As civil conflict continues in and above the streets of Khartoum, satellite images from the Conflict Observatory at Yale University have captured the catastrophic damage.

On Thursday, the head of the Sudanese Army, Abdel Fattah al-Burhan, addressed the United Nations General Assembly in New York City, asking for increased aid from the international community for Sudan and condemning the paramilitary groups that he says “have killed, looted, raped, robbed, and seized citizens’ homes and properties, and destroyed infrastructure and government buildings.” Since April, the country has been gripped by a civil conflict between the government and the Rapid Support Forces (RSF), a rebel group backed by the Russian mercenary company, the Wagner Group. At the beginning of the week, ahead of the General Assembly, a group of 50 human rights and humanitarian organizations published an open letter urgently calling for the UN Security Council to address the crisis in Sudan.

A new report from the Conflict Observatory at Yale University has used satellite imagery and open source investigative tools to chart the catastrophic damage caused by fighting in the capital city of Khartoum. Open source imagery has been particularly hard to come by in Sudan, due in part to power and telecom blackouts, which makes it hard to assess the full extent of the damage caused by the conflict.

The Conflict Observatory, a US-government-backed initiative between Yale University’s Humanitarian Research Lab, the Smithsonian Cultural Rescue Initiative, PlanetScape AI, and the mapping software Esri, has identified at least five explosions that took place within the city, including attacks that damaged a market and a hospital and which researchers estimate have left hundreds of people dead. At least one of the explosions—the attack on the market—was most likely caused by a drone strike.

Photograph: Maxar Technologies

Government forces have acquired Turkish Bayraktar drones, while the RSF has been using commercial unmanned aerial vehicles (UAVs) likely sourced from Russia, according to Nathaniel Raymond, a coleader of the Humanitarian Research Lab and lecturer at Yale’s Jackson School of Global Affairs.

“Welcome to the new world order,” says Raymond. “All conflicts are now shaped by the use of UAVs by state and nonstate actors.”

Most of the aerial strike damage that the Conflict Observatory found appears to have been attributed to the Sudanese Armed Forces (SAF), though both sides have released statements accusing the other of attacks on various locations. The RSF, headed by Mohamed Hamdan Daglo, known as Hemedit, has also been receiving weapons, including drones, from Wagner for months. The mercenary group has forces stationed across the border in eastern Libya. Though technically a private company, Wagner has been an integral part of Russia’s assertion of military and foreign power overseas, particularly in Africa. A recent convoy carrying Russian weapons to the RSF crossed into Sudan via Chad on September 6.

Violence has been steadily worsening in Sudan since April, when negotiations meant to return the government to civilian rule broke down. Al-Burhan has been the country’s de facto ruler since a coup in 2021, following the ouster of the country’s president Omar al-Bashir in 2019. A key tension point was around whether and how quickly the RSF’s 100,000-person force would be absorbed into the Sudanese military. On April 15, the RSF launched an assault on Khartoum. Fighting escalated in Khartoum on September 16, with images of the city’s Greater Nile Petroleum Oil Company Tower skyscraper engulfed in flames circulating widely on X (formerly known as Twitter). But Raymond says that the attacks also seem to have hit two Ministry of Justice buildings, including the headquarters of the Internal Security Services.

Photograph: Maxar Technologies

“The fighting in Khartoum has significantly escalated, including indiscriminate bombardment,” says Raymond, who adds that drones have become “increasingly part of SAF’s element” and notes an official transfer of Turkish Bayraktars to the SAF. The human cost of the brutal conflict has only increased as more of the fighting—including airstrikes—has taken place in densely populated areas. The report estimates that at least 2,875,125 civilians from Khartoum State are now displaced.

Data from Action on Armed Violence (AOAV), a UK-based nonprofit that tracks armed violence against civilians around the world, found that markets and residential areas were particularly likely to be affected by explosive air strikes.

“The IED that haunted the battlefields of Afghanistan, Iraq, and Syria is now becoming airborne,” says Iain Overton, executive director at AOAV.

“When you begin to use … whether it’s Turkish drones or other aerial assaults that are promised in the halls of arms as being precise and proportionate, the end result is imprecision and disproportionate,” says Overton. “These weapons are then sold to militaries and groups that often have very poor human rights records in the first place. And then they go and use them in some scenarios that almost invariably will cause civilian casualties.”

Satellite Images Show the Devastating Cost of Sudan’s Aerial War

Corporations are using software to monitor employees on a large scale. Some experts fear the data these tools collect could be used to automate people out of their jobs.

You’ve probably heard the story: A young buck comes into a new job full of confidence, and the weathered older worker has to show them the ropes—only to find out they’ll be unemployed once the new employee is up to speed. This has been happening among humans for a long time—but it may soon start happening between humans and artificial intelligence.

Countless headlines over the years have warned that automation isn’t just coming for blue-collar jobs, but that AI would threaten scores of white-collar jobs as well. AI tools are becoming capable of automating tasks and sometimes entire jobs in the corporate world, especially when those jobs are repetitive and rely on processing data. This could affect everyone from workers at banks and insurance companies to paralegals and beyond.

Carl Frey, an economist at Oxford University, coauthored a landmark study in 2013 that claimed AI could threaten nearly 50 percent of US jobs in the coming decades. Frey says that he doesn’t think new AI tools like ChatGPT are going to automate jobs in this way because they still require human involvement and are often unreliable. Still, many of the underlying factors that were outlined in that paper remain pertinent today. Considering the rapid pace at which AI is advancing, it’s hard to predict how it could soon be utilized and what it will be capable of.

Then there’s the issue of how it’s being incorporated into daily work and how it’s being trained. Enter corporate spyware, invasive monitoring apps that allow bosses to keep close tabs on everything their employees are doing—collecting reams of data that could come into play here in interesting ways. Corporations, which are monitoring their employees on a large scale, are now having workers utilize AI tools more frequently, and many questions remain regarding how the many AI tools that are currently being developed are being trained.

Put all of this together and there’s the potential that companies could use data they’ve harvested from workers—by monitoring them and having them interact with AI that can learn from them—to develop new AI programs that could actually replace them. If your boss can figure out exactly how you do your job, and an AI program is learning from the data you’re producing, then eventually your boss might be able to just have the program do the job instead.

“When it comes to monitoring workflows, I do think that’s going to be a way we automate a lot of this stuff,” Frey says. “What you might be able to do is take some of those foundational models and train them on some of the data you have internally and fine-tune them, or you could train a model from scratch just with your internal data.”

David Autor, a professor of economics at MIT, says he also thinks AI could be trained in this way. While there is a lot of employee surveillance happening in the corporate world, and some of the data that’s collected from it could be used to help train AI programs, simply learning from how people are interacting with AI tools throughout the workday could help train those programs to replace workers.

“They will learn from the workflow in which they’re engaged,” Autor says. “Often people will be in the process of working with a tool, and the tool will be learning from that interaction.”

Whether you’re training an AI tool directly by interacting with it throughout the day, or the data you’re producing while you work is simply being used to create an AI program that can do the work you’re doing, there are multiple ways in which a worker could inadvertently end up training an AI program to replace them. Even if the program doesn’t end up being incredibly effective, a lot of companies might be happy with an AI program that’s good enough because it doesn’t require a salary and benefits.

“I think there are a lot of discretionary white-collar jobs where you’re kind of using a mixture of hard information and soft information and trying to make advanced decisions,” Autor says. “People aren’t that good at that, machines aren’t that good at that, but probably machines can be pretty much as good as people.”

Autor says he doesn’t see a “labor market apocalypse” coming. Many workers won’t be entirely replaced but will simply have their jobs changed by AI, Autor says, while some workers will certainly be made redundant by advancements in AI. The problem there, he says, is what happens to those workers after they’re no longer able to find a well-paying job with the education and skill sets they have.

“It’s not that we’re going to run out of work. It’s much more that people are doing something they’re good at, and that thing goes away. And then they end up doing a kind of generic activity that everybody’s good at, which means it pays very little—food service, cleaning, security, vehicle driving,” Autor says. “These are low-paying activities.”

Once someone’s automated out of a well-paying job, they can end up slipping through the cracks. Autor says we’ve seen this happen in the past.

“The hollowing out of manufacturing and office work over the past 40 years has definitely put downward pressure on the wages of people who would do that type of work, and it’s not because they’re doing it now at a lower rate of pay. It’s because they’re not doing it,” Autor says.

Frey says politicians will need to offer solutions to those who fall through the cracks to prevent the destabilization of the economy and society. That would likely include offering social safety net programs to those affected. Frey has written extensively on the effects of the first Industrial Revolution, and he says there are lessons to be learned there. In Britain, for example, there was a program called the Poor Laws, where people who were harmed by automation were given financial relief.

“What you see back then is a lot of social unrest. Wages are stagnant or falling for a large part of the population. You have riots,” Frey says. “If you look at the places where the Poor Laws were more generous, there was less social unrest and less upheaval. Using welfare systems to compensate people who lose out is something we’ve done for a long time and should continue to do.”

Many people would also benefit from being retrained for other work, but Autor says the US has never been very good at retraining people, so there’d have to be some work done to create effective retraining programs. He says technology might actually be able to help there because people could be retrained using helpful new digital tools.

There was a lot of hype surrounding ChatGPT and similar AI tools when they came out. That hype has since died down a bit, suggesting to some that maybe these tools won’t be as useful as they were promised to be. Perhaps they won’t be taking everybody’s jobs. However, at the rate at which AI is advancing, there’s no saying where things could be in five to 10 years—or even next year.

Vincent Conitzer, a professor of computer science at Carnegie Mellon University, says people shouldn’t underestimate what these AI tools may soon be capable of. They may be somewhat limited in their use now, but that could change relatively rapidly and end up being as disruptive as some have warned it could be.

“I worry about this being a ‘boiling frog’ kind of scenario, where we see amazing advances in AI but then don’t immediately see them take over people’s jobs, and \[people\] conclude there wasn’t all that much to worry about, and we accept the new technology as the new normal but not all that impressive after all,” Conitzer says. “Meanwhile, gradually but quickly, the world and the job market do adjust to the new technologies in complex ways, and at some point we realize large societal problems have emerged.”

Your Boss’s Spyware Could Train AI to Replace You

With the number of internet blackouts on the rise, cybersecurity firm eQualitie figured out how to hide censored online news in satellite TV signals.

All over the world, walls are going up around the internet.

For years, autocratic regimes have been in a race to heighten those walls, as their citizens develop taller and taller ladders. The more they filter and block, the more their citizens come up with clever technical solutions to access the uncensored truth. There is mounting evidence, however, that repressive regimes are opting to just shut down access to the open internet entirely—and that such blackouts could become permanent.

A team of cybersecurity researchers believe they have come up with a clever new way to fight back: a trojan horse. Specifically, a satellite feed designed to look like a television station, which actually carries a payload of uncensored news and information. It’s a particularly retro solution to a very modern problem.

The program, dubbed eQsat, has been tested and is ready to be put into action during the next internet shutdown—whether it’s in Russian-occupied Ukraine, Iran, or one of the many repressive regimes that regularly block internet access.

The cybersecurity firm behind the program, eQualitie, has spent years developing tools designed for civil society in countries with aggressive internet filtering. Its mobile browser, Ceno, connects users to the open internet and serves content peer-to-peer. When a particular website is blocked or throttled, Ceno grabs a copy of the website supplied by another user who can access the site normally.

Ceno’s weakness—like all peer-to-peer services—is that it still requires some connection to the outside world to deliver blocked content. During a total shutdown, Ceno’s peer-to-peer connections are severed as well.

There are some unreliable solutions to this problem. In some cases, mobile internet or Wi-Fi can be broadcast into an area experiencing an internet shutdown—there have been plans to try to broadcast a cellular or Wi-Fi signal from Finland into Russia, for example. In North Korea, balloons with USB keys attached bring news and entertainment into one of the most heavily censored countries in the world.

But cell signals can be jammed, Starlink terminals can be triangulated, and balloons can be intercepted. The best way to deliver information into a closed country without being caught or thwarted, Jason Roks tells WIRED, is steganography: the act of camouflaging information inside another message. And eQsat is the answer to the question “How do you blend in the most?”

Roks and the team at eQualitie rented space on commercial satellites and began broadcasting their own television channel to countless home satellite receivers throughout Asia and Africa. But should anyone be flipping through the channels, the eQualitie station will be static or color bars. Anyone who records the channel to a USB key, however, would discover that one of the audio tracks is, in fact, a compressed file. Extracted on a computer, it reveals a wealth of information.

“So this is a mechanism we developed to replenish from the outside,” Roks says. “We partnered with dozens of news organizations to, basically, take a snapshot of their websites and—very much like Internet Archive, the Wayback Machine—we keep a version of their site. And we update them daily, quarterly, whatever that basis is. And that works out to about, all those sites for Russia and Ukraine, about a gig and a half of data.” That data, once extracted, can be fed into the BitTorrent network, and can update the cache for their Ceno browser.

A Tricky New Way to Sneak Past Repressive Internet Censorship

Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage.

Mandiant researchers published findings this week about a newly revealed Chinese espionage operation that used Sogu malware to spy on the African operations of both European and US organizations. The campaign is significant for the scope of its victims, but also because attackers used a classic malware distribution method: thumb drives. The attacks are the latest example of China's aggressive global espionage—but read on for statements from the Chinese government about alleged US cyberattacks and digital espionage.

After Elon Musk claimed recently that primates used in Neuralink implant research were close to death anyway, a WIRED investigation this week revealed grisly details about the truth of their deaths that appear to dispute the characterization that the animals were all terminally ill. The revelations come as Neuralink is pursuing human trials of its brain-chip implants. 

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Kia and Hyundai cars have been plagued for years by vulnerabilities—and simply missing protective features—in their antitheft systems that make the cars far too easy to steal. Recently, the companies have been attempting to distribute updates to remedy the situation, but the flaws have already resulted in skyrocketing car theft rates around the United States. New data from 10 US cities compiled by Motherboard through public records requests illustrate the extent of the problem. In Chicago, for example, average car theft rates of about 850 per month are now consistently up to more than 2,000 per month. Similarly, before 2021, rates in Denver used to hover around 800 stolen cars per month. They now typically top 1,000. Atlanta's car theft rates have doubled from their old level before 2022 of fewer than 250 incidents per month. 

“Stolen car rates are not up by 10 percent, or 20 percent, or even 50 percent,” the report says. “In many cities, they are up hundreds of percentage points, Motherboard has found. Rates of stolen Kias and Hyundais in particular are up thousands of percentage points.”

Over the past two weeks, MGM Resorts has been dealing with the very public fallout of a recent cyberattack. Caesars Entertainment also admitted last week that it recently suffered a data breach and faced criminal extortion demands. Adding to the larger context, an executive for the enterprise identity management firm Okta said this week that the same gang that targeted MGM and Caesars, known as Alphv, also hacked three other targets since August as part of the same spree.

That makes five Okta customers in total that were affected. David Bradbury, Okta's chief security officer, would not name the other three victims but said they are in the technology, retail, and manufacturing sectors. Bradbury said Okta is cooperating with law enforcement investigations into the hacks.

Wiz security firm published findings this week that Microsoft AI researchers unintentionally exposed 38 terabytes of private data on the developer platform GitHub while attempting to open-source a repository of training data. The leak included internal Microsoft data, including more than 30,000 Teams messages, passwords, and private keys. The exposure occurred because of a misconfiguration in how the researchers used an Azure Storage data-sharing feature.

This week, officials from China's Ministry of State Security publicly accused the US government of breaching and monitoring Huawei's networks in a 2009 espionage attack. The statement also alleges that the US has conducted “tens of thousands of malicious network attacks” on Chinese institutions and organizations to surveil networks and steal data. Furthermore, the officials claimed that the US government has planted backdoors in software and hardware produced around the world to enable global surveillance. China has accused the US of cyberespionage before—and certainly conducts its share of surveillance and data exfiltration operations. Meanwhile, Huawei has been a particular lightning rod in longtime disputes between the US and China about digital and technical security.

The Shocking Data on Kia and Hyundai Thefts in the US

Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

For much of the cybersecurity industry, malware spread via USB drives represents the quaint hacker threat of the past decade—or the one before that. But a group of China-backed spies appears to have figured out that global organizations with staff in developing countries still keep one foot in the technological past, where thumb drives are passed around like business cards and internet cafés are far from extinct. Over the past year, those espionage-focused hackers have exploited this geographic time warp to bring retro USB malware back to dozens of victims’ networks.

At the mWise security conference today, researchers from cybersecurity firm Mandiant revealed that a China-linked hacker group they’re calling UNC53 has managed to hack at least 29 organizations around the world since the beginning of last year using the old-school approach of tricking their staff into plugging malware-infected USB drives into computers on their networks. While those victims span the United States, Europe, and Asia, Mandiant says many of the infections appear to originate from multinational organizations’ Africa-based operations, in countries including Egypt, Zimbabwe, Tanzania, Kenya, Ghana, and Madagascar. In some cases, the malware—in fact, several variants of a more than decade-old strain known as Sogu—appears to have traveled via USB stick from shared computers in print shops and internet cafés, indiscriminately infecting computers in a widespread data dragnet.

Mandiant researchers say the campaign represents a surprisingly effective revival of thumb drive-based hacking that has largely been replaced by more modern techniques, like phishing and remote exploitation of software vulnerabilities. “USB infections are back,” says Mandiant researcher Brendan McKeague. “In today’s globally distributed economy, an organization may be headquartered in Europe, but they have remote workers in regions of the world like Africa. In multiple instances, places like Ghana or Zimbabwe were the infection point for these USB-based intrusions.”

The malware Mandiant found, known as Sogu or sometimes Korplug or PlugX, has been used in non-USB forms by a broad array of largely China-based hacking groups for well over a decade. The remote-access trojan showed up, for instance, in China’s notorious breach of the US Office of Personnel Management in 2015, and the Cybersecurity and Infrastructure Security Agency warned about it being used again in a broad espionage campaign in 2017. But in January of 2022, Mandiant began to see new versions of the trojan repeatedly showing up in incident response investigations, and each time it traced those breaches to Sogu-infected USB thumb drives.

Since then, Mandiant has watched that USB-hacking campaign ramp up and infect new victims as recently as this month, stretching across consulting, marketing, engineering, construction, mining, education, banking, and pharmaceuticals, as well as government agencies. Mandiant found that in many cases the infection had been picked up from a shared computer at an internet café or print shop, spreading from machines like a publicly accessible internet-access terminal at the Robert Mugabe Airport in Harare, Zimbabwe. “That’s an interesting case if UNC53’s intended infection point is a place where people are traveling regionally throughout Africa or even possibly spreading this infection internationally outside of Africa,” says Mandiant researcher Ray Leong.

Leong notes that Mandiant couldn’t determine whether any such location was an intentional infection point or “just another stop along the way as this campaign was propagating throughout a particular region.” It also wasn’t entirely clear whether the hackers sought to use their access to a multinational’s operations in Africa to target the company’s European or US operations. In some cases at least, it appeared that the spies were focused on the African operations themselves, given China’s strategic and economic interest in the continent.

The new Sogu campaign’s method of spreading USB infections might seem a particularly indiscriminate way to conduct espionage. But, like the software supply chain attacks or watering hole attacks that Chinese state-sponsored spies have repeatedly carried out, this approach may allow the hackers to cast a wide net and sort through their victims for specific high-value targets, McKeague and Leong suggest. They also argue that it means the hackers behind the campaign likely have significant human resources to “sort and triage” the data they steal from those victims to find useful intelligence.

The Sogu USB malware uses a series of simple but clever tricks to infect machines and steal their data, including in some cases even accessing “air-gapped” computers with no internet connection. When an infected USB drive is inserted into a system, it doesn’t automatically run, given that most modern Windows machines have autorun disabled by default for USB devices. Instead, it tries to trick users into running an executable file on the drive by naming that file after the drive itself or, if the drive has no name, the more generic “removable media”—a ruse designed to fool the user into unthinkingly clicking the file when they attempt to open the drive. The Sogu malware then copies itself onto a hidden folder on the machine.

On a normal internet-connected computer, the malware beacons to a command-and-control server, then starts accepting commands to search the victim machine or upload its data to that remote server. It also copies itself to any other USB drive inserted into the PC to continue its machine-to-machine spread. If one variant of the Sogu USB malware instead finds itself on an air-gapped computer, it first attempts to turn on the victim’s Wi-Fi adapter and connect to local networks. If that fails, it puts stolen data in a folder on the infected USB drive itself, storing it there until it’s plugged into an internet-connected machine where the stolen data can be sent to the command-and-control server.

Sogu’s focus on espionage and the relatively high number of USB-based infections is a rare sight in 2023. Its USB propagation is more reminiscent of tools like the NSA-created Flame malware that was discovered targeting air-gapped systems in 2012, or even the Russian Agent.btz malware that was found inside Pentagon networks in 2008.

Surprisingly, however, the Sogu campaign is just part of a broader resurgence of USB malware that Mandiant has spotted in recent years, the researchers say. In 2022, for instance, they saw a massive spike in infections from a piece of cybercrime-focused USB malware known as Raspberry Robin. And just this year, they spotted another strain of USB-based espionage malware known as Snowydrive being used in seven network intrusions.

All of this, McKeague and Leong argue, means that network defenders shouldn’t fool themselves into thinking that USB infections are a solved problem—particularly in global networks that include operations in developing countries. They should be aware that state-sponsored hackers are carrying out active espionage campaigns via those USB sticks. “In North America and Europe, we think this is an old infection vector that’s been locked down,” Leong says. “But there are exposures in this other geography that are being targeted. It’s still relevant, and it’s still being exploited.”

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

Plus: Spyware-packing ads, TikTok GDPR violations, Elon Musk investigations, and more.

China-linked hackers are increasingly moving beyond espionage and into the disturbing world of power grid attacks. Threat researchers at security software firm Symantec this week released new evidence that the Chinese hacking group known as APT41 infiltrated the power grid of an Asian nation. Some details of the latest intrusion echo a 2021 attack on India’s power grid, suggesting the same hackers are responsible.

In Argentina, a scandal is playing out over the use of facial recognition software in Buenos Aires. Despite laws that require authorities to limit searches to known fugitives, an investigation by a judge found that the system was used to look up people not wanted for any crimes. In other cases, errors led police to arrest or question the wrong people. While Buenos Aires is attempting to get the system back online after legal rulings ordered it turned off, the debacle shows how dangerous facial recognition can be even when laws are in place to limit it.

Facial recognition isn’t the only artificial-intelligence-powered system governments are using in new and upsetting ways. Like everyone else, state and local governments around the United States have begun to play with generative AI tools like ChatGPT. And so far, there’s no consensus on how to use the technology. Some US states, like Maine, have temporarily banned its use altogether, fearing cybersecurity concerns, while others are using it to craft speeches and social media posts.

Meanwhile, the US Senate is in the midst of getting an AI education. Around 60 senators attended a closed-door briefing this week, where they heard from major tech CEOs, including Elon Musk, Mark Zuckerberg, and Sam Altman, as well as civil liberties advocates and AI ethics experts. The Senate has been learning about AI and its myriad issues for much of the year, and another forum on AI innovation is scheduled for later this year. Despite these cramming sessions, some lawmakers question whether they’re any closer to tackling AI responsibly.

Finally, the cyberattack against MGM casinos continues to cause havoc for guests of its resorts nearly a week after the attack began. While an attack on a major casino company is inevitably high-profile, the group behind the breach, known as Alphv, has a long history of targeting schools and hospitals—attacks that are far more consequential.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Unless you updated your browser in the past few days, it likely contains a critical flaw. The recently disclosed vulnerability exists in the WebP code library known as libwebp, which encodes and decodes images in the widely used WebP format. Known generally as a “heap buffer overflow,” the flaw can be exploited using a specially crafted malicious image, allowing an attacker to run malicious code on a targeted device. Google says the bug has already been exploited in the wild.

Initially identified early this week as a zero-day vulnerability in Google’s Chrome browser, the libwebp bug impacts browsers built using Chromium, which means Chrome, Mozilla’s Firefox, Microsoft Edge, Opera, Brave, and more. It also affects apps like Telegram, 1Password, Thunderbird, and Gimp. Patches for the flaw are rolling out now, so keep your eyes peeled for updates.

Malicious online ads—also known as “malvertising”—have been around for years. Now, they’re going pro. Several Israeli companies are developing exploits that take advantage of weaknesses in the technical mechanisms that bombard you with ads online, _Haaretz_ reports, allowing attackers to track people and hack their devices. The exploit takes advantage of the online advertising bidding process, in which bots are competing for specific ad slots on web pages in real time. Taking advantage of the fraction of a second before an ad slot is filled, these companies have figured out how to show you an ad that reportedly contains “advanced spyware.” While there’s no quick fix for stopping the spread of this malware, there is something simple you can do to protect yourself: Use an ad blocker.

European data regulators fined TikTok €345 million ($368 million) this week for breaking laws related to the privacy of underage users. The Irish Data Protection Commission (DPC) said the company violated GDPR by failing to make the accounts of child users private by default. The DPC also says TikTok’s “family pairing” feature, which enables an adult to take control of a child’s account settings, did not ensure that the adult with access to the feature was a parent or guardian. TikTok says it opposes the fine because it had updated its settings to make the accounts of anyone under 16 years old private by default before the investigation began.

Turns out, secretly interfering in the battle plans of a United States ally doesn’t go over well in Washington. The US Senate Armed Services Committee has launched an inquiry into Elon Musk’s decision to not enable Starlink satellite communications in Crimea ahead of a Ukrainian military attack on Russian forces. The move, first revealed in author Walter Isaacson’s new biography on Musk, also prompted several Democratic senators to send a letter to the US defense secretary, Lloyd Austin, asking him to explain what actions the Department of Defense (DOD) has taken, or plans to take, to “prevent further dangerous meddling” by Musk.

“SpaceX is a prime contractor and a critical industry partner for the \[DOD\] and the recipient of billions of dollars in taxpayer funding,” the letter reads. “We are deeply concerned with the ability and willingness of SpaceX to interrupt their service at Mr. Musk’s whim and for the purpose of handcuffing a sovereign country’s self-defense, effectively defending Russian interests.”

Even if you have a spotless record, passing a background check can be one of the most stressful parts of landing a new job or an apartment. We have bad news: It’s possible the information used to assess your eligibility might not be accurate. The US Federal Trade Commission (FTC) this week announced a $5.8 million fine against background check providers TruthFinder and Instant Checkmate for “failing to ensure the maximum possible accuracy of their consumer reports,” a violation of the Fair Credit Reporting Act. The FTC alleges that the companies “made millions” by selling subscriptions that would alert people when a “criminal record” was found in their background check, “when the record was merely a traffic ticket.” The company also displayed “Remove” and “Flag as Inaccurate” buttons that the FTC says “did not work as advertised.”

The regulatory ding against TruthFinder and Instant Checkmate comes several months after the companies confirmed a data breach. In January, hackers leaked the personal information of millions of customers by leaking an April 2019 database backup stolen from the companies.

You Need to Update Google Chrome or Whatever Browser You Use

Cyberattacks on casinos grab attention, but a steady stream of less publicized attacks leave vulnerable victims struggling to recover.

The casino and hotel company MGM Resorts has dealt with widespread system outages and service disruptions at its properties in Las Vegas and elsewhere this week following a cyberattack that the company has been scrambling to contain. Meanwhile, Caesars Entertainment said in a United States regulatory filing on Thursday that it suffered a recent data breach in which many of its loyalty program members' Social Security numbers and driver's license numbers were stolen, along with other personal data.

The two high-profile incidents have drawn scrutiny this week, with MGM customers reporting sporadic keycard issues in the company's hotels, slot machines gone dark, ATMs out of order, and other difficulties staying at MGM properties and cashing out winnings. After Bloomberg broke the news on Wednesday about the Caesars breach, _The Wall Street Journal_ reported on Thursday that Caesars had paid roughly half of the $30 million its attackers demanded in exchange for a promise that they wouldn't release stolen customer data. While both are significant, experts emphasize that the fallout from this pair of prominent hacks fits into a broader context of ransomware attacks as a ubiquitous, unrelenting, and inveterate threat.

The recent spate of casino hacks fits into a larger cycle in which certain cyberattacks bring a lot of attention to digital threats and even spur governments to act. Ultimately, ransomware and data extortion attacks settle into the background again, even as they continue to wreak havoc and impact vulnerable populations.

“Attacks against casinos are dramatic and draw attention. We have whole movie and TV franchises about casino heists,” says Lesley Carhart, director of incident response at the industrial-control security firm Dragos. Still, “a lot of life-impacting attacks on critical infrastructure and health care occur far less visibly, and therefore, they aren't an easy draw for mass media. I do not think this is an issue with cybersecurity or even media in its entirety—it is a human psychology issue. We've had that problem for a long time in the industrial-control system cybersecurity space where attacks could really mean life or death, but are not a great story​.”

An affiliate of the notorious ransomware group Alphv, a Russia-based gang that is also known as BlackCat, claimed responsibility this week for the MGM attack. The group denied involvement in the Caesars hack. Casinos have long been a target for attackers because they make a lot of money, hold potentially valuable customer data, and historically haven't always been well secured. MGM itself suffered a breach in 2019 in which more than 10.6 million hotel customers had their data stolen and ultimately published online by hackers.

But Alphv is known for being a prolific and ruthless attacker even when its hacks aren't garnering constant coverage and discussion. As many cybercriminals do when they are looking to extort money from victims, the gang has targeted health care organizations and other critical institutions that hold sensitive data. Alphv has even been known to release samples of stolen data, like intimate and graphic medical photos, in an attempt to pressure targets into paying their ransom.

These tactics have escalated as global law enforcement's efforts to deter cybercriminals and keep victims from paying ransoms have made inching progress. But those gains have been undermined by dogged and aggressive attackers bent on making a profit no matter the impact on victims.

“While attacks on dice joints and sausage factories are what brings ransomware into the limelight, at least it’s _in_ the limelight," says Brett Callow, a threat analyst at the antivirus company Emsisoft. “The more attention the problem gets, the more policymakers may be inclined to try new strategies. And new strategies are desperately needed. Ransomware is at or close to record level, so the current strategies obviously are not working.”

Law enforcement around the world, including the FBI, has long discouraged victims from paying ransoms. And governments have at times been able to impose limits or bans on targets' ability to pay if a cybercriminal actor is under sanctions. But Callow says it may be time for governments to add more limitations on when ransoms and extortion demands can be legally paid, since so many actors operate with impunity in countries like Russia where they often can't be effectively prosecuted.

Ultimately, researchers suggest that while there is no simple solution to the threat of ransomware, each high-profile incident that breaks through into the public consciousness should be used as an opportunity to educate institutions and legislators about the reality of the risks and the need to invest resources in improving digital defenses proactively.

“We generally see more coverage of cases that impact end users or consumers in a way that makes daily activity more challenging—getting gas, buying meat at the grocery store, hundreds or thousands of people trying to check into a hotel room after a long day of traveling—because those impacts are a bit more tangible and relatable for the average person,” says Wendi Whitmore, senior vice president of the threat intelligence group Unit 42 at cybersecurity firm Palo Alto Networks. “If there is any silver lining to these types of cases, it could be that they garner attention that helps more organizations learn lessons proactively by studying these cases and closing potential gaps in their environments, so the same attacks are less successful in the future.”

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

Senators are meeting with Silicon Valley's elite to learn how to deal with AI. But can Congress tackle the rapidly emerging tech before working on itself?

Congress could force all tech companies to watermark AI-generated content, as many on Capitol Hill support, but that would amount to window dressing in today’s political climate.

“Honestly, I don't think that that is going to solve the problem,” says Chinmayi Arun, executive director of the Information Society Project and a research scholar at Yale Law School. “It’s a rebuilding of trust, but the new technologies also make a disruptive version of this possible. And that's also kind of why maybe it's necessary to label them so that people know that.”

At least one senator seems to agree. Senator J. D. Vance, an Ohio Republican, says it may be a good thing for all of us to mistrust what we see online. “I'm actually pretty optimistic that over the long term, what it's going to do is just make people disbelieve everything they see on the internet, but I think in the interim, it actually could cause some real disruptions,” Vance says.

In 2016 and 2020, misinformation and disinformation became synonymous with American politics, but we’ve now entered a deepfake era marked by the democratization of the tools of deception, subtle as they may be, with a realistic voice-over here or a precisely polished fake photo there.

Generative AI doesn’t just help easily remake the world into one’s political fantasies, its power is also in its ability to precisely transmit those fakes to the most ideologically vulnerable communities where they have the greatest ability to spark a raging e-fire. Vance doesn’t see one legislative fix for these complex and intertwined issues.

“There's probably, on the margins, things that you can do to help, but I don't think that you can really control these viral things until there's just a generalized level of skepticism, which I do think we'll get there,” Vance says.

“Scripted” Political Theater

Over the summer, Schumer and a bipartisan group of senators led three private all-Senate AI briefings, which have now dovetailed into these new tech forums.

The briefings are a change for a chamber filled with 100 camera-loving politicians who are known for talking. During normal committee hearings, senators have become experts at raising money—and sometimes gaining knowledge—off asking made-for-YouTube questions, but not this time. While they won’t be able to question the assembled tech experts this week, Schumer and the other hosts will be playing puppet masters off stage.

“It’s intended to be a guided conversation. It’s scripted questions, and those questions are all designed to elicit a myriad of different thoughts on a range of policy areas for the benefit of staffers and members alike,” says senator Todd Young, an Indiana Republican.

Young is part of Schumer’s bipartisan group of four senators—along with senators Martin Heinrich, a New Mexico Democrat, and Mike Rounds, a South Dakota Republican—who’ve been spearheading these private Senate AI study sessions.

While there’s no official timeline, Young doesn’t expect the Senate AI forums to be wrapped up until this winter or early next spring.

The sessions may be bipartisan, but the two parties remain worlds apart when it comes to potential policy. True to form, Democrats are calling for new regulations while Republicans are tapping the brakes on the idea.

The US Congress Has Trust Issues. Generative AI Is Making It Worse

A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

The Twisted Eye in the Sky Over Buenos Aires

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

The loose nexus of Chinese-origin cyberspies collectively called APT41 is known for carrying out some of the most brazen hacking schemes linked to China over the past decade. Its methods range from a spree of software supply chain attacks that planted malware in popular applications to a sideline in profit-focused cybercrime that went so far as to steal pandemic relief funds from the US government. Now, an apparent offshoot of the group appears to have turned its focus to another worrying category of target: power grids.

Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country's national electric utility, though it's not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.

The unnamed country whose grid was targeted in the breach was one that China would “have an interest in from a strategic perspective,” hints Dick O'Brien, a principal intelligence analyst on Symantec's research team. O'Brien notes that Symantec doesn't have direct evidence that the hackers were focused on sabotaging the country's grid, and says it's possible they were merely carrying out espionage. But other researchers at security firm Mandiant point to clues that these hackers may be the same ones that had been previously discovered targeting electrical utilities in India. And given recent warnings about China's hackers breaching power grid networks in US states and in Guam—and specifically laying the groundwork to cause blackouts there—O'Brien warns there's reason to believe China may be doing the same in this case.

“There are all sorts of reasons for attacking critical national infrastructure targets,” says O'Brien. “But you always have to wonder if one \[reason\] is to be able to retain a disruptive capability. I'm not saying they would use it. But if there are tensions between the two countries, you can push the button.”

Symantec's discovery comes on the heels of warnings from Microsoft and US agencies including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) that a different Chinese state-sponsored hacking group known as Volt Typhoon had penetrated US electric utilities, including in the US territory of Guam—perhaps laying the groundwork for cyberattacks in the event of a conflict, such as a military confrontation over Taiwan.  _The New York Times_ later reported that government officials were particularly concerned that the malware had been placed in those networks to create the ability to cut power to US military bases.

In fact, fears of a renewed Chinese interest in hacking power grids stretch back to two years ago, when cybersecurity firm Recorded Future warned in February 2021 that Chinese state-sponsored hackers had placed malware in power grid networks in neighboring India—as well as railways and seaport networks—in the midst of a border dispute between the two countries. Recorded Future wrote at the time that the breach appeared to be aimed at gaining the ability to cause blackouts in India, though the firm said it wasn't clear whether the tactic was designed to send a message to India or to gain a practical capability in advance of military conflict, or both.

Some evidence suggests the 2021 India-focused hacking campaign and the new power grid breach identified by Symantec were both carried out by the same team of hackers with links to the broad umbrella group of Chinese state-sponsored spies known as APT41, which is sometimes called Wicked Panda or Barium. Symantec notes that the hackers whose grid-hacking intrusion it tracked used a piece of malware known as ShadowPad, which was deployed by an APT41 subgroup in 2017 to infect machines in a supply chain attack that corrupted code distributed by networking software firm NetSarang and in several incidents since then. In 2020, five alleged members of APT41 were indicted and identified as working for a contractor for China's Ministry of State Security known as Chengdu 404. But even just last year, the US Secret Service warned that hackers within APT41 had stolen millions in US Covid-19 relief funds, a rare instance of state-sponsored cybercrime targeting another government.

Although Symantec didn't link the grid-hacking group it's calling RedFly to any specific subgroup of APT41, researchers at cybersecurity firm Mandiant point out that both the RedFly breach and the years-earlier Indian grid-hacking campaign used the same domain as a command-and-control server for their malware: Websencl.com. That suggests the RedFly group may in fact be tied to both cases of grid hacking, says John Hultquist, who leads threat intelligence at Mandiant. (Given that Symantec wouldn't name the Asian country whose grid RedFly targeted, Hultquist adds that it may in fact be India again.)

More broadly, Hultquist sees the RedFly breach as a troubling sign that China is shifting its focus toward more aggressive targeting of critical infrastructure like power grids. For years, China largely focused its state-sponsored hacking on espionage, even as other nations like Russia and Iran have attempted to breach electrical utilities in apparent attempts to plant malware capable of triggering tactical blackouts. The Russian military intelligence group Sandworm, for example, has attempted to cause three blackouts in Ukraine—two of which succeeded. Another Russian group tied to its FSB intelligence agency known as Berserk Bear has repeatedly breached the US power grid to gain a similar capability, but without ever attempting to cause a disruption.

Given this most recent Chinese grid breach, Hultquist argues it's now beginning to appear that some Chinese hacker teams may have a similar mission to that Berserk Bear group: to maintain access, plant the malware necessary for sabotage, and wait for the order to deliver the payload of that cyberattack at a strategic moment. And that mission means the hackers Symantec caught inside the unnamed Asian country's grid will almost certainly return, he says.

“They have to maintain access, which means they're probably going to go right back in there. They get caught, they retool, and they show up again,” says Hultquist. “The major factor here is their ability to just stay on target—until it's time to pull the trigger.”

Source

Wired