Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

When Ryan Lackey has traveled to countries like Russia or China, he has taken certain precautions: Instead of his usual gear, the Seattle-based security researcher and chief security officer of a cryptocurrency insurance firm brings a locked-down Chromebook and an iPhone that's set up to sync with a separate, nonsensitive Apple account. He wipes both before every trip and loads only the minimum data he'll need. Lackey has gone so far as to keep separate travel sets for each country, so that he can forensically analyze the devices when he gets home to check for signs of each country's tampering.

Now, Lackey says, the countries that warrant that paranoid approach to travel might include not just Russia and China but also the United States—if not for Americans like him, then for anyone with a foreign passport who might come under the increasingly draconian and unpredictable scrutiny of US Customs and Border Protection (CBP). "All of this applies to America more than it has in the past," says Lackey. "If I thought I were likely to be a targeted person, I would go through this same level of protection."

Since the start of the second Trump administration, there appears to be an uptick in foreign visitors to the US being denied entry, resulting in people being sent back to their original destinations or being held in detention. Citizens from Germany, the UK, and France have all reported being detained, in some cases for weeks, or denied entry when attempting to enter the US—including several individuals who say they are legal residents with Green Cards. France’s education minister said one French scientist was denied entry after immigration officials searched his phone and found conversations where “he expressed a personal opinion on the Trump administration’s research policy.” The stricter enforcement of visa and travel permit regulations has led to officials in Germany and Britain to change their travel guidance, with Britain warning that rules are enforced “strictly.”

That de facto border crackdown is set to become far more explicit if the Trump administration follows through on a plan to enact a new “travel ban” on more than 40 countries, which would reportedly bar entry entirely from at least 10 nations and subject visitors from another five to new scrutiny and automatic interviews at the border. Another 26 countries would fall into a third category where their status will be decided in the 60 days after the policy goes into effect.

All of these changes suggest that US borders are about to become far less friendly places to foreigners and even to Americans returning from abroad. And these new border enforcement measures will no doubt be accompanied by aggressive attempts at surveillance extending to travellers’ electronic devices—a threat to digital privacy and free expression that extends to foreigners and US residents alike.

“We’re seeing extraordinarily disturbing examples of retaliatory action based on people's speech and political opinions,” says Nathan Wessler, the deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. “When that’s combined with really sweeping authority to mine the contents of our phones and laptops, looking at things we've written, things people have sent us, it should be a particular cause for concern for people across the political spectrum—and people with all kinds of citizenship and immigration statuses.”

In fact, Customs and Border Protection has long considered US borders and airports a kind of loophole in the US Constitution's Fourth Amendment protections, one that allows them wide latitude to detain travelers and search their devices. For years, the agency has used that opportunity to hold border-crossers on the slightest suspicion and demand access to their computers and phones, with little formal cause or oversight.

Citizens are far from immune. CBP detainees from journalists to filmmakers to security researchers have all had their devices taken out of their hands by agents.

As those intrusions become more common and aggressive in the second Trump era, WIRED has assembled the following advice from legal and security experts to help preserve your digital privacy while crossing American borders. But take all of these strategies with caution: Given CBP’s unpredictable—and in many areas undocumented—practices, none of the experts WIRED spoke to claimed to have a privacy panacea for the American border.

_This article was first published in February 2017 and updated in March 2025 to reflect changes in technology and the second Trump administration. WIRED’s guide to protecting yourself against government surveillance includes more security and privacy advice._

**Phone Home**

First, if you have any reason to think you could be detained or questioned at the border, alert a lawyer or a loved one who can contact a lawyer _before_ going through customs, and contact them again when you get out. If you are detained, you may not be able to access your devices or otherwise have the opportunity to reach the outside world. And in the worst-case scenario of a lengthy detention, you'll want someone advocating for your release and legal representation.

**Lock Down Devices**

If customs officials do take your devices, don't make their intrusion easy. Encrypt your hard drive with tools like BitLocker, Veracrypt, or Apple's Filevault, and choose a strong passphrase. On your phone, set a strong PIN. Using hard-to-crack alphanumeric code to unlock your phone rather than a four digit PIN or biometrics is the strongest approach to securing the device. On an iPhone, disable Siri from the lock screen by switching off **Allow Siri When Locked** under the **Siri men**u in **Settings**.

Remember also to turn your devices off before entering customs: Hard-drive encryption tools offer full protection only when a computer is fully powered down. If you use FaceID, your iPhone is safest when it's turned off, too, since it requires a PIN rather than a face scan when first booted, resolving any ambiguity about whether border officials can compel you to unlock the device with your biometrics.

In recent years, Apple and Google have made it possible to separate sensitive apps from being shown with others on your phone—placing them in a separate folder from other apps and protecting them with another layer of authentication. Android’s Private Spaces can be turned on in the Security and privacy settings menu, while long pressing an app on iOS will bring up the option to place it in a hidden folder.

Finally, Wessler recommends that travelers be sure to update their operating systems on both laptops and phones before crossing the border. That’s because CBP could, in some cases, use tools like Cellebrite or GrayKey to exploit unpatched vulnerabilities in those devices, accessing them without the user unlocking them. “It may be that if your operating system is six months out of date, your device is vulnerable,” Wessler says. “The newest version may not be.”

**Keep Passwords Secret**

This is the tricky part. American citizens can't be deported for refusing to give up passwords for social media accounts or encrypted devices, says the ACLU's Wessler. That means if you stand your ground and don't reveal passwords or PINs, you may be detained and your devices confiscated—even sent off to a forensic facility—but you'll eventually get through with your privacy far more intact than if you divulge secrets. "They can seize your device, even for months while they try to break into it," says Wessler. "But you’re going to get home." (Despite the Trump administration’s shocking treatment in some cases of foreign permanent residents, this protection applies to green card holders too, Wessler says.)

Be warned, however, that denying customs officials access can at the very least lead to hours of uncertain detention in a bleak, windowless CBP office. At some US airports and in various states, court rulings have put limitations and restrictions on what CBP officials can do to access your devices, but there’s little guarantee those restrictions will be followed in practice if border agents have your computer or phone in their custody without oversight.

Broadly, the CBP outlines two types of device searches: basic, where an officer “manually” reviews a device’s content; and an advanced search where a device is connected to external equipment and its contents can be reviewed, copied, or analyzed. The latter search requires a “reasonable suspicion” of a crime, CBP says. The agency’s official guidance avoids explicitly saying people are required to hand over passwords, skirting around the issue by saying devices should be presented “in a condition that allows for the examination.”

“If the electronic device cannot be inspected because it is protected by a passcode or encryption or other security mechanism, that device may be subject to exclusion, detention, or other appropriate action or disposition,” the agency says online.

For non-Americans coming to the US on a visa or from a visa-waiver country, Wessler warns that they face a far starker dilemma: Refuse to give up a passcode or PIN and you may be denied entry. “There’s a very practical assessment people have to make about what's most important to them,” he says. “Getting into the country but sacrificing privacy or protecting your privacy—but risking that you may be turned around at the border.”

**Minimize the Data You Carry**

For the most vulnerable travelers, there’s one clear solution to that dilemma: The best way to keep customs away from your data is simply not to travel with it. Instead, like Lackey, set up travel devices that store the minimum of sensitive data. Don't link those "dirty" devices to your personal accounts, and when you do have to create a linked account—as with an Apple ID for iOS devices—create fresh ones with unique usernames and passwords. "If they ask for access and you can’t refuse, you want to be able to give them access without losing any sensitive information," says Lackey.

(Social media accounts, admittedly, can't be so easily ditched. Some security experts recommend creating secondary personas that can be offered up to customs officials while keeping a more sensitive account secret. But if CBP agents do link your identity with an account you tried to hide, the result could be longer detention and, for noncitizens, even denial of entry.)

If you can’t create a separate travel device, the Electronic Frontier Foundation also suggests logging out of apps and cloud services—such as Google Drive, or MicrosoftOne Drive—so that border agents can’t access documents or data you are storing remotely. Backing up data, such as photos or files, to the cloud services before you travel can help to remove data from the phone.

“The only sure way to protect yourself is to not carry information with you or to carry as little as possible,” says the ACLU’s Wessler. “As long as you have a device and there's stuff on it, that's potentially vulnerable to search.”

That vulnerability to search comes in part from the fact that privacy rights for digital devices at the border remains troublingly unsettled in US law, says UC Davis law professor Elizabeth Joh. While the Supreme Court decision in _Riley v. California_ in 2014 declared warrantless searches of devices at the time of arrest unconstitutional, no case has set such a precedent for the American border—much less for non-Americans seeking those same privacy rights.

Since 2014, several federal appeals courts have come to conflicting opinions about when it’s constitutional for customs and border agents to search electronic devices, but the Supreme Court has yet to weigh in. Until it does, the border zone will remain in a kind of legal limbo.

The government, after all, has the power to open bags crossing into its territory or even dismantle cars to search for contraband, Joh points out. "What does that mean in an age when people bring their digital devices across borders? The Supreme Court hasn’t spoken to that issue," Joh says. "The real problem here is there's still no good set of protections for a portal into your private life."

How to Enter the US With Your Digital Privacy Intact

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.

Image: WLVT-8.

Authorities in Knoxville, Tennessee last week said they arrested 11 Chinese nationals accused of buying tens of thousands of dollars worth of gift cards at local retailers with mobile wallets created through online phishing scams. The Knox County Sheriff’s office said the arrests are considered the first in the nation for a new type of tap-to-pay fraud.

Responding to questions about what makes this scheme so remarkable, Knox County said that while it appears the fraudsters are simply buying gift cards, in fact they are using multiple transactions to purchase various gift cards and are plying their scam from state to state.

“These offenders have been traveling nationwide, using stolen credit card information to purchase gift cards and launder funds,” Knox County Chief Deputy **Bernie Lyon** wrote. “During Monday’s operation, we recovered gift cards valued at over $23,000, all bought with unsuspecting victims’ information.”

Asked for specifics about the mobile devices seized from the suspects, Lyon said “tap-to-pay fraud involves a group _utilizing Android phones to conduct Apple Pay transactions_ utilizing stolen or compromised credit/debit card information,” \[emphasis added\].

Lyon declined to offer additional specifics about the mechanics of the scam, citing an ongoing investigation.

**Ford Merrill** works in security research at SecAlliance, a CSIS Security Group company. Merrill said there aren’t many valid use cases for Android phones to transmit Apple Pay transactions. That is, he said, unless they are running a custom Android app that KrebsOnSecurity wrote about last month as a part of a deep dive into the sprawling operations of China-based phishing cartels that are breathing new life into the payment card fraud industry (a.k.a. “carding”).

How are these China-based phishing groups obtaining stolen payment card data and then loading it onto Google and Apple phones? It all starts with phishing.

If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the **U.S. Postal Service** to supposedly collect some outstanding delivery fee, or an SMS that pretends to be a local toll road operator warning of a delinquent toll fee.

These messages are being sent through sophisticated phishing kits sold by several cybercriminals based in mainland China. And they are not traditional SMS phishing or “**smishing**” messages, as they bypass the mobile networks entirely. Rather, the missives are sent through the **Apple iMessage** service and through RCS, the functionally equivalent technology on **Google** phones.

People who enter their payment card data at one of these sites will be told their financial institution needs to verify the small transaction by sending a one-time passcode to the customer’s mobile device. In reality, that code will be sent by the victim’s financial institution in response to a request by the fraudsters to link the phished card data to a mobile wallet.

If the victim then provides that one-time code, the phishers will link the card data to a new mobile wallet from Apple or Google, loading the wallet onto a mobile phone that the scammers control. These phones are then loaded with multiple stolen wallets (often between 5-10 per device) and sold in bulk to scammers on Telegram.

An image from the Telegram channel for a popular Chinese smishing kit vendor shows 10 mobile phones for sale, each loaded with 5-7 digital wallets from different financial institutions.

Merrill found that at least one of the Chinese phishing groups sells an Android app called “**Z-NFC**” that can relay a valid NFC transaction to anywhere in the world. The user simply waves their phone at a local payment terminal that accepts Apple or Google pay, and the app relays an NFC transaction over the Internet from a phone in China.

“I would be shocked if this wasn’t the NFC relay app,” Merrill said, concerning the arrested suspects in Tennessee.

Merrill said the Z-NFC software can work from anywhere in the world, and that one phishing gang offers the software for $500 a month.

“It can relay both NFC enabled tap-to-pay as well as any digital wallet,” Merrill said. “They even have 24-hour support.”

On March 16, the ABC affiliate in Sacramento (**ABC10**), Calif. aired a segment about two Chinese nationals who were arrested after using an app to run stolen credit cards at a local Target store. The news story quoted investigators saying the men were trying to buy gift cards using a mobile app that cycled through more than 80 stolen payment cards.

ABC10 reported that while most of those transactions were declined, the suspects still made off with $1,400 worth of gift cards. After their arrests, both men reportedly admitted that they were being paid $250 a day to conduct the fraudulent transactions.

Merrill said it’s not unusual for fraud groups to advertise this kind of work on social media networks, including TikTok.

A **CBS News** story on the Sacramento arrests said one of the suspects tried to use 42 separate bank cards, but that 32 were declined. Even so, the man still was reportedly able to spend $855 in the transactions.

Likewise, the suspect’s alleged accomplice tried 48 transactions on separate cards, finding success 11 times and spending $633, CBS reported.

“It’s interesting that so many of the cards were declined,” Merrill said. “One reason this might be is that banks are getting better at detecting this type of fraud. The other could be that the cards were already used and so they were already flagged for fraud even before these guys had a chance to use them. So there could be some element of just sending these guys out to stores to see if it works, and if not they’re on their own.”

Merrill’s investigation into the Telegram sales channels for these China-based phishing gangs shows their phishing sites are actively manned by fraudsters who sit in front of giant racks of Apple and Google phones that are used to send the spam and respond to replies in real time.

In other words, the phishing websites are powered by real human operators as long as new messages are being sent. Merrill said the criminals appear to send only a few dozen messages at a time, likely because completing the scam takes manual work by the human operators in China. After all, most one-time codes used for mobile wallet provisioning are generally only good for a few minutes before they expire.

For more on how these China-based mobile phishing groups operate, check out How Phished Data Turns Into Apple and Google Wallets.

The ashtray says: You’ve been phishing all night.

Arrests in Tap-to-Pay Scheme Powered by Phishing

Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.

Law enforcement requests for user data from Apple, Google, and Meta mean that these companies can decide whether government authorities have access to your personal information, including location data. This means the companies with the most insight into our lives, movements, and communications are frontline arbiters of our constitutional rights and the rights of non-US citizens—a fact some are likely feeling more acutely now than ever.

Collaboration between Big Tech and the Trump administration began before Donald Trump’s swearing-in on January 20. Amazon, Meta, Google, Microsoft, and Uber each gave $1 million to Trump’s inauguration. Separately, in personal donations, so did Meta CEO Mark Zuckerberg and Apple’s Tim Cook.

Americans concerned about the Trump administration and Silicon Valley’s embrace of it, may consider becoming a “digital expat”—moving your digital life off of US-based systems. Meanwhile, Europeans are starting to see US data services as “no longer safe” for businesses, governments, and societies.

Here’s a brief rundown of the privacy, security, and civil liberties issues related to the use of US-based digital services that suddenly feel more urgent—and what to do about it.

**Cozying Up**

In anticipation of Trump’s inauguration, Meta-owned Facebook, Instagram, and Threads made drastic policy changes citing alignment with Trump administration values, to permit hate speech and abuse “on topics like immigration and gender.” Meta also signaled its allegiance by ditching its fact-checkers—a frequent target of MAGA world ire. Two days after the inauguration, Meta quietly rolled out pro-life moderation actions through post suppression and account suspensions. Zuckerberg explained the company’s new direction to staff, saying: “We now have an opportunity to have a productive partnership with the United States government.”

Meta did not immediately respond to our request for comment regarding its partnership, data sharing, or policy changes.

Google followed suit. The company changed its Maps and Search results to rename part of the world—the Gulf of Mexico—following a Trump executive order renaming it the Gulf of America, despite the the US claiming control of less than 50 percent of the Gulf. Apple and Microsoft also followed Trump’s order.

Google’s consumer products also received a swath of updates in line with the new administration, including further changes to Maps, Calendar, and Search. Next, Google removed the new administration’s “banned” terms from its Google Health product. Then it did an about-face on its public promise not to build weaponized AI tools, such as Project Dragonfly, which was discovered in 2018 to be tailoring Google’s entire platform to enable China’s aggressive crackdown on its citizens. When reached for comment, Google did not immediately respond.

Big Tech aligning with the Trump administration matters because its business models rely on surveillance and amassing our personal data. Meta, Google, Apple and other large tech firms are among the gatekeepers standing between privacy and government requests for user data. Even when tech firms must comply by law, they’re often still free to decide how much information they collect about people and how long they store the data.

**Government Hand-Outs**

Current US laws around tech, privacy, and government requests have been guided by bulwarks like the Fourth and Fifth Amendments, US court rulings, and tech companies’ willingness to question the federal government’s opinion that it is entitled to access our personal information and location data. Apple, Google, and Meta each have language about law enforcement data requests that make it seem like they have our backs when it comes to overreach. Now, with companies shaping certain policies, tools, and practices in pursuit of “partnership” with the Trump administration, these companies’ powers over our data takes on new focus.

Generally, law enforcement can compel US companies to hand over user data using a subpoena, court order, search warrant—or, in rarer cases, a National Security Letter (NSL). As Google explains, an NSL is “one of the authorities granted under the Foreign Intelligence Surveillance Act (FISA).” Google adds, “FISA orders and authorizations can be used to compel electronic surveillance and the disclosure of stored data, including content from services like Gmail, Drive, and Photos.” How companies respond to these demands can vary in consequential ways.

A nearly decade-old battle over encrypted communication provides a clear example of the push and pull over user data between tech companies and federal law enforcement. In 2016, the FBI tried to compel Apple to backdoor an iPhone so law enforcement could access its encrypted contents. Apple refused to break its iOS security to do so. Then-candidate Trump said the company should be made to comply or be punished. “We should force them to do it,” he stated. Backdoors for law enforcement data access became a pet project in Trump’s first term; his DOJ appointee Rod Rosenstein launched a 2017 campaign to rebrand encrypted communications (and locked phones) as “law-free zones.” By 2019, Trump officials were brainstorming laws and bans against “unbreakable” consumer security measures, like end-to-end encryption.

The second Trump administration’s stance on encryption is less clear. Prior to Trump’s new term, in December 2024, FBI officials urged Americans to use encrypted messaging apps in the wake of cyberattacks on telecom companies attributed to the Salt Typhoon hacking campaign. (Since then, Trump’s team disbanded the DHS board investigating Salt Typhoon.) When reached for comment regarding the administration's current stance on companies using forms of encryption law enforcement can't break, a While House official told WIRED via email: “The White House looks forward to working with industry leaders to unlock the Golden Age of digital literacy.”

Apple did not immediately respond to WIRED”s request for comment.

Big Tech’s MAGA pivot is pointedly problematic for countries that rely on services like Meta platforms for government communications, official emergency response coordination, social tools like Marketplace, news, public health messaging, and small business services. Officials in one New Zealand district are exploring Facebook and Instagram exit strategies "until such time as we can be assured of the safety of our whole community and the integrity of democracy on these platforms."

It's a global concern. This week, an annual report on the global state of democracy, the Varieties of Democracy project (V-Dem), told reporters, "the United States will not score as a democracy when we release \[next year's\] data." V-Dem’s principal investigator, Staffan Lindberg, added: "If it continues like this, democracy \[in the US\] will not last another six months." With an expected downgrade to the status of electoral autocracy, the US will share its label with Turkey, Hungary, Iraq, India, and Russia.

This makes Big Tech's data collection, storage, control over, or any use of that data an even more urgent issue around the world. This is particularly true for countries the US government has in its sights for territorial expansion, extracting resources, or MAGA grievance politics.

Of course, saying, “just quit Facebook” is one thing—it’s not that simple. Ditching Messenger and WhatsApp for Signal is pretty straightforward, though. Trading X for Bluesky is easier. Keep in mind that both are currently based in the US and that these are merely _safer_ alternatives. In other words, editing your digital footprint is an act of risk and harm reduction, where you identify threats and take the appropriate steps for your situation to reduce potential harms to yourself and those you care about.

**Cutting Ties**

If you’re thinking it might be handy to know about secure non-US options for your digital footprint, good news: There are a variety of well-established services worth checking out—ones that are increasing in popularity as fears of a DOGE\-Facebook partnership seem less far-fetched by the day..

In the wake of deletions and alterations in the Trump administration’s war on science, accurate health information, inclusion, and equity, an archived copy of the CDC’s pre-Trump website is hosted in Europe due to concerns about US jurisdiction. Similarly, the Internet Archive has a full, live copy of itself preserved outside the US (Internet Archive Canada), also using decentralized Filecoin storage for the 2024/2025 EOT Web Archive “as an added layer of preservation.”

It’s no coincidence that a majority of jurisdictionally-aware US data preservation efforts are listing ProtonMail accounts as their contact info. Proton is a Swiss company offering services comparable to Gmail, Google Drive and Docs, as well as having an end-to-end encrypted platform, a password manager, backup storage, photos, and a VPN. Proton explains in a March 2023 blog post that Swiss law and encryption protects Proton’s users from abortion-related data requests, and details the difference between data requests they receive and those sent to Facebook and Google.

For people who prefer globally accurate maps free of Trump Sharpie defacements, and the Gulf of Mexico keeping its name, check out MagicEarth, TomTom AmiGO, HERE WeGo (all Netherlands-based) or OpenStreetMap (global contributors). Check out Vivaldi (Norway) for browsing, and Qwant (France) or Startpage (Netherlands) for a search engine. IONOS (Germany) is a Squarespace/Wix alternative, Pixelfed (Canada) can stand in for Instagram. StoryGraph (UK) for Goodreads. Affinity (UK/AU) or Canva (AU) can replace Adobe products, and Kobo (Canada/Japan) for an ebook reader.

Check out Plex or Jellyfin for music and video, Nextcloud for file storage and syncing, LibreOffice for an office suite, Affinity Suite to replace Adobe, SearXNG for search—all based outside the US. Codeberg (EU) is basically an open source, privacy-forward, community-run Github; one user has a handy Linux-Is-Best/Outside\_Us\_Jurisdiction listing for digital service providers. If you’re looking for a non-U.S. Starlink alternative, Eutelsat may have you covered.

To find other services that suit your needs, take a look through this sprawling, collectively curated Non-US Alternatives List of everything from email to antivirus programs, e-commerce and social media options, and more. European Alternatives also has a growing collection of categories listing services from web analytics and cloud platforms to password managers, web browsers, calendars, and even a few music streaming services.

Concerns prompting people to jettison US digital services isn’t new, but it’s only getting more popular as the lines between Trump’s White House and Big Tech grow less distinct by the day. There are over a quarter million members in the r/degoogle subreddit, where members share tips, tricks, and reviews on everything they’re using to replace Google products or ditch US products altogether.

“Cancelled all my US streamers and moved to a Crave/GEM combo,” one member explained. “Spent 2 weeks moving to Proton and deleted/cancelled everything US during that process. Bye PayPal, bye Amazon, goodbye American everything.”

How to Avoid US-Based Digital Services—and Why You Might Want To

Citizen Lab's investigation reveals sophisticated spyware attacks exploiting WhatsApp vulnerabilities, implicating Paragon Solutions. Learn how their research exposed these threats and the implications for digital privacy.

Cybersecurity researchers at the Citizen Lab at the University of Toronto have exposed the use of sophisticated spyware named **Graphite**, developed by the Israeli firm Paragon Solutions, to target high-profile individuals through WhatsApp.

Their **investigation** reveals that a previously unknown zero-day vulnerability in WhatsApp’s software allowed the spyware to be installed on devices through a zero-click exploit, allowing adversaries to gain unauthorized access to targeted phones.

For your information **zero-click exploits** mean that a device can be compromised without the user clicking a link, opening a file, or performing any other action.

Attack flow explained (Source: The Citizen Lab)

****Graphite Spyware Servers Worldwide****

Paragon Solutions, established in 2019 by figures including former Israeli Prime Minister Ehud Barak, claims to differentiate itself by adhering to ethical standards, unlike other spyware vendors like the **NSO Group**.

However, Citizen Lab’s researchers mapped out servers attributed to Graphite, and identified suspected deployments against journalists, human rights activists, and government critics across multiple countries. This includes:

*   Italy
*   Israel
*   Canada
*   Cyprus
*   Denmark
*   Australia
*   Singapore

WhatsApp’s parent company, Meta, has confirmed that approximately 90 users in 24 countries were targeted. However, since the researchers are based in Canada; a significant aspect of the investigation focused on a Canadian client, the Ontario Provincial Police (OPP). The analysis uncovered links between Paragon and the OPP, revealing a systematic use of spyware capabilities among Ontario-based police services.

The Italian connection proved to be a focal point of the investigation. Forensic analysis of Android devices belonging to individuals notified by WhatsApp, including journalist Francesco Cancellato and Mediterranea Saving Humans founders Luca Casarini and Dr. Giuseppe Caccia, revealed clear indications of Graphite spyware.

Researchers identified a unique Android forensic artifact, BIGPRETZEL, which confirmed the presence of Paragon’s spyware on these devices. The Italian government initially **denied** any involvement but later **acknowledged** having contracts with Paragon.

Furthermore, the investigation extended to an iPhone belonging to David Yambio, a close associate of the confirmed Paragon targets. Apple threat notifications received by Yambio, coupled with forensic analysis, revealed an attempted infection with novel spyware, subsequently patched by Apple in iOS 18.

In response to Citizen Lab’s findings, Meta, along with Apple and Google, collaborated to address the security vulnerability. WhatsApp implemented a server-side fix, eliminating the need for users to update their apps. Apple also released a patch for its iOS operating system to protect iPhone users.

WhatsApp subsequently **notified** the targeted users. “If we believe that your device has come under threat, we may notify you about it directly via a WhatsApp chat,” the notification read.

****WhatsApp Attacks Persist Despite NSO Group Lawsuit Win****

Hackread.com earlier **reported** that the infamous Israeli spyware company, NSO Group, was held legally liable for compromising hundreds of WhatsApp accounts. Court found NSO Group responsible for breaching WhatsApp’s terms of service and exploiting a vulnerability to install its powerful Pegasus spyware on at least 1,400 devices, targeting journalists, human rights activists, political dissidents, and government officials.

Interestingly, CyberScoop **reported** in November 2024 that NSO Group continued to develop new malware based on WhatsApp exploits, even after Meta filed a lawsuit against them and that when WhatsApp disabled the Eden exploit, NSO Group created the Erised vector to target users until May 2020.

Now, the Citizen Lab’s findings indicate that Israeli spyware firms are continually focusing on exploiting WhatsApp vulnerabilities for spyware deployment and aggressively using them against journalists and activists.  

These cases show the never-ending struggle between technology companies and malicious actors seeking to compromise user privacy and the critical need for continuous caution, stricter security measures, and legal accountability within the spyware industry to protect digital privacy and **human rights**.

Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit

A new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers.

Despite tighter security from **Apple and Google**, hackers and cybercriminals continue to exploit rooted and jailbroken devices for their attacks. A new report from mobile security firm Zimperium shared with Hackread.com ahead of its publishing on Thursday, warns that compromised mobile phones remain a major risk for businesses, as these devices are far more likely to be targeted by malware and system takeovers.

****What Are Rooting and Jailbreaking?****

**Rooting** (on Android) and **jailbreaking** (on iOS) give users full control over their devices. This allows customization beyond what manufacturers allow and also removes key security protections. A rooted or jailbroken can’t enforce security protocols like Google’s Play Integrity or Apple’s security checks, but they can install apps from unverified sources, disable security features, and modify system files, making them prime targets for cybercriminals.

According to Zimperium’s **research**, rooted Android devices are:

*   **3.5 times more likely** to be attacked by malware

*   **250 times more likely** to suffer a system compromise

*   **3,000 times more likely** to experience a filesystem breach

Depending on who the targeted victim is, a compromised phone can be used as an entry point into corporate networks, allowing attackers to steal sensitive data, launch phishing campaigns, and bypass OTPs.

****A Well-Equipped Toolkit of Hackers****

The security industry has worked hard to detect and block rooted devices, but hackers have also been catching up. Tools like Magisk, APatch, KernelSU, Dopamine, and Checkra1n are in active development, with some even designed to hide their presence to avoid scans.

Magisk, for example, uses a “systemless” root method that avoids modifying core system files, making them harder to detect. APatch takes a different approach by modifying kernel memory on the fly, leaving no permanent traces. These updated toolkits make it increasingly difficult for cybersecurity researchers to spot compromised devices before damage is done.

Overview of current rooting tools (left) and the threat chain of a rooted device leading to a security breach (right) via Zimperium.

****Decline in Rooting and Jailbreaking but Still a Threat****

Rooting and jailbreaking were a big deal from 2011 to 2019. Now that the number of rooted and jailbroken devices has declined, they still pose a serious risk, especially in workplaces where employees use personal phones for work.

Worse, this threat is not limited to small businesses; even employees at cybersecurity giants like Kaspersky Labs have had **their iPhones infected** by malware. A single compromised phone can give attackers access to corporate data, email accounts, and internal applications.

**J. Stephen Kowski**, Field CTO at cybersecurity firm SlashNext, highlights the issue, “When employees root or jailbreak their devices, they’re removing crucial security guardrails. This creates significant attack vectors for threat actors. Businesses need advanced threat detection that can identify compromised devices and block attacks without disrupting workflows.”

Nevertheless, companies need to take mobile security seriously. Traditional security solutions often fail to detect modern rooting tools, so businesses should invest in advanced mobile threat detection that can identify cybersecurity threats in real time. Here’s how a company can start tackling this threat:

*   **Educating employees** on the risks of rooting and jailbreaking

*   **Using mobile security solutions** that detect hidden modifications

*   **Blocking rooted and jailbroken devices** from accessing corporate networks

*   **Implementing strict app policies** to prevent sideloading of unverified software.

Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe

Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats.

Cybersecurity researchers at Bitdefender have discovered a malicious ad fraud campaign that has successfully deployed over 300 applications within the Google Play Store. These malicious apps have collectively been downloaded over 60 million times, exposing users to invasive ads and phishing attempts.

****Malicious Apps on the Google Play Store****

The Google Play Store, a popular platform for Android applications, has become a target for cybercriminals. Despite Google’s efforts to maintain a safe environment by removing malicious apps, attackers continuously adapt new methods to slip them one way or another.

According to Bitdefender’s report shared with Hackread.com ahead of publishing on Tuesday,  its researchers along with IAS Threat Lab traced this campaign back to at least 331 malicious apps, 15 of which were still available on Google Play at the time of their investigation. These apps pose as harmless utilities, such as QR scanners, expense trackers, health apps, and wallpaper apps.

2 malicious apps out of 300+ both with more than 1 million download each (Screenshot: Bitdefender)

Many of these apps initially appeared harmless but were later updated to include malicious codes. The fraud campaign, active since Q3 2024, shows no signs of slowing down, with new malicious apps still appearing on the store as recently as March 2025. The top 5 counties impacted by this campaign include:

1.  Brazil
2.  United States
3.  Mexico
4.  Turkiye
5.  South Africa

****Hidden Icons**, **Pushing Ads and Phishing:****

One of the techniques involve hiding the app icon from the user’s launcher. This method, restricted in newer Android versions, suggests that attackers have either found a flaw or are exploiting an API vulnerability. Some apps even change their names to mimic legitimate services like Google Voice, further complicating their removal.

These apps are designed to display full-screen ads without user consent, even when another app is in use. Worse, they can initiate phishing attacks, tricking users into exposing sensitive information such as login credentials and credit card details.

Researchers have also revealed technical strategies used by these malicious apps to evade detection on infected devices. One such technique is Content Provider Abuse, where apps declare a contact content provider that is automatically queried by the system after installation, enabling execution without user interaction.

Another tactic involves activity launching through methods like DisplayManager.createVirtualDisplay and other API calls, allowing the apps to start activities without requiring user permission. This technique is often used to display intrusive ads or launch phishing attempts.

To maintain persistence, these apps rely on services and dummy receivers, ensuring they remain active even on newer Android versions that block certain background activities.

****Protect Your Devices****

Usually, it’s best to download apps only from official stores like Google Play and Apple’s App Store. However, in this case, it’s advised to avoid downloading unnecessary apps from both official and third-party stores.

Make sure to keep your device updated so security patches are installed automatically. Run regular malware scans and watch for suspicious activity, such as an app’s icon suddenly disappearing, its name changing, your device slowing down, or excessive battery drain. If you notice anything unusual, delete the app immediately.

Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60M Downloads

Palo Alto, USA, 18th March 2025, CyberNewsWire

**Palo Alto, USA, March 18th, 2025, CyberNewsWire**

**Groundbreaking initiative reveals browser vulnerabilities in understudied yet critical attack surface**

SquareX, a pioneer in Browser Detection and Response (BDR) space, announced the launch of the “Year of Browser Bugs” (YOBB) project today, a year-long initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors – the browser.

The browser has evolved from a simple web rendering engine to be the new “endpoint” — the primary gateway through which users interact with the Internet, for work, leisure, and transactions. Yet, traditional security solutions continue to focus on endpoints and networks despite the exponential growth of browser-native attacks.

The YOBB project was inspired by Month of Bugs (MOB), an iconic cybersecurity initiative where security researchers would publish one major vulnerability found in major software providers every day of the month. MOB projects played a huge role in improving the gravity at which security and responsible disclosure are taken in these companies. Notable projects included the Month of Browser Bugs (July 2006), Month of Kernel Bugs (November 2006), and Month of Apple Bugs (January 2007). SquareX is bringing back this tradition with the YOBB to raise awareness of cyberthreats that the browser is vulnerable to. However, unlike H. D. Moore’s original Month of Browser Bugs which focused on software bugs in the browser itself, SquareX will be disclosing application layer attacks that can be delivered through any website, app, or cloud data storage accessed through the browser. 

Throughout 2025, SquareX’s research team will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. The research will reveal never-seen-before attack vectors that remain unknown even to the cybersecurity community. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies. These disclosures will be wholly SquareX-researched and discovered, rather than an aggregation of existing security research. 

Under the YOBB initiative, SquareX has already made major releases since 2024 and into the first two months of 2025:

**2025**

*   **January:** **SquareX Discloses “Browser Syncjacking”, a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk** 
*   **February:** **SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension – Password Managers, Wallets at Risk** 

**2024**

*   **August:** **SquareX Uncovers Critical Flaw in Secure Web Gateways**
*   **December:** **Cyberhaven’s OAuth Identity Attack — Are your Extensions Affected?**

> Quoting Vivek Ramachandran, the Founder and CEO of SquareX, “As browsers become the new endpoint, attackers are increasingly targeting employees to break into organizations and exfiltrate data, just like the Cyberhaven incident. Unfortunately, beyond mainstream media attention, there is little done by vendors from a security perspective to prevent similar exploits from happening in the future. The YOBB is our attempt to draw attention to an attack surface that is exponentially growing. We hope that this will serve as a call to action for browser and security vendors to solve these vulnerabilities that give rise to application layer attacks that simply cannot be solved through browser patches.”

As the year progresses, security teams can expect monthly disclosures to be documented at https://sqrx.com/research.

**About SquareX**

SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate and threat-hunt client-side web attacks targeting employees in real time. This includes defending against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats. 

SquareX takes a research and attack-focused approach to browser security. SquareX’s dedicated research team was the first to discover and disclose multiple pivotal attacks, including Last Mile Reassembly Attacks, Polymorphic Extension,s, and Browser Syncjacking. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.  

To learn more about SquareX’s BDR, users can contact \[email protected\]. For press inquiries on this disclosure on the Year of Browser Bugs, users can contact \[email protected\].

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX Launches “Year of Browser Bugs” (YOBB) to Expose Critical Security Blind Spots

Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting…

Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting them isn’t always enough, as they can sometimes be recovered or stored in the cloud. Fortunately, there’s a straightforward way to erase them for good. This guide will show you how to securely delete photos from an iPhone and protect your privacy.

In this section, we’ll show you how to securely delete photos from your iPhone. Just tapping the trash icon in the Photos app isn’t enough; we’ll explain why later. We’ll also share tips to speed up the deletion process and point out other albums where images might still be hiding. 

****1\. Delete Photos from the Photo Library****

The Photos app on your iPhone stores not just the pictures you take but also images received through chats and other apps. To delete pictures from your iPhone, you first need to remove them from the album where they’re stored. Here’s how:

1.  Tap on the Photos app icon on your home screen to start.
2.  Browse through your photos and tap ‘Select’ in the top right corner. Then, tap on each photo you wish to delete or swipe your finger across multiple photos to select them quickly.
3.  After you select the photos, tap the trash can icon at the bottom right corner.
4.  Confirm your decision to delete the photos when prompted.

**Tip:** If you organize your photos into folders for structured photo storage within the Photos app, you can delete all photos from an album with a few taps. Open the album, tap ‘Select,’ then ‘Select All,’ and finally, tap the trash can icon to remove all the photos at once.

However, this action doesn’t permanently and safely delete your photos; it just moves them to the Recently Deleted album, where they’ll remain for 30 days.

****2\. Delete Photos Using Third-Party Apps****

There are third-party iPhone apps that can help you manage and delete photos, often offering advantages over native methods. These apps display your photo gallery differently and use unique algorithms to group your images. Below, we’ll briefly discuss three examples of these apps and their key features for deleting photos from your iPhone.

*   Clever Cleaner: AI Duplicate Remover is a free app that helps you quickly find and delete duplicate and similar photos. It automatically groups them, allowing you to remove all copies at once or choose which ones to keep. You can also delete all screenshots from your iPhone with a single tap. After using any feature, the app reminds you to clear the Recently Deleted album to guarantee the photos are permanently removed.

*   Hyper Cleaner also lets you delete similar photos, but it offers another standout feature; you can swipe through your photos grouped by the month they were added. This makes deleting photos much faster since you can simply swipe to remove them, rather than manually selecting each one and tapping the trash icon like in the Photos app.

*   Photo Cleaner does more than just delete duplicates and similar photos; it also categorizes your images differently. It can identify low-resolution photos and ones where your eyes are closed, which can be useful for you. Plus, the app allows you to select all your photos at once and delete them in a single action.

Keep in mind that while these apps make deleting photos faster and more convenient, they don’t permanently remove them from your iPhone. Instead, they move them to the Recently Deleted album.

****3\. Check the Hidden Photos****

You should also check the Hidden album in your Photos app if you want to confirm your photos are fully removed. This album lets you hide images from your main gallery without actually deleting them, which makes it useful for keeping personal photos private. However, you may have added pictures there and forgotten about them, or even done so by accident, so it’s worth reviewing and removing any unnecessary images.

**Tip:** If you’ve used a third-party cleaning app on your iPhone, check if it includes a hidden photo feature, often called “Secret Folder,” “Safe Space,” or something similar. If you don’t manually delete photos from these hidden areas, they’ll stay stored within the app, even if they no longer appear in your main photo gallery.

1.  Tap the Photos icon on your iPhone to open the app.
2.  Scroll down until you find the Hidden album under the ‘Utilities’ section.
3.  Tap the Hidden album to open it and view the photos.
4.  Tap ‘Select’ in the top right corner, then choose the photos you want to delete and tap the trash can icon to delete the selected photos.

Even after following these steps, your photos aren’t permanently deleted yet. To completely remove them from your device, you need to empty the photo trash on your iPhone. We’ll walk you through how to do that in the next section.

****4\. Delete Photos from Trash on iPhone****

After you delete photos, they do not immediately disappear from your iPhone; instead, they move to the Recently Deleted album, where they are stored for another 30 days. During this period, you still have access to these photos and can restore them if you discover that you need some of them or if they were deleted by mistake. In order to permanently and securely delete iPhone photos, you must manually empty this album.

**Note:** If you use iCloud sync, clearing the Recently Deleted album will also remove the photos from your iCloud storage. However, if you use other cloud services like Google Photos, you’ll also need to empty the trash within that app separately to make sure the photos are fully deleted.

1.  Tap on the Photos icon on your iPhone to open the app.
2.  Scroll down to the bottom of the Utilities tab until you find the Recently Deleted album.
3.  Tap on the Recently Deleted album to view all the photos and videos it contains.
4.  Tap ‘Select’ in the top right corner of the screen, then choose either ‘Delete All’ to remove all items or select individual photos that you wish to delete.
5.  Tap ‘Delete from this iPhone’ and confirm that you want to permanently remove the selected photos from your iPhone. This action cannot be undone.

**Note:** If you deleted a photo from the Photos app but forgot to clear the Recently Deleted album, don’t worry. In the latest iOS versions, accessing this album requires authentication with your Apple ID or password. This added security provides that even if someone gets hold of your iPhone, they won’t be able to retrieve your deleted photos.

If you regularly back up your iPhone using iTunes/Finder or have automatic iCloud backups enabled, it’s important to create a new backup after emptying the trash. This prevents deleted photos from reappearing if you ever restore your iPhone.

****5\. Perform a Factory Reset to Erase All iPhone Data****

The last option to safely and permanently delete photos on your iPhone is to perform a factory reset. However, use this method with caution; it erases not just photos but all personal data, apps, and settings. This is the best way to guarantee no trace of your data remains, which makes it ideal if you’re selling or giving away your device rather than just clearing a few photos.

**Note:** If you have already emptied your Recently Deleted album and plan to perform a factory reset to confirm no one else can access your deleted photos, make sure to back up your data first. This will preserve your important files and settings before you reset your phone, effectively wiping all content from your device.

1.  On your iPhone, go to the Settings app, scroll down, and tap on ‘General.’
2.  At the bottom of the General settings, tap on ‘Transfer or Reset iPhone.’
3.  Select ‘Erase All Content and Settings.’ You may be asked to enter your Apple ID password to confirm the action.
4.  Confirm that you want to erase everything after entering your credentials. Your iPhone will begin the reset process, which can take a few minutes to complete.
5.  After these steps, your iPhone will return to its original factory state, free from any of your personal data and ready for a new owner without any remnants of your information.

****Conclusion****

Confirming a photo is fully removed means either clearing it from the Recently Deleted album (or waiting 30 days for it to disappear automatically) or performing a factory reset.

While a factory reset is the fastest way to wipe your iPhone clean, we recommend deleting photos manually first. This gives you a chance to recover any images you may have accidentally removed. If you do choose a factory reset, remember that you can only restore your photos if you have a backup that includes them.

However, restoring from a backup will bring back all deleted photos, not just the ones you want. In our opinion, the best time to reset an iPhone is when you give it to someone else, which guarantees that none of your personal data remains.

How to Permanently and Securely Delete Photos from an iPhone

A list of topics we covered in the week of March 10 to March 16 of 2025

March 14, 2025 - A shocking amount of iOS apps in Apple's App Store contained hard-coded secrets. Secrets that could lead criminals to user data.

March 13, 2025 - To parents worried about their children's presence on Roblox, the CEO said don't let your kids be on Roblox.

March 12, 2025 - Apple has patched a vulnerability in iOS and iPadOS that was under active exploitation in extremely sophisticated attacks.

March 12, 2025 - Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception.

March 12, 2025 - Google spies on Android device users, starting from even before they have logged in to their Google account.

 A week in security (March 10 &#8211; March 16) 

Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret (and problematic) cofounder is revealed, and more.

Knifings, firebombings, shootings, and murder-for-hire plots—all linked to a splinter group of the 764 crime network called “No Lives Matter.” According to its own manifesto, the group seeks to “purify mankind through endless attacks” and has released at least two “kill guides” tied to violent plots in the US and Europe. Intelligence documents reviewed by WIRED reveal growing concern among analysts, but experts remain unsure how to stop the group’s spread.

On Monday, X experienced intermittent outages after a botnet flooded the social network with junk traffic in an attempt to take down its system. Elon Musk stated that the distributed denial-of-service attack originated from Ukrainian IP addresses, implying that the country—already under siege by a Russian invasion and frequently mocked by the centibillionaire—may have been responsible. Security experts tell WIRED that this is not how DDoS attacks work.

Meanwhile, inside the Cybersecurity and Infrastructure Security Agency, mass layoffs are hurting US cyberdefense, weakening protections against foreign adversaries. Vital staff cuts have left employees overworked and strained international partnerships, according to interviews with staff at the agency that helps safeguard cities, businesses, and nonprofits from cyberattacks. “A lot of people are scared,” says one employee. “We’re waiting for that other shoe to drop. We don't know what's coming.” As WIRED takes you inside the agencies at the center of the uncertainty and chaos of the second Trump administration, we've updated our quick and easy guide to using Signal to help you get the most out of the messaging app’s end-to-end encryption.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Those “green bubbles,” the cross-platform text messages that annoy iPhone owners and keep Android users relegated to a group-chat underclass, aren’t just a cultural disconnect. They’re also a security issue: Text messages sent between Android and iOS devices—unlike blue-bubble iMessage texts or Android-to-Android messages—aren’t end-to-end encrypted, leaving them open to surveillance or interception. Now, that may finally be changing.

The GSM Association, responsible for many widely used telecom standards, this week announced that its Rich Communication Services (or RCS) protocol will now support end-to-end encryption for cross-platform texting, and Apple revealed that it will now integrate that feature of RCS into its iOS devices. Until now, Apple and Google had both supported RCS’s other features in texts sent between iOS and Android, but not end-to-end encryption, which ensures that only the devices sending and receiving messages can decrypt them and not any server or snoop that sees them in transit.

Neither Apple nor the GSMA has said exactly when the new privacy features are launching. Until then, anyone sending cross-platform messages would be wise to stick with apps like WhatsApp or Signal that have long provided end-to-end encryption—and have also helped Android and iPhone users avoid personal disputes over bubble colors.

**Sean Plankey Nominated as Head of CISA, America’s Top Cybersecurity Agency**

The White House has tapped Sean Plankey to run CISA, the agency within the Department of Homeland Security primarily responsible for American digital defense. Plankey, long considered the leading contender for the role, served in multiple cybersecurity positions in the first Trump administration and previously held senior roles in US Cyber Command. In that DOD agency focused on cyber offense, he served as a weapons and tactics branch chief and earned a Bronze Star for hacking operations in Afghanistan. CISA, like many federal agencies, has faced hundreds of personnel cuts in recent weeks, and its previous director, Chris Krebs, came under harsh criticism under the previous Trump administration for the agency’s work to counter disinformation and secure elections. Krebs was fired in a Trump tweet near the end of his term after CISA described the 2020 election, whose results Trump baselessly contested, as the “most secure in American history.”

**Elon Musk Visits the National Security Agency**

Not even the National Security Agency has been spared from Elon Musk’s scorched-earth campaign to gut the federal government. On Wednesday, The Wall Street Journal reported that Musk had visited the intelligence agency in Fort Meade, meeting with leadership to discuss staff reductions and operational changes, according to current and former US officials who spoke to the Journal.

Despite being one of the most insulated branches of US intelligence, the NSA has still found itself pulled into Musk’s orbit. The visit to Fort Meade is another sign of the sweeping nature of his influence and the extraordinary access the world’s richest man has been granted over even the most secretive federal operations.

Last month, staff at the intelligence agency received emails offering deferred resignations, signaling impending changes. Then, a week ahead of his visit, Musk publicly called for an overhaul of the intelligence and cybersecurity agency. Posting to his social media site X, Musk wrote, “The NSA needs an overhaul,” alongside an apparent agency recruitment graphic featuring a group of college-aged people of color and a list of universities where the NSA was conducting outreach—seemingly mocking the agency’s recruitment efforts.

**A Buzzy Crypto Cracking Firm Had a Hidden CoFounder Accused of Sexual Assault**

The cryptocurrency recovery firm Unciphered has made headlines with its feats of whitehat wallet cracking on behalf of customers who have lost access to their cryptocurrency fortunes. In the fall of 2023, for instance, the company cracked a model of encrypted IronKey USB drive believed to hold 7,000-plus bitcoins now worth well over half a billion dollars. Now, The Washington Post reports that one of the cofounders of that company was Morgan Marquis-Boire, a once-lauded hacker and security researcher for Google and Citizen Lab who was later accused of sexually assaulting multiple women. The reported involvement of Marquis-Boire, who has largely disappeared from the cybersecurity world after facing the sex crime accusations in 2017, was kept secret from even many of the startup’s staff, and the revelations of his role have left the company in “disarray,” according to the Post.

**A Reporter Behind an Indian Hacker-for-Hire Story Is Fighting to Regain His Citizenship**

In November of 2023, Raphael Satter was one of a team of Reuters reporters who published an in-depth feature on Appin Technology, a startup that allegedly hacked numerous celebrity and civil society targets on behalf of clients. A group with a similar name responded by suing, and obtained a court ruling that for a time successfully censored Reuters’ story—a remarkable case of an Indian judge restricting free speech internationally. Satter is now fighting a different battle following publication of that story. In late 2023, his Overseas Citizen of India (OCI) card—a kind of international citizenship extended to foreign citizens of Indian origin and those married to Indians—was revoked around the same time as the judge filed the injunction. A letter sent to Satter in December of that year accused him of “maliciously creating adverse and biased opinion against Indian institutions in the international arena.” Satter is now petitioning a Delhi court to reverse that revocation, which has prevented him from entering India to visit family there.

Tag

#apple