The US State Department is training diplomats in cybersecurity, privacy, telecommunications, and other technology issues, allowing them to advance US policy abroad.

In a sunlight-filled classroom at the US State Department’s diplomacy school in late February, America’s cyber ambassador fielded urgent questions from US diplomats who were spending the week learning about the dizzying technological forces shaping their missions.

“This portfolio is one of the most interesting and perhaps the most consequential at this moment in time,” Nathaniel Fick, the US ambassador-at-large for cyberspace and digital policy, told the roughly three dozen diplomats assembled before him at the Foreign Service Institute in Arlington, Virginia. “Getting smart on these issues … is going to serve everyone really well over the long term, regardless of what other things you go off and do.”

The diplomats, who had come from overseas embassies and from State Department headquarters in nearby Washington, DC, were the sixth cohort of students to undergo a crash course in cybersecurity, telecommunications, privacy, surveillance, and other digital issues, which Fick’s team created in late 2022. The training program—the biggest initiative yet undertaken by State’s two-year-old cyber bureau—is intended to reinvigorate US digital diplomacy at a time when adversaries like Russia and China are increasingly trying to shape how the world uses technology.

During his conversation with the students, Fick discussed the myriad of tech and cyber challenges facing US diplomats. He told a staffer from an embassy in a country under China’s influence to play the long game in forming relationships that could eventually help the US make inroads there. He spoke about his efforts to help European telecom companies survive existential threats from Chinese telecommunications giant Huawei in the battle for the world’s 5G networks. And he warned of a difficult balancing act on AI, saying the US needed to stave off excessive regulation at the UN without repeating past mistakes.

“We really screwed up governance of the previous generation of tech platforms, particularly the social \[media\] platforms,” Fick said. “The US essentially unleashed on the world the most powerful anti-democratic tools in the history of humanity, and now we’re digging our way out of a credibility hole.”

Restoring that credibility and expanding American influence over digital issues will require tech-savvy diplomacy, and the State Department is counting on Fick’s training program to make that possible. To pull back the curtain on this program for the first time, WIRED received exclusive access to the February training session and interviewed Fick, the initiative’s lead organizer, five graduates of the course, and multiple cyber diplomacy experts about how the program is trying to transform American tech diplomacy.

Fick has called the training program the most important part of his job. As he tells anyone who will listen, it’s a project with existential stakes for the future of the open internet and the free world.

“Technology as a source of influence is increasingly foundational,” he says. “These things are more and more central to our foreign policy, and that’s a trend that is long-term and unlikely to change anytime soon.”

**Maintaining an Edge**

From Russian election interference to Chinese industrial dominance, the US faces a panoply of digital threats. Fighting back will require skillful diplomatic pressure campaigns on every level, from bilateral talks with individual countries to sweeping appeals before the 193-member United Nations. But this kind of work is only possible when the career Foreign Service officers on the front lines of US diplomacy understand why tech and cyber issues matter—and how to discuss them.

“The US needs to demonstrate both understanding and leadership on the global stage,” says Chris Painter, who served as the first US cyber ambassador from 2011 to 2017.

This leadership is important on high-profile subjects like artificial intelligence and the 5G war between Western and Chinese vendors, but it’s equally vital on the bread-and-butter digital issues—like basic internet connectivity and fighting cybercrime—that don’t generate headlines but still dominate many countries’ diplomatic engagements with the US.

Diplomats also need to be able to identify digital shortcomings and security gaps in their host countries that the US could help fix. The success of the State Department’s new cyber foreign aid fund will depend heavily on project suggestions from tech-savvy diplomats on the ground.

In addition, because virtually every global challenge—from trade to climate—has a tech aspect, all US diplomats need to be conversant in the topic. “You’re going to have meetings where a country is talking about a trade import issue or complaining about a climate problem, and suddenly there’s a tech connection,” says Justin Sherman, a tech and geopolitics expert who runs Global Cyber Strategies, a Washington, DC, research and advisory firm.

Digital expertise will also help the US expand coalitions around cybercrime investigations, ransomware deterrence, and safe uses of the internet—all essentially proxy fights with Russia and China.

“We are in competition with the authoritarian states on everything from internet standards … to basic governance rules,” says Neil Hop, a senior adviser to Fick and the lead organizer of the training program. “We are going to find ourselves at a sore disadvantage if we don't have trained people who are representing \[us\].”

Diplomats without tech training might not even realize when their Russian and Chinese counterparts are using oblique rhetoric to pitch persuadable countries on their illiberal visions of internet governance, with rampant censorship and surveillance. Diplomats with tech training would be able to push back, using language and examples designed to appeal to those middle-ground countries and sway them away from the authoritarians’ clutches.

“Our competitors and our adversaries are upping their game in these areas,” Fick says, “because they understand as well as we do what’s at stake.”

**Preparing America’s Eyes and Ears**

The Obama administration was the first to create a tech diplomacy training program, with initial training sessions in various regions followed by week-long courses that brought trainees to Washington. Government speakers and tech-industry luminaries like internet cocreator Vint Cerf discussed the technological, social, and political dimensions of the digital issues that diplomats had to discuss with their host governments.

“The idea was to create this cadre in the Foreign Service to work with our office and really mainstream this as a topic,” says Painter, who created the program when he was State’s coordinator for cyber issues, the predecessor to Fick’s role.

But when Painter tried to institutionalize his program with a course at the Foreign Service Institute, he encountered resistance. “I think we kind of hit it too early for FSI,” he says. “I remember the FSI director saying that they thought, ‘Well, maybe this is just a passing fad.’ It was a new topic. This is what happens with any new topic.”

By the time the Senate unanimously confirmed Nate Fick to be America’s cyber ambassador in September 2022, tech diplomacy headaches were impossible to ignore, and Fick quickly tasked his team with creating a modern training program and embedding it in the FSI’s regular curriculum.

“He understood that we needed to do more and better in terms of preparing our people in the field,” Hop says.

The training program fit neatly into secretary of state Antony Blinken’s vision of an American diplomatic corps fully versed in modern challenges and nimble enough to confront them. “Elevating our tech diplomacy” is one of Blinken’s “core priorities,” Fick says.

As they developed a curriculum, Fick and his aides had several big goals for the new training program.

The first priority was to make sure diplomats understood what was at stake as the US and its rivals compete for global preeminence on tech issues. “Authoritarian states and other actors have used cyber and digital tools to threaten national security, international peace and security, economic prosperity, \[and\] the exercise of human rights,” says Kathryn Fitrell, a senior cyber policy adviser at State who helps run the course.

Equally critical was preparing diplomats to promote the US tech agenda from their embassies and provide detailed reports back to Washington on how their host governments were approaching these issues.

“It's important to us that tech expertise \[in\] the department not sit at headquarters alone,” Fick says, “but instead that we have people everywhere—at all our posts around the world, where the real work gets done—who are equipped with the tools that they need to make decisions with a fair degree of autonomy.”

Foreign Service officers are America’s eyes and ears on the ground in foreign countries, studying the landscape and alerting their bosses back home to risks and opportunities. They are also the US government’s most direct and regular interlocutors with representatives of other nations, forming personal bonds with local officials that can sometimes make the difference between unity and discord.

When these diplomats need to discuss the US tech agenda, they can’t just read monotonously off a piece of paper. They need to actually understand the positions they’re presenting and be prepared to answer questions about them.

“You can’t be calling back to someone in Washington every time there’s a cyber question,” says Sherman.

But some issues will still require help from experts at headquarters, so Fick and his team also wanted to use the course to deepen their ties with diplomats and give them friendly points of contact at the cyber bureau. “We want to be able to support officers in the field as they confront these issues,” says Melanie Kaplan, a member of Fick’s team who took the class and now helps run it.

**Inside the Classroom**

After months of research, planning, and scheduling, Fick’s team launched the Cyberspace and Digital Policy Tradecraft course at the Foreign Service Institute with a test run in November 2022. Since then, FSI has taught the class six more times—once in London for European diplomats, once in Morocco for diplomats in the Middle East and Africa, and four times in Arlington—and trained 180 diplomats.

The program begins with four hours of “pre-work” to prepare students for the lessons ahead. Students must document that they’ve completed the pre-work—which includes experimenting with generative AI—before taking the class. “That has really put us light-years ahead in ensuring that no one is lost on day one,” Hop says.

The week-long in-person class consists of 45- to 90-minute sessions on topics like internet freedom, privacy, ransomware, 5G, and AI. Diplomats learn how the internet works on a technical level, how the military and the FBI coordinate with foreign partners to take down hackers’ computer networks, and how the US promotes its tech agenda in venues like the International Telecommunication Union. Participants also meet with Fick and his top deputies, including Eileen Donahoe, the department’s special envoy for digital freedom.

One session features a panel of US diplomats who have helped their host governments confront big cyberattacks. “They woke up one morning and suddenly were in this position of having to respond to a major crisis,” says Meir Walters, a training alum who leads the digital-freedom team in State’s cyber bureau.

Students learn how the US helped Albania and Costa Rica respond to massive cyberattacks in 2022 perpetrated by the Iranian government and Russian cybercriminals, respectively. In Albania, urgent warnings from a young, tech-savvy US diplomat “accelerated our response to the Iranian attack by months,” Fick says. In Costa Rica, diplomats helped the government implement emergency US aid and then used those relationships to turn the country into a key semiconductor manufacturing partner.

“By having the right people on the ground,” Fick says, “we were able to seize these significant opportunities.”

Students spend one day on a field trip, with past visits including the US Chamber of Commerce (to understand industry’s role in tech diplomacy), the Center for Democracy and Technology (to understand civil society’s perspective on digital-rights issues), and the internet infrastructure giant Verisign.

On the final day, participants must pitch ideas for using what they’ve learned in a practical way to Jennifer Bachus, the cyber bureau’s number two official.

The course has proven to be highly popular. Fick told participants in February that “there was a long wait list” to get in. There will be at least three more sessions this year: one in Arlington in August (timed to coincide with the diplomatic rotation period), one in East Asia, and one in Latin America. These sessions are expected to train 75 to 85 new diplomats.

After the course ends, alumni can stay up-to-date with a newsletter, a Microsoft Teams channel, and a toolkit with advice and guidance. Some continue their education: Fifty diplomats are getting extra training through a one-year online learning pilot, and State is accepting applications for 15 placements at leading academic institutions and think tanks—including Stanford University and the Council on Foreign Relations—where diplomats can continue researching tech issues that interest them.

**Promising Results, Challenges Ahead**

Less than two years into the training effort, officials say they are already seeing meaningful improvements to the US’s tech diplomacy posture.

Diplomats are sending Washington more reports on their host governments’ tech agendas, Fitrell says, with more details and better analysis. Graduates of the course also ask more questions than their untrained peers. And inspired by the training, some diplomats have pushed their bosses to prioritize tech issues, including through embassy working groups uniting representatives of different US agencies.

State has also seen more diplomats request high-level meetings with foreign counterparts to discuss tech issues and more incorporation of those issues into broader conversations. Fick says the course helped the cyber officer at the US embassy in Nairobi play an integral role in recent tech agreements between the US and Kenya. And diplomats are putting more energy into whipping votes for international tech agreements, including an AI resolution at the UN.

Diplomats who took the course shared overwhelmingly positive feedback with WIRED. They say it was taught in an accessible way and covered important topics. Several say they appreciated hearing from senior US officials whose strategizing informs diplomats’ on-the-ground priorities. Maryum Saifee, a senior adviser for digital governance at State’s cyber bureau and a training alum, says she appreciated the Morocco class’s focus on regional issues and its inclusion of locally employed staff.

Graduates strongly encouraged their colleagues to take the course, describing it as foundational to every diplomatic portfolio.

“Even if you're not a techie kind of a person, you need to not shy away from these conversations,” says Bridget Trazoff, a veteran diplomat who has learned four languages at the Foreign Service Institute and compares the training to learning a fifth one.

Painter, who knows how challenging it can be to create a program like this, says he’s “heard good things” about the course. “I’m very happy that they've redoubled their efforts in this.”

For the training program to achieve lasting success, its organizers will need to overcome several hurdles.

Fick’s team will need to keep the course material up-to-date as the tech landscape evolves. They’ll need to keep it accessible but also informative to diplomats with varying tech proficiencies who work in countries with varying levels of tech capacity. And they’ll need to maintain a constant training tempo, given that diplomats rotate positions every few years.

The tone of the curriculum also presents a challenge. Diplomats need to learn the US position on issues like trusted telecom infrastructure, but they also need to understand that not every country sees things the way the US does. “It's not just knowing about these tech issues that’s so essential,” Sherman says. “It's also understanding the whole dictionary of terms and how every country thinks about these concepts differently.”

The coming years could test the course’s impact as the US strives to protect its Eastern European partners from Russia, its East Asian partners from China and North Korea, and its Middle Eastern partners from Iran, as well as to counter Chinese tech supremacy and neutralize Russia’s and China’s digital authoritarianism.

Perhaps the biggest question facing the program is whether it will survive a possible change in administrations this fall. Officials are optimistic—Fick has talked to his Trump-era counterparts, and Painter says “having an FSI course gives it a sense of permanence.”

For Fick, there is no question that the training must continue.

“Tech is interwoven into every aspect of … American foreign policy,” he says. “If you want to position yourself to be effective and be relevant as an American diplomat in the decades ahead, you need to understand these issues.”

The Tech Crash Course That Trains US Diplomats to Spot Threats

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity.
"SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week.
"This bottleneck influences the latency of network packets, allowing an attacker

Network Security / Data Protection

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity.

"SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week.

"This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches."

A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic.

Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

To perform such a fingerprinting attack and glean what video or a website a user might be watching or visiting, the attacker conducts a series of latency measurements of the victim's network connection as the content is being downloaded from the server while they are browsing or viewing.

It then involves a post-processing phase that employs a convolutional neural network (CNN) trained with traces from an identical network setup to make the inference with an accuracy of up to 98% for videos and 63% for websites.

In other words, due to the network bottleneck on the victim's side, the adversary can deduce the transmitted amount of data by measuring the packet round trip time (RTT). The RTT traces are unique per video and can be used to classify the video watched by the victim.

The attack is so named because the attacking server transmits the file at a snail's pace in order to monitor the connection latency over an extended period of time.

"SnailLoad requires no JavaScript, no form of code execution on the victim system, and no user interaction but only a constant exchange of network packets," the researchers explained, adding it "measures the latency to the victim system and infers the network activity on the victim system from the latency variations."

"The root cause of the side-channel is buffering in a transport path node, typically the last node before the user's modem or router, related to a quality-of-service issue called bufferbloat."

The disclosure comes as academics have disclosed a security flaw in the manner router firmware handles Network Address Translation (NAT) mapping that could be exploited by an attacker connected to the same Wi-Fi network as the victim to bypass built-in randomization in the Transmission Control Protocol (TCP).

"Most routers, for performance reasons, do not rigorously inspect the sequence numbers of TCP packets," the researchers said. "Consequently, this introduces serious security vulnerabilities that attackers can exploit by crafting forged reset (RST) packets to maliciously clear NAT mappings in the router."

The attack essentially allows the threat actor to infer the source ports of other client connections as well as steal the sequence number and acknowledgment number of the normal TCP connection between the victim client and the server in order to perform TCP connection manipulation.

The hijacking attacks targeting TCP could then be weaponized to poison a victim's HTTP web page or stage denial-of-service (DoS) attacks, per the researchers, who said patches for the vulnerability are being readied by the OpenWrt community as well as router vendors like 360, Huawei, Linksys, Mercury, TP-Link, Ubiquiti, and Xiaomi.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps.
"It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities

Mobile Security / Threat Intelligence

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called **Rafel RAT** to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps.

"It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities from data theft to device manipulation," Check Point said in an analysis published last week.

It boasts a wide range of features, such as the ability to wipe SD cards, delete call logs, siphon notifications, and even act as ransomware.

The use of Rafel RAT by DoNot Team (aka APT-C-35, Brainworm, and Origami Elephant) was previously highlighted by the Israeli cybersecurity company in cyber attacks that leveraged a design flaw in Foxit PDF Reader to trick users into downloading malicious payloads.

The campaign, which took place in April 2024, is said to have utilized military-themed PDF lures to deliver the malware.

Check Point said it identified around 120 different malicious campaigns, some targeting high-profile entities, that span various countries like Australia, China, Czechia, France, Germany, India, Indonesia, Italy, New Zealand, Pakistan, Romania, Russia, and the U.S.

"The majority of victims had Samsung phones, with Xiaomi, Vivo, and Huawei users comprising the second-largest group among the targeted victims," it noted, adding no less than 87.5% of the infected devices are running out-of-date Android versions that no longer receive security fixes.

Typical attack chains involve the use of social engineering to manipulate victims into granting the malware-laced apps intrusive permissions in order to hoover sensitive data like contact information, SMS messages (e.g., 2FA codes), location, call logs, and the list of installed applications, among others.

Rafel RAT primarily makes use of HTTP(S) for command-and-control (C2) communications, but it can also utilize Discord APIs to contact the threat actors. It also comes with an accompanying PHP-based C2 panel that registered users can leverage to issue commands to compromised devices.

The tool's effectiveness across various threat actors is corroborated by its deployment in a ransomware operation carried out by an attacker likely originating from Iran, who sent a ransom note written in Arabic through an SMS that urged a victim in Pakistan to contact them on Telegram.

"Rafel RAT is a potent example of the evolving landscape of Android malware, characterized by its open-source nature, extensive feature set, and widespread utilization across various illicit activities," Check Point said.

"The prevalence of Rafel RAT highlights the need for continual vigilance and proactive security measures to safeguard Android devices against malicious exploitation."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

By offering to buy Atos' big data and cybersecurity operations. Paris is trying to make sure key technologies do not fall under foreign control.

Source: Aleksandar Malivuk via Shutterstock

The government of France's recent bid to acquire the big data and cybersecurity division of Atos for some $750 million is an indication of the financially beleaguered company's vital importance to the country's defense interests.

It's a move that analysts say is about retaining domestic control over technology integrated into sensitive government, defense industrial base systems, supercomputers for simulating nuclear bomb tests, and a range of other critical infrastructure. Atos is also the primary cybersecurity provider to the upcoming Olympic Games in Paris.

The French government has similar stakes in multiple other entities such as Air France, Airbus, Renault, and aviation, space, and defense giant Safran. So, the move to invest in Atos is not unprecedented.  Even so, it demonstrates the French government's keen interest in keeping information technology of strategic national security importance out of foreign hands.

**Atos: A Pivotal Govt. Player in France**

Atos is a pivotal entity in France, says Morgan Wright, chief security advisor at SentinelOne: "It has constructed the supercomputers for the nuclear-deterrent program, secured a 2019 contract to establish a big-data platform for the armed forces, and is a driving force in the development of the Scorpion combat-information system." Wright adds, "the French government's \[planned\] acquisition of these assets \[is\] a strategic move to maintain control and prevent potential competitors from developing technology that could be used against the country or its allies."

Atos last week disclosed that it had received what it described as a non-binding offer from the French government for its advanced computing, mission-critical systems and cybersecurity products businesses. Atos' board of directors and the company's top management will discuss the $750 million offer, but there is no guarantee that negotiations will lead to a definitive agreement between both parties, the company said in the statement.

The nearly $12 billion Atos provides a wide range of information technology products and services worldwide. In recent years the company has struggled financially and has accumulated a debt load that currently stands at over $5 billion. Airbus earlier this year offered between $1.65 billion and $2 billion to buy Atos' big data and cybersecurity business for between $1.65 billion and $2 billion — or more than twice what the French government has currently offered. But the aerospace giant abruptly walked out of the deal midway through discussions, tanking Atos' already degraded stock values in the process. Some European analysts had perceived Airbus as acting as sort of proxy for the French government when it made the offer.

**A Bid to Protect Self Interests**

The French government's subsequent direct bid to buy Atos' cybersecurity business is not entirely unsurprising in that context. Some in France had actually called for the government to nationalize Atos prompting a government denial.

"Atos delivers critical services to multiple departments within the French government, some of which are highly critical or require a specific skill set or authorization — \[like\] top secret security clearance," says Luigi Lenguito, founder and CEO, BforeAI. "Ensuring the know-how and workforce Atos has built, stays as consolidated as possible, is a primary concern," for the French government, he says.

In Europe, moves by the government to take a direct stake in companies deemed as providing critical value are not unusual, he says pointing to examples such as Air France and ITA (formerly Alitalia). Italy's Leonardo SpA — which like Atos provides a wide range of IT and security services — is an example even within the technology realm, he notes. The Italian government currently holds a 30% stake in Leonardo.

"This is not new; other large security organizations in Europe have some form of public 'golden share,'" as well, Lenguito says. "These arrangements have already been established in other critical sectors like telecommunication and utilities."

In other cases, governments have used legislation limiting who can tender specific services, he says.

**The US Approach to "PubSec"**

The chances of the US government stepping in to buy a stake in a critically important private sector IT or cybersecurity company are significantly lower. However, the government does have close oversight over foreign investments through the Committee of Foreign Investments in the United States (CFIUS), says SentinelOne's Wright.

"China has been blocked several times from acquiring certain US companies for national security reasons, because of the technology they are involved with," he says, i.e., Huawei's blocked bid to become a top 5G infrastructure provider for US telecoms. But for the federal government to buy a private cybersecurity company would be an exceptional circumstance, he notes.

"It could happen in the US, but I think the company would have to be so strategic that the transfer of ownership to an adversarial interest would harm the national security of the country," he says.

Dave Gerry, CEO at Bugcrowd, says that while the government buying a cybersecurity provider isn't exactly commonplace in the US, there is some precedent for it reviewing what technologies and companies can end up being owned by foreign buyers. He too points to the role by the CFIUS in reviewing transactions that could impact a national security interest.

"Recently, we've seen this play out in the non-cyber world when Japan's Nippon Steel attempted to acquire US Steel," he says. "In this case, it appears the French government has a strong reason to believe that Atos' acquisition by a foreign buyer would jeopardize France's national security interests."

Importantly, if the deal goes through, the French government will have a direct stake in a company that can help significantly bolster its technology and cybersecurity capabilities. "It makes sense for the French government to upgrade its defenses," says Mike Janke, co-founder of DataTribe. "For years, we have seen governments invest in critical companies through numerous means, but it has been rare for them to buy a company. We'll see if this emerges as a trend."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

France Seeks to Protect National Interests With Bid for Atos Cybersec

Plus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance program.

Controversial gunshot-detection company ShotSpotter has deployed more than 25,000 microphones across 170 cities worldwide. This week, WIRED and _South Side Weekly_ revealed the company may continue to provide gunshot data to police in cities even after contracts have ended. Internal emails seen by the publications suggest ShotSpotter sensors may have stayed online despite law enforcement deals having expired, raising questions about what will happen to 2,500 microphones in Chicago when its contract runs out at the end of the year.

Elsewhere, Change Healthcare finally admitted to paying a ransom to the AlphV hackers, also known as BlackCat, that extorted the medical company. Weeks ago, WIRED revealed the attackers were paid $22 million, one of the largest ransomware payments ever. However, in a statement this week the company admitted for the first time that it paid the ransom as part of its effort “to do all it could to protect patient data from disclosure.” Some of that data still found its way onto the dark web.

In another successful grift, researchers have found animators in North Korea creating artwork for major Hollywood studios. A misconfigured North Korea cloud server, discovered at the end of last year, contained thousands of animation files, notes, and working documents for productions of shows that stream on Amazon Prime Video and Max. The companies likely didn’t know workers from the Hermit Kingdom were creating the artwork, but it’s another example of how North Korea is using skilled workers to circumvent sanctions and make the regime money.

Meanwhile, Cisco revealed this week that some of its devices, called Adaptive Security Appliances, have been targeted by state-sponsored hackers who exploited two zero-day vulnerabilities in the systems. The attack, dubbed ArcaneDoor, is believed to have had an espionage focus and sources suspect China’s state-backed hackers may be the culprits.

The November presidential elections may still be months away, but the next US president will have increased surveillance capabilities. This week Joe Biden signed a controversial bill extending and enhancing Section 702 of the Foreign Intelligence Surveillance Act. FISA allows spy agencies to collect Americans’ calls, emails, and more when pursuing foreign intelligence. Critics say the changes are “a gift to any president who may wish to spy on political enemies.”

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**School Principal Framed Using AI Voice Deepfake**

In January, an Instagram account in Baltimore, Maryland, posted an alleged audio recording of local school principal Eric Eiswert making racist and antisemitic comments. Baltimore County Public Schools quickly opened an investigation into the incident. However, this week, a former athletic director at Pikesville High School was arrested after police said he used artificial intelligence software to create the fake audio clip of Eiswert. The audio included comments about “ungrateful Black kids” and disparaging remarks about the Jewish community.

Dazhon Darien, the former staff member, was arrested after being stopped in possession of a gun at an airport when officials saw there was an outstanding arrest warrant, the _Baltimore Banner_ reported. The media organization reports that Darien was charged with disrupting school activities and stalking. The fake clip was allegedly made in retaliation for the principal investigating Darien over irregular payments to his roommate.

Police reports, the _Banner_ says, indicate that the audio clip had a “profound” impact on the school principal. “It not only led to Eiswert’s temporary removal from the school but also triggered a wave of hate-filled messages on social media and numerous calls to the school,” police reports said.

Voice-cloning technology, which can fall under the broader banner of deepfake technology, has rapidly improved within the last year. Cloning tools can recreate someone’s voice to a relatively realistic level using just a few seconds of real audio. The systems have increasingly been used to impersonate politicians and scam people over the phone.

**General Motors Stops Driving Surveillance, Following Privacy Complaints**

Your car knows a lot about you—from where and how you drive, to your weight and how you sit. This week, following a series of revelations from _New York Times_ reporter Kashmir Hill, General Motors announced it will end its “Smart Driver” program and unenroll all customers. Until the reports from the _Times_, GM was sharing data with data brokers LexisNexis and Verisk, which shared it with insurers and led to high payments for some people. The OnStar Smart Driver program had been designed to promote safer driving, GM said. However, many people were not aware they had been enrolled in the system. Ten lawsuits have been filed so far about the Smart Driver program and how it shared data.

**Google Delays Killing Cookies—Again**

In January 2020, Google said it would remove third-party cookies from Chrome within two years—following Safari, Brave, Firefox, and other browsers in eradicating the tracking technology. It’s now April 2024 and the company has delayed the change for a third time, saying it’ll happen in 2025. Google’s proposed cookie replacement has faced scrutiny from competition and privacy regulators in the UK, with critics saying cookies are just being replaced by another form of tracking and suggesting the changes could further benefit Google’s ad business.

**Samourai Wallet Founders Arrested Over $2 Billion Unlawful Transactions**

Keonne Rodriguez and William Lonergan Hill, the founders of crypto-mixing service Samourai Wallet, were charged by US prosecutors this week for running an unlicensed money transfer business and conspiracy to commit money laundering. The company processed $2 billion in “unlawful transactions” and “facilitated more than $100 million in money laundering,” according to Damian Williams, the United States Attorney for the Southern District of New York, and other investigators. The charges can carry a maximum of 20 years each. The move comes as US prosecutors try to clampdown on crypto mixing services that may be used to hide funds or allow illicit behavior. Mixers Bitcoin Fog, Helix, and Tornado Cash have all faced action in recent years.

**Chinese Keyboard Vulnerabilities Could Reveal Typing**

New research from the University of Toronto’s Citizen Lab this week revealed vulnerabilities in eight Chinese keyboard apps that, if exploited, could allow everything typed to be intercepted. Up to a billion people may be impacted, the researchers say. They tested apps from major technology companies and phone makers, including Baidu, Honor, Huawei, Samsung and Tencent. “Most of the vulnerable apps can be exploited by an entirely passive network eavesdropper,” they researchers write, adding that most of the impacted companies fixed the vulnerabilities when they were reported.

School Employee Allegedly Framed a Principal With Racist Deepfake Rant

Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.

Source: badboydt7 via Shutterstock

Nearly all keyboard apps that allow users to enter Chinese characters into their Android, iOS, or other mobile devices are vulnerable to attacks that allow an adversary to capture the entirety of their keystrokes.

This includes data such as login credentials, financial information, and messages that would otherwise be end-to-end encrypted, a new study by Toronto University's Citizen Lab has uncovered.

**Ubiquitous Problem**

For the study, researchers at the lab considered cloud-based Pinyin apps (which render Chinese characters into words spelled with roman letters) from nine vendors selling to users in China: Baidu, Samsung, Huawei, Tencent, Xiaomi, Vivo, OPPO, iFlytek, and Honor. Their investigation showed all but the app from Huawei to be transmitting keystroke data to the cloud in a manner that enabled a passive eavesdropper to read the contents in clear text and with little difficulty. Citizen Lab researchers, who have earned a reputation over the years for exposing multiple cyber espionage, surveillance, and other threats targeted at mobile users and civil society, said each of them contain at least one exploitable vulnerability in how they handle transmissions of user keystrokes to the cloud.

The scope of vulnerabilities should not be underestimated, Citizen Lab researchers Jeffrey Knockel, Mona Wang and Zoe Reichert wrote in a report summarizing their findings this week: The researchers from Citizen Lab found that 76% of keyboard app users in mainland China, in fact, use a Pinyin keyboard to input Chinese characters.

"All of the vulnerabilities that we covered in this report can be exploited entirely passively without sending any additional network traffic," the researchers said. And to boot, the vulnerabilities were easy to discover and do not require any technological sophistication to exploit, they noted.  "As such, we might wonder, are these vulnerabilities actively under mass exploitation?"

Each of the vulnerable Pinyin keyboard apps that Citizen Lab examined had both a local, on-device component and a cloud-based prediction service for handling long strings of syllables and particularly complex characters. Of the nine apps they looked at, three were from mobile software developers — Tencent, Baidu, and iFlytek. The remaining five were apps that Samsung, Xiaomi, OPPO, Vivo, and Honor — all mobile device manufacturers — had either developed on their own or had integrated into their devices from a third-party developer.

**Exploitable via Active & Passive Methods**

Methods of exploitation differ for each app. Tencent's QQ Pinyin app for Android and Windows for instance had a vulnerability that allowed the researchers to create a working exploit for decrypting keystrokes via active eavesdropping methods. Baidu's IME for Windows contained a similar vulnerability, for which Citizen Lab created a working exploit for decrypting keystroke data via both active and passive eavesdropping methods.

The researchers found other encrypted related privacy and security weaknesses in the Baidu's iOS and Android versions but did not develop exploits for them. iFlytek's app for Android had a vulnerability that allowed a passive eavesdropper to recover in plaintext keyboard transmissions because of insufficient mobile encryption.

On the hardware vendor side, Samsung's homegrown keyboard app offered no encryption at all and instead sent keystroke transmissions in the clear. Samsung also offers users the option of either using Tencent's Sogou app or an app from Baidu on their devices. Of the two apps, Citizen Lab identified Baidu's keyboard app as being vulnerable to attack.

The researchers were unable to identify any issue with Vivo's internally developed Pinyin keyboard app but had a working exploit for a vulnerability they discovered in a Tencent app that is also available on Vivo's devices.

The third-party Pinyin apps (from Baidu, Tencent, and iFlytek) that are available with devices from the other mobile device makers all had exploitable vulnerabilities as well.

These are not uncommon issues, it turns out. Last year, Citizen Labs had conducted a separate investigation in Tencent's Sogou — used by some 450 million people in China — and found vulnerabilities that exposed keystrokes to eavesdropping attacks.

"Combining the vulnerabilities discovered in this and our previous report analyzing Sogou's keyboard apps, we estimate that up to one billion users are affected by these vulnerabilities," Citizen Lab said.

The vulnerabilities could enable mass surveillance of Chinese mobile device users — including by signals intelligence services belonging to the so-called Five Eyes nations — US, UK, Canada, Australia, and New Zealand — Citizen Lab said; the vulnerabilities in the keyboard apps that Citizen Lab discovered in its new research are very similar to vulnerabilities in the China-developed UC browser that intelligence agencies from these countries exploited for surveillance purposes, the report noted.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Chinese Keyboard Apps Open 1B People to Eavesdropping

By Waqas
Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords!
This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

Citizen Lab investigated the security of cloud-based pinyin keyboard apps and found that eight out of nine vendors transmitted user keystrokes in an insecure manner. This means keystrokes could be intercepted by eavesdroppers on the network.

A new report by Citizen Lab has uncovered critical security vulnerabilities in popular keyboard apps, potentially exposing the keystrokes of nearly a billion users to eavesdroppers.

The report, titled “The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers,” investigates cloud-based pinyin input method editors (IMEs) used on a vast majority of Android devices in China.

Researchers analyzed keyboard apps from nine major vendors: Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. Alarmingly, they found vulnerabilities in eight of these apps that could allow attackers to steal users’ keystrokes as they type.

The report details various weaknesses in how these apps transmit data. Some apps, like Samsung Keyboard, send keystrokes completely unencrypted, making them easy for anyone snooping on the network to intercept. Others rely on flawed encryption methods that can be cracked.

The ease of eavesdropping varies depending on the app. In some cases, a malicious actor on the same Wi-Fi network could steal your data. Even more concerning, some vulnerabilities are exploitable by entirely passive eavesdroppers, who can intercept data without needing any interaction from the user.

The report highlights Huawei as the only vendor whose keyboard app did not exhibit these vulnerabilities. This offers some peace of mind for Huawei users but leaves a significant number of users potentially exposed.

Citizen Lab estimates that the combined market share of Baidu, Sogou (mentioned in a previous report by Citizen Lab), and iFlytek represents over 95% of the third-party IME market in China, translating to roughly one billion users at risk.

This security lapse has serious consequences. Keystrokes can contain sensitive information like passwords, credit card details, and private messages. If intercepted, this data could be used for identity theft, financial fraud, and other malicious activities.

Nevertheless, the report shows the importance of using secure keyboard apps. Users should prioritize apps with a strong reputation for security and that encrypt user data properly. Additionally, it’s recommended to avoid using sensitive information on public Wi-Fi networks.

Researchers urge app developers to address these vulnerabilities immediately by implementing strong encryption methods and secure data transmission protocols.

1.  AI Model Listens to Typing, Compromising Sensitive Data
2.  Keyboard app collecting users data after 31M records leaked online
3.  Intel removes remote Android keyboard app rather than fixing its flaws
4.  Chinese Keyboard Developer Spies on User Through Built-in Keylogger
5.  Android Emoji keyboard app makes millions with unauthorized purchases

Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

PRESS RELEASE

Copenhagen, Denmark, April 16, 2024 – Keepit, a global leader in SaaS data backup and recovery, today announced Kim Larsen as new Chief Information Security Officer (CISO). With more than 20 years of leadership experience in IT and cybersecurity from government and the private sector, the new CISO’s areas of expertise include: business driven security; aligning corporate, digital and security strategies; risk management and threat mitigation; developing and implementing security strategies; leading through communication; and coaching. Larsen's deep government and broad private sector experience will position him to bring Keepit’s security advisory capabilities and development of future services to the next level.  

Kim Larsen is an experienced keynote speaker, negotiator, and board advisor on cyber and general security topics, with experience from a wide range of organizations, including NATO, EU, Verizon, Systematic, and a number of industry security boards. 

“It's a real pleasure to welcome Kim Larsen to the team — his deep government and broad private sector experience is exceptional, and perfectly positions him to bring Keepit’s security advisory capabilities and development of future services to the next level. Our current growth trajectory and go-to-market strategy has us engaging in conversations where his expertise is highly valuable,” says Morten Felsvang, Keepit CEO.

Kim Larsen started his career in the Danish National Police and subsequently spent nine years with Security and Intelligence Service (PET) where he served as delegate for the Danish government in both NATO’s and the EU’s security committees.

Moving into the private sector to act as strategic advisor on government, public and financial sector matters, and developing security organizations and partnerships in companies such as Verizon, Huawei and Systematic, he has served on the information security board of the Danish Industry confederation (DI) and Danish Council for Digital Security for 10 years. 

Backup and recovery critical components to cybersecurity

With this background, Kim Larsen has a holistic take on cybersecurity and a profound understanding of what is required and desired in organizations bolstering their IT infrastructures against cyber threats:

“I am very happy to join Keepit: Backup and recovery are critical components of a solid cybersecurity posture, and the unique Keepit solution is the answer to so many compliance and security challenges. It’s a great opportunity to work with organizations on how to retain access to their data in the face of any malign or arbitrary threats to their infrastructure,” says Kim Larsen.

The CISO points to compliance, cyber resilience, and disaster recovery best practices as three of his favorite subjects and reasons for choosing Keepit as his new stomping ground: 

“If there’s one thing we can be sure of, it’s this: We don’t know the threats we will be facing in the future. But we can make educated guesses. And based on those, we can make sure to cross the t’s and dot the i’s that we do know about. That’s why the Keepit solution is a future-proof solution: With its vendor-independent tech stack that keeps data physically and logically separate from the production environment, it’s a guarantee that customer data is always available. And with local data centers keeping data in the same regulatory regions as the organization, full compliance is assured. It really is quite unique,” states Kim Larsen. 

About Kim Larsen

Kim Larsen is Chief Information Security Officer at Keepit and has more than 20 years of leadership experience in IT and cybersecurity from government and the private sector.

Areas of expertise include business driven security, aligning corporate, digital and security strategies, risk management and threat mitigation adequate to business needs, developing and implementing security strategies, leading through communication, and coaching.

Kim Larsen is an experienced keynote speaker, negotiator, and board advisor on cyber and general security topics, with experience from a wide range of organizations, including NATO, EU, Verizon, Systematic, and a number of industry security boards.

Find Kim Larsen on LinkedIn.

Kim Larsen New Chief Information Security Officer at SaaS Data Protection Vendor Keepit

As Chinese automakers prepare to launch in the US, the White House is investigating whether cars made in China could pose a national security threat.

The US government has launched an investigation into the national security risks posed by foreign-made vehicles with internet connectivity—especially those made in China. At a briefing on Wednesday, Secretary of Commerce Gina Raimondo even raised the specter of Beijing remotely triggering mayhem on US highways.

“Imagine if there were thousands or hundreds of thousands of Chinese connected vehicles on American roads that could be immediately and simultaneously disabled by somebody in Beijing,” Raimondo said.

The new US government fears about Chinese autos come as automakers such as BYD and Geely have become major global players in car manufacturing—and particularly electric vehicles. They also build on evidence that as cars have become increasingly computerized, and connected to the internet, vehicles have become vulnerable to new security threats. Hackers have shown it is possible to disable internet-connected vehicles from afar. Automated driving systems and internet connectivity have added cameras and other sensors to vehicles, and can also make them mobile repositories of personal information.

Raimondo said that the Bureau of Industry and Security, a division of the Commerce Department that handles national security issues related to advanced technology, would explore how sensor-laden, internet-connected vehicles could be used to commit espionage, collect data on US citizens, or commit sabotage on US roads.

The alarm sounded about Chinese autos adds to a recent history of US government concern about China’s technology ambitions under President Joe Biden and under President Trump before him. Trump imposed sanctions on Chinese telecoms equipment maker Huawei and other 5G companies working on 5G wireless technology and targeted Chinese AI firms with similar controls. The Biden administration has aggressively restricted the flow of advanced chips into China. Concerns over sensitive US data passing back to China has led to a TikTok ban for most federal government devices.

The move comes as US automakers miss targets for EV sales, and as Chinese automakers such as BYD tout record global sales and build new factories. Many Chinese manufacturers are producing cars, and particularly EVs, more efficiently and profitably than their US counterparts, with billions in assistance from the central government.

In January, BYD overtook Tesla as the world’s leading manufacturer of EVs, according to figures released by the two companies. Last year, China became the world’s biggest car exporter.

“China is determined to dominate the future of the auto market, including by using unfair practices,” reads a statement from Biden released by the White House. “China’s policies could flood our market with its vehicles, posing risks to our national security. I’m not going to let that happen on my watch.”

Rising Power

China’s automakers are expected to soon begin a direct assault on the US market. Recent news reports suggest that Chinese automakers including BYD, MG, and Chery plan to manufacture their lower-cost electric vehicles in Mexico, enabling them to take advantage of North American trade treaties and evade US tariffs of 27.5 percent on imported Chinese autos.

The Alliance for American Manufacturing, a trade group, earlier this month called China a “significant” threat to US car manufacturers. It urged US policymakers to “adopt a proactive and evolving strategy to stymie the CCP’s penetration.”

Speaking at the briefing Wednesday, Lael Brainard, national economic adviser to the White House, described US automakers being on a competitive playing field that appears to be rapidly tilting in favor of Chinese automakers. “For years China has employed an array of subsidies and protections to build massive capacity in EV production,” Brainard said. “Chinese automakers are now flooding foreign markets with their autos.”

The security risks posed by vehicles have grown as they’ve become more computerized, more sensor-filled, and more connected. Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, recently told WIRED that the US is working with allies to develop standards for autonomous vehicles that would address the risks they pose. Neurberger said the administration is concerned about Chinese autonomous vehicles that have been approved for testing on US roads.

Administration officials say that the investigation would extend to Chinese-made components and other technologies. This could include the lidar systems that use lasers to map roads and spot obstacles, a market in which Chinese companies are major players.

Officials note that China has imposed restrictions on connected vehicles from US companies. Tesla cars are reportedly restricted from driving in military- and government-affiliated areas, including meeting halls and exhibition centers, for instance.

The move will risk ratcheting up tension between the US and China. If the action leads to trade restrictions, it could be met with counter restrictions from Beijing. “We'll have to wait to see what China's retaliation might be,” a senior administration official said.

The White House Warns Cars Made in China Could Unleash Chaos on US Highways

Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, tells WIRED about emerging cybersecurity threats—and what the US plans to do about them.

Tag

#huawei