Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage.

Mandiant researchers published findings this week about a newly revealed Chinese espionage operation that used Sogu malware to spy on the African operations of both European and US organizations. The campaign is significant for the scope of its victims, but also because attackers used a classic malware distribution method: thumb drives. The attacks are the latest example of China's aggressive global espionage—but read on for statements from the Chinese government about alleged US cyberattacks and digital espionage.

After Elon Musk claimed recently that primates used in Neuralink implant research were close to death anyway, a WIRED investigation this week revealed grisly details about the truth of their deaths that appear to dispute the characterization that the animals were all terminally ill. The revelations come as Neuralink is pursuing human trials of its brain-chip implants. 

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Kia and Hyundai cars have been plagued for years by vulnerabilities—and simply missing protective features—in their antitheft systems that make the cars far too easy to steal. Recently, the companies have been attempting to distribute updates to remedy the situation, but the flaws have already resulted in skyrocketing car theft rates around the United States. New data from 10 US cities compiled by Motherboard through public records requests illustrate the extent of the problem. In Chicago, for example, average car theft rates of about 850 per month are now consistently up to more than 2,000 per month. Similarly, before 2021, rates in Denver used to hover around 800 stolen cars per month. They now typically top 1,000. Atlanta's car theft rates have doubled from their old level before 2022 of fewer than 250 incidents per month. 

“Stolen car rates are not up by 10 percent, or 20 percent, or even 50 percent,” the report says. “In many cities, they are up hundreds of percentage points, Motherboard has found. Rates of stolen Kias and Hyundais in particular are up thousands of percentage points.”

Over the past two weeks, MGM Resorts has been dealing with the very public fallout of a recent cyberattack. Caesars Entertainment also admitted last week that it recently suffered a data breach and faced criminal extortion demands. Adding to the larger context, an executive for the enterprise identity management firm Okta said this week that the same gang that targeted MGM and Caesars, known as Alphv, also hacked three other targets since August as part of the same spree.

That makes five Okta customers in total that were affected. David Bradbury, Okta's chief security officer, would not name the other three victims but said they are in the technology, retail, and manufacturing sectors. Bradbury said Okta is cooperating with law enforcement investigations into the hacks.

Wiz security firm published findings this week that Microsoft AI researchers unintentionally exposed 38 terabytes of private data on the developer platform GitHub while attempting to open-source a repository of training data. The leak included internal Microsoft data, including more than 30,000 Teams messages, passwords, and private keys. The exposure occurred because of a misconfiguration in how the researchers used an Azure Storage data-sharing feature.

This week, officials from China's Ministry of State Security publicly accused the US government of breaching and monitoring Huawei's networks in a 2009 espionage attack. The statement also alleges that the US has conducted “tens of thousands of malicious network attacks” on Chinese institutions and organizations to surveil networks and steal data. Furthermore, the officials claimed that the US government has planted backdoors in software and hardware produced around the world to enable global surveillance. China has accused the US of cyberespionage before—and certainly conducts its share of surveillance and data exfiltration operations. Meanwhile, Huawei has been a particular lightning rod in longtime disputes between the US and China about digital and technical security.

The Shocking Data on Kia and Hyundai Thefts in the US

Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

For much of the cybersecurity industry, malware spread via USB drives represents the quaint hacker threat of the past decade—or the one before that. But a group of China-backed spies appears to have figured out that global organizations with staff in developing countries still keep one foot in the technological past, where thumb drives are passed around like business cards and internet cafés are far from extinct. Over the past year, those espionage-focused hackers have exploited this geographic time warp to bring retro USB malware back to dozens of victims’ networks.

At the mWise security conference today, researchers from cybersecurity firm Mandiant revealed that a China-linked hacker group they’re calling UNC53 has managed to hack at least 29 organizations around the world since the beginning of last year using the old-school approach of tricking their staff into plugging malware-infected USB drives into computers on their networks. While those victims span the United States, Europe, and Asia, Mandiant says many of the infections appear to originate from multinational organizations’ Africa-based operations, in countries including Egypt, Zimbabwe, Tanzania, Kenya, Ghana, and Madagascar. In some cases, the malware—in fact, several variants of a more than decade-old strain known as Sogu—appears to have traveled via USB stick from shared computers in print shops and internet cafés, indiscriminately infecting computers in a widespread data dragnet.

Mandiant researchers say the campaign represents a surprisingly effective revival of thumb drive-based hacking that has largely been replaced by more modern techniques, like phishing and remote exploitation of software vulnerabilities. “USB infections are back,” says Mandiant researcher Brendan McKeague. “In today’s globally distributed economy, an organization may be headquartered in Europe, but they have remote workers in regions of the world like Africa. In multiple instances, places like Ghana or Zimbabwe were the infection point for these USB-based intrusions.”

The malware Mandiant found, known as Sogu or sometimes Korplug or PlugX, has been used in non-USB forms by a broad array of largely China-based hacking groups for well over a decade. The remote-access trojan showed up, for instance, in China’s notorious breach of the US Office of Personnel Management in 2015, and the Cybersecurity and Infrastructure Security Agency warned about it being used again in a broad espionage campaign in 2017. But in January of 2022, Mandiant began to see new versions of the trojan repeatedly showing up in incident response investigations, and each time it traced those breaches to Sogu-infected USB thumb drives.

Since then, Mandiant has watched that USB-hacking campaign ramp up and infect new victims as recently as this month, stretching across consulting, marketing, engineering, construction, mining, education, banking, and pharmaceuticals, as well as government agencies. Mandiant found that in many cases the infection had been picked up from a shared computer at an internet café or print shop, spreading from machines like a publicly accessible internet-access terminal at the Robert Mugabe Airport in Harare, Zimbabwe. “That’s an interesting case if UNC53’s intended infection point is a place where people are traveling regionally throughout Africa or even possibly spreading this infection internationally outside of Africa,” says Mandiant researcher Ray Leong.

Leong notes that Mandiant couldn’t determine whether any such location was an intentional infection point or “just another stop along the way as this campaign was propagating throughout a particular region.” It also wasn’t entirely clear whether the hackers sought to use their access to a multinational’s operations in Africa to target the company’s European or US operations. In some cases at least, it appeared that the spies were focused on the African operations themselves, given China’s strategic and economic interest in the continent.

The new Sogu campaign’s method of spreading USB infections might seem a particularly indiscriminate way to conduct espionage. But, like the software supply chain attacks or watering hole attacks that Chinese state-sponsored spies have repeatedly carried out, this approach may allow the hackers to cast a wide net and sort through their victims for specific high-value targets, McKeague and Leong suggest. They also argue that it means the hackers behind the campaign likely have significant human resources to “sort and triage” the data they steal from those victims to find useful intelligence.

The Sogu USB malware uses a series of simple but clever tricks to infect machines and steal their data, including in some cases even accessing “air-gapped” computers with no internet connection. When an infected USB drive is inserted into a system, it doesn’t automatically run, given that most modern Windows machines have autorun disabled by default for USB devices. Instead, it tries to trick users into running an executable file on the drive by naming that file after the drive itself or, if the drive has no name, the more generic “removable media”—a ruse designed to fool the user into unthinkingly clicking the file when they attempt to open the drive. The Sogu malware then copies itself onto a hidden folder on the machine.

On a normal internet-connected computer, the malware beacons to a command-and-control server, then starts accepting commands to search the victim machine or upload its data to that remote server. It also copies itself to any other USB drive inserted into the PC to continue its machine-to-machine spread. If one variant of the Sogu USB malware instead finds itself on an air-gapped computer, it first attempts to turn on the victim’s Wi-Fi adapter and connect to local networks. If that fails, it puts stolen data in a folder on the infected USB drive itself, storing it there until it’s plugged into an internet-connected machine where the stolen data can be sent to the command-and-control server.

Sogu’s focus on espionage and the relatively high number of USB-based infections is a rare sight in 2023. Its USB propagation is more reminiscent of tools like the NSA-created Flame malware that was discovered targeting air-gapped systems in 2012, or even the Russian Agent.btz malware that was found inside Pentagon networks in 2008.

Surprisingly, however, the Sogu campaign is just part of a broader resurgence of USB malware that Mandiant has spotted in recent years, the researchers say. In 2022, for instance, they saw a massive spike in infections from a piece of cybercrime-focused USB malware known as Raspberry Robin. And just this year, they spotted another strain of USB-based espionage malware known as Snowydrive being used in seven network intrusions.

All of this, McKeague and Leong argue, means that network defenders shouldn’t fool themselves into thinking that USB infections are a solved problem—particularly in global networks that include operations in developing countries. They should be aware that state-sponsored hackers are carrying out active espionage campaigns via those USB sticks. “In North America and Europe, we think this is an old infection vector that’s been locked down,” Leong says. “But there are exposures in this other geography that are being targeted. It’s still relevant, and it’s still being exploited.”

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

Plus: Spyware-packing ads, TikTok GDPR violations, Elon Musk investigations, and more.

China-linked hackers are increasingly moving beyond espionage and into the disturbing world of power grid attacks. Threat researchers at security software firm Symantec this week released new evidence that the Chinese hacking group known as APT41 infiltrated the power grid of an Asian nation. Some details of the latest intrusion echo a 2021 attack on India’s power grid, suggesting the same hackers are responsible.

In Argentina, a scandal is playing out over the use of facial recognition software in Buenos Aires. Despite laws that require authorities to limit searches to known fugitives, an investigation by a judge found that the system was used to look up people not wanted for any crimes. In other cases, errors led police to arrest or question the wrong people. While Buenos Aires is attempting to get the system back online after legal rulings ordered it turned off, the debacle shows how dangerous facial recognition can be even when laws are in place to limit it.

Facial recognition isn’t the only artificial-intelligence-powered system governments are using in new and upsetting ways. Like everyone else, state and local governments around the United States have begun to play with generative AI tools like ChatGPT. And so far, there’s no consensus on how to use the technology. Some US states, like Maine, have temporarily banned its use altogether, fearing cybersecurity concerns, while others are using it to craft speeches and social media posts.

Meanwhile, the US Senate is in the midst of getting an AI education. Around 60 senators attended a closed-door briefing this week, where they heard from major tech CEOs, including Elon Musk, Mark Zuckerberg, and Sam Altman, as well as civil liberties advocates and AI ethics experts. The Senate has been learning about AI and its myriad issues for much of the year, and another forum on AI innovation is scheduled for later this year. Despite these cramming sessions, some lawmakers question whether they’re any closer to tackling AI responsibly.

Finally, the cyberattack against MGM casinos continues to cause havoc for guests of its resorts nearly a week after the attack began. While an attack on a major casino company is inevitably high-profile, the group behind the breach, known as Alphv, has a long history of targeting schools and hospitals—attacks that are far more consequential.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Unless you updated your browser in the past few days, it likely contains a critical flaw. The recently disclosed vulnerability exists in the WebP code library known as libwebp, which encodes and decodes images in the widely used WebP format. Known generally as a “heap buffer overflow,” the flaw can be exploited using a specially crafted malicious image, allowing an attacker to run malicious code on a targeted device. Google says the bug has already been exploited in the wild.

Initially identified early this week as a zero-day vulnerability in Google’s Chrome browser, the libwebp bug impacts browsers built using Chromium, which means Chrome, Mozilla’s Firefox, Microsoft Edge, Opera, Brave, and more. It also affects apps like Telegram, 1Password, Thunderbird, and Gimp. Patches for the flaw are rolling out now, so keep your eyes peeled for updates.

Malicious online ads—also known as “malvertising”—have been around for years. Now, they’re going pro. Several Israeli companies are developing exploits that take advantage of weaknesses in the technical mechanisms that bombard you with ads online, _Haaretz_ reports, allowing attackers to track people and hack their devices. The exploit takes advantage of the online advertising bidding process, in which bots are competing for specific ad slots on web pages in real time. Taking advantage of the fraction of a second before an ad slot is filled, these companies have figured out how to show you an ad that reportedly contains “advanced spyware.” While there’s no quick fix for stopping the spread of this malware, there is something simple you can do to protect yourself: Use an ad blocker.

European data regulators fined TikTok €345 million ($368 million) this week for breaking laws related to the privacy of underage users. The Irish Data Protection Commission (DPC) said the company violated GDPR by failing to make the accounts of child users private by default. The DPC also says TikTok’s “family pairing” feature, which enables an adult to take control of a child’s account settings, did not ensure that the adult with access to the feature was a parent or guardian. TikTok says it opposes the fine because it had updated its settings to make the accounts of anyone under 16 years old private by default before the investigation began.

Turns out, secretly interfering in the battle plans of a United States ally doesn’t go over well in Washington. The US Senate Armed Services Committee has launched an inquiry into Elon Musk’s decision to not enable Starlink satellite communications in Crimea ahead of a Ukrainian military attack on Russian forces. The move, first revealed in author Walter Isaacson’s new biography on Musk, also prompted several Democratic senators to send a letter to the US defense secretary, Lloyd Austin, asking him to explain what actions the Department of Defense (DOD) has taken, or plans to take, to “prevent further dangerous meddling” by Musk.

“SpaceX is a prime contractor and a critical industry partner for the \[DOD\] and the recipient of billions of dollars in taxpayer funding,” the letter reads. “We are deeply concerned with the ability and willingness of SpaceX to interrupt their service at Mr. Musk’s whim and for the purpose of handcuffing a sovereign country’s self-defense, effectively defending Russian interests.”

Even if you have a spotless record, passing a background check can be one of the most stressful parts of landing a new job or an apartment. We have bad news: It’s possible the information used to assess your eligibility might not be accurate. The US Federal Trade Commission (FTC) this week announced a $5.8 million fine against background check providers TruthFinder and Instant Checkmate for “failing to ensure the maximum possible accuracy of their consumer reports,” a violation of the Fair Credit Reporting Act. The FTC alleges that the companies “made millions” by selling subscriptions that would alert people when a “criminal record” was found in their background check, “when the record was merely a traffic ticket.” The company also displayed “Remove” and “Flag as Inaccurate” buttons that the FTC says “did not work as advertised.”

The regulatory ding against TruthFinder and Instant Checkmate comes several months after the companies confirmed a data breach. In January, hackers leaked the personal information of millions of customers by leaking an April 2019 database backup stolen from the companies.

You Need to Update Google Chrome or Whatever Browser You Use

Cyberattacks on casinos grab attention, but a steady stream of less publicized attacks leave vulnerable victims struggling to recover.

The casino and hotel company MGM Resorts has dealt with widespread system outages and service disruptions at its properties in Las Vegas and elsewhere this week following a cyberattack that the company has been scrambling to contain. Meanwhile, Caesars Entertainment said in a United States regulatory filing on Thursday that it suffered a recent data breach in which many of its loyalty program members' Social Security numbers and driver's license numbers were stolen, along with other personal data.

The two high-profile incidents have drawn scrutiny this week, with MGM customers reporting sporadic keycard issues in the company's hotels, slot machines gone dark, ATMs out of order, and other difficulties staying at MGM properties and cashing out winnings. After Bloomberg broke the news on Wednesday about the Caesars breach, _The Wall Street Journal_ reported on Thursday that Caesars had paid roughly half of the $30 million its attackers demanded in exchange for a promise that they wouldn't release stolen customer data. While both are significant, experts emphasize that the fallout from this pair of prominent hacks fits into a broader context of ransomware attacks as a ubiquitous, unrelenting, and inveterate threat.

The recent spate of casino hacks fits into a larger cycle in which certain cyberattacks bring a lot of attention to digital threats and even spur governments to act. Ultimately, ransomware and data extortion attacks settle into the background again, even as they continue to wreak havoc and impact vulnerable populations.

“Attacks against casinos are dramatic and draw attention. We have whole movie and TV franchises about casino heists,” says Lesley Carhart, director of incident response at the industrial-control security firm Dragos. Still, “a lot of life-impacting attacks on critical infrastructure and health care occur far less visibly, and therefore, they aren't an easy draw for mass media. I do not think this is an issue with cybersecurity or even media in its entirety—it is a human psychology issue. We've had that problem for a long time in the industrial-control system cybersecurity space where attacks could really mean life or death, but are not a great story​.”

An affiliate of the notorious ransomware group Alphv, a Russia-based gang that is also known as BlackCat, claimed responsibility this week for the MGM attack. The group denied involvement in the Caesars hack. Casinos have long been a target for attackers because they make a lot of money, hold potentially valuable customer data, and historically haven't always been well secured. MGM itself suffered a breach in 2019 in which more than 10.6 million hotel customers had their data stolen and ultimately published online by hackers.

But Alphv is known for being a prolific and ruthless attacker even when its hacks aren't garnering constant coverage and discussion. As many cybercriminals do when they are looking to extort money from victims, the gang has targeted health care organizations and other critical institutions that hold sensitive data. Alphv has even been known to release samples of stolen data, like intimate and graphic medical photos, in an attempt to pressure targets into paying their ransom.

These tactics have escalated as global law enforcement's efforts to deter cybercriminals and keep victims from paying ransoms have made inching progress. But those gains have been undermined by dogged and aggressive attackers bent on making a profit no matter the impact on victims.

“While attacks on dice joints and sausage factories are what brings ransomware into the limelight, at least it’s _in_ the limelight," says Brett Callow, a threat analyst at the antivirus company Emsisoft. “The more attention the problem gets, the more policymakers may be inclined to try new strategies. And new strategies are desperately needed. Ransomware is at or close to record level, so the current strategies obviously are not working.”

Law enforcement around the world, including the FBI, has long discouraged victims from paying ransoms. And governments have at times been able to impose limits or bans on targets' ability to pay if a cybercriminal actor is under sanctions. But Callow says it may be time for governments to add more limitations on when ransoms and extortion demands can be legally paid, since so many actors operate with impunity in countries like Russia where they often can't be effectively prosecuted.

Ultimately, researchers suggest that while there is no simple solution to the threat of ransomware, each high-profile incident that breaks through into the public consciousness should be used as an opportunity to educate institutions and legislators about the reality of the risks and the need to invest resources in improving digital defenses proactively.

“We generally see more coverage of cases that impact end users or consumers in a way that makes daily activity more challenging—getting gas, buying meat at the grocery store, hundreds or thousands of people trying to check into a hotel room after a long day of traveling—because those impacts are a bit more tangible and relatable for the average person,” says Wendi Whitmore, senior vice president of the threat intelligence group Unit 42 at cybersecurity firm Palo Alto Networks. “If there is any silver lining to these types of cases, it could be that they garner attention that helps more organizations learn lessons proactively by studying these cases and closing potential gaps in their environments, so the same attacks are less successful in the future.”

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

Senators are meeting with Silicon Valley's elite to learn how to deal with AI. But can Congress tackle the rapidly emerging tech before working on itself?

Congress could force all tech companies to watermark AI-generated content, as many on Capitol Hill support, but that would amount to window dressing in today’s political climate.

“Honestly, I don't think that that is going to solve the problem,” says Chinmayi Arun, executive director of the Information Society Project and a research scholar at Yale Law School. “It’s a rebuilding of trust, but the new technologies also make a disruptive version of this possible. And that's also kind of why maybe it's necessary to label them so that people know that.”

At least one senator seems to agree. Senator J. D. Vance, an Ohio Republican, says it may be a good thing for all of us to mistrust what we see online. “I'm actually pretty optimistic that over the long term, what it's going to do is just make people disbelieve everything they see on the internet, but I think in the interim, it actually could cause some real disruptions,” Vance says.

In 2016 and 2020, misinformation and disinformation became synonymous with American politics, but we’ve now entered a deepfake era marked by the democratization of the tools of deception, subtle as they may be, with a realistic voice-over here or a precisely polished fake photo there.

Generative AI doesn’t just help easily remake the world into one’s political fantasies, its power is also in its ability to precisely transmit those fakes to the most ideologically vulnerable communities where they have the greatest ability to spark a raging e-fire. Vance doesn’t see one legislative fix for these complex and intertwined issues.

“There's probably, on the margins, things that you can do to help, but I don't think that you can really control these viral things until there's just a generalized level of skepticism, which I do think we'll get there,” Vance says.

“Scripted” Political Theater

Over the summer, Schumer and a bipartisan group of senators led three private all-Senate AI briefings, which have now dovetailed into these new tech forums.

The briefings are a change for a chamber filled with 100 camera-loving politicians who are known for talking. During normal committee hearings, senators have become experts at raising money—and sometimes gaining knowledge—off asking made-for-YouTube questions, but not this time. While they won’t be able to question the assembled tech experts this week, Schumer and the other hosts will be playing puppet masters off stage.

“It’s intended to be a guided conversation. It’s scripted questions, and those questions are all designed to elicit a myriad of different thoughts on a range of policy areas for the benefit of staffers and members alike,” says senator Todd Young, an Indiana Republican.

Young is part of Schumer’s bipartisan group of four senators—along with senators Martin Heinrich, a New Mexico Democrat, and Mike Rounds, a South Dakota Republican—who’ve been spearheading these private Senate AI study sessions.

While there’s no official timeline, Young doesn’t expect the Senate AI forums to be wrapped up until this winter or early next spring.

The sessions may be bipartisan, but the two parties remain worlds apart when it comes to potential policy. True to form, Democrats are calling for new regulations while Republicans are tapping the brakes on the idea.

The US Congress Has Trust Issues. Generative AI Is Making It Worse

A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

The Twisted Eye in the Sky Over Buenos Aires

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

The loose nexus of Chinese-origin cyberspies collectively called APT41 is known for carrying out some of the most brazen hacking schemes linked to China over the past decade. Its methods range from a spree of software supply chain attacks that planted malware in popular applications to a sideline in profit-focused cybercrime that went so far as to steal pandemic relief funds from the US government. Now, an apparent offshoot of the group appears to have turned its focus to another worrying category of target: power grids.

Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country's national electric utility, though it's not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.

The unnamed country whose grid was targeted in the breach was one that China would “have an interest in from a strategic perspective,” hints Dick O'Brien, a principal intelligence analyst on Symantec's research team. O'Brien notes that Symantec doesn't have direct evidence that the hackers were focused on sabotaging the country's grid, and says it's possible they were merely carrying out espionage. But other researchers at security firm Mandiant point to clues that these hackers may be the same ones that had been previously discovered targeting electrical utilities in India. And given recent warnings about China's hackers breaching power grid networks in US states and in Guam—and specifically laying the groundwork to cause blackouts there—O'Brien warns there's reason to believe China may be doing the same in this case.

“There are all sorts of reasons for attacking critical national infrastructure targets,” says O'Brien. “But you always have to wonder if one \[reason\] is to be able to retain a disruptive capability. I'm not saying they would use it. But if there are tensions between the two countries, you can push the button.”

Symantec's discovery comes on the heels of warnings from Microsoft and US agencies including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) that a different Chinese state-sponsored hacking group known as Volt Typhoon had penetrated US electric utilities, including in the US territory of Guam—perhaps laying the groundwork for cyberattacks in the event of a conflict, such as a military confrontation over Taiwan.  _The New York Times_ later reported that government officials were particularly concerned that the malware had been placed in those networks to create the ability to cut power to US military bases.

In fact, fears of a renewed Chinese interest in hacking power grids stretch back to two years ago, when cybersecurity firm Recorded Future warned in February 2021 that Chinese state-sponsored hackers had placed malware in power grid networks in neighboring India—as well as railways and seaport networks—in the midst of a border dispute between the two countries. Recorded Future wrote at the time that the breach appeared to be aimed at gaining the ability to cause blackouts in India, though the firm said it wasn't clear whether the tactic was designed to send a message to India or to gain a practical capability in advance of military conflict, or both.

Some evidence suggests the 2021 India-focused hacking campaign and the new power grid breach identified by Symantec were both carried out by the same team of hackers with links to the broad umbrella group of Chinese state-sponsored spies known as APT41, which is sometimes called Wicked Panda or Barium. Symantec notes that the hackers whose grid-hacking intrusion it tracked used a piece of malware known as ShadowPad, which was deployed by an APT41 subgroup in 2017 to infect machines in a supply chain attack that corrupted code distributed by networking software firm NetSarang and in several incidents since then. In 2020, five alleged members of APT41 were indicted and identified as working for a contractor for China's Ministry of State Security known as Chengdu 404. But even just last year, the US Secret Service warned that hackers within APT41 had stolen millions in US Covid-19 relief funds, a rare instance of state-sponsored cybercrime targeting another government.

Although Symantec didn't link the grid-hacking group it's calling RedFly to any specific subgroup of APT41, researchers at cybersecurity firm Mandiant point out that both the RedFly breach and the years-earlier Indian grid-hacking campaign used the same domain as a command-and-control server for their malware: Websencl.com. That suggests the RedFly group may in fact be tied to both cases of grid hacking, says John Hultquist, who leads threat intelligence at Mandiant. (Given that Symantec wouldn't name the Asian country whose grid RedFly targeted, Hultquist adds that it may in fact be India again.)

More broadly, Hultquist sees the RedFly breach as a troubling sign that China is shifting its focus toward more aggressive targeting of critical infrastructure like power grids. For years, China largely focused its state-sponsored hacking on espionage, even as other nations like Russia and Iran have attempted to breach electrical utilities in apparent attempts to plant malware capable of triggering tactical blackouts. The Russian military intelligence group Sandworm, for example, has attempted to cause three blackouts in Ukraine—two of which succeeded. Another Russian group tied to its FSB intelligence agency known as Berserk Bear has repeatedly breached the US power grid to gain a similar capability, but without ever attempting to cause a disruption.

Given this most recent Chinese grid breach, Hultquist argues it's now beginning to appear that some Chinese hacker teams may have a similar mission to that Berserk Bear group: to maintain access, plant the malware necessary for sabotage, and wait for the order to deliver the payload of that cyberattack at a strategic moment. And that mission means the hackers Symantec caught inside the unnamed Asian country's grid will almost certainly return, he says.

“They have to maintain access, which means they're probably going to go right back in there. They get caught, they retool, and they show up again,” says Hultquist. “The major factor here is their ability to just stay on target—until it's time to pull the trigger.”

China-Linked Hackers Breached a Power Grid—Again

State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.

The United States Environmental Protection Agency blocked its employees from accessing ChatGPT while the US State Department staff in Guinea used it to draft speeches and social media posts.

Maine banned its executive branch employees from using generative artificial intelligence for the rest of the year out of concern for the state’s cybersecurity. In nearby Vermont, government workers are using it to learn new programming languages and write internal-facing code, according to Josiah Raiche, the state’s director of artificial intelligence.

The city of San Jose, California, wrote 23 pages of guidelines on generative AI and requires municipal employees to fill out a form every time they use a tool like ChatGPT, Bard, or Midjourney. Less than an hour’s drive north, Alameda County’s government has held sessions to educate employees about generative AI’s risks—such as its propensity for spitting out convincing but inaccurate information—but doesn’t see the need yet for a formal policy.

“We’re more about what you can do, not what you can’t do,” says Sybil Gurney, Alameda County’s assistant chief information officer. County staff are “doing a lot of their written work using ChatGPT,” Gurney adds, and have used Salesforce’s Einstein GPT to simulate users for IT system tests.

At every level, governments are searching for ways to harness generative AI. State and city officials told WIRED they believe the technology can improve some of bureaucracy’s most annoying qualities by streamlining routine paperwork and improving the public’s ability to access and understand dense government material. But governments—subject to strict transparency laws, elections, and a sense of civic responsibility—also face a set of challenges distinct from the private sector.

“Everybody cares about accountability, but it’s ramped up to a different level when you are literally the government,” says Jim Loter, interim chief technology officer for the city of Seattle, which released preliminary generative AI guidelines for its employees in April. “The decisions that government makes can affect people in pretty profound ways and … we owe it to our public to be equitable and responsible in the actions we take and open about the methods that inform decisions.”

The stakes for government employees were illustrated last month when an assistant superintendent in Mason City, Iowa, was thrown into the national spotlight for using ChatGPT as an initial step in determining which books should be removed from the district’s libraries because they contained descriptions of sex acts. The book removals were required under a recently enacted state law.

That level of scrutiny of government officials is likely to continue. In their generative AI policies, the cities of San Jose and Seattle and the state of Washington have all warned staff that any information entered as a prompt into a generative AI tool automatically becomes subject to disclosure under public record laws.

That information also automatically gets ingested into the corporate databases used to train generative AI tools and can potentially get spit back out to another person using a model trained on the same data set. In fact, a large Stanford Institute for Human-Centered Artificial Intelligence study published last November suggests that the more accurate large language models are, the more prone they are to regurgitate whole blocks of content from their training sets.

That’s a particular challenge for health care and criminal justice agencies.

Loter says Seattle employees have considered using generative AI to summarize lengthy investigative reports from the city’s Office of Police Accountability. Those reports can contain information that’s public but still sensitive.

Staff at the Maricopa County Superior Court in Arizona use generative AI tools to write internal code and generate document templates. They haven’t yet used it for public-facing communications but believe it has potential to make legal documents more readable for non-lawyers, says Aaron Judy, the court’s chief of innovation and AI. Staff could theoretically input public information about a court case into a generative AI tool to create a press release without violating any court policies, but, she says, “they would probably be nervous.”

“You are using citizen input to train a private entity’s money engine so that they can make more money,” Judy says. “I’m not saying that’s a bad thing, but we all have to be comfortable at the end of the day saying, ‘Yeah, that’s what we’re doing.’”

Under San Jose’s guidelines, using generative AI to create a document for public consumption isn’t outright prohibited, but it is considered “high risk” due to the technology’s potential for introducing misinformation and because the city is precise about the way it communicates. For example, a large language model asked to write a press release might use the word “citizens” to describe people living in San Jose, but the city uses only the word “residents” in its communications. because not everyone in the city is a US citizen.

Civic technology companies like Zencity have added generative AI tools for writing government press releases to their product lines, while the tech giants and major consultancies—including Microsoft, Google, Deloitte, and Accenture—are pitching a variety of generative AI products at the federal level.

The earliest government policies on generative AI have come from cities and states, and the authors of several of those policies told WIRED they’re eager to learn from other agencies and improve their standards. Alexandra Reeve Givens, president and CEO of the Center for Democracy and Technology, says the situation is ripe for “clear leadership” and “specific, detailed guidance from the federal government.”

The federal Office of Management and Budget is due to release its draft guidance for the federal government’s use of AI some time this summer.

The first wave of generative AI policies released by city and state agencies are interim measures that officials say will be evaluated over the coming months and expanded upon. They all prohibit employees from using sensitive and non-public information in prompts and require some level of human fact checking and review of AI-generated work, but there are also notable differences.

For example, guidelines in San Jose, Seattle, Boston, and the state of Washington require that employees disclose their use of generative AI in their work product while Kansas’ guidelines do not.

Albert Gehami, San Jose’s privacy officer, says the rules in his city and others will evolve significantly in coming months as the use cases become clearer and public servants discover the ways generative AI is different from already ubiquitous technologies.

“When you work with Google, you type something in and you get a wall of different viewpoints, and we’ve had 20 years of just trial by fire basically to learn how to use that responsibility, “ Gehami says. “Twenty years down the line, we’ll probably have figured it out with generative AI, but I don’t want us to fumble the city for 20 years to figure that out.”

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

Plus: Apple patches newly discovered flaws exploited by NSO Group spyware, North Korean hackers target security researchers, and more.

Last week, WIRED published a deep-dive investigation into Trickbot, the prolific Russian ransomware gang. This week, US and UK authorities sanctioned 11 alleged members of Trickbot and its related group, Conti, including Maksim Galochkin, aka Bentley, one of the alleged members whose real-world identity we confirmed through our investigation. Coincidence? Maybe. Either way, it's a big deal.

In addition to the US and UK sanctions, the US Justice Department also unsealed indictments filed in three US federal courts against Galochkin and eight other alleged Trickbot members for ransomware attacks against entities in Ohio, Tennessee, and California. Because everyone charged is a Russian national, however, it is unlikely they will ever be arrested or face trial.

While Russian cybercriminals typically enjoy immunity, the same may not remain true for the country’s military hackers. The lead prosecutor of the International Criminal Court (ICC) says the ICC will begin pursuing charges for cyber war crimes. The prosecutor, Karim Khan, did not name Russia, but the move follows a formal petition from the Human Rights Center at UC Berkeley’s School of Law asking the ICC to prosecute Russia’s Sandworm hackers for war crimes. Part of Russia’s GRU military intelligence agency, Sandworm is responsible for causing blackouts in Ukraine, the only known instances of cyberattacks shutting down an electrical grid. Sandworm also released the NotPetya malware against Ukraine, which ultimately spread globally and caused an unprecedented $10 billion in damages worldwide.

Russia is far from the only country that engages in offensive cyberwar tactics. China-backed hackers have repeatedly targeted the US and other countries, and they may be getting some help finding unpatched vulnerabilities. A Chinese law passed in 2022 demands that any network technology company operating in the country share details about vulnerabilities in its products with the Chinese government within two days of their discovery. Information about these vulnerabilities may then be shared with China’s hackers. It’s unclear how many Western companies comply with the law or provide enough information to allow Chinese hackers to exploit the products’ flaws.

Speaking of Chinese hackers, Microsoft this week finally explained how China’s state-sponsored hackers managed to steal a cryptographic key that allowed the attackers to successfully access the Outlook email accounts of at least 25 organizations, including US government agencies. According to Microsoft, the hackers broke into the account of a company engineer using token-stealing malware. They then used that account to access a cache of crash data that accidentally contained the signing key they then stole and used to go on an Outlook hacking spree. None of this was supposed to be possible, and Microsoft says it has corrected several flaws in its systems that allowed the attack to happen.

Before he died in a mysterious plane crash last month following an attempted coup against Russian president Vladimir Putin, Yevgeny Prigozhin wasn’t just the leader of the Wagner Group mercenaries. He was also the head of the notorious Internet Research Agency (IRA), a Russian outfit responsible for widespread disinformation campaigns. While the IRA was reportedly shut down, new research shows that pro-Prigozhin trolls continue to push his agenda. Many of the accounts spreading disinformation on X (formerly Twitter) have been banned. But since when has that stopped them?

Elsewhere, we explained how prompt injection attacks against generative AI chatbots like ChatGPT take advantage of a flaw that’s difficult to fix. We detailed how hard it is to opt out of allowing Facebook to use your data to train its AI. We have a rundown on Proton Sentinel, a suite of tools that are similar to Google’s offerings but with a strong emphasis on privacy and security. We also co-published a story with The Markup into Axon’s quest to build Taser-armed drones. And we got the inside scoop on a meeting between top US spies and civil liberties groups over Section 702 of the Foreign Surveillance Intelligence Act, which is set to expire at the end of the year.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Car companies are collecting and selling extremely detailed personal data from drivers who have no real way to opt out, a new report from the Mozilla Foundation found. Researchers spent hundreds of hours studying 25 privacy policies for major car brands and found that none of them met the foundation’s minimum standards around privacy and security.

According to the report, modern cars, stuffed to the roof with sensors, collect more information about you than just about any other product in your life. They know where you go, what you say, and how you move your body. Nissan’s privacy policy, for example, allows the company to collect and share drivers’ sexual activity, health diagnosis data, and genetic information, according to the report.

Eighty-four percent of the brands that researchers studied share or sell this kind of personal data, and only two of them allow drivers to have their data deleted. While it is unclear exactly who these companies share or sell data to, the report points out that there is a huge market for driver data. An automotive data broker called High Mobility cited in the report has a partnership with nine of the car brands Mozilla studied. On its website, it advertises a wide range of data products—including precise location data.

This isn’t just a privacy nightmare but a security one. Volkswagen, Toyota, and Mercedes-Benz have all recently suffered data leaks or breaches that affected millions of customers. According to Mozilla, cars are the worst category of products for privacy that they have ever reviewed.

Apple has just released a security update to iOS after researchers at Citizen Lab discovered a zero-click vulnerability being used to deliver Pegasus spyware. Citizen Lab, which is part of the University of Toronto, is calling the newly discovered exploit chain Blastpass. Researchers say it is capable of compromising iPhones running the latest version of iOS (16.6) without the target even touching their device. According to researchers, Blastpass is delivered to a victim’s phone through an iMessage with an Apple Wallet attachment containing a malicious image.

The Pegasus spyware, developed by NSO Group, enables an attacker to read a target’s text messages, view their photos, and listen to calls. It has been used to track journalists, political dissidents, and human rights activists around the world.

Apple says customers should update their phones to the newly released iOS 16.6.1. The exploit can also attack certain models of iPads. You can see details of the affected models here. Citizen Lab urges at-risk users to enable Lockdown Mode.

North Korea-backed hackers are targeting cybersecurity researchers in a new campaign that is exploiting at least one zero-day vulnerability, Google’s Threat Analysis Group (TAG) warned in a report released Thursday. The group did not provide details about the vulnerability since it is currently unpatched. However, the company says it is part of a popular software package used by security researchers.

According to TAG, the current attack mirrors a January 2021 campaign that similarly targeted security researchers working on vulnerability research and development. Like the previous campaign, North Korean threat actors send researchers malicious files after first spending weeks establishing a relationship with their target. According to the report, the malicious file will execute “a series of anti-virtual machine checks” and send collected information—along with a screenshot—back to the attacker.

In order to shield prospective jurors from harassment, District Attorney Fani Willis asked the judge in Donald Trump’s racketeering trial to prevent people from capturing or distributing any sort of image or identifying information about them. The motion, filed in Fulton County Superior Court on Wednesday, revealed that immediately after the indictment was filed, anonymous individuals on “conspiracy theory websites" had shared the full names, ages, and addresses of 23 grand jurors with “the intent to harass and intimidate them.”

Willis also revealed that she had been the victim of doxxing when the personal information of her and her family—including their physical addresses and “GPS coordinates”—was posted on an unnamed website hosted by a Russian company. Willis, who is Black, had previously disclosed that she faced racist and violent threats after the announcement of her investigation into the former president.

Mozilla: Your New Car Is a Data Privacy Nightmare

Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Senior United States intelligence officials met privately in Virginia yesterday with over a dozen civil liberties groups to field concerns about domestic surveillance operations that have drawn intense scrutiny this summer among an unlikely coalition of Democratic and Republican lawmakers in the US Congress.

The closed-door session, convened at the Liberty Crossing Intelligence Campus—a sprawling complex housing the bulk of the nation’s counterterrorism infrastructure—comes amid a backdrop of political furor over past misuses of a powerful surveillance tool by, principally, the Federal Bureau of Investigation (FBI). Republican lawmakers, who remain aggrieved over the FBI’s botched operation to surveil a former Trump campaign aide amid its 2016 Russia investigation, have formed an extraordinary alliance with Democratic rivals who’ve long been critical of the FBI’s power to warrantlessly access information about Americans “incidentally” collected by spies in the process of monitoring foreign threats.

The meeting, organized by the director of national intelligence, Avril Haines, was attended by top officials from the National Security Agency (NSA), US Department of Justice (DOJ), and Central Intelligence Agency (CIA), among others. General Paul Nakasone, the NSA director, is believed to have attended, though neither the IC, nor any source at the meeting, would confirm or deny his presence. (All sources spoke with WIRED on background citing rules established ahead of the gathering.)

Privacy and civil liberties advocates in attendance Thursday say one of their chief objectives was putting the intelligence community (IC) on notice: Without significant privacy reforms, any effort to reauthorize the use of its most powerful surveillance weapon—Section 702 of the Foreign Intelligence Surveillance Act—will be a doomed undertaking. The 9/11-era program, occasionally referred to as the “crown jewel” of US intelligence, is set to expire at the end of the year. Sources in Congress with knowledge of ongoing negotiations over the program say Biden administration officials have privately encouraged lawmakers to pass a “clean bill” this winter, airing fears that any potential lapse in surveillance would pose a national security threat. Targets of the 702 program have expanded in the past decade beyond terrorists in the Middle East, and today include foreign cybersecurity threats linked to Iran, Russia, and China, as well as drug traffickers involved in the production of fentanyl, a dangerous opioid flooding US streets.

The fate of the 702 program hangs by a precarious thread, with lawmakers on both sides of the aisle increasingly scrutinous of the FBI’s ability to tap into data that the intelligence community has long claimed is only unintentionally collected on Americans—a byproduct of casting a wide surveillance net over the communications of hundreds of thousands of individuals each year believed or assumed to be agents of hostile foreign powers. Restricting the bureau’s access to this data for domestic criminal investigation without first obtaining a court order remains one of the top reforms sought after by IC’s bipartisan critics.

Sources at the meeting say the conversation was largely one-sided, with Haines and other intelligence officials framing the event as purely an opportunity to bear witness to the concerns of civil rights advocates. While none expected a true back-and-forth discussion, some advocates nevertheless expressed frustration over the lack of reciprocity, with one describing it bluntly as “stonewalling.” A spokesperson for the IC said such “listening sessions,” in which top officials gather to bear witness to the concerns of relevant civil society stakeholders, are commonplace, and that, generally speaking, the IC does not disclose the nature of its conversations with members of Congress.

Its guests on Thursday included privacy and national security experts from the American Civil Liberties Union, Brennan Center for Justice at NYU School of Law, Electronic Information Privacy Center, and Demand Progress, among a dozen other groups. The largely progressive coalition further included conservative nonprofits such as FreedomWorks and Americans for Prosperity. Bob Goodlatte, a former Republican chair of the House Judiciary Committee who now serves as a senior advisor to the nonprofit Project for Privacy and Surveillance Accountability, also attended.

While Haines and some of the officials under her have expressed a willingness to enhance safeguards around intelligence “incidentally” collected on Americans, the IC has been unwilling so far to disclose what, if any, specific reforms it may be receptive to adopting. Privacy advocates say they remain, in response, skeptical it’s truly open to reform, adding that key sources on Capitol Hill continue to be unaware of any specific reforms currently supported by IC. In a letter ahead of the meeting, the same advocates said they were pursuing new limits on the scope of US surveillance codified under federal law, and the closing of a notorious loophole enabling intelligence and law enforcement services to bypass warrant requirements by paying data brokers for Americans’ sensitive data.

An internal advisory report declassified by Haines earlier this year described “large” purchases of “sensitive and intimate information” about Americans from private companies, including data enabling law enforcement to trace Americans’ whereabouts over extended periods of time. The report acknowledges that much of the purchased data would ordinarily fall under the protection of the US Constitution's Fourth Amendment, which includes a guarantee against unreasonable searches and seizures. Various intelligence agencies, the Defense Intelligence Agency and NSA among them, have taken the position that paying for access to sensitive data, as opposed to demanding it in accordance with criminal law procedures, effectively negates that constitutional right.

Defenders of this particular collection method argue that the data is already widely available to private companies and even foreign intelligence services. Its detractors note that companies and foreign countries are not bound by the Fourth Amendment, and otherwise lack the US government’s power to arrest, fine, and imprison US residents.

Sources say Haines and other officials were pressed to disclose whether the government has arrived at a single, coherent policy regarding commercial data purchases. It is currently assumed US spy agencies are left to determine the legality of such arrangements individually, with declassified materials over the past year overwhelmingly supporting that belief. None of the IC officials, sources say, would comment on whether such a policy exists, though Haines has previously told members of Congress that devising one is a process that’s been underway since early 2021.

A spokesperson at the Office of the Director of National Intelligence (ODNI) says Haines had a prior speaking engagement Friday morning and could not be immediately reached for comment.

In a statement, members of the privacy coalition expressed gratitude for Haines’ taking the time to hear their concerns. Nevertheless, civil liberties experts say they remain “deeply distressed” by the IC’s unwillingness to commit to any “meaningful reforms that are critical to protect Americans’ privacy,” calling specifically the FBI’s abuses of 702-related data. “The administration and intelligence community must be willing to come to the table and accept significant new privacy protections that advocates, Congress, and the American people are calling for,” they said.

Source

Wired