Participants in a hacking competition with ties to China’s military were, unusually, required to keep their activities secret, but security researchers say the mystery only gets stranger from there.

Capture the flag hacking contests at security conferences generally serve two purposes: to help participants develop and demonstrate computer hacking and security skills, and to assist employers and government agencies with discovering and recruiting new talent.

But one security conference in China may have taken its contest a step further—potentially using it as a secret espionage operation to get participants to collect intelligence from an unknown target.

According to two Western researchers who translated documentation for China’s Zhujian Cup, also known as the National Collegiate Cybersecurity Attack and Defense Competition, one part of the three-part competition, held last year for the first time, had a number of unusual characteristics that suggest its potentially secretive and unorthodox purpose.

Capture the flag (CTF) and other types of hacking competitions are generally hosted on closed networks or “cyber ranges”—dedicated infrastructure set up for the contest so that participants don’t risk disrupting real networks. These ranges provide a simulated environment that mimics real-world configurations, and participants are tasked with finding vulnerabilities in the systems, obtaining access to specific parts of the network, or capturing data.

There are two major companies in China that set up cyber ranges for competitions. The majority of the competitions give a shout out to the company that designed their range. Notably, Zhujian Cup didn’t mention any cyber range or cyber range provider in its documentation, leaving the researchers to wonder if this is because the contest was held in a real environment rather than a simulated one.

The competition also required students to sign a document agreeing to several unusual terms. They were prohibited from discussing the nature of the tasks they were asked to do in the competition with anyone; they had to agree not to destroy or disrupt the targeted system; and at the end of the competition, they had to delete any backdoors they planted on the system and any data they acquired from it. And unlike other competitions in China the researchers examined, participants in this portion of the Zhujian Cup were prohibited from publishing social media posts revealing the nature of the competition or the tasks they performed as part of it.

Participants also were prohibited from copying any data, documents, or printed materials that were part of the competition; disclosing information about vulnerabilities they found; or exploiting those vulnerabilities for personal purposes. If a leak of any of this data or material occurred and caused harm to the contest organizers or to China, according to the pledge that participants signed, they could be held legally responsible.

“I promise that if any information disclosure incident (or case) occurs due to personal reasons, causing loss or harm to the organizer and the country, I, as an individual, will bear legal responsibility in accordance with the relevant laws and regulations,” the pledge states.

The contest was hosted last December by Northwestern Polytechnical University, a science and engineering university in Xi'an, Shaanxi, that is affiliated with China’s Ministry of Industry and Information Technology and also holds a top-secret clearance to conduct work for the Chinese government and military. The university is overseen by China’s People’s Liberation Army.

Neither the university nor several cosponsors of the contest responded to WIRED’s inquiry about the competition.

Dakota Cary, a strategic advisory consultant at security firm Sentinel One, and Eugenio Benincasa, senior cyber defense researcher at the Center for Security Studies at ETH Zurich university in Switzerland, discovered the unusual contest and its requirements while researching China’s hacking competitions. The two have written a report for the Atlantic Council and plan to present their findings on Thursday at the Labscon security conference in Arizona.

They acknowledge that there is no hard evidence that the competition was used to attack a real-world target and that the evidence they do have is circumstantial. But they said they are 85 percent confident that this is what occurred because no alternative explanations make sense.

“There are a lot of good alternative explanations, and none of them have supporting evidence,” says Cary, who is fluent in Mandarin and has studied China’s offensive hacking capabilities extensively for years.

One possible alternative is that the target of the attack was a domestic company or organization that cooperated with the contest in order to give students experience in finding vulnerabilities in a real network and also provide the company with a threat assessment that could help it better secure its network against real-world adversaries.

Cary, however, says such exercises in China are called “crowd-testing” contests. But nowhere in the description of the Zhujian Cup does this phrase appear. “If it’s a real CTF exercise, why are \[participants\] deleting data and … backdoors?” he asks. And why are students told they could be held legally responsible if data or material they possess as part of the competition gets leaked? And if the students were attacking a target inside a cyber range, how could this cause “loss or harm to the organizer and the country,” per the wording in the pledge?

The competition was held on a weekend over the New Year’s holiday last year, on December 30 and 31. If the target was indeed a real-world network, the researchers note that holidays are often a time when security teams are short-staffed or less attentive and alert to intrusions. About 200 students from 29 schools participated in the weekend competition, which consisted of three parts, according to a description of the contest published by the school: a theoretical knowledge competition, a vulnerability discovery contest, and a “public-network target, actual combat attack competition.” The latter is the portion that Cary and Benincasa believe focused on a real-world target.

The researchers surveyed more than 120 capture-the-flag competitions organized in China since 2004—many of them held annually—to understand how the country has used such competitions to recruit talent and expand its cyber offensive and defensive capabilities. They say that China really began to focus on developing its cyber talent in 2015, after the Edward Snowden leaks had exposed the extensive hacking operations conducted by the US National Security Agency for intelligence purposes.

To strengthen its cyber defenses, China focused on revamping and expanding cybersecurity education programs and recruitment efforts between 2015 and 2021. A big part of the latter included the development and regulation of capture-the-flag competitions.

CTFs aren’t unique to China, of course; they are held around the world, including in the US, where one of the oldest—held annually at the Defcon hacking conference in Las Vegas—has existed for nearly two decades. The US government also hosts hackathons to help recruit talent, though not at the scale of China.

Since 2014, the researchers say, more than 540 capture-the-flag rounds of competition have occurred in China. The most intense activity began in 2018, which is also when China’s Central Cyberspace Affairs Commission and Ministry of Public Security issued a notice about the regulation and promotion of such contests. Now Chinese nationals must apply to the MPS for permission to participate in hacking competitions outside of China. Chinese leaders noticed Chinese students and security professionals were having great success competing in hacking competitions internationally and realized that each time someone from China won one of these competitions, the country was losing a potentially valuable asset with the vulnerabilities they disclosed as part of the contest. Now any vulnerabilities discovered by a Chinese national must be reported to the government and not disclosed publicly.

But importantly, China’s efforts in building its domestic capture-the-flag contests means that today it has one of the most robust hacking contest ecosystems in the world, the researchers say, including sector-specific ones for health care and law enforcement. The researchers estimate that about 300,000 people have participated in the contests over the last decade, but the researchers found only four that are open to students. The contests are led by universities across the country while also being supported by companies and the government. Contest winners and others who demonstrate good skill get entered into a national database.

Cary says that if the Zhujian Cup did involve a live target, it’s “remarkable” that the organizers put students in a position that could make them legally culpable if they got caught. But if so, it wouldn’t be the first time the government used students for intelligence operations. In 2022, the Financial Times reported that China had recruited unwitting university students to translate documents and data stolen in espionage operations conducted by the country’s hacking teams, reportedly without telling the students the source of the material.

This also may not be the first time a hacking competition in China played a role in a real-world breach subsequently attributed to China. In 2015, researchers at Threat Connect found curious evidence of a possible overlap between the TOPSEC Cup hacking competition coordinated by China’s Southeast University in 2014 and the subsequent hack of health care giant Anthem that same year. Southeast has financial connections to China’s civilian intelligence agency, the Ministry of State Security.

Did a Chinese University Hacking Competition Target a Real Victim?

At least eight people have been killed and more than 2,700 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.

The AP-900 runs on two AAA batteries, which, like any battery, could be induced to explode, but likely not with such force and scale as the explosions depicted in alleged videos of the blasts. If the pagers used by Hezbollah are the AR-924 or another model that runs on lithium-ion batteries, which can cause more dangerous explosions, it’s still unlikely that a regular pager battery alone could produce blasts that could injure multiple people.

“Those explosions aren’t just batteries,” says Jake Williams, vice president of research and development at Hunter Strategy who formerly worked for the US National Security Agency. “Based on the reporting, these pagers were likely interdicted by Israeli authorities and modified with explosives. This highlights the risks of supply chain security, especially in places where technology is harder to ship to.”

Gold Apollo did not immediately respond to WIRED's request for comment.

Williams points out that such an operation would likely involve operatives on both the tech distribution side and the Hezbollah procurement side. “You compromise the supply chain, but you don't want thousands of explosive pagers running around Lebanon,” he says. “The mole gets them to exactly the right people.”

Some reports on Tuesday indicate that Hezbollah recently expanded its use of pagers in an attempt to secure communications after other channels had been infiltrated by Israeli intelligence. The Associated Press reported that an anonymous “Hezbollah official” said the group had recently adopted a “new brand” of pagers that “first heated up, then exploded.”

“It's unlikely that hacking was involved, as it's likely that explosive material had to be inside the pagers to cause such an effect,” says Lukasz Olejnik, an independent consultant and visiting senior research fellow at King’s College London’s Department of War Studies. “Reports mention the delivery of new pagers recently, so perhaps the delivery was compromised.”

Michael Horowitz, head of intelligence at Middle East and North Africa risk management company Le Beck International, says if the attack is supply-chain-based, then it could have taken years to prepare and involved infiltrating a supplier and placing explosives inside new pagers.

“This is a major security breach, particularly if we’re talking about a charge that was placed inside the devices—which, in my opinion, is the most likely scenario,” Horowitz says. “This would mean that Israel has managed to infiltrate Hezbollah providers to the point of delivering hundreds (if not thousands) of devices used for secured communication.”

The incident comes amid escalations of fighting between Israel and Hezbollah in recent months, raising fears of a full-blown war. In the hours before the explosions on Tuesday, Israel said its war goals would include allowing 60,000 people to return to Northern Israel after they were evacuated following Hezbollah attacks, and it would not rule out military action.

Horowitz says the incident could be a “prelude to a broader offensive” and possibly meant to disrupt Hezbollah’s communications networks. It is likely that replacing a large number of pagers would take some time to organize. Alternatively, Horowitz says, the attack could also have been conducted to show the “scale of Israel's intelligence penetration.”

“This is a high-value operation that you wouldn't use just to cause injuries,” Horowitz says.

Even if the blasts were not caused by a cyber-physical attack that induced the pager batteries to explode, it's still possible that explosives planted in the pagers were detonated using a remote command, possibly even a specially crafted pager message. Some footage appeared to show users checking their pagers right as the explosions occurred, though this could have been coincidental.

The operation could have a psychological impact on Hezbollah given that bombs may have been lurking undetected in such an unassuming device. And though Tuesday’s attacks were notably aggressive, it would not be the first time Israeli intelligence has reportedly planted explosives in electronics.

_Updated at 3:25 pm ET, September 17, 2024: Added additional details about potential ways the attack could have been carried out._

_Updated at 3:40 pm ET, September 17, 2024: Added additional details about the pager model that may have been used in the attack._

_Updated at 5:20 pm ET, September 17, 2024: Updated to reflect the latest casualty figures._

The Mystery of Hezbollah’s Deadly Exploding Pagers

Musk’s now-deleted post questioning why no one has attempted to assassinate Joe Biden and Kamala Harris renews concerns over his work for the US government—and potential to inspire extremist violence.

Shortly following reports of an apparent second assassination attempt against former US president and 2024 Republican presidential nominee Donald Trump, Elon Musk decided to speak up.

“And no one is even trying to assassinate Biden/Kamala 🤔,” Musk, X’s owner, wrote in a now deleted post, in response to another person asking, “Why they want to kill Donald Trump?”

After deleting the post—which could be interpreted as a call to murder President Joe Biden and Vice President Kamala Harris, Trump’s Democratic opponent in the US presidential election—Musk indicated that it was merely a joke that fell flat given the context. “Well, one lesson I’ve learned is that just because I say something to a group and they laugh doesn’t mean it’s going to be all that hilarious as a post on 𝕏,” he wrote, adding, “Turns out that jokes are WAY less funny if people don’t know the context and the delivery is plain text.”

The incident was the latest in a long line of increasingly incendiary political posts from Musk, whose substantial defense contracts with the US government may give him access to highly sensitive information even while he makes potential threats against the sitting commander in chief. And they point to the more pressing risk that Musk’s recent rhetoric has posed: the potential to inspire further political violence.

While Sunday night’s post is gone, it appears likely that Musk could receive some attention from federal law enforcement, if he hasn’t already.

The United States Secret Service declined WIRED’s request to comment on Musk’s post. “We can say, however, that the Secret Service investigates all threats related to our protectees,” USSS spokesperson Nate Herring tells WIRED.

“In my experience, the Secret Service would take such a comment very seriously,” says Michael German, a former FBI special agent and a liberty and national security fellow at NYU School of Law’s Brennan Center for Justice. “Typically, agents would go out and interview the subject to ensure that there wasn't an existing threat, and to make the subject aware that the agency takes such statements seriously.”

German notes that it’s possible the FBI could also launch an investigation. However, it’s unlikely that Musk would face any charges for his post. “On its face, the tweet would not meet the ‘true threat’ test, in that it wasn't a direct threat to do harm to the vice president, so it wouldn't likely proceed to prosecution,” German says. Still, “it would create a record of the investigations.”

The FBI declined WIRED’s request to comment on Musk’s post. X did not immediately respond to WIRED’s request for comment.

Both Biden and Harris have released statements condemning the apparent attempt on Trump’s life and political violence more broadly. In a statement to ABC News, the White House condemned Musk’s post. "Violence should only be condemned, never encouraged or joked about,” the statement says. “This rhetoric is irresponsible."

Where things get dicier for Musk is his role as a major contractor for the US Department of Defense and NASA. According to Reuters, SpaceX signed a $1.8 billion contract in 2021 with the National Reconnaissance Office, which oversees US spy satellites. The US Space Force also signed a $70 million contract late last year with SpaceX to build out military-grade low-earth-orbit satellite capabilities. Starlink, SpaceX’s commercial satellite internet wing, is providing connectivity to the US Navy.

Elon Musk Is a National Security Risk

Apple is launching its first stand-alone password manager app in iOS 18. Here’s what you need to know.

Apple’s latest iPhone software update, iOS 18, arrives today and includes a new app: Passwords. For the first time, Apple is taking your phone’s ability to save login details and putting them in a standalone app. It could help improve millions of people’s terrible passwords.

After years of being told you should create unique, strong passwords for every website and app you use, you probably fall into one of two camps: people that are fully signed up to the password manager life, or those still using “123456” for every other website.

Apple’s new encrypted Passwords app is automatically included with iOS 18, and is a public-facing evolution of its Keychain and password-saving capabilities. The Keychain, which has existed for more than a decade, no longer has as prominent a home in the iPhone’s settings, and details previously saved there are being moved to the new app.

The launch of the password manager app, which will also be available on macOS Sequoia and iPadOS 18, may help improve people’s relationships with their passwords but also could, to varying degrees, challenge existing password managers.

“This move makes the app more visible to lay users and informs them about this secure method to store and manage passwords,” says Talal Haj Bakry and Tommy Mysk from security company Mysk. “You have a default password manager preinstalled on your device \[that\] provides end-to-end encryption when syncing data across devices.”

**New Passwords**

The Passwords app has a pretty barebones design. Six different tiles are presented when you open the app on an iPhone: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. These are essentially the main functions of the app, allowing you to save each type of data within their relevant sections. The security section includes check-ups allowing weak and exposed passwords to be identified.

“This will definitely boost the adoption of this preinstalled app and bolster user security,” Bakry and Mysk say. They add that it presents the saved data “in a more organized way than the Settings app.”

Apple says the Passwords app uses end-to-end encryption to save your details, meaning nobody, not even Apple, knows what you have saved. Within the app, you can search for login details to your entries and set up groups to share passwords with other people.

Your saved login details are synced across Apple devices using iCloud, meaning the encrypted data is shared with Apple’s cloud servers and available on all of your Apple devices. Within Apple’s settings, you can turn off syncing passwords on a specific device. The app is locked using Face ID.

When using the Passwords app, any details you have previously saved in Keychain or AutoFill will be moved to the new location. This includes if you have used the Sign in with Apple login system on any websites or apps. It is unclear why Apple has decided to spin its Keychain system into a fully fledged password manager now, although the company has been building out the individual features over a number of years. (Apple has not responded to WIRED’s request for comment at the time of writing.)

For many people, having a standalone password manager app from Apple could encourage better password practices. Siamak Shahandashti, a senior lecturer in the University of York’s cybersecurity and privacy research group, says the move from Apple may be a usability decision. Making Passwords visible could encourage people to take their passwords seriously.

“We need to design authentication systems for human beings,” Shahandashti says. “We cannot expect users to maintain a hundred accounts, for each of them \[to\] use a strong password. It’s actually the fault of the designers because these systems have not been designed for users considering the capability of an average human being.”

**Death of the Password**

Passwords are slowly dying. Enter the passkey. For the past couple of years, websites, apps, and phone manufacturers have been in the process of rolling out passkeys—a technology that replaces passwords, is more secure, and doesn’t require you to remember any complex login details. (Although passkeys still have some teething problems.)

Leona Lassak, a research assistant at Ruhr-University Bochum who has studied passkey adoption, says greater “visibility” of the Passwords app can help get the sign-in technology to a broader audience, one which might not use a password manager otherwise. Apple’s Passwords app could help with the perception and transition to passkeys, Lassak says. “There has been discussion about the need for passkey managers, because once we actually use them on websites, there's probably going to be multiple for each website,” she says.

The app is also, at least subtly, encouraging the adoption of passkeys. Within Passwords’ settings, accessed through Apple’s System preferences, there’s the option to turn on “automatic” passkey upgrades, which will allow existing accounts to use passkeys when they are available.

**Lock In**

Password managers have existed for years and there are plenty of options you can use, from open source apps to browser-based management systems. Each comes with their own particular set of pros and cons.

Apple wading into the password management market by including a new app on millions of iPhones, Macs, and iPads could also impact the wider ecosystem. “There’s no question that Apple’s Passwords app would ‘sherlock’ third-party password managers—or make them less attractive,” say Bakry and Mysk, highlighting that people need to use iCloud to sync passwords in Apple’s system, and that those who are privacy conscious may not want this to happen automatically.

There’s also the risk of locking people into Apple’s password manager—at launch, there appear to be no options to export the saved data and use it in a commercial alternative. One competitor password manager has stressed that their software works on products “beyond” the “Apple ecosystem.” (People using Apple’s password management software on Windows devices can access saved details through iCloud for Windows.)

Ultimately, what password manager you use should reflect what type of software you want to support and the individual threats you may face. For many, Apple’s new app is probably better than not using a password manager at all.

Apple’s New Passwords App May Solve Your Login Nightmares

Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase.

After Apple's product launch event this week, WIRED did a deep dive on the company's new secure server environment, known as Private Cloud Compute, which attempts to replicate in the cloud the security and privacy of processing data locally on users' individual devices. The goal is to minimize possible exposure of data processed for Apple Intelligence, the company's new AI platform. In addition to hearing about PCC from Apple's senior vice president of software engineering, Craig Federighi, WIRED readers also received a first look at content generated by Apple Intelligence's “Image Playground” feature as part of crucial updates on the recent birthday of Federighi's dog Bailey.

Turning to privacy protection of a very different kind in another new AI service, WIRED looked at how users of the social media platform X can keep their data from being slurped up by the “unhinged” generative AI tool from xAI known as Grok AI. And in other news about Apple products, researchers developed a technique for using eye tracking to discern passwords and PINs people typed using 3D Apple Vision Pro avatars—a sort of keylogger for mixed reality. (The flaw that made the technique possible has since been patched.)

On the national security front, the US this week indicted two people accused to spreading propaganda meant to inspire “lone wolf” terrorist attacks. The case, against alleged members of the far-right network known as the Terrorgram Collective, marks a turn in how the US cracks down on neofascist extremists.

And there's more. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**ChatGPT Tricked Into Revealing Instructions for Making Fertilizer Bombs After Being Led Deep Into Fantasy Storytelling**

OpenAI's generative AI platform ChatGPT is designed with strict guardrails that keep the service from offering advice on dangerous and illegal topics like tips on laundering money or a how-to guide for disposing of a body. But an artist and hacker who goes by “Amadon” figured out a way to trick or “jailbreak” the chatbot by telling it to “play a game” and then guiding it into a science-fiction fantasy story in which the system's restrictions didn't apply. Amadon then got ChatGPT to spit out instructions for making dangerous fertilizer bombs. An OpenAI spokesperson did not respond to TechCrunch's inquiries about the research.

“It’s about weaving narratives and crafting contexts that play within the system’s rules, pushing boundaries without crossing them. The goal isn’t to hack in a conventional sense but to engage in a strategic dance with the AI, figuring out how to get the right response by understanding how it ‘thinks,’” Amadon told TechCrunch. “The sci-fi scenario takes the AI out of a context where it’s looking for censored content … There really is no limit to what you can ask it once you get around the guardrails.”

**New Evidence Indicates That at Least Two Saudi Officials May Have Helped 9/11 Hijackers**

In the fervent investigations following the September 11, 2001, terrorist attacks in the United States, the FBI and CIA both concluded that it was coincidental that a Saudi Arabian official had helped two of the hijackers in California and that there had not been high-level Saudi involvement in the attacks. The 9/11 commission incorporated that determination, but some findings indicated subsequently that the conclusions might not be sound. With the 23-year anniversary of the attacks this week, ProPublica published new evidence “suggest\[ing\] more strongly than ever that at least two Saudi officials deliberately assisted the first Qaida hijackers when they arrived in the United States in January 2000.”

The evidence comes primarily from a federal lawsuit against the Saudi government brought by survivors of the 9/11 attacks and relatives of victims. A judge in New York will soon make a decision in that case about a Saudi motion to dismiss. But evidence that has already emerged in the case, including videos and documents such as telephone records, points to possible connections between the Saudi government and the hijackers.

“Why is this information coming out now?” said retired FBI agent Daniel Gonzalez, who pursued the Saudi connections for almost 15 years. “We should have had all of this three or four weeks after 9/11.”

**British Teenager Arrested in Investigation of Cyberattack on London Transportation Agency**

The United Kingdom's National Crime Agency said on Thursday that it arrested a teenager on September 5 as part of the investigation into a cyberattack on September 1 on the London transportation agency Transport for London (TfL). The suspect is a 17-year-old male and was not named. He was “detained on suspicion of Computer Misuse Act offenses” and has since been released on bail. In a statement on Thursday, TfL wrote, “Our investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.” Some data related to the London transit payment cards known as Oyster cards may have been accessed for about 5,000 customers, including bank account numbers. TfL is reportedly requiring roughly 30,000 users to appear in person to reset their account credentials.

**Polish Court Blocks Investigation Into Apparent Spyware Abuses by Previous Government Administration**

In a decision on Tuesday, Poland’s Constitutional Tribunal blocked an effort by Poland's lower house of parliament, known as the Sejm, to launch an investigation into the country's apparent use of the notorious hacking tool known as Pegasus while the Law and Justice (PiS) party was in power from 2015 to 2023. Three judges who had been appointed by PiS were responsible for blocking the inquiry. The decision cannot be appealed. The decision is controversial, with some, like Polish parliament member Magdalena Sroka, saying that it was “dictated by the fear of liability.”

Security News This Week: A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.

On Monday, United States prosecutors in Sacramento, California, unveiled a 15-count indictment accusing Dallas Erin Humber, 34, and Matthew Robert Allison, 37, of serving as core members of a virulent neo-Nazi propaganda network that solicited attacks on federal officials, power infrastructure, people of color, and material support for acts of terrorism both within the US and overseas.

The group, known as the Terrorgram Collective, has produced four publications to date—a blend of ideological motivation, mass murder worship, neofascist indoctrination, and how-to manuals for chemical weapons attacks, infrastructure sabotage, and ethnic cleansing. The screeds have directly inspired a series of ideologically motivated attacks around the world, including a 2022 mass shooting at an LGBTQ bar in Bratislava, Slovakia; successful attacks on power infrastructure in North Carolina and similar failed plots in Baltimore and New Jersey; and a stabbing spree in the Turkish city of Eskisehir.

Federal prosecutors allege Humber, Allison, and other Terrorgram Collective members were in the process of compiling a fifth, yet-to-be-released publication devoted to a pantheon of “saints”—neofascist mass murderers like Timothy McVeigh and Anders Breivik. The point of this guide, prosecutors claim, was to “inspire Terrorgram users to commit acts of violence.”

Humber and Allison were both federal targets as early as early 2023, but authorities appear to have waited for a year and a half to compile evidence of potential attacks around the world, and for the British government’s decision this April to formally ban the Terrorgram Collective, before filing an indictment that could land the defendants in prison for more than two centuries. To date, American authorities have charged at least four individuals allegedly involved in the Terrorgram Collective with terrorism-related offenses.

While the arrests are not the first targeting the Terrorgram Collective—Slovakian Pavol “SlovakBro” Beňadik and former Atomwaffen Division founder Brandon Russell hold that honor—the charges against Humber and Allison represent a major change from how the FBI and US Department of Justice approach diffuse “accelerationist” terrorism—the nihilist brand of neofascism that seeks to speed up societal collapse and the ascent of a Fourth Reich through mass shootings, bombings, and other acts of terrorism by “lone wolf” actors. Relying on the UK government’s April order declaring the Terrorgram Collective a banned terrorist group and a little-employed section of the “material support for terrorism” section of the US criminal code, federal prosecutors are finally taking an aggressive, whole-of-law approach to violent neofascist extremism.

“What it shows is exactly what I’ve been arguing for years: All the tools they need to do this work, they have,” says Michael German, a former FBI special agent and a liberty and national security fellow at the Brennan Center for Justice, an NYU School of Law nonprofit. German points to years of arguments by the FBI and Department of Justice that they are hamstrung by existing laws when it comes to tackling violent extremists within the United States. “It also reveals the false separation that the government makes about international and domestic terrorism—white supremacy has always been transnational.”

In 2018, German coauthored a study of federal domestic terrorism prosecutions that argued existing laws were sufficient to tackle domestic terrorism, pointing to a particular statute used to charge Humber and Allison with material support. “It’s the material support statute the DOJ forgot,” says German.

The UK’s order against the Terrorgram Collective provided American authorities a basis for labeling a diffusive, ostensibly domestic propaganda group as a “transnational terrorist organization” in a detention motion filed on Tuesday, potentially opening Humber and Allison up to deleterious additional charges and sentencing enhancements. In other words, the US is treating Terrorgram in ways similar to how it has treated Islamist terrorist organizations.

“I would think of this case more like an old-school terrorism investigation, where you have a leadership cell that pushed info to followers and radicalized them into action,” says Seamus Hughes, a terrorism researcher at the University of Nebraska Omaha, of the indictment’s allegations against Humber and Allison.

The role of undercover agents in at least two of the Terrorgram federal prosecutions, the DOJ’s repeated citation of the group’s outlawed status in Great Britain as basis for labeling it a transnational terrorism organization, and the alleged targeting of power infrastructure by participants in the propaganda network, Hughes says, all point to US law enforcement taking a new approach to tackling violent right-wing extremism.

“The vast majority of material support cases are jihadi, but right here, they \[allegedly\] inspired an individual to plot an attack against a power plant,” he adds. “That’s critical infrastructure and is the lynchpin for the material support of terrorism charge.”

The power infrastructure plot Hughes references is the case of Andrew Takhistov, an 18-year-old New Jersey man charged in July with soliciting another individual to attack energy facilities. Court documents describe Tahkistov as a virulently hateful young man who fantasized about attacking a synagogue and participated in a March 2024 demonstration by an Atlantic City–based “active club” in support of jailed neo-Nazi leader Robert Rundo, was ever-present in the Terrogram Collective’s Telegram channels.

Along with allegedly circulating propaganda from the Terrorgram Collective and urging lone-wolf attacks, the feds claim in court records that Tahkistov bragged about participating in the production of the group’s “Hard Reset” publication, describing it as “the perfect starting guide” for a lone-wolf terrorist. “It has ideology, it has how-to guides, it has ideas for funny things, it goes into how you should plan it, it goes into the thought process,” Takhistov allegedly told an undercover FBI agent with whom he plotted the erstwhile attack on power stations near North Brunswick and New Brunswick, New Jersey.

These details were included in Tahkistov’s indictment, which also outlined his alleged plans to travel to Russia and join the Russian Volunteer Corps, a neo-Nazi combat battalion fighting for the Ukrainian military, which was founded by Denis Kapustin, an Azov Movement–connected extremist who tried to help Rundo flee the US in 2018, in order to gain weapons expertise and military training that would allow him to carry out more effective acts of ideologically motivated terrorism once back in the United States.

Takhistov is in custody and will next appear in court on October 9. He has pleaded not guilty.

Humber and Allison are longtime radicals. Humber’s radicalization appeared to start decades ago, per a report by extremism researchers at Left Coast Right Watch. Research obtained by this reporter shows Humber ran more than two dozen extreme right-wing propaganda channels on Telegram, which circulated the Terrorgram Collective’s material as well as other accelerationist content.

In recent years, aside from narrating audio books of neofascist manifestos and propaganda tracts, Humber also corresponded with convicted domestic terrorist Dylann Roof and with Atomwaffen Division founder Brandon Russell, who ended up joining their collective. “There’s no quitting our worldview. It’s a lifelong commitment,” Humber allegedly told Russell in a recorded jailhouse call following the latter’s arrest in February 2023. Her participation in the network, according to a March 15, 2022, Telegram post included in court filings by prosecutors, was to mold potential terrorists for action. “No military is fighting for us. No govt is protecting our people and defending our interests. The ONLY people fighting for us are lone wolves,” Humber wrote, in reference to a teenager she was trying to indoctrinate. “He’s like 18 yo and seems very impressionable, I’m trying to radicalize him.”

When the FBI raided Humber’s Elk Grove home last week, they recovered reams of Nazi propaganda, 3D-printed firearms—including a homemade AR-15 pattern rifle—a short-barreled rifle, a 3D printer, unregistered handguns, and high-capacity magazines, which remain illegal in California. She remains held without bail.

Allison, who was born in Southern California, lives in a high-end apartment building in downtown Boise, Idaho, and, according to court documents, does not hold a steady job. He doesn’t appear to have a criminal record, aside from a June 2022 misdemeanor. There are very few traces of Allison online, but details cobbled together by researchers indicate he drifted steadily to the right from 2018 onward, starting with the former Fox News host Tucker Carlson’s content and then moving steadily in the direction of Timothy McVeigh, The Order founder Robert Jay Mathews, and finally, the skull-masked, nihilistic neofascism popularized by the Atomwaffen Division at the end of the last decade.

Under the alias “BanThisChannel,” Allison was one of the most prolific disseminators of Terrorgram’s propaganda materials and was prolific in extreme-right-wing Telegram channels, commiserating with other SoCal skinheads about racial attacks in days gone by and connecting other individuals to militant groups like the Atomwaffen Division. Research obtained by this reporter indicates he worked part-time as a video producer and was the editor who compiled a number of “sizzle reels” for the Terrorgram Collective’s propaganda output online, including a set entitled “The BTC Movie Trilogy” that Takhistov sought out for inspiration.

Nineteen-year-old Slovakian teenager Juraj Krajčík, the perpetrator of the 2022 Bratislava massacre, was in extensive contact with Humber and Allison for at least a year prior to the attack, and sent his manifesto to Allison after he carried out his mass murder, which explicitly cited Terrorgram Collective publications and thanked the group for inspiring him to act. Allison then circulated the manifesto through the group’s Telegram channels. The group proceeded to claim Krajčík as “their first saint.”

Allison’s commitment to neofascism and white supremacy appears to have run deep—“I won’t quit til I’m dead. my only goal in life is to fucking destroy the enemy,” Allison declared in a Telegram post cited by federal prosecutors. Both he and Humber, according to a government detention motion, sought to identify the informant in Brandon Russell’s criminal case. Allison advocated adding the suspected snitch to “The List” (a collection of federal officials, journalists, businessmen, and other perceived enemies circulated by the Terrorgram Collective as potential assassination targets), while Humber allegedly told Russell in a recorded jailhouse call in August 2023 that she had photographs of the suspected informant and was running them through facial recognition software.

When Allison was arrested last week, authorities say, he had a backpack loaded with what appeared to be a “bug-out kit” comprised of zip ties, a gun, duct tape, ammunition, a knife, lockpicking tools, two phones, and a thumb drive. When law enforcement searched his apartment, they turned up an assault rifle, two laptops, an external hard drive, and another “go bag” containing $1,500 in cash, clothes, a passport, ziplock bags full of pills, ammunition, a skull mask balaclava, sim cards, and a birth certificate.

In a videotaped interview following his arrest, Allison allegedly confessed to his participation in the Terrorgram Collective and “engaging in acts alleged in the General Allegations of the Indictment.”

Law enforcement consider Humber and Allison threats to their community, and to authorities as well: Humber allegedly worked with Russell to try to identify a suspected government witness in the Atomwaffen Division founder’s current criminal case in Baltimore, according to recorded jailhouse phone calls. Witnesses in Russell’s upcoming trial this November will testify in a closed courtroom to avoid being identified, a highly unusual precaution. In a sealing motion, prosecutors state that not only are additional arrests of Terrogram Collective members likely, but the group’s membership poses a severe danger to law enforcement and cooperating witnesses alike: “Defendants' many associates, both in the United States and internationally, may seek to harm perceived law enforcement or law enforcement cooperators in retribution for their role in this investigation.”

Allison is currently detained without bail and is set to appear in federal court in Boise on September 18 for a detention hearing.

The volume of evidence laid out against Humber and Allison in both the indictment and detention motion, says Hughes, shows the feds have significantly altered their approach to both far-right terrorism and particularly "lone wolf" accelerationists who have perpetrated massacres ranging from Christchurch in 2019 to Buffalo in 2022.

“When they go further than they have in the past to lay out the transnational connections and overlay a material support charge, it shows that either the feds are trying to make a point, or they were very concerned about these particular actors,” Hughes says.

Senior attorneys from the DOJ’s Civil Rights and National Security divisions are listed on the court filings in this matter, another indication that the top ranks of the Biden administration’s Justice Department called the shots on the Terrorgram Collective investigation.

“To build a case in this fashion is a decision that gets made at Main Justice,” Hughes says. “Someone high up decided to sign off on this.”

‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.

The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people’s avatars while they completed a variety of typing tasks.

When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. “When we are typing our gaze will show some regular patterns,” Zhan says.

Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. “During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused,” Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior.

The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they’ve made it. “The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected.”

Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn’t have any knowledge of the victim’s typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.

“It’s very powerful to know where someone is looking,” says Alexandra Papoutsaki, an associate professor of computer science at Pomona College who has studied eye tracking for years and reviewed the GAZEploit research for WIRED.

Papoutsaki says the work stands out as it only relies on the video feed of someone’s Persona, making it a more “realistic” space for an attack to happen when compared to a hacker getting hands-on with someone’s headset and trying to access eye tracking data. “The fact that now someone, just by streaming their Persona, could expose potentially what they’re doing is where the vulnerability becomes a lot more critical,” Papoutsaki says.

While the attack was created in lab settings and hasn’t been used against anyone using Personas in the real world, the researchers say there are ways hackers could have abused the data leakage. They say, theoretically at least, a criminal could share a file with a victim during a Zoom call, resulting in them logging into, say, a Google or Microsoft account. The attacker could then record the Persona while their target logs in and use the attack method to recover their password and access their account.

**Quick Fixes**

The GAZEpolit researchers reported their findings to Apple in April and subsequently sent the company their proof-of-concept code so the attack could be replicated. Apple fixed the flaw in a Vision Pro software update at the end of July, which stops the sharing of a Persona if someone is using the virtual keyboard.

An Apple spokesperson confirmed the company fixed the vulnerability, saying it was addressed in VisionOS 1.3. The company’s software update notes do not mention the fix. The researchers say Apple assigned CVE-2024-40865 for the vulnerability and recommend people download the latest software updates.

Apple Vision Pro’s Eye Tracking Exposed What People Type

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.”

The generative AI boom has, in many ways, been a privacy bust thus far, as services slurp up web data to train their machine learning models and users’ personal information faces a new era of potential threats and exposures. With the release of Apple’s iOS 18 and macOS Sequoia this month, the company is joining the fray, debuting Apple Intelligence, which the company says will ultimately be a foundational service in its ecosystem. But Apple has a reputation to uphold for prioritizing privacy and security, so the company took a big swing. It has developed extensive custom infrastructure and transparency features, known as Private Cloud Compute (PCC), for the cloud services Apple Intelligence uses when the system can't fulfill a query locally on a user's device.

The beauty of on-device data processing, or “local” processing, is that it limits the paths an attacker can take to steal a user's data. The data never leaves the computer or phone, so that's what the attacker has to target. It doesn't mean an attack will never be successful, but the battleground is defined and constrained. Giving data to a company to process in the cloud isn't inherently a security issue—an unfathomable amount of data moves through global cloud infrastructure safely every day. But it expands that battlefield immensely and also creates more opportunities for mistakes that inadvertently expose data. The latter has particularly been an issue with generative AI given the unintended ways that a system tasked with generating content may access and share information.

With Private Cloud Compute, Apple has developed an array of innovative cloud security technologies. But the service is also significant for pushing the limits of what is an acceptable business proposition for a cloud service, seemingly prioritizing secure architecture over what would be most technically efficient or economical.

“We set out from the beginning with a goal of how can we extend the kinds of privacy guarantees that we’ve established with processing on-device with iPhone to the cloud—that was the mission statement," Craig Federighi, senior vice president of software engineering at Apple, tells WIRED. “It took breakthroughs on every level to pull this together, but what we’ve done is achieve our goal. I think this sets a new standard for processing in the cloud in the industry.”

To remove many of the potential attack points and pitfalls that cloud computing can introduce, Apple says its developers focused on the idea that “security and privacy guarantees are strongest when they are entirely technically enforceable” rather than implemented through policies.

In other words, you can have a plate of cupcakes on the counter and make a policy for yourself that you're not going to eat any of them. Or you could have a policy that you never make or buy cupcakes. But the Private Cloud Compute approach would be to move to a town with no bakeries, rip out your kitchen, and close your credit cards to prevent yourself from buying Easy Bake Ovens. That way there's no question about your cupcake access or the possibility of accidental cupcake hoarding.

**Starting Fresh**

Apple created purpose-built servers running Apple processors for PCC and developed a custom PCC server operating system that's a stripped down, hybrid version of iOS and macOS. The scheme incorporates hardware and software security features the company has developed for Macs and iPhones over the past two decades.

Unlike these consumer devices, though, PCC servers are as bare-bones as possible. For example, they don't include “persistent storage,” meaning that they don't have a hard drive that can keep processed data long-term. They do incorporate Apple's dedicated hardware encryption key manager known as the Secure Enclave and randomize each file system's encryption key at every boot up as well. This means that once a PCC server is rebooted, no data is retained and, as an additional precaution, the entire system volume is cryptographically unrecoverable. At that point, all the server can do is start fresh with a new encryption key.

PCC servers also use Apple's Secure Boot to validate the integrity of the operating system and use a code verification feature the company debuted with iOS 17, known as Trusted Execution Monitor. Instead of using Trusted Execution Monitor in the usual way for oversight, though, PCC runs it in a much stricter mode where once the server restarts and completes the boot sequence, the system locks down and can't load any new code whatsoever. Essentially, all the software the server needs to run gets pummeled with checks and validation and then goes into an envelope that's sealed before user requests and data can begin to process through.

More broadly, Apple says it completely replaced its normal server management tools for PCC. For example, most cloud platforms have policies and controls to prevent unauthorized access, but they also build “break in case of emergency”-type options so highly trusted system administrator accounts can take quick action in case of a bug or failure. In keeping with Apple's focus on technically enforceable guarantees versus policy guarantees, PCC doesn't allow privileged access and drastically limits remote management options.

In recent years, Apple took a major security step by offering its users end-to-end encryption for iCloud backups, in which the company simply holds data in its cloud infrastructure for its customers and doesn't have the technical capability to decrypt and read that data. With current technology, such a scheme is impossible to implement for generative AI because the system needs to process the inputs to give an output. For example, if you want Apple Intelligence to give you a summary of all the text messages and emails you've received in the past three hours, the system needs access to those messages. End-to-end encryption would make that access virtually impossible.

Apple says it is still committed to doing as much Apple Intelligence processing as possible on-device, and a brand new iPhone 16 with its A18 chip, for example, will be able to do more AI processing locally than an iPhone 15 with an A16 chip. Still, the reality seems to be that Apple will need to do a substantial amount of Apple Intelligence processing in the cloud—hence the investment in developing PCC. (In iOS 18.1, users can go to Settings > Privacy & Security > Apple Intelligence Report to view a log of which requests are processed on device versus in the cloud.)

“What was really unique about the problem of doing large language model inference in the cloud was that the data had to at some level be readable by the server so it could perform the inference. And yet, we needed to make sure that that processing was hermetically sealed inside of a privacy bubble with your phone," Federighi says. “So we had to do something new there. The technique of end-to-end encryption—where the server knows nothing—wasn’t possible here, so we had to come up with another solution to achieve a similar level of security.”

Still, Apple says that it offers “end-to-end encryption from the user’s device to the validated PCC nodes, ensuring the request cannot be accessed in transit by anything outside those highly protected PCC nodes.” The system is architected so Apple Intelligence data is cryptographically unavailable to standard data center services like load balancers and logging devices. Inside a PCC cluster, data is decrypted and processed, but Apple emphasizes that once a response is encrypted and sent on its journey to the user, no data is retained or logged and none of it is ever accessible to Apple or its individual employees.

**Open Book, Closed System**

Apple says the overarching vision for PCC is that an attacker should have to compromise the entire system—a difficult thing to do at all much less without being detected—in order to target a specific user's personal data. Even if an attacker could physically compromise an individual live PCC node, the system is devised with an anonymous relay feature so the queries and data on any one node can't be connected to individual users.

It all sounds pretty groovy, but the notoriously secretive company seems to be aware that professing to do all of these things and claiming to offer technical guarantees is ultimately only compelling with proof and transparency. So PCC includes an external auditing mechanism that serves a crucial dual purpose.

Apple is making every production PCC server build publicly available for inspection so people unaffiliated with Apple can verify that PCC is doing (and not doing) what the company claims, and that everything is implemented correctly. All of the PCC server images are recorded in a cryptographic attestation log, essentially an indelible record of signed claims, and each entry includes a URL for where to download that individual build. PCC is designed so Apple can't put a server into production without logging it. And in addition to offering transparency, the system works as a crucial enforcement mechanism to prevent bad actors from setting up rogue PCC nodes and diverting traffic. If a server build hasn't been logged, iPhones will not send Apple Intelligence queries or data to it.

PCC is part of Apple's bug bounty program, and vulnerabilities or misconfigurations researchers find could be eligible for cash rewards. Apple says, though, that since the iOS 18.1 beta became available in late July, no on has found any flaws in PCC so far. The company recognizes that it has only made the tools to evaluate PCC available to a select group of researchers so far.

Multiple security researchers and cryptographers tell WIRED that Private Cloud Compute looks promising, but they haven't spent significant time digging into it yet.

“Building Apple silicon servers in the data center when we didn’t have any before, building a custom OS to run in the data center was huge,” Federighi says. He adds that “creating the trust model where your device will refuse to issue a request to a server unless the signature of all the software the server is running has been published to a transparency log was certainly one of the most unique elements of the solution—and totally critical to the trust model.”

To questions about Apple's partnership with OpenAI and integration of ChatGPT, the company emphasizes that partnerships are not covered by PCC and operate separately. ChatGPT and other integrations are turned off by default, and users must manually enable them. Then, if Apple Intelligence determines that a request would be better fulfilled by ChatGPT or another partner platform, it notifies the user each time and asks whether to proceed. Additionally, people can use these integrations while logged into their account for a partner service like ChatGPT or can use them through Apple without logging in separately. Apple said in June that another integration with Google's Gemini is also in the works.

Apple said this week that beyond launching in United States English, Apple Intelligence is coming to Australia, Canada, New Zealand, South Africa, and the United Kingdom in December. The company also said that additional language support—including for Chinese, French, Japanese, and Spanish—will drop next year. Whether that means that Apple Intelligence will be permitted under the European Union's AI Act and whether Apple will be able to offer PCC in its current form in China is another question.

“Our goal is to bring ideally everything we can to provide the best capabilities to our customers everywhere we can,” Federighi says. “But we do have to comply with regulations, and there is uncertainty in certain environments we’re trying to sort out so we can bring these features to our customers as soon as possible. So, we’re trying.”

He adds that as the company expands its ability to do more Apple Intelligence computation on-device, it may be able to use this as a workaround in some markets.

Those who do get access to Apple Intelligence will have the ability to do far more than they could with past versions of iOS, from writing tools to photo analysis. Federighi says that his family celebrated their dog’s recent birthday with an Apple Intelligence–generated GenMoji (viewed and confirmed to be very cute by WIRED). But while Apple's AI is meant to be as helpful and invisible as possible, the stakes are incredibly high for the security of the infrastructure underpinning it. So how are things going so far? Federighi sums it up without hesitation: “The rollout of Private Cloud Compute has been delightfully uneventful.”

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

xAI's generative AI tool, Grok AI, is unhinged compared to its competitors. It's also scooping up a ton of data people post on X. Here's how to keep your posts out of Grok—and why you should.

In 2015, Elon Musk and Sam Altman cofounded OpenAI based on a seemingly ethical ethos: to develop AI technology that benefits humanity, rather than systems controlled by big money corporations.

Fast forward a decade that included a spectacular falling out between Musk and Altman, things look very different. Amid legal battles with his friend and former business partner, Musk’s latest company, xAI, has launched its own powerful competitor, Grok AI.

Described as “an AI search assistant with a twist of humor and a dash of rebellion,” Grok is designed to have fewer guardrails than its major competitors. Unsurprisingly, Grok is prone to hallucinations and bias, with the AI assistant blamed for spreading misinformation about the 2024 election.

At the same time, its data protection practices are under scrutiny. In July, Musk came under fire from European regulators after it emerged that users of the X platform were automatically opted in to their posts being used to train Grok.

Image generation capabilities in its Grok-2 large language model are also causing concern. Soon after the launch in August, users demonstrated how easy it was to create outrageous and incendiary depictions of politicians including Kamala Harris and Donald Trump.

So what are the main issues with Grok AI, and how can you protect your X data from being used to train it?

**Deep Integration**

Musk is deeply integrating Grok into X, using it for customized news feeds and post composition. Right now, it's in beta and only available to Premium+ subscribers.

Among the benefits, access to real-time data from X allows Grok to chat about current events as they're unfolding, says Camden Woollven, group head of AI at GRC International Group, a consultancy offering data protection and privacy services.

To stand out from its competitors, Grok is intended to be “transparent and anti-woke,” says Nathan Marlor, head of data and AI at Version 1, a firm that helps companies adopt technology including AI.

For transparency, the Grok team made the underlying algorithm open source earlier this year. However, in its pursuit of an “anti-woke” stance, Grok has been built with “far fewer guardrails” and “less consideration for bias” than its counterparts including OpenAI and Anthropic, Marlor says. “This approach arguably makes it a more accurate reflection of its underlying training data—the internet—but it also has a tendency to perpetuate biased content.”

WIRED approached X and xAI on several occasions for comment, but the firm has not responded.

Because Grok is so open and relatively uncontrolled, the AI assistant has been caught spreading false US election information. Election officials from Minnesota, New Mexico, Michigan, Washington and Pennsylvania sent a complaint letter to Musk, after Grok provided false information about the ballot deadlines in their states.

Grok was quick to respond to this issue. The AI chatbot will now say, “for accurate and up-to-date information about the 2024 US Elections, please visit Vote.gov,” when asked election-related questions, according to the Verge.

But X also makes it clear the onus is on the user to judge the AI’s accuracy. “This is an early version of Grok,” xAI says on its help page. Therefore chatbot may “confidently provide factually incorrect information, missummarize, or miss some context,” xAI warns.

“We encourage you to independently verify any information you receive,” xAI adds. “Please do not share personal data or any sensitive and confidential information in your conversations with Grok.”

**Grok Data Collection**

Vast amounts of data collection are another area of concern—especially since you are automatically opted in to sharing your X data with Grok, whether you use the AI assistant or not.

The xAI’s Grok Help Center page describes how xAI “may utilize your X posts as well as your user interactions, inputs and results with Grok for training and fine-tuning purposes.”

Grok’s training strategy carries “significant privacy implications,” says Marijus Briedis, chief technology officer at NordVPN. Beyond the AI tool's “ability to access and analyze potentially private or sensitive information," Briedis adds, there are additional concerns “given the AI’s capability to generate images and content with minimal moderation.”

While Grok-1 was trained on “publicly available data up to Q3 2023” but was not “pre-trained on X data (including public X posts),” according to the company, Grok-2 has been explicitly trained on all “posts, interactions, inputs, and results” of X users, with everyone being automatically opted in, says Angus Allan, senior product manager at CreateFuture, a digital consultancy specializing in AI deployment.

The EU’s General Data Protection Regulation (GDPR) is explicit about obtaining consent to use personal data. In this case, xAI may have “ignored this for Grok,” says Allan.

This led to regulators in the EU pressuring X to suspend training on EU users within days of the launch of Grok-2 last month.

Failure to abide by user privacy laws could lead to regulatory scrutiny in other countries. While the US doesn’t have a similar regime, the Federal Trade Commission has previously fined Twitter for not respecting users’ privacy preferences, Allan points out.

**Opting Out**

One way to prevent your posts from being used for training Grok is by making your account private. You can also use X privacy settings to opt out of future model training.

To do so select **Privacy & Safety > Data sharing and Personalization > Grok**. In **Data Sharing**, uncheck the option that reads, “Allow your posts as well as your interactions, inputs, and results with Grok to be used for training and fine-tuning.”

Even if you no longer use X, it’s still worth logging in and opting out. X can use all of your past posts—including images—for training future models unless you explicitly tell it not to, Allan warns.

It’s possible to delete all of your conversation history at once, xAI says. Deleted conversations are removed from its systems within 30 days, unless the firm has to keep them for security or legal reasons.

No one knows how Grok will evolve, but judging by its actions so far, Musk’s AI assistant is worth monitoring. To keep your data safe, be mindful of the content you share on X and stay informed about any updates in its privacy policies or terms of service, Briedis says. “Engaging with these settings allows you to better control how your information is handled and potentially used by technologies like Grok.”

What You Need to Know About Grok AI and Your Privacy

Plus: Kaspersky’s US business sold, Nigerian sextortion scammers jailed, and Europe’s controversial encryption plans return.

Your devices may be revealing a lot more about your life than you realize.

During the Democratic National Convention in Chicago last month, we set out to find just how much data is floating around in the digital ether all around us. Armed with a fanny pack filled with radios—including a hot spot loaded with custom code developed by the digital rights nonprofit the Electronic Frontier Foundation and an Android phone armed with the data-revealing app Wiggle—WIRED reporters collected signals from nearly 300,000 devices in and around the DNC. This included more than 2,500 police body cameras, which effectively revealed how the Chicago Police Department deployed its officers at the protests. It also exposed new ways everyone—police and activists alike—can be surveilled via our gadgets.

Thanks to a legal dispute over content moderation, Elon Musk’s X has been blocked in Brazil for a week—mostly, away. The South American nation has some 20,000 internet service providers and lacks the centralized stranglehold over internet infrastructure that authoritarian countries like Iran have built. So when it comes to blocking an entire social network in Brazil, the whole thing is a bit of a mess.

Speaking of Musk-run companies, SpaceX is getting a big new customer for its Starlink satellite internet service: the United States Navy. In addition to providing sailors with a way to stay connected to friends and family while out at sea, Starlink is part of a large project to connect US warships wherever they are in the world.

Russia’s military intelligence agency, GRU, is known for having some of the most aggressive hacking teams on the planet. Now, it’s added a new one: GRU Unit 29155—a unit notorious for coup attempts, bombings, and other physical attacks—has a cyber warfare team of its own, according to the US and other Western governments. Dubbed Cadet Blizzard, the hacking team is said to have carried out attacks against Ukraine using destructive Whispergate malware, defaced Ukrainian government websites, and leaked information while posing as a hacktivist group. It all adds up to more evidence of the increasingly blurry lines between cyber and kinetic warfare.

Activists in Japan have been waging a pressure campaign against a company many people don’t know exists. The FANUC Corporation makes industrial robots, which are used for a wide variety of purposes. The activists claim this includes weapons manufacturing—specifically weapons used by Israel in its war in Gaza—and believe the company is violating export laws and its own policies. (FANUC denies both accusations.) Whatever the case, the controversy reveals how difficult it can be to untangle ethical issues from a global supply chain.

Health care companies are among the biggest targets for criminal hackers. But sometimes, the security issues come from the inside. Therapy sessions and other sensitive patient records were recently left exposed in a misconfigured database operated by Confidant Health, which provides addiction recovery care and other mental health services. The company says it secured the database immediately after a researcher alerted them to the fact that it was publicly accessible online, but it’s still a reminder of just how many of our deepest secrets can find their way into the open by accident.

Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned thanks to a cryptographic flaw that can’t be patched. The company has rolled out some mitigation measures—and the attack itself is relatively difficult to pull off. But it may be time to invest in a new dongle.

That’s not all, folks. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

At the end of August, cybercriminals from the ransomware group RansomHub appear to have hacked into the systems of Planned Parenthood’s Montana branch. The organization this week confirmed it had suffered from a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline, reporting the incident to law enforcement.

Days after the incident took place, RansomHub claimed to be behind the attack, posting Planned Parenthood on its leak website. The criminal group said it would publish 93 GB of data. It is unclear what, if anything, the ransomware group has obtained, but Planned Parenthood clinics can hold a huge array of highly sensitive data about patients, including information on abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were impacted following a similar ransomware incident in 2021.)

In recent months, RansomHub has emerged as one of the most active ransomware-as-a-service groups, following the law enforcement disruption of LockBit. According to an FBI and Cybersecurity and Infrastructure Security Agency alert at the end of August, the group is “efficient and successful” and has stolen data from at least 210 victims since it formed in February. “The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.

**Nigerian Sextortion Scammers Sentenced to 17 Years After Teen Death**

The Nigeria-based scammers known as the Yahoo Boys run almost every scam in the playbook—from romance scams to pretending to be FBI agents. Yet there's little-more devious than the increase in sextortion cases linked to the West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in US jail for running sextortion scams, following their extradition earlier this year. It is the first time Nigerian scammers have been prosecuted for sextortion in the US, the BBC reported.

The Ogoshi brothers, who pleaded guilty in April, have been linked to the death of 17-year-old Jordan DeMay, who took his life six hours after he started talking to the scammers, who posed as a girl, on Instagram. The teenager had been duped into sending the brothers explicit images, and after he had done so, they threatened to post the images online unless he paid them hundreds of dollars. US prosecutors said the brothers sexually exploited and extorted more than 100 victims, with at least 11 of them being minors. There has been a huge spike in sextortion cases in recent years.

**Kaspersky’s Banned US Business Sold**

In June, the US Commerce Department banned the sale of Kaspersky’s antivirus tools over national security concerns about its links to the Russian government. (Kaspersky has, for years, denied connections). The firm later fired its workers and said it was closing its US business. This week, cybersecurity company Pango Group announced it is purchasing Kaspersky Lab’s US antivirus customers, according to Axios. This equates to around 1 million customers, who will be transitioned to Pango’s antivirus software Ultra AV. Ahead of the Kaspersky deal, parent company Aura also announced it was spinning out Pango Group into its own business. Pango’s president said customers would not need to take any action and that it would allow subscribers to continue to receive updates after September 29, when Kaspersky updates will stop.

**Europe’s Encryption-Busting “Chat Control” Plans Return**

For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material—something that would potentially undermine encrypted messaging apps that provide everyday privacy to billions of people. The plans have been highly controversial and were shelved earlier this year. However, the proposed law, which has been dubbed “chat control,” reappeared in legislators’ in-trays this week. The Council of the EU, which is currently chaired by Hungary, wants to pass legislation by October, but reports say strong resistance to the plans still remain.

Source

Wired