants include port authorities and members of US Immigration & Customs Enforcement, National Guard, and California Highway Patrol, alongside scores of smaller agencies.

First disclosed by _The New York Times_ in September 2013 as Hemisphere, the DAS program—renamed in 2013—has since flown largely under the radar. Internal records concerning the program’s secrecy that were obtained by the newspaper at the time show that law enforcement had long been instructed to never “refer to Hemisphere in any official document.”

Following the _Times_’ story, former US president Barack Obama reportedly suspended funding for the Hemisphere program in 2013. And while discretionary funding was withheld over the following three years, a White House memo obtained by WIRED shows that individual law enforcement organizations across the US were permitted to continue contracting with AT&T directly in order to maintain access to its data-mining service. Funding resumed under former president Donald Trump but was halted again in 2021, according to the White House memo. Last year, under president Joe Biden, the funding resumed once more, the memo says.

The White House acknowledged an inquiry from WIRED but has yet to provide a comment.

The DAS program is maintained under an affiliated program called HIDTA, funded by the White House’s Office of National Drug Control Policy (ONDCP). HIDTA, or “high-intensity drug trafficking area,” is a designation assigned to 33 different regions of the US, according to the White House. The first five regions, mapped out in 1990, included areas around Los Angeles, Houston, Miami, New York, and the entire US-Mexico border, some of the nation’s most active drug trafficking areas.

The collection of call record data under DAS is not wiretapping, which on US soil requires a warrant based on probable cause. Call records stored by AT&T do not include recordings of any conversations. Instead, the records include a range of identifying information, such as the caller and recipient’s names, phone numbers, and the dates and times they placed calls, for six months or more at a time. Documents released under public records laws show the DAS program has been used to produce location information on criminal suspects and their known associates, a practice deemed unconstitutional without a warrant in 2018.

“Requests concerning location information require the highest level of legal demand, which is a court-issued warrant, except in emergency situations,” AT&T’s Hart Jonson says.

Orders targeting a nexus of individuals are sometimes called “community of interest” subpoenas, a phrase that among privacy advocates is synonymous with dragnet surveillance.

“The scale of the data available to and routinely searched for the benefit of law enforcement under the Hemisphere Project is stunning in its scope,” Wyden’s letter to Garland says.

The White House has provided at least $6.1 million in discretionary funding to the DAS program since 2013, according to a two-page memo authored last year by White House officials. An internal HIDTA “participant guide” reviewed by WIRED shows that HIDTA funding exceeded $280 million in 2020 alone. It remains unclear how much HIDTA funding is spent to support AT&T’s vast collection of American call records.

It is not currently known how far back the call records accessible under DAS go. A slide deck released under the Freedom of Information Act in 2014 states that up to 10 years’ worth of records can be queried under the program, a statistic that contrasts with other internal documents that claimed AT&T could reach decades into the past. AT&T’s competitors, meanwhile, typically retain call records for no more than two years. (The necessity for phone companies to track call records for extended periods of time has gradually decreased with the disappearance of long-distance charges.)

The DAS program echoes multiple dragnet surveillance programs dating back decades, including a Drug Enforcement Agency program launched in 1992 that forced phone companies to surrender records of virtually all calls going to and from over 100 other countries; the National Security Agency’s bulk metadata collection program, which the US Second Circuit Court of Appeals deemed illegal in 2014; and the Call Details Records program, which suffered from “technical irregularities” leading the NSA to collect millions of calls it was “not authorized to receive.”

Unlike these past programs, which were subject to congressional oversight, DAS is not. A senior Wyden aide tells WIRED the program takes advantage of numerous “loopholes” in federal privacy law. The fact that it’s effectively run out of the White House, for example, means it is exempt from rules requiring assessments of its privacy impacts. The White House is also exempt from the Freedom of Information Act, reducing the public’s overall ability to shed light on the program.

Because AT&T’s call record collection occurs along a telecommunications “backbone,” protections enshrined under the Electronic Communications Privacy Act may not apply to the program.

Earlier this month, Wyden and other lawmakers in the House and Senate introduced comprehensive privacy legislation known as the Government Surveillance Reform Act. The bill contains numerous provisions that, if enacted, would patch most if not all of these loopholes, effectively rendering the DAS program, in its current form, explicitly illegal.

Read Wyden’s full letter to the US Department of Justice below:

_The Honorable Merrick B. Garland_  
_Attorney General_  
_U.S. Department of Justice_  
_950 Pennsylvania Avenue, NW_  
_Washington, DC 20530-0001_

_Dear Attorney General Garland:_

_I write to request that you clear for public release additional information about the Hemisphere Project. This is a long-running dragnet surveillance program in which the White House pays AT&T to provide all federal, state, local, and Tribal law enforcement agencies the ability to request often-warrantless searches of trillions of domestic phone records._

_In 2013, the New York Times revealed the existence of a surveillance program in which the White House Office of National Drug Control Policy (ONDCP) pays AT&T to mine its customers’ records for the benefit of federal, state, local, and Tribal law enforcement agencies. According to an ONDCP slide deck, AT&T has kept and queries as part of the Hemisphere Project call records going back to 1987, with 4 billion new records being added every day. That slide deck was apparently disclosed by a local law enforcement agency in response to a public information request and was published by the New York Times in 2013._

_The scale of the data available to and routinely searched for the benefit of law enforcement under the Hemisphere Project is stunning in its scope. One law enforcement official described the Hemisphere Project as “AT&T's Super Search Engine” and ... "Google on Steroids,” according to emails released by the Drug Enforcement Administration (DEA) under the Freedom of Information Act. The ONDCP slide deck and an email released by the DEA also reveal that AT&T searches records kept by its wholesale division, which carries communications on behalf of other communications companies and their customers. Another slide deck released by ONDCP and published by the press in 2014 describes the specific capabilities of Hemisphere, including that it can be used to identify alternate numbers used by a target, obtain location data and “two levels of call detail records for one target number” (meaning the phone records of everyone who communicated with the target)._

_The Hemisphere Project has been supported by regular funding from the White House ONDCP since 2009, according to the attached undated white paper that ONDCP provided to my office on October 27, 2022 (Appendix A). That same document reveals that White House funding for this program was suspended by the Obama Administration in 2013, the same year the program was exposed by the press, but continued with other federal funding under a new generic sounding program name, “Data Analytical Services.” ONDCP funding for this surveillance program was quietly resumed by the Trump Administration in 2017, paused again in 2021, the first year of the Biden Administration, and then quietly restarted again in 2022._

_Although the Hemisphere Project is paid for with federal funds, they are delivered to AT&T through an obscure grant program, enabling the program to skip an otherwise mandatory federal privacy review. If the funds came directly from a federal agency, such as the DEA, Hemisphere would have been subjected to a mandatory Privacy Impact Assessment conducted by the Department of Justice (DOJ) Office of Privacy and Civil Liberties, the findings of which would be made public. Instead, ONDCP provides funding for the program through the Houston High Intensity Drug Trafficking Area (HIDTA), one of 33 regional funding organizations as a part of a grant program created by Congress and administered by ONDCP. The HIDTAs distribute federal anti-drug law enforcement grants to state and local agencies, and are governed by a board made up entirely of federal, state and local law enforcement officials._

_ONDCP provided my staff with an undated white paper describing the program and its historical funding levels, but ONDCP directed all questions about Hemisphere to the Houston HIDTA. Officials at the Houston HIDTA provided my office with a briefing on November 7, 2022, and spoke again with my staff again by phone on December 1, 2022. The Houston HIDTA officials told my staff that all Hemisphere requests are sent to a single AT&T analyst located in Atlanta, Georgia, and that any law enforcement officer working for one of the federal, state, local and Tribal law enforcement agencies in the U.S. can contact the AT&T Hemisphere analyst directly to request they run a query, with varying authorization requirements. The Houston HIDTA officials confirmed that Federal and state law enforcement agencies can request a Hemisphere search with a subpoena, which is a directive that many law enforcement agencies can issue themselves (except in California and Texas, where a court order is required by state law). They also explained that Hemisphere searches are not required to be in support of drug-related investigations._

_For the past year, I have urged the DOJ to release dozens of pages of material related to the Hemisphere Project, which it first provided to my office in 2019. This information has been designated “Law Enforcement Sensitive,” which is meant to restrict its public release. I have serious concerns about the legality of this surveillance program, and the materials provided by the DOJ contain troubling information that would justifiably outrage many Americans and other members of Congress. While I have long defended the government’s need to protect classified sources and methods, this surveillance program is not classified and its existence has already been acknowledged by the DOJ in federal court. The public interest in an informed debate about government surveillance far outweighs the need to keep this information secret. To that end, I urge you to promptly clear for public release the material described in Appendix B._

_Thank you for your attention to this important matter._

_Sincerely,_

_Ron Wyden_  
_United States Senator_

Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records

Plus: The FBI's baffling inaction on a ransomware group, a massive breach of Danish electric utilities, and more.

If you’re looking for a long read to while away your weekend, we’ve got you covered. First up, WIRED senior reporter Andy Greenberg reveals the wild story behind the three teenage hackers who created the Mirai botnet code that ultimately took down a huge swath of the internet in 2016. WIRED contributor Garrett Graff pulls from his new book on UFOs to lay out the proof that the 1947 “discovery” of aliens in Roswell, New Mexico, never really happened. And finally, we take a deep dive into the communities that are solving cold cases using face recognition and other AI.

That’s not all. Each week, we round up the security and privacy stories we didn’t report in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

For years, mercenary hacker companies like NSO Group and Hacking Team have repeatedly been the subject of scandal for selling their digital intrusion and cyberespionage services to clients worldwide. Far less well-known is an Indian startup called Appin that, from its offices in New Delhi, enabled customers worldwide to hack whistleblowers, activists, corporate competitors, lawyers, and celebrities on a giant scale.

In a sprawling investigation, Reuters reporters spoke to dozens of former Appin staff and hundreds of its hacking victims. It also obtained thousands of its internal documents—including 17 pitch documents advertising its “cyber spying” and “cyber warfare” offerings—as well as case files from law enforcement investigations into Appin launched from the US to Switzerland. The resulting story reveals in new depth how a small Indian company “hacked the world,” as Reuters writes, brazenly selling its hacking abilities to the highest bidder through an online portal called My Commando. Its victims, as well as those of copycat hacking companies founded by its alumni, have included Russian oligarch Boris Berezovsky, Malaysian politician Mohamed Azmin Ali, targets of a Dominican digital tabloid, and a member of a Native American tribe who tried to claim profits from a Long Island, New York, casino development on his reservation.

The ransomware group known as Scattered Spider has distinguished itself this year as one of the most ruthless in the digital extortion industry, most recently inflicting roughly $100 million in damage to MGM Casinos. A damning new Reuters report—their cyber team has had a busy week— suggests that at least some members of that cybercriminal group are based in the West, within reach of US law enforcement. Yet they haven't been arrested. Executives of cybersecurity companies who have tracked Scattered Spider say the FBI, where many cybersecurity-focused agents have been poached by the private sector, may lack the personnel needed to investigate. They also point to a reluctance on the part of victims to immediately cooperate in investigations, sometimes depriving law enforcement of valuable evidence.

Denmark's critical infrastructure Computer Emergency Response Team, known as SektorCERT, warned in a report on Sunday that hackers had breached the networks of 22 Danish power utilities by exploiting a bug in their firewall appliances. The report, first revealed by Danish journalist Henrik Moltke, described the campaign as the biggest of its kind to ever target the Danish power grid. Some clues in the hackers' infrastructure suggest that the group behind the intrusions was the notorious Sandworm, aka Unit 74455 of Russia's GRU military intelligence agency, which has been responsible for the only three confirmed blackouts triggered by hackers in history, all in Ukraine. But in this case, the hackers were discovered and evicted from the target networks before they could cause any disruption to the utilities' customers.

Last month, WIRED covered the efforts of a whitehat hacker startup called Unciphered to unlock valuable cryptocurrency wallets whose owners have forgotten their passwords—including one stash of $250 million in bitcoin stuck on an encrypted USB drive. Now, the same company has revealed that it found a flaw in a random number generator widely used in cryptocurrency wallets created prior to 2016 that leaves many of those wallets prone to theft, potentially adding up to $1 billion in vulnerable money. Unciphered found the flaw while attempting to unlock $600,000 worth of crypto locked in a client's wallet. They failed to crack it but in the process discovered a flaw in a piece of open-source code called BitcoinJS that left a wide swath of other wallets potentially open to be hacked. The coder who built that flaw into BitcoinJS? None other than Stefan Thomas, the owner of that same $250 million in bitcoin locked on a thumb drive.

The Startup That Transformed the Hack-for-Hire Industry

Beyond the blinding speeds and sharp turns on new terrain, the teams at this weekend’s big F1 race are preparing for another kind of danger.

Every Formula 1 race weekend is essentially a pop-up event in a different city around the world, bringing 10 teams, their cars, and their entire mobile infrastructure to Australia, Singapore, Monaco, and beyond. This weekend's Las Vegas Grand Prix is especially unscripted, though, because the event is Formula 1's debut in Sin City. Cold weather and a rogue drain cover on the track have already injected some chaos into the spectacle. But as they prepared for the event, cybersecurity specialists from McLaren Racing, the city of Las Vegas, and the security firm Darktrace told WIRED that they aren't deterred—their whole job is to expect the unexpected.

Major live sporting events are a prime target for hackers because they are prominent, highly visible, and draw international attention. Russia's notorious attempt to target the 2018 Winter Olympics in South Korea, for example, included both disruptive attacks and hacks for information gathering. All sports now incorporate advanced elements of digital analysis and quantified performance, but Formula 1 is a particularly data-heavy sport. Race cars are essentially giant sensor arrays that are hurtling around at more than 200 miles per hour, generating massive amounts of information. The quicker teams can crunch the numbers from the track, the sooner they can determine which strategies and modifications to employ in real time or in preparation for the final race of the weekend. But a denial of service attack on any of a team’s engineering systems, one that disrupts their real-time communications, or theft of intellectual property could be disastrous for an F1 team.

“We’re a very public sport,” says Ed Green, McLaren's head of commercial technology. “Our people are known and where we’re racing is known and what we do is known. And while there are lots of unknown things about our operation, lots of what we do is public so people can find out information and start to target us. So what we’re trying to do is make sure that security is part of the team and an additive part of what we do.”

Green describes McLaren's setup at each race as “an extension of the office for the weekend.” The infrastructure is a sort of mobile data center where, for example, the pit crew on the ground is working as a remote part of the garage back at headquarters. This means that a crucial component of the entire operation is reducing latency in the digital connection between the track and home base—a geographic and network distance that varies significantly from weekend to weekend as the season plays out around the world. Green says that during the Brazil race in Sao Paulo at the beginning of November, McLaren was connected to its HQ in England with just a 223-millisecond delay.

“We pull down 1.5 terabytes of data a weekend and run 50 million simulations over the course of a weekend. And I would break down the importance of cybersecurity in a few different buckets,” McLaren CEO Zak Brown says. “We have the design IP of our race car, and that is highly confidential trade secrets that we're moving around a lot. We're dealing with third parties and racing around the world. And then we have all the data that is going on at the race track, where we're literally making split-second decisions.”

Darktrace, which provides digital defense services for McLaren and has also worked with the city of Las Vegas on its cybersecurity for years, says that phishing, business email compromise, and other scams are the types of attacks its real-time, artificial-intelligence-based threat monitoring system detects and blocks most often related to Formula 1, both day to day and on race weekends.

“One of the things that I've learned from being a partner with McLaren is the car changes continuously, every race there are things that are changing, new elements being introduced based on the track conditions,” says Nicole Eagan, Darktrace's chief strategy and AI officer. “It's a continuous updating and changing of IP that's much more dynamic than in other industries that we protect.”

All of this change and quick communication both within an organization and with third parties creates potential opportunities for scammers. But McLaren's Brown also notes that Formula 1 teams need to be wary of their position on the global stage.

“It's one thing to lock down Fort Knox—we’re moving 24 times around the world into different countries, from China to Saudi Arabia to Las Vegas,” he says. “Each one has its own challenges. With the growth of the sport, how much technology we use and where we're racing, people will attempt to use our sport sometimes in a political nature. There are bad actors that can potentially come at us from every angle and for every reason, some of which aren't personal. So therefore cybersecurity is right at the top of the list when we go through our IT needs.”

While Darktrace chief information security officer Mike Beck agrees that geopolitics and hacktivism can pose a threat to a sport with as much global reach as F1, he adds that competitive racing's simple and straightforward goal is an advantage for defenders.

“The mission is so clear, get that car around the track as fast as possible and make sure no one steals your IP and you don’t get locked out,” he says. “When you get that sort of clarity on a mission you can articulate risk really, really well.”

While preparing for the Formula 1 race weekend has been a logistical challenge in many ways, Michael Sherwood, Las Vegas' chief innovation and technology officer, says that the city is well positioned to handle the cybersecurity component because it deals with so many high-profile events throughout the year. Las Vegas has also invested in smart city infrastructure and already defends a massive array of deployed sensors and other networked devices.

Recent cyberattacks that targeted some of Las Vegas' entertainment giants, including Caesar's and MGM Resorts, have put the city on even higher alert, Sherwood says. But he adds that whether he's working on digital defenses for the Grand Prix, New Year's Eve, or just a regular night of epic Vegas partying, “there’s no resting. This is the world we live in—you’re on guard all the time, preparing and prepping.”

Source

Wired