While they can cause serious injuries, “nonlethal” weapons are regularly used in the United States to disperse public demonstrations, including at the recent ICE protests in Los Angeles.

In a stormy weekend for US domestic politics, police and the National Guard arrested at least 56 people demonstrating in Los Angeles, California. On Friday, June 6, several groups took to the streets to protest Immigration and Customs Enforcement raids, which have grown in intensity and number over the past few months. According to CBS News, ICE recorded more than 2,000 arrests per day during Tuesday and Wednesday of the first week of June alone, a considerable increase when compared to the average of 660 that occurred in the first 100 days of Donald Trump's second administration.

The use of the National Guard to address a local situation like the protests in Los Angeles raised alarms from California governor Gavin Newsom, who accused the Trump administration of “creating a crisis.” Meanwhile, other civil society groups condemned the state response against protesters. “President Trump's deployment of National Guard troops to Los Angeles in response to protests against recent ICE raids is deeply alarming,” Amnesty International wrote. “Armed troops have no place in our neighborhoods. This is not about protecting communities, but about suppressing dissent and instilling fear.”

During the scenes, protesters came face-to-face with National Guard and Los Angeles Sheriff's Office police officers. Both bodies were equipped with “nonlethal” weapons to disperse the protests. Among these devices are believed to be the PGL-65 (or P540) or the 37mm or 40mm Sage Deuce Projectile Launcher, “less lethal” ammunition launchers that law enforcement agencies have in their repertoire. Weapons such as those mentioned can launch tear gas grenades with a maximum range of nearly 500 feet. They can also fire kinetic impact grenades (rubber ammunition), “less lethal” fragmentation grenades (rubber balls that scatter when the munition explodes), stun grenades (explosions that cause loud noises and lights to disorient), and paint marker grenades (to mark demonstrators). According to media outlets such as CNN, police in Los Angeles have used stun guns and tear gas to disperse protesters.

**Weapons Banned Abroad**

Canada prohibits the use of these “nonlethal weapons” for demonstration control. Canada's Firearms Regulations (SOR/2020-96 and SOR/98-462) include the PGL-65, Sage Deuce, and other equivalent models within the category of banned weapons. The statute restricts the use of “Any firearm with a (bore bore) diameter of 20 mm or more” (except those designed exclusively to neutralize explosive devices) under the “regulations establishing certain firearms and other weapons, components and parts of weapons, accessories, cartridge magazines, ammunition and projectiles as prohibited or restricted.”

Although Canada is among the few countries that explicitly prohibit the PGL-65, civil society organizations discourage its use and warn about the potential dangers of this launcher.

The Los Angeles police force also uses another “less lethal” projectile launcher against protesters. WIRED was able to verify that this weapon matches the Defense Technology 40mm Single-Shot Launcher (model 1325 or similar), which in this case is painted green to distinguish its “anti-riot” application. A video from the Australian site 9News shows how one of these police officers shot an Australian journalist with what was reportedly a rubber bullet. This weapon appears in other images that media and citizens have documented during the protests.

Riot police in Los Angeles fire a 40mm LMT weapon from Defense Technology, which is banned by Canada.

Jim Vondruska/Getty Images

Under the Geneva conventions, the “recommendations” for the application of kinetic projectiles (such as the Model 1325) discourage police from aiming at protesters’ faces, as they could result in “skull fractures and brain damage, eye damage (including permanent blindness) and even death.” The use of kinetic projectiles from an elevated area, such as at a protest, can increase the risk of protesters being shot in the head. Targeting the torso can cause damage to vital organs and result in body penetration, especially when fired at close range. The caliber and velocity of the projectile, as well as the material from which they are made, will also influence the seriousness of the injury.

In addition, the Geneva conventions specify the circumstances of possible illegal uses of these weapons and lay down the rules:

*   Kinetic projectiles should not be fired in automatic mode.
*   Firing multiple projectiles at the same time does not comply with the principles of necessity and proportionality.
*   The impact of projectiles should be tested and authorized to ensure that they are accurate enough for a safe area without using excessive energy that could cause injury.
*   Kinetic ammunition weapons should not be used to target the face, face or neck.

**“Less Lethal”**

The vast majority of countries keep confidential the specific name of the models they use to deter protests. Some governments, for example, register purchases under generic designations, such as “40 mm launchers,” without citing the make or model, making accountability and verification of the illegal use of these devices difficult.

For example, in Mexico, the Secretariat of National Defense launched tender LA-007000999-E818-2022 in November 2022 for the purchase of 70,000 long- and short-range 40-mm caliber gas projectiles, along with smoke ammunition and liquid marking, according to El Universal. The specifications do not show brands or models of the launcher or manufacturers.

Only countries, such as Canada, include the makes and models of their “nonlethal” weapons. Similar records do not exist in Mexico or Latin America.

The application of weapons such as the Penn Arms GL-1 or similar, as well as the Defense Technology 1325, is seen in social protests, often documented by Amnesty International, which accuses them of abusive use against peaceful civilians. And, while touted as “less lethal,” they can cause serious injuries and human rights violations. In addition, the organization, in its 2023 report “My Eye Exploded,” demands that the use of 40-mm gas or impact projectiles against peaceful civilians be suspended.

According to an assessment by Chile's National Human Rights Institute, police actions during the protests that began in October 2019 resulted in more than 440 eye injuries, with more than 30 cases of eye loss or eye rupture.

_This story was originally published on WIRED en Español and has been translated from Spanish._

The Dangerous Truth About the ‘Nonlethal’ Weapons Used Against LA Protesters

Phone numbers are a goldmine for SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack.

A cybersecurity researcher was able to figure out the phone number linked to any Google account, information that is usually not public and is often sensitive, according to the researcher, Google, and 404 Media’s own tests.

The issue has since been fixed but at the time presented a privacy issue in which even hackers with relatively few resources could have brute forced their way to peoples’ personal information.

“I think this exploit is pretty bad since it's basically a gold mine for SIM swappers,” the independent security researcher who found the issue, who goes by the handle brutecat, wrote in an email. SIM swappers are hackers who take over a target's phone number in order to receive their calls and texts, which in turn can let them break into all manner of accounts.

In mid-April, we provided brutecat with one of our personal Gmail addresses in order to test the vulnerability. About six hours later, brutecat replied with the correct and full phone number linked to that account.

“Essentially, it's bruting the number,” brutecat said of their process. Brute forcing is when a hacker rapidly tries different combinations of digits or characters until finding the ones they’re after. Typically that’s in the context of finding someone’s password, but here brutecat is doing something similar to determine a Google user’s phone number.

Brutecat said in an email the brute forcing takes around one hour for a U.S. number, or 8 minutes for a UK one. For other countries, it can take less than a minute, they said.

In an accompanying video demonstrating the exploit, brutecat explains an attacker needs the target’s Google display name. They find this by first transferring ownership of a document from Google’s Looker Studio product to the target, the video says. They say they modified the document’s name to be millions of characters, which ends up with the target not being notified of the ownership switch. Using some custom code, which they detailed in their write up, brutecat then barrages Google with guesses of the phone number until getting a hit.

“The victim isn’t notified at all :)” a caption in the video reads.

A Google spokesperson told 404 Media in a statement “This issue has been fixed. We've always stressed the importance of working with the security research community through our vulnerability rewards program and we want to thank the researcher for flagging this issue. Researcher submissions like this are one of the many ways we’re able to quickly find and fix issues for the safety of our users.”

Phone numbers are a key piece of information for SIM swappers. These sorts of hackers have been linked to countless hacks of individual people in order to steal online usernames or cryptocurrency. But sophisticated SIM swappers have also escalated to targeting massive companies. Some have worked directly with ransomware gangs from Eastern Europe.

Armed with the phone number, a SIM swapper may then impersonate the victim and convince their telecom to reroute text messages to a SIM card the hacker controls. From there, the hacker can request password reset text messages, or multi-factor authentication codes, and log into the victim’s valuable accounts. This could include accounts that store cryptocurrency, or even more damaging, their email, which in turn could grant access to many other accounts.

On its website, the FBI recommends people do not publicly advertise their phone number for this reason. “Protect your personal and financial information. Don’t advertise your phone number, address, or financial assets, including ownership or investment of cryptocurrency, on social media sites,” the site reads.

In their write-up, brutecat said Google awarded them $5,000 and some swag for their findings. Initially, Google marked the vulnerability as having a low chance of exploitation. The company later upgraded that likelihood to medium, according to brutecat’s write-up.

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.

Since it’s already chaos out there, this week, we thought we’d lean into the madness by envisioning the future threats that you’re not ready for. From cyberattacks on the US grid to GPS blackouts, rampant deepfake scams, AI-powered super hackers, and widespread communication system collapse, there’s a whole spectrum of scenarios that could take things from bad to worse.

All is not lost, however—at least if you’re Ross Ulbricht. The creator of the Silk Road dark web market, who was pardoned by President Donald Trump earlier this year, received a mysterious $31 million bitcoin donation last weekend. Crypto-tracing firm Chainalysis now suspects the lavish gift may have come from a vendor at another now-defunct black market, AlphaBay.

A trove of public records reviewed by WIRED this week reveal a years-long effort by a farming industry group to get the FBI to treat animal rights activists as a “bioterrorist” threat. The Animal Agriculture Alliance (AAA) was repeatedly in contact with the bureau’s Weapons of Mass Destruction Directorate about the activities of groups like Direct Action Everywhere, or DxE. The records show that AAA fed intelligence about DxE to the FBI and used corporate spies to infiltrate the group’s activities.

Immigration and Customs Enforcement recently updated its guidance for agents who carry out courthouse raids and other “enforcement actions” in and nearby court houses, according to an agency document reviewed by WIRED. The updated policy removes language that explicitly instructed agents to ensure they followed local and state laws.

Anyone who was trying to play a new video game on Christmas Day in 2014 likely remembers the infamous Lizardsquad hack of Xbox Live and Playstation Network. Now, more than a decade later, we finally have the full story.

But that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Mysterious iPhone Crashes Hint at a Chinese Hacks. Apple Denies It**

The security firm iVerify this week brought to light a series of suspicious iPhone crashes that researchers say might just indicate a stealthy, unprecedented Chinese zero-click hacking campaign victimizing American phones, including even those of staffers for the Harris-Walz presidential campaign. Or it’s a random, not-particularly-dangerous bug that Apple has already squashed.

In a report released Thursday, iVerify assessed with “moderate confidence” that China-linked hackers may have targeted a series of iPhones with a sophisticated exploit, going after activists and dissidents critical of China, an EU government official, tech executives at AI firms competing with Chinese ones, and US political staffers—revealed by NBC News to be employees of the Harris-Walz campaign. iVerify didn’t have a sample of the malware that might have infected those phones or other definitive proof that any hacking occurred. But it pointed to signs that seem like more than coincidences: The staffers whose phones had experienced the crashes had also been warned by the FBI that they’d already been targeted in China’s Salt Typhoon hacking campaign against US telecoms. Another owner of the devices that crashed in the same way was later warned by Apple itself that he or she had been targeted by sophisticated hackers.

All of that would represent a serious threat to national security. Except that, strangely, Apple flatly denies it happened. “We strongly disagree with the claims of a targeted attack against our users,” Apple’s head of security engineering, Ivan Krstić, wrote in a statement to WIRED. Apple has patched the issue that iVerify highlighted in its report, which caused iPhones to crash in certain cases when a message sender changed their own nickname and avatar. But it calls those crashes the result of a “conventional software bug,” not evidence of a targeted exploitation. (That blanket denial certainly isn’t Apple’s usual response to confirmed iPhone hacking. The company has, for instance, sued hacking firm NSO group for its targeting of Apple customers.)

The result is that what might have been a four-alarm fire in the counterintelligence world is reduced—for now—to a very troubling enigma.

**A 22-Year-Old Is Running a Key US Anti-Terrorism Program**

A 22-year-old former intern at the Heritage Foundation with no national security experience has reportedly been appointed to a key Department of Homeland Security role overseeing a major program designed to combat domestic terrorism.

According to Propublica, Thomas Fugate last month assumed leadership of the Center for Programs and Partnerships (CP3), a DHS office tasked with funding nationwide efforts to prevent politically motivated violence—including school shootings and other forms of domestic terrorism.

Fugate, a 2024 graduate of the University of Texas at San Antonio, replaced the former CP3 director, Bill Braniff, an Army veteran with 20 years of national security experience who resigned in March following staff cuts ordered by the Trump administration.

According to CP3’s most recent report to Congress, the office has funded more than 1,100 initiatives aimed at disrupting violent extremism. In recent months, the US has seen a string of high-profile targeted attacks, including a car bombing in California and the shooting of two Israeli Embassy aids in Washington, DC. Its $18 million grant program, designed to support local prevention efforts, is reportedly now under Fugate’s supervision.

**Threat Intelligence Firms (Finally) Agree to a Glossary of Hacker Group Names**

Hacker group names have long been an unavoidable absurdity in the cybersecurity industry. Every threat intelligence company, in a scientifically defensible attempt to not make any assumption that they’re tracking the same hackers as another firm, comes up with their own code name for any group they observe. The result is a somewhat silly profusion of overlapping naming systems based on elements, weather, and zoology: “Fancy Bear” is “Forest Blizzard” is “APT28” is “Strontium.” Now, several major threat intelligence players, including Google, Microsoft, CrowdStrike, and Palo Alto Networks, have finally shared enough of their internal research to agree to a glossary that confirms that they’re referring to the same entities. The companies did _not,_ however, agree to consolidate their naming systems into a single taxonomy. So this agreement doesn’t mean the end of sentences in security reporting such as “the hacker group Sandworm, also known as Telebots, Voodoo Bear, Hades, Iron Viking, Electrum, or Seashell Blizzard.” It just means we cybersecurity reporters can write that sentence with a little more confidence.

**Phone-Hacking Firm Corellium Acquired for $200 Million—After Trump Pardons Its Founder**

Chris Wade, the founder and CTO of mobile device reverse-engineering company Corellium, has had a wild last few decades: In 2005, he was convicted on criminal charges of enabling spammers by providing them proxy servers, and agreed to work undercover for law enforcement while avoiding prison. Then in 2020, he mysteriously received a pardon from President Donald Trump. He also settled a major copyright lawsuit from Apple. Now his company, which creates virtual images of Android and iOS devices so that customers can find ways to break into them, is being acquired by phone-hacking firm Cellebrite, a major law enforcement contractor, for $200 million—a significant payday for a hacker who has found himself on both sides of the law.

The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.

For years, gray-market services known as “bulletproof” hosts have been a key tool for cybercriminals looking to anonymously maintain web infrastructure with no questions asked. But as global law enforcement scrambles to crack down on digital threats, they have developed strategies for getting customer information from these hosts and have increasingly targeted the people behind the services with indictments. At the cybercrime-focused conference Sleuthcon in in Arlington, Virginia, today, researcher Thibault Seret outlined how this shift has pushed both bulletproof hosting companies and criminal customers toward an alternative approach.

Rather than relying on web hosts to find ways of operating outside law enforcement's reach, some service providers have turned to offering purpose-built VPNs and other proxy services as a way of rotating and masking customer IP addresses and offering infrastructure that either intentionally doesn't log traffic or mixes traffic from many sources together. And while the technology isn't new, Seret and other researchers emphasized to WIRED that the transition to using proxies among cybercrminals over the last couple of years is significant.

“The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,” Seret, a researcher at the threat intelligence firm Team Cymru, told WIRED ahead of his talk. “That's the magic of a proxy service—you cannot tell who’s who. It's good in terms of internet freedom, but it's super, super tough to analyze what’s happening and identify bad activity.”

The core challenge of addressing cybercriminal activity hidden by proxies is that the services may also, even primarily, be facilitating legitimate, benign traffic. Criminals and companies that don't want to lose them as clients have particularly been leaning on what are known as “residential proxies,” an array of decentralized nodes that can run on consumer devices—even old Android phones or low-end laptops—offering real, rotating IP addresses assigned to homes and offices. Such services offer anonymity and privacy, but can also shield malicious traffic.

By making malicious traffic look like it comes from trusted consumer IP addresses, attackers make it much more difficult for organizations' scanners and other threat detection tools to spot suspicious activity. And, crucially, residential proxies and other decentralized platforms that run on disparate consumer hardware reduce a service provider's insight and control, making it more difficult for law enforcement to get anything useful from them.

“Attackers have been ramping up their use of residential networks for attacks over the last two to three years,” says Ronnie Tokazowski, a longtime digital scams researcher and cofounder of the nonprofit Intelligence for Good. “If attackers are coming from the same residential ranges as, say, employees of a target organization, it's harder to track.”

Criminal use of proxies isn't new. In 2016, for example, the US Department of Justice said that one of the obstacles in a years-long investigation of the notorious “Avalanche” cybercriminal platform was the service's use of a “fast-flux” hosting method that concealed the platform's malicious activity using constantly changing proxy IP addresses. But the rise of proxies as a gray-market service rather than something attackers must develop in-house is an important shift.

“I don’t know yet how we can improve the proxy issue,” Team Cymru's Seret told WIRED. “I guess law enforcement could target known malicious proxy providers like they did with bulletproof hosts. But in general, proxies are whole internet services used by everyone. Even if you take down one malicious service, that doesn't solve the larger challenge.”

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

Crypto-tracing firm Chainalysis says the mysterious 300-bitcoin donation to the pardoned Silk Road creator appears to have come from someone associated with a different defunct black market: AlphaBay.

When Ross Ulbricht received a $31 million bitcoin donation last weekend from an unknown source, many observers saw it as more than a very nice welcome-home gift. Rumors swirled that the creator of the Silk Road, less than five months after receiving a pardon from Donald Trump that saved him from a lifetime in prison, was sending himself a trove of his stashed criminal proceeds from his days running the dark web's first black market more than a decade prior.

Now cryptocurrency tracing investigators say they've arrived at a stranger explanation: The money wasn't originally Ulbricht's, and didn't come from the Silk Road. Instead, they suspect it came from a _different_ long-defunct dark-web black market: AlphaBay.

The crypto tracing firm Chainalysis tells WIRED that, based on blockchain analysis, it has tied the origin of the 300 bitcoins sent to Ulbricht on Sunday to someone involved in AlphaBay, a dark web market that sold a wide variety of drugs and cybercriminal contraband from 2014 to 2017 and eventually grew to be 10 times the size of the Silk Road, according to the FBI.

Chainalysis says the funds appear to have emerged from AlphaBay around 2016 and 2017. Given the amount of the donation, Chainalysis suggests it might have come from someone who acted as a large-scale seller on the market. “We have reasonable grounds to suspect that these funds originated in AlphaBay,” says Phil Larratt, Chainalysis's director of investigations and a former official at the UK's National Crime Agency. “Looking at the amount, that would suggest they came from someone who was possibly a vendor on AlphaBay back in the early days.”

WIRED reached out to Ulbricht for comment about the donation's origin via contacts at the Free Ross campaign that lobbied for his pardon, but didn't immediately receive a response.

Prior to Chainalysis’ finding that the $31 million donation appears to have originated at AlphaBay, the independent crypto-tracing investigator known as ZachXBT had already posted to his account on X his own findings that the money didn't appear to have come from the Silk Road. ZachXBT found that, despite the donor's use of multiple Bitcoin “mixers” that take in users' coins and return others to obfuscate their trail on the blockchain, he was able to trace the funds to an address that had been flagged in Chainalysis’ software tool Reactor as tied to illicit activity. That analysis suggested that the money was a “legitimate donation but not legitimate funds,” ZachXBT wrote in a text message to WIRED.

ZachXBT also found that the same individual who controlled the funds had cashed out other cryptocurrency at an exchange in small, distributed quantities rather than in a single sum, suggesting he or she may have been trying to prevent them being seized or flagged—another sign that the money may have come from criminal origins. “Usage of multiple mixers, spreading out CEX deposits, etc,” ZachXBT writes to WIRED, using the term CEX to mean a centralized exchange, “that is done typically if you are trying to avoid getting illicit funds frozen.”

Chainalysis declined to offer more information on how exactly it identified the funds as originating at AlphaBay. But the company has built a business around identifying illicit services like digital black markets out of the morass of billions of cryptocurrency addresses. Chainalysis’ identification of the AlphaBay cluster of bitcoin addresses, in fact, played a key role in the takedown of the market in a law enforcement investigation known as Operation Bayonet that spanned 2016 and 2017.

AlphaBay certainly produced plenty of crypto kingpins who would have the kind of eight-figure sum donated to Ulbricht. Before it was torn offline in an elaborate sting operation in July 2017, the site was facilitating $2 million a day in sales, largely of illegal drugs although it also offered malware, stolen data, and other cybercriminal wares. AlphaBay's creator and administrator, Alexandre Cazes, died in a Bangkok jail cell under mysterious circumstances following his arrest, but the site's second-in-command, who went by the handle Desnake, appears to have remained at large. Any bitcoins an AlphaBay seller or administrator managed to hold onto since the site’s closure would have since appreciated more than 40-fold.

Exactly why one of AlphaBay's crypto moguls would donate $31 million to Ulbricht, however, remains a mystery. Speculation on social media has ranged from a fellow black marketeer repaying a favor to a more principled gift intended to thank Ulbricht for blazing a trail with his invention of the Silk Road's crypto-enabled anonymous transactions.

That gratitude may also take into account that, while many got rich on the dark-web markets that Ulbricht pioneered, he instead spent over a decade in prison, speculates Taylor Monahan, a crypto tracer and security researcher at crypto firm MetaMask. “People donate when they’re deeply inspired by someone and/or grateful and/or have some sort of remorse for the situation,” says Monahan. “Survivor's guilt is wild.”

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.

The Andersons are Christmas traditionalists. Dan says it’s more his wife Paige than him, but secretly he also loves all the fuss.

So, there they were on the sofa in their pajamas in front of the twinkling Christmas tree before the sun had risen over a chilly morning in Buffalo, New York. Thirty-two-year-old Dan was proud and smug as he handed over his gift to Paige—a “fancy new Kindle Voyage.” She loved it. Then it was his turn, and he excitedly ripped into the wrapping paper watched over by his confused dogs—one of which was tellingly named after Dan’s favorite computer-game character (Vivi from _Final Fantasy_). As the present revealed itself, the avid gamer saw the instantly recognizable and much-loved logo—it was a brand-new PlayStation 4. Straight away he unpacked it, rigged it up to the TV, and switched it on. The plan was to get it fired up and download _LittleBigPlanet 3_ to play for a few hours before meeting up with family.

Paige had been looking forward to it since she bought the new console. However, it wasn’t to be. “We didn’t even make it as far as starting to download the game, because it wouldn’t let me log in to PlayStation Network,” Dan said. “Nothing was online at all, so we couldn’t even try and download games.” Disappointedly they headed out for the day’s events and couldn’t try again until that evening, when they discovered that the network was still down. A $400 gift they couldn’t play. Dan had to work the next day too, so he couldn’t even try it then. He was gutted.

Five hundred and fifty miles north, in Toronto, 16-year-old Mustafa Aijaz was pumped. Christmas Day—particularly the evening—was the best game time of the year. It’s always been a bit of a holiday within the holiday for serious players. The tradition revolves around a phenomenon called “Christmas Noobs.” At Christmas, so many new players receive new games and consoles that online games are flooded with a tidal wave of gamers who often fumble their way through the top games and act like cannon fodder for the waiting legions of seasoned veterans. Mustafa and his mates were skilled at _Call of Duty: Advanced Warfare_. “We were all ready for a night of easy wins, quick XP \[experience points\] farming, and were looking forward to leveling up like crazy.” So, they waited like crocodiles anticipating herds of migrating buffalo to enter the river. But just as the bullets started flying they were all unceremoniously chucked out of their matches and knocked offline. “None of us could log back in, and party chat was down too, so we couldn’t even talk to each other to figure out what was happening,” Mustafa said.

It was all over social media: A group of hackers called Lizard Squad were bragging about their massive DDoS attack on Xbox Live and PlayStation Network—the crucial services that linked tens of millions of gamers to the Microsoft and Sony servers. Mustafa had seen that the group had already carried out smaller-scale attacks and had for weeks been taunting and threatening a big attack. Apparently it was all linked to some silly and incomprehensible spat with a rival but minor hacking group. Mustafa was angry but also fascinated by the attack and the incredible reaction online. “The fallout was instantaneous. People were furious,” he said.

PlayStation Network at the time had about 110 million subscribers, and Xbox Live had roughly 48 million. Xbox was back to normal within 24 hours—on Boxing Day. But PlayStation struggled for longer. It didn’t just affect existing subscribers. Before you can use any new games, consoles, or vouchers, you need to register them via the gaming company’s servers. It was a catastrophe for the games industry, especially Sony, which had already been having a tough time after a different cyberattack the previous month.

Services were down around the world. Error messages in dozens of languages were being posted as screenshots on YouTube and Twitter. There was nothing anyone could do until the engineers at Sony and Microsoft figured it out or Lizard Squad stopped the attack.

Late in the evening on Boxing Day, BBC Radio 5 Live aired an interview with two members of the group. They showed zero remorse for the impact they’d had on people around the world. Twelve hours later I walked into the newsroom and was given the seemingly impossible task of “getting a Lizard” on the evening TV bulletin at Sky News.

It took hours of trawling Twitter and speaking to dozens of wannabes and fakes, but I eventually succeeded in finding contact details for a British man called Vinnie Omari. Incredibly, he lived a few miles from our newsroom in west London. He agreed to come to us for the interview and was pale, skinny, wore all black and talked fast. He was at pains to distance himself from the gang but left the studios promising that a Lizard Squad hacker called “Ryan” would be in touch. I had no idea at the time of course that this “Ryan” was Julius Kivimäki—an already infamous teenage hacker and delinquent from Finland. It was later that afternoon—at around 3 pm —that “Ryan” called through on Skype. Just in time for us to edit our conversation with him into our news piece.

The 17-year-old looked very young and pale and had a shaved head and soft features. In spite of everything, he was polite and seemed in no rush. But he was also utterly unremorseful and arrogant, struggling to stifle a smirk throughout the interview. When I started by asking him why he wanted to ruin Christmas for tens of millions of people, he gave me the same boilerplate answer about the boys doing it to amuse themselves and embarrass these tech mega corps. “These companies make tens of millions every month from just their subscriber fees, and they should have more than enough funding to be able to protect against these attacks.” We went back and forth for about 15 minutes without him giving any hint of regret or awareness for how many people had been affected by his stunt.

“I’d be worried if those people didn’t have anything better to do than play games on their consoles at Christmas Eve and Christmas Day,” he said. “I mean, I can’t really say I feel bad. I might have forced a couple of kids to spend their time with their families instead of playing games.”

The interview blew up online, with more than a million views on YouTube and thousands of comments on Twitter, where many four-letter words were hurled at the Lizards. PlayStation and Xbox also received a torrent of abuse. Later they would offer a five-day extension to players’ subscription periods and 10 percent off as compensation. The resulting bill for the company must easily have been in the millions.

Kivimäki went on to speak to other reporters, sometimes calling himself Ryan Cleary (a reference to another hacker he had vague and likely acrimonious link to from a previous teen hacker gang called LulzSec). In one interview and debate on YouTube channel DramaAlert he is implored by Kim Dotcom to stop the silly hacker rivalries that were impacting so many innocent people. “Hackers used to be respected; they used to have a magic about them,” Kim said, accusing Lizard Squad of harming the image of hackers around the world with their actions. Kivimäki’s response is fascinating: He laughed it off as old-fashioned thinking. “It’s wrong to connect groups like Lizard Squad with, for example, L0pht from a couple of decades back,” he said. “There’s really no connection with the hacking groups of today and the hacking groups of two decades ago. The meaning is totally different now.”

Although many security experts angrily railed against the media’s portrayal of Lizard Squad as “sophisticated,” people grudgingly came to accept that the Christmas attack did have a big impact on cybersecurity and the gaming industry. There’s little doubt that this was not the group’s motive—despite their clumsy attempts to claim so in interviews. But it was a wake-up call. Security website SecurityAffairs wrote a “lessons learned” piece by dissecting my interview with Kivimäki. Many people considered Lizard Squad script kiddies, they wrote, adding, “This approach is totally wrong.”

The size of the attack unleashed on that day would be shrugged off by most modern sites, but DDoS attacks are still commonplace and are getting more powerful. Expensive protection services are now a must-have for any organization that needs to stay online.

The attacks also started something of a cybercrime trend. In 2024 Europol unveiled an international law enforcement operation to take DDoS services down in December: “The festive season has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage, and operational chaos for their victims,” the organization said in a statement.

At the time of Lizard Squad’s attacks, the general public was stunned. Despite Lizard Squad being on the tail end of a wave of teenage hacking groups in the 2010s, there was little awareness of the power that could be wielded by these otherwise amateur attackers. There might have been a vague feeling in the zeitgeist that “hackers in hoodies in their bedrooms” were increasingly causing problems, but this attack was immediate, unmissable, and easy to understand. It was of course also easy to get angry about. Over the next couple of days I came back to the story with follow-ups about the fallout as other Lizard Squad members spoke to YouTubers about the so-called “drama.” But the big thing the newsroom kept asking me was, When would these kids be arrested?

Vinnie Omari was the first. On New Year’s Eve he was raided by the South East Regional Organized Crime Unit, which collared him on suspicion of cyber fraud offenses committed in 2013 and 2014. It looked like the raid was for other alleged offenses involving PayPal fraud, but the search warrant, which later surfaced online, also referenced the Christmas DDoS attacks. “They took everything: Xbox One, phones, laptops, computer USBs, etc.,” Omari told reporter William Turton from the Daily Dot. He was later cleared of any involvement.

After Omari’s arrest, other Lizards were taken out too. On January 16, 2015, police announced that they had arrested an 18-year-old in Southport, near Liverpool. They didn’t give a name, but reporters at the Daily Mail identified him: “The ‘quiet’ teenager, named locally as Jordan Lee-Bevan, was arrested during a raid at his semi-detached home in Southport, Merseyside, today, with officers seizing computers as he was taken away in a police car.”

In 2016 teenager Zachary Buchta from Maryland was also arrested for his role in Lizard Squad and another group called PoodleCorp. As a boy he had been warned in 2014 about his criminal path by police who had caught him carrying out minor cybercrime activity. But he was undeterred and even changed his Twitter profile at one stage to @fbiarelosers to taunt the cops.

At the same time that Buchta was arrested, Dutch police raided and arrested another 19-year-old. Bradley van Rooy, who used the names “Uchiha” or “UchihaLS,” was accused of conspiring with other members of Lizard Squad to operate websites that provided cyberattack-for-hire services, facilitating thousands of DDoS attacks and trafficking stolen payment card account information for thousands of victims.

Bradley was put on bail for two years and eventually given a two-year suspended sentence and 180 hours of community service. The vast majority of charges against him were dropped as they had taken place when he was a minor. He ended up being convicted of the DDoS-for-hire operation and handling stolen credit cards. I tracked him down, and he openly talked about that period of his life, which he had put behind him a long time ago. “I’m now 27, and I see the damage that I did and understand that there could have been a higher punishment,” he says. “But then I also see that I was just a kid, and I had a troubled time at school and just fell into the hacking life after meeting the wrong people when I was playing the game _RuneScape_.”

Bradley’s journey and words track so perfectly to the experiences of almost every hacker I have met or interviewed. It’s as though there is a universal constant, whereby a subset of gamers in every generation is pulled into cybercrime in exactly the same way. There are literally billions of gamers in the world, so these people represent only a tiny fraction. But it seems to be inevitable and cyclical as hacker groups rise and fall.

The differentiating and more important aspect, though, is how these boys and young men react when they cross the line and are caught.

So what of Julius Kivimäki, aka “Ryan,” aka “Ryan Cleary” and many other aliases including the by now infamous “Zeekill”?

Surely, after appearing on TV and radio admitting that he was part of the gang, he too would be rearrested sharpish? Officers did indeed visit Kivimäki to interview him, but they did not arrest him—contrary to reports in the international media. It’s not clear why they took no further action, but perhaps when the teenager confidently said that police would find nothing on his computer he was right. “They’d have to let me go,” he had cockily asserted in our interview. If so, maybe his run-in with police years earlier had taught him to cover his tracks more effectively. Or maybe he hadn’t taken as much of a leading role in the DDoS attacks as he had claimed.

For Finnish cybercrime cop Antti Kurittu, seeing Kivimäki on TV was especially galling. Antti had raided and arrested Kivimaki two years earlier for other cyberattacks carried out with a different teenage cyber gang called HTP. “I remember watching your Sky News interview and just thinking ‘wow, this guy is not even trying to cover up his crimes. He’s just a different sort of person,’” Antti recalls.

It wasn’t until July 2015 that Kivimäki received his first criminal conviction. He was found guilty of the rather preposterous total of 50,700 instances of aggravated computer break-ins—one for every computer enslaved into HTPs botnet. He was also convicted of other offenses including data breach, money laundering, and being in possession of, and using, stolen credit cards. For all of these offenses, he was handed a two-year suspended sentence. If he had been an adult he could have got years behind bars, but as a minor and first-time offender he served no time in prison. So Kivimäki, just a few weeks from his 18th birthday, remained free. He began calling himself the “Untouchable Hacker God” on Twitter.

A year after Kivimäki’s sentencing, in a bizarre coincidence, Antti bumped into Kivimäki in Amsterdam. It was April 2016 and Antti was walking through the departures lounge of Schiphol Airport when he passed the by-then 18-year-old. Antti did a double take, gobsmacked to see him. It was so surreal that they both found it amusing and took a selfie. After a short chat, Antti asked Kivimäki if he was now “staying out of trouble.” Kivimäki replied, “Of course.” But when Antti asked him for a contact email address, he made one up with “@FBI.gov” at the end. They laughed and went their separate ways.

But, as Antti predicted, the Untouchable Hacker God would be back. Four years later he was. And this time he was linked to the cruelest cyberattack in history and had a new alias: ransom\_man.

_Excerpt adapted from_ Ctrl+Alt+Chaos: How Teenage Hackers Hijack the Internet _by Joe Tidy. Published by arrangement with Elliott & Thompson. Copyright © 2025 by Joe Tidy._

What Really Happened in the Aftermath of the Lizard Squad Hacks

A requirement that ICE agents ensure courthouse arrests don’t clash with state and local laws has been rescinded by the agency. ICE declined to explain what that means for future enforcement.

Immigration and Customs Enforcement has quietly rescinded guidance that advised ICE agents conducting courthouse raids to take steps to avoid violating state and local laws while carrying out civil immigration arrests. The subtle policy change could lead to an escalation in enforcement tactics and legal disputes.

Revised policy guidance recently posted to ICE’s website and reviewed by WIRED reveals efforts by the agency to enhance the discretion and autonomy of the federal agents making arrests in and around courthouses—one of the more aggressive initiatives employed by the Trump administration as part of its all-out push to round up migrants across the United States and its territories. The policy revision has not been previously reported.

In recent weeks, ICE agents have made high-profile arrests of immigrants attending routine court hearings, as part of the administration’s effort to conduct what Trump calls the largest deportation campaign in American history.

The change in guidance comes amid sweeping ICE raids across the US, some sparking protests and heated confrontations with citizens, threatening an erosion of local autonomy and democratic governance over law enforcement operations within communities, while further blurring the line between civil and criminal enforcement.

Interim guidance, issued in January by ICE’s former acting director, Caleb Vitello, ordered agents to ensure that courthouse arrests were “not precluded by laws imposed by the jurisdiction in which enforcement actions will take place.” Todd Lyons, the current acting director, issued a superseding memo dated May 27 that removes the language about respecting local laws and statutes that limit ICE agents from performing “enforcement actions” in or near courthouses.

“The old policy required ICE to consult with a legal adviser to determine whether making an arrest at or near a courthouse might violate a nonfederal law. The new policy eliminates that requirement,” says Anthony Enriquez, vice president at RFK Human Rights, a human rights advocacy nonprofit. “Now, these frequently complex legal questions fall to the judgment of a line officer untrained in local laws.”

“It is certainly yet another effort to unleash and expand ICE's enforcement operations without regard to state law,” says Emma Winger, deputy legal director at the American Immigration Council.

Federal policy guidance is not legally binding, but it carries the power of law in practice, mandating procedures that ICE agents must follow in carrying out enforcement operations.

In response to a request for comment, ICE spokesperson Mike Alvarez referred WIRED to the May 27 memorandum. ICE declined to clarify whether it would continue to consider local courthouse policies and security protocols during enforcement actions.

Vitello, responsible for issuing the original guidance, was appointed ICE acting director by President Donald Trump soon after inauguration. Vitello was removed in late February and reportedly transferred to oversee the agency’s deportation operations. Lyons assumed the acting directorship in March.

The Biden administration previously limited ICE enforcement actions in and around courthouses in 2021, saying the arrests—which reportedly spiked during Trump’s first term—“had a chilling effect on individuals’ willingness to come to court or work cooperatively with law enforcement.”

ICE policies continue to advise agents to “generally avoid” actions around courts focused on civil matters—the vast majority of immigration cases are civil in nature—without the authorization of a high-ranking supervisor. However, under Biden, such actions could only be taken at courts (of any kind) to resolve a national security matter or to prevent threats to public safety or the destruction of evidence material to a criminal case. The Biden-era policy was a response, in turn, to 2018 guidance issued under Trump, which had directed ICE to arrest migrants at local courthouses.

Last month, at a meeting shortly before Lyons once again altered the policy, Trump deputy chief of staff for policy Stephen Miller and Department of Homeland Security director Kristi Noem reportedly told ICE to deport 3,000 people per day, according to Axios, a drastic increase over the first Trump administration’s deportation rates.

Earlier this week, Lyons defended his agents' use of masks to hide their identities following a confrontation with citizens outside the Buona Forchetta restaurant in San Diego, California. Videos of the event captured by bystanders showed agents deploying flash-bang-type devices in an attempt to disperse the crowd. Passersby protesting the raid outside the South Park neighborhood restaurant can be overheard calling the masked agents “Nazis” and “fascists.”

Winger explains that ICE has long made arrests inside state courthouses without regard for state law. Agents often use court dockets, for instance, to locate migrants scheduled to appear in court, facilitating targeted arrests.

Last month, ICE agents arrested at least a dozen immigrants as they arrived at New York City courthouses for scheduled hearings—including a Bronx high school student. Under New York State law, federal immigration authorities are barred from making civil arrests in and around state courthouses without a judicial warrant. The law does not, however, restrict ICE from making arrests in federal courthouses, where immigration and asylum hearings are typically held. The City of New York on Monday sued Lyons and ICE, as well as DHS and Noem, over the Bronx student’s arrest in an effort to effect his release.

Winger expects the May 27 policy shift will impact states such as Colorado that have similar protections.

Last week, DHS published a list of so-called sanctuary jurisdictions that includes dozens of cities and counties that DHS said were not compliant with federal law. The effort was seemingly part of an initiative to push back against municipalities it believes are obstructing its immigration goals. On Sunday, after protests from local governments, DHS scrubbed the list from its website.

“This policy memorandum change is another attack from the Trump administration against state and local laws that enact across-the-board limits on civil arrests in sensitive locations like schools, churches, hospitals, and courthouses,” adds Enriquez. “In the future, we should expect to see legal challenges to the federal government's encroachment on state sovereignty. And in the meantime, we should also expect less justice in our local and state courts.”

ICE Quietly Scales Back Rules for Courthouse Raids

President Donald Trump has proposed building a massive antimissile system in space that could enrich Elon Musk if it materializes. But experts say the project’s feasibility remains unclear.

During A Press conference in the Oval Office late last month, US President Donald Trump doubled down on his plan to build a massive new missile defense system, largely based in space, he is calling the “Golden Dome.” In recent weeks, defense companies have begun vying for anticipated government contracts tied to the project, and three firms with deep connections to the White House—SpaceX, Palantir, and Anduril—have been named as purported front-runners.

Trump ordered plans to be drawn up for the Golden Dome within days of returning to office in January, and he said in May that it would be operational by the end of his term in January 2029. But behind the scenes over the past few months, competing defense companies and industry experts have told WIRED the future of the project isn’t certain.

They say it’s unclear whether the missile shield could be constructed in space the way Trump wants and how many contracts will ultimately be awarded. Trump recently claimed that he had selected a $175 billion design for the shield, but some experts expect the cost to be far greater, and they question how it will be paid for.

Although it has been compared to Israel’s Iron Dome missile defense system, some sources noted that a project of the Golden Dome’s size and scope has never been built before. “The Manhattan Project element of this is just simply the scale,” says John Clark, senior vice president of technology and strategic innovation at Lockheed Martin. “The technologies exist. The integration strategies we've demonstrated, they are available. It's really, how do you scale this?"

Trump said on May 20 that he had chosen Space Force general Michael Guetlein as a “lead program manager” for the Golden Dome. But Clark says that a number of different branches of the US military and federal government have been “providing feedback and insight” as part of the planning process, including a specialized group inside the Department of Defense called the Missile Defense Agency, as well as the Space Force, Space Development Agency, the Army, the Navy, and the Air Force. It’s unclear how many of them will ultimately remain involved.

“What I am seeing and hearing in our conversations is that each agency is still trying to understand where they fit into this really broad mission and architecture,” says Susanne Hake, general manager of US government business at the geospatial intelligence firm Maxar.

Mark Montgomery, executive director of the Cyberspace Solarium Commission, a government body that advises US policymakers on cyber- and space-based threats, believes that SpaceX is almost certainly going to play a major role in the initiative because of its existing dominance in the commercial space launch sector.

“The only thing I'd say is consistent, and almost definitely true, is SpaceX is going to be part of the launch cycle,” says Montgomery, who says it “would be criminal” to pick winners and losers this early in the process.

In mid-April, CEO Elon Musk said publicly that SpaceX “has not tried to bid for any contract” tied to the Golden Dome project. (It’s not possible at this stage for firms to make formal bids.) He added that he hopes “other companies” can work on it instead.

Musk did not respond to a request for comment asking what role he may have played in SpaceX’s work related to the Golden Dome.

Clark says that Lockheed Martin is having early-stage conversations with SpaceX, Palantir, and Anduril, as well as many other companies that it could eventually enter into partnerships with to work on the Golden Dome. “Candidly, I think it's a little premature to lock in on a team when you don't know exactly what the requirements are,” he tells WIRED.

Hake says that Maxar is also in early talks with other firms. She argues that Maxar’s products—such as imaging technology that can detect objects in low Earth orbit—are “pretty differentiated” from anything that SpaceX, Palantir, or Anduril have, meaning Maxar wouldn’t be in direct competition with them.

Clark says that Lockheed Martin has proposed an approach for the Golden Dome that involves building out the existing US missile defense system regionally, then nationally. The current system already includes many components from Lockheed Martin, including land- and sea-based antimissile systems, as well as a long-range radar for detecting missiles.

“Right now, that system has been attributed to ensuring, you know, zero US fatalities,” Clark says.

Anduril declined to comment. The US Department of Defense, SpaceX, and Palantir did not respond to requests for comment from WIRED.

**Why Upgrade?**

When Trump initially demanded the creation of a “next-generation” missile defense system in January, he referred to the project as the "Iron Dome Missile Defense Shield." It was later rebranded as a “Golden Dome for America,” according to a request for information published in April by the Missile Defense Agency.

An earlier February notice asked private companies to detail technological capabilities they possess that could help make the Golden Dome happen, including artificial intelligence and building space-based missile interceptors. It also outlined a laundry list of bells and whistles the Trump administration wants the shield to have, such as space-based sensors (for defending against hypersonic and ballistic missiles), a large satellite system for encrypted communications across the US military, and new weapons for striking down missiles both before and after they launch.

The existing system the US uses to protect itself from missiles and nuclear warheads relies on a constellation of radar sensors and launchpads equipped with antimissile ballistics stationed on US Navy ships and military vehicles around the world. It has the capability to detect when other countries launch missiles, track their paths, and intercept the weapons without detonating them. But many experts worry it’s woefully inadequate and can’t fully protect the US from the nation’s most pressing national security threats.

“We just kind of wished away the problem,” says Montgomery.

While the US military has spent lavishly on missile defense over the past few decades, it has “little to show” for it, argues a recently revised report published by the Panel on Public Affairs of the American Physical Society, a nonprofit that researches physics and other scientific issues.

The authors, who noted that US funding for missile defense typically only increases in response to things like “presidential advocacy,” concluded that America’s current system couldn’t reliably take down missiles and warheads from North Korea, let alone attacks from more sophisticated actors.

Montgomery tells WIRED that the US should be particularly concerned about advanced long-range ballistic and hypersonic missiles from China, Russia, and Iran.

**Going to Space**

Laura Grego, a senior research director at the Union of Concerned Scientists and a coauthor of the report, says she gets why the Trump administration wants the ability to launch missile interceptors from space.

Interceptors launched from land sites may have to travel hundreds of miles horizontally, while an interceptor in space needs to travel only a short distance to reach a missile and stop it in its tracks. “Most people's intuition is that space is far away,” Grego says. “But in this case, space is close. Space is about as close as you can get.”

Grego adds that the idea of building a futuristic antimissile system in the sky has preoccupied American leaders on and off for decades. President Ronald Reagan proposed a similar plan in the early 1980s nicknamed the “Star Wars” program by critics, which consisted of a space-based laser system to shoot down ballistics. While the kinds of technologies Reagan proposed using weren’t feasible at the time, they are now, Grego says.

Montgomery says that the US government will likely need to choose between building a new space-based system or building up its land-based system, because it would simply be too expensive to do both. “If you go down that second path of legacy systems now, you'll inevitably come up short on your space-based funding later,” he says.

But Grego says she believes that a space-based missile interceptor system would be highly vulnerable and impractical, because it requires using missile interceptors carried aboard satellites. Since the satellites would be constantly moving relative to the Earth's surface, the US would need an astronomical amount of interceptors to offer full protection.

Grego says that it only works when it's totally complete. “If you're able to pick apart that constellation and punch holes in it by using anti-satellite weapons or other types of attacks to the system, that whole thing basically becomes useless,” she explains.

Grego adds that a space-based interceptor system would likely cost trillions of dollars between building, launching, and replacing the interceptors—even considering the fact that new technology developed by SpaceX has helped push down the cost of satellite launches considerably in recent years. Satellites circling the earth in low Earth orbit also fall into the atmosphere and burn up after about three to five years, meaning components will need to be replaced regularly.

Trump dismissed concerns about how much the system will cost when asked about it by reporters last month. “We took in $5.1 trillion in the last four days in the Middle East, and when you think about it, this is a tiny fraction of that,” he said. (Prior reports pegged the deals to be worth more than $1 trillion, though the final amount remains unclear, and none of the deals are explicitly related to the Golden Dome.)

Montgomery says that cost isn’t necessarily a reason to rule out a space-based missile defense system entirely. “I’d spend as little as possible on legacy ground-based interceptors, because I think there's limited return in them over time,” he says. “They're expensive, and they're configured for yesterday's threat, and maybe today's threat, but probably not tomorrow's threat.”

The greatest danger of any version of the Golden Dome, Grego says, is that it could spark an arms race. Russia and China will likely view the missile defense system as a threat, because if the US becomes effectively immune to missile attacks, those countries fear American forces could act without fear of retaliation.

To counter this, Grego says, Russia and China may respond by building more offensive missiles to overwhelm or bypass American defenses, ultimately fueling an “unstable” cycle of escalation. “If your adversary builds up defenses so that they're immune, they're no longer vulnerable to you, then you have to do something,” she says.

When asked about concerns about the risk of an arms race at a press conference in May, Trump simply said, “Well, they’re wrong,” adding that the Golden Dome will be “about as close to perfect as you can have.”

The Race to Build Trump’s ‘Golden Dome’ Missile Defense System Is On

GPS jamming and spoofing attacks are on the rise. If the global navigation system the US relies on were to go down entirely, it would send the world into unprecedented chaos.

Around 12,500 miles above our heads, the satellites that make up the Global Positioning System (GPS) quietly keep the world running. A blackout would result in almost instantaneous chaos.

“You would see traffic jams, a lot more traffic accidents, because transportation is going to see the first most immediate impact,” says Dana Goward, the founder of the Resilient Navigation and Timing Foundation, a charity which works to strengthen GPS.

Thousands of planes in the air, which use GPS among other systems for navigation and precision landing, would face a wave of uncertainty. Then other critical parts of society—from financial transactions to energy production systems—which have come to rely upon the precision positioning, navigation and timing (PNT) provided by the US-owned constellation of 31 GPS satellites may start to stutter. The ripples would be felt around the world.

“If it was a catastrophic moment that happened at a blink of an eye and we lost GPS entirely, you would see this global seizure of everything that moves, every piece of data that moves, every human that moves. All of that would shut down,” says Erik Daehler, the vice president of defense, satellites, and spacecraft systems at Sierra Space. The timing signals included in GPS would be one of the most impactful losses. Cell phone connections would likely collapse. Billions would quickly be wiped from stock markets amid the disruption.

A GPS outage could be particularly ruinous to the United States, which has a heavy reliance on its sovereign space system and has dragged its feet in building backups that can provide the required resilience needed to keep the country running. The US has fallen behind, the National Space-based PNT Advisory Board warned last year. In contrast, China has reinforced its own more modern satellite navigation system—BeiDou—with a sprawling network of fiber-optic cables and terrestrial radio signals.

The conditions needed to cause the entire GPS network to be entirely knocked out would be extraordinary and likely would come with wider societal ramifications. Such an outage, for instance, could be caused by China or Russia firing anti-satellite weapons against the GPS satellites (the US also has anti-satellite weapons), a powerful geomagnetic storm, or an escalation in the capabilities of electronic warfare.

Despite the improbability of a total outage, GPS isn’t infallible. It has its demons. “What really happens is, regionally, GPS gets messed with and jammed and interfered with on a regular basis,” Daehler says. Thousands of planes and ships are having their GPS interfered with each week, and signals are regularly disrupted around war zones.

“America is not well prepared at all,” Goward says. More should be done to build out PNT systems that can act as a backstop to the space-based GPS signals, he says. “There’s not a general overall awareness. We certainly don’t have a resilient PNT architecture or a PNT architecture of any kind other than GPS.”

The GPS constellation of 31 satellites, which has received several hardware updates over the years, has been in operation for the past 40 years. The system typically broadcasts at 100 percent availability and provides accurate location data to within 7 meters.

The GPS satellites are just one of the four so-called global navigation satellite systems (GNSS) in operation. As well as China’s BeiDou, there is Russia’s GLONASS and Europe’s Galileo constellation. Over the past half decade, though, GNSS signals have increasingly been attacked as the technology to disrupt them has become cheaper and more sophisticated. Most commonly, disruption happens around Russia, Israel, Myanmar, the South China sea, areas of the Middle East, and the Baltic countries in Europe.

Broadly, there are two main forms of attack against GNSS signals: jamming and spoofing. Jamming involves blocking signals so that positioning isn’t available, while spoofing involves creating mock signals that make something appear somewhere else on the map. Ships have been made to appear inland at airports, while planes are made to look like they are flying in tight circles. In one video shared by the Resilient Navigation and Timing Foundation that appears to show GPS interference, a plane’s systems blast out a warning message to “pull up” when its pilots reported they were flying higher than Mount Everest.

“I’m most concerned about aviation,” says Todd Humphreys, the director of the University of Texas at Austin’s radio navigation laboratory. “At least one fatal aviation accident in Europe can be traced to GNSS interference as a primary cause. A deliberate attack against US aviation, as opposed to the collateral attacks in Europe, would cause astounding economic harm.” The number of spoofing incidents last year was 500 percent higher than in 2023, according to aviation officials.

The US Space Force, which is responsible for the GPS satellites, did not respond to a request for comment for this article from WIRED.

Across the US, PNT data is crucial to almost all critical infrastructure—from communications and health care monitoring systems to food production and wastewater management—but GPS is often the “sole” source of this information, according to the Cybersecurity and Infrastructure Security Agency, making the systems more vulnerable. (The military uses a more robust GPS setup than commercial applications).

“There is no one sector that doesn’t use GPS, and some are more reliant than others. Users in these sectors are not all acutely aware of the risks associated with their dependency on it and the ways that the system can be disrupted or degraded,” says Caitlin Durkovich, a former national security official and critical infrastructure expert.

Building a “layered” approach could help to make GPS less vulnerable to attack, experts say. Both Europe’s Galileo and China’s BeiDou are newer than GPS and, in some ways, more resilient. Last year, the National Space–based PNT Advisory Board produced a comparison of GPS and BeiDou that flagged a broader series of backups to Beijing’s system.

While GPS satellites are located only in middle Earth orbit, BeiDou has satellites in multiple orbits and is further along in deploying them into low Earth orbit. China also has a terrestrial radio broadcast network, called eLoran, and has laid 20,000 kilometers of fiber-optic cables that link up with 295 timing centers to broadcast alternatives.

“In the case of BeiDou, the system’s enhanced resiliency and capability should be considered an element of ‘soft power’ and an element of great power competition,” the advisory board wrote last year. The board, led by Admiral Thad Allen, a former leader of the US Coast Guard, called for a more joined-up approach to managing PNT across the US government and for GPS to be specifically designated as “critical infrastructure.”

On April 26, 2024, the first of two Finnair flights were forced to turn around due to GPS interference likely carried out by Russia. After a second aircraft was diverted the following day, Finnair suspended its daily flights between Helsinki and Tartu, Estonia. _Source: AirNav_

“I think there has to be a federal role in this, both because the system and signals are operated and provisioned by the federal government. But because of the complexity of the system and the fact that you need a common standard,” Durkovich says.

“We’d like to see a core national PNT architecture,” Goward says. “Then we would suggest some form of fiber network and a terrestrial broadcast. We think it would be a substantial deterrent and it would actually make space-based systems safer because folks would be less likely to interfere with it.”

Across the country, there are various levels of backup systems in place that have been sporadically introduced and multiple ongoing efforts to improve the GPS setup. Financial institutions, for instance, have been deploying atomic clocks to ensure they have backups for the timing element provided by GPS and telecoms networks have some capacity in place.

“It’s not to say that the US doesn’t have a robust timing infrastructure, actually it’s quite robust,” says Jeremy Bennington, the vice president of PNT Assurance at Spirent Communications, adding that much of it is spread across commercial entities, a stark difference to China’s national approach. “I do think that a backup is going to be required so that you end up with that layered approach.”

The calls to modernize PNT have increasingly become more urgent. In 2020, a first-term Trump executive order called for making PNT systems more resilient. At the end of March this year, the Federal Communications Commission opened an inquiry to identify GPS alternatives that can provide backups. “Relying on GPS alone as the primary source of PNT data leaves America exposed to a single point of failure and leaves our PNT system open to disruption or manipulation by adversaries,” the FCC said at the time.

There are multiple ways to add more resilience and upgrade the existing GPS system. The military has long been working on upgrades to be used in defense situations. Bennington says that GPS satellites could be added to other orbits and the further rollout of more capable signals. Daehler and colleagues at Sierra Space are working on creating ways to reduce the impact of jamming and spoofing.

Lisa Dyer, the executive director of the GPS Innovation Alliance, says the GPS system could build in authentication to confirm its signals are genuine, like Galileo and BeiDou. Dyer says that rolling out the newer L5 signal can also build in more protection for planes and aviation. “To me that's an important national objective of the United States: that GPS remains the de facto international navigation standard,” Dyer says.

There are also hardware updates happening, though some of them are slow and have dragged on for years. The US Space Force has recently been funding multiple companies to develop low Earth orbit satellite GPS constellations and quickly launching systems into space. Elsewhere, quantum technologies are being used to create new navigation systems. SandboxAQ, a Google spinout, is working on magnetic navigation.

Ultimately, as well as better government management around GPS, organizations need to spend money to upgrade their systems and protections, Bennington says. That means spending money. “If GPS jamming or spoofing were to happen at any major airport, whether it's Heathrow, Frankfurt, Munich, New York, the amount of cancellation and delays in the cost incurred by the airlines just in several hours would be more than the cost to upgrade their fleets,” he says.

A GPS Blackout Would Shut Down the World

Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere—or when disaster strikes.

Hypothetical: You wake up tomorrow morning to find a superstorm that developed overnight thanks to climate change has sparked a chain of events that abruptly ushers in a new ice age and alters human society as we know it. (Yes, this is the plot of _The Day After Tomorrow_. Stick with us.) All the communication networks you relied on are down. Your phone is basically worthless. The internet has functionally ceased to exist. But you need to connect with people you trust to get help and survive. What do you do? More importantly, how did you prepare?

Less Hollywood-esque versions of having no cell service or Wi-Fi happen all the time, of course; maybe you’re hiking in a secluded area, white-knuckling through a major natural disaster, or living under a repressive regime that cuts internet access to quash public protests. Fortunately, for all these scenarios, there’s a low-budget solution: Meshtastic.

Meshtastic is a program that enables devices to send text messages over long distances without needing Wi-Fi or cell service. Long range radio (LoRa) nodes help pass messages along, forming a network of devices that can talk to each other even in remote areas. Messages hop from device to device, with each node relaying messages it hasn't seen before—extending the network’s reach across miles using minimal power. That is to say, Meshtastic is designed specifically for sending text messages over free-to-use radio frequencies to both groups and individuals, even when cell service and internet connections are nowhere to be found.

“The cool thing about Meshtastic is that it’s like a radio infrastructure without the infrastructure. It’s ad hoc,” says Eric Kristoff, a volunteer member of the Chicago chapter of the Mars Society, a nonprofit that advocates for the human exploration and colonization of Mars.

Kristoff says the group has been testing the use of Meshtastic as a way to give Mars Society “analog astronauts” the ability to communicate and keep track of each others’ locations without the use of earthly infrastructure.

“We have a set of Meshtastic T-Echo radios, about the size of a deck of cards, and they are worn on the person of the analog astronaut,” he says.

The radios that use Meshtastic cost roughly $30 (though you can spend two, three, or four times that if you want to). And because they operate over unlicensed radio frequencies on a network created by personal devices, they’re essentially free to use. Each message is end-to-end encrypted, ensuring privacy while it’s relayed through the network. And Meshtastic’s optional location-tracking capabilities give people a way to monitor their communities and keep tabs on their kids—or fellow analog astronauts—without using invasive, data-hungry apps.

Kristoff says that Mars Society members will take weeks-long excursions in remote areas with little cellular or Wi-Fi connectivity, which creates additional risks.

“There is heat stroke. We are two hours from the nearest hospital. If you go too far from the campus, it can get dangerous,” Kristoff says of the experience. “So anytime there’s a risk, the risk is made worse if people don’t know where you are.”

Most Meshtatic devices currently on the market need to pair with a phone over Bluetooth to function as a texting alternative. Some devices are just a radio, antenna, and battery, with the expectation that you’ll make the housing yourself. The radio does all the device-to-device communication, while the iOS and Android apps or the web client let you read and compose messages that are received or sent over the network—no service plan needed.

The apps also allow you to see the approximate location of nearby nodes and a map of the Meshtastic network. But fancier stand-alone devices are already available, like a line of Meshtastic-enabled gadgets from maker-friendly tech firm LilyGo that, in addition to the T-Echo model used by Mars Society members, includes Blackberry-like handhelds with their own keyboards, a smartphone-like device with an e-paper screen, and even a Meshtastic-enabled smartwatch.

Meshtastic was created by technologist Kevin Hester in early 2020 as a way to communicate while doing “any hobby where you don’t have reliable internet access,” and it remains a grassroots endeavor, with established local communities spanning from Argentina to China that are ripe with a DIY ethos. The software itself is open source, meaning anyone can theoretically contribute, and hundreds have. Still, as with many open source projects, a core group of volunteer developers help maintain the Meshtastic firmware, mobile apps, and more.

Jonathan Bennett, a self-described “Linux guy” who upgraded Meshtastic to stronger end-to-end encryption for direct messaging and keeps the software working on Linux, says he first got involved in the project after a listener of one his podcasts wanted a way to communicate with friends while attending a festival where the cell network could get overloaded.

“I put my open source enthusiast hat on and I went looking, and I came across Meshtastic,” he says. “And it immediately tickled my interest.”

Bennett says he ultimately connected with Garth Vander Houwen, a C# developer who wrote Meshtastic’s iOS app, and Ben Meadors, another C# developer who took on maintaining the Android app, web client, firmware, and other parts of the Meshtastic ecosystem after Hester needed to step back due to health issues.

Like Bennett, Vander Houwen and Meadors got involved with Meshtastic while looking for solutions to real-life problems. Vander Houwen, an iPhone user, says he found Meshtastic while on the hunt for a way to communicate as he hiked on remote trails in the Seattle area, just to find that it only had an Android app. He decided to write the iOS app himself. “So the fact that there was not an iOS app for Meshtastic was kind of how I got started,” he says, “and it's been a lot of fun.”

Meadors says he came to Meshtastic after a dangerous tornado hit his home state of Arkansas, causing major damage. “My kind of initial use case was honestly a backup communication for storm-related outages,” Meadors says. After taking part in the cleanup effort around Little Rock, he realized the value of a decentralized, off-grid communication network like Meshtastic. “It's just really handy to have anywhere where you’ve got a limited connection to the grid.”

None of which is to say you should throw your cell phone in the sea and go all-in on Meshtastic. At least not yet. First, getting into the world of LoRa remains a little bit technical, so if the idea of “flashing” your device with new firmware makes you instinctively pick up your phone to scroll TikTok, it might not be the hobby for you. Even if you are tech savvy, the system has some notable limitations.

Using the decentralized mesh network requires having your Meshtastic device in range of at least one other radio; obstructions like buildings, trees, and hills or mountains can prevent the line-of-sight communication needed to join the mesh network. This means it may only be reliable when there’s a variety of other Meshtastic nodes in the area.

Next is what Meadors calls the “narrowness” of the network’s technical capabilities. “One of the most frequent things that we get is, ‘Can I replace the internet with this?’ No, no you cannot,” he says. “You can send text messages.” Mercifully, that does include emoji.

Photograph: Michael Tessier

This may be obvious, but you also need to have a network set up before disaster hits, Meadors says. So, set up anyone who you might need to communicate with during a cell and internet blackout before it actually happens. And, due to relatively frequent firmware updates, you can’t just toss your device in a bug-out bag and forget about it. But “if it's something that you actually use, like if you pull it out and use it once a month, you'll be good to go,” Bennett says.

Then there’s the issue of raw bandwidth. This limitation can cause issues when a lot of people are trying to use the network at the same time. At a ham radio convention in Dayton, Ohio, last year (yes, it’s called Hamvention), the Meshtastic network crashed after someone ran a program that flooded the network with additional traffic, pushing the Meshtastic network to its limits.

“Because literally one person turned on this MQTT bridge, which then joined the rest of us into this mesh in a metal building in Dayton, it crashed the whole mesh immediately,” Vander Houwen says.

After this incident, Vander Houwen, Bennett, and Meadors went to work to prepare for the upcoming Defcon hacker convention in Las Vegas, ultimately releasing a special firmware for the much larger event that Vander Houwen estimates allows “somewhere between 2,000 and 2,500 nodes” to operate on the network simultaneously. A similar firmware released ahead of the 2025 Hamvention in May drew praise from the community.

Despite Meshtastic’s limitations, its promise as a backup communication system—and the sheer fun you can have with it—continues to pull in new enthusiasts. The Android app alone has drawn thousands of reviews, and the Meshtastic subreddit has grown to nearly 50,000 members. Some municipalities are even hoping to launch Meshtastic networks to help protect their communities in the event of natural disasters.

For Bennett, Meadors, and Vander Houwen, they’re excited to not just see the number of Meshtastic nodes increase, but to see the technology develop into something anyone can use without having to become an enthusiast or “analog astronaut” at all.

“I think the biggest thing for me too is that it’s not just accessible from the aspect of the hardware being available to more people. I want to make the software more accessible,” Meadors says. “I want to make the experience such that I can hand this device to anybody and have them download the app and start messaging. We've come a long way. I think there's still some room to grow there.”

_Updated at 10:25 am ET, June 4, 2025: Corrected a misspelling of Ben Meadors' surname._

Source

Wired