Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Senior United States intelligence officials met privately in Virginia yesterday with over a dozen civil liberties groups to field concerns about domestic surveillance operations that have drawn intense scrutiny this summer among an unlikely coalition of Democratic and Republican lawmakers in the US Congress.

The closed-door session, convened at the Liberty Crossing Intelligence Campus—a sprawling complex housing the bulk of the nation’s counterterrorism infrastructure—comes amid a backdrop of political furor over past misuses of a powerful surveillance tool by, principally, the Federal Bureau of Investigation (FBI). Republican lawmakers, who remain aggrieved over the FBI’s botched operation to surveil a former Trump campaign aide amid its 2016 Russia investigation, have formed an extraordinary alliance with Democratic rivals who’ve long been critical of the FBI’s power to warrantlessly access information about Americans “incidentally” collected by spies in the process of monitoring foreign threats.

The meeting, organized by the director of national intelligence, Avril Haines, was attended by top officials from the National Security Agency (NSA), US Department of Justice (DOJ), and Central Intelligence Agency (CIA), among others. General Paul Nakasone, the NSA director, is believed to have attended, though neither the IC, nor any source at the meeting, would confirm or deny his presence. (All sources spoke with WIRED on background citing rules established ahead of the gathering.)

Privacy and civil liberties advocates in attendance Thursday say one of their chief objectives was putting the intelligence community (IC) on notice: Without significant privacy reforms, any effort to reauthorize the use of its most powerful surveillance weapon—Section 702 of the Foreign Intelligence Surveillance Act—will be a doomed undertaking. The 9/11-era program, occasionally referred to as the “crown jewel” of US intelligence, is set to expire at the end of the year. Sources in Congress with knowledge of ongoing negotiations over the program say Biden administration officials have privately encouraged lawmakers to pass a “clean bill” this winter, airing fears that any potential lapse in surveillance would pose a national security threat. Targets of the 702 program have expanded in the past decade beyond terrorists in the Middle East, and today include foreign cybersecurity threats linked to Iran, Russia, and China, as well as drug traffickers involved in the production of fentanyl, a dangerous opioid flooding US streets.

The fate of the 702 program hangs by a precarious thread, with lawmakers on both sides of the aisle increasingly scrutinous of the FBI’s ability to tap into data that the intelligence community has long claimed is only unintentionally collected on Americans—a byproduct of casting a wide surveillance net over the communications of hundreds of thousands of individuals each year believed or assumed to be agents of hostile foreign powers. Restricting the bureau’s access to this data for domestic criminal investigation without first obtaining a court order remains one of the top reforms sought after by IC’s bipartisan critics.

Sources at the meeting say the conversation was largely one-sided, with Haines and other intelligence officials framing the event as purely an opportunity to bear witness to the concerns of civil rights advocates. While none expected a true back-and-forth discussion, some advocates nevertheless expressed frustration over the lack of reciprocity, with one describing it bluntly as “stonewalling.” A spokesperson for the IC said such “listening sessions,” in which top officials gather to bear witness to the concerns of relevant civil society stakeholders, are commonplace, and that, generally speaking, the IC does not disclose the nature of its conversations with members of Congress.

Its guests on Thursday included privacy and national security experts from the American Civil Liberties Union, Brennan Center for Justice at NYU School of Law, Electronic Information Privacy Center, and Demand Progress, among a dozen other groups. The largely progressive coalition further included conservative nonprofits such as FreedomWorks and Americans for Prosperity. Bob Goodlatte, a former Republican chair of the House Judiciary Committee who now serves as a senior advisor to the nonprofit Project for Privacy and Surveillance Accountability, also attended.

While Haines and some of the officials under her have expressed a willingness to enhance safeguards around intelligence “incidentally” collected on Americans, the IC has been unwilling so far to disclose what, if any, specific reforms it may be receptive to adopting. Privacy advocates say they remain, in response, skeptical it’s truly open to reform, adding that key sources on Capitol Hill continue to be unaware of any specific reforms currently supported by IC. In a letter ahead of the meeting, the same advocates said they were pursuing new limits on the scope of US surveillance codified under federal law, and the closing of a notorious loophole enabling intelligence and law enforcement services to bypass warrant requirements by paying data brokers for Americans’ sensitive data.

An internal advisory report declassified by Haines earlier this year described “large” purchases of “sensitive and intimate information” about Americans from private companies, including data enabling law enforcement to trace Americans’ whereabouts over extended periods of time. The report acknowledges that much of the purchased data would ordinarily fall under the protection of the US Constitution's Fourth Amendment, which includes a guarantee against unreasonable searches and seizures. Various intelligence agencies, the Defense Intelligence Agency and NSA among them, have taken the position that paying for access to sensitive data, as opposed to demanding it in accordance with criminal law procedures, effectively negates that constitutional right.

Defenders of this particular collection method argue that the data is already widely available to private companies and even foreign intelligence services. Its detractors note that companies and foreign countries are not bound by the Fourth Amendment, and otherwise lack the US government’s power to arrest, fine, and imprison US residents.

Sources say Haines and other officials were pressed to disclose whether the government has arrived at a single, coherent policy regarding commercial data purchases. It is currently assumed US spy agencies are left to determine the legality of such arrangements individually, with declassified materials over the past year overwhelmingly supporting that belief. None of the IC officials, sources say, would comment on whether such a policy exists, though Haines has previously told members of Congress that devising one is a process that’s been underway since early 2021.

A spokesperson at the Office of the Director of National Intelligence (ODNI) says Haines had a prior speaking engagement Friday morning and could not be immediately reached for comment.

In a statement, members of the privacy coalition expressed gratitude for Haines’ taking the time to hear their concerns. Nevertheless, civil liberties experts say they remain “deeply distressed” by the IC’s unwillingness to commit to any “meaningful reforms that are critical to protect Americans’ privacy,” calling specifically the FBI’s abuses of 702-related data. “The administration and intelligence community must be willing to come to the table and accept significant new privacy protections that advocates, Congress, and the American people are calling for,” they said.

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.

_This article was_ _copublished_ _with The Markup, a nonprofit, investigative newsroom that challenges technology to serve the public good. Sign up for its newsletters_ _here__._

Less than 10 days after the Robb Elementary School shooting in Uvalde, Texas, in May 2022, Axon Enterprises CEO Rick Smith announced the company had formally started developing Taser-equipped drones. The technology, Smith argued, could potentially save lives during mass shootings by incapacitating active shooters within seconds.

For Axon, which changed its name from Taser in 2017, the concept seemed a sensible next step for stakeholders who share Axon’s public safety mission, Smith said on the company’s site.

“In brief,” he wrote, “non-lethal drones can be installed in schools and other venues and play the same role that sprinklers and other fire suppression tools do for firefighters: Preventing a catastrophic event, or at least mitigating its worst effects.”

Elsewhere, however, the announcement roused significant concern. Only a few weeks before Smith’s announcement, a majority of the members of Axon’s AI Ethics Board—which consisted of a dozen academics, attorneys, activists, and former law enforcement officials—recommended the company not move forward with a pilot study of Taser-armed drones, then called Project ION. The board had spent more than a year considering the Taser-equipped drone project but had never considered any use case in which it would be a solution to mass shootings.

Advisory board members told The Markup that Smith’s announcement was unexpected and made without consultation or input from the ethics body the company had worked relatively well with for the previous four years. In the past, the board’s work prompted Axon to ban facial recognition on its body cameras out of concern the technology could not be responsibly rolled out.

“I begged Rick not to go public with the weaponized drone plan without consulting with the board, as our operating principles required,” Barry Friedman, founder of NYU Law School’s Policing Project and former Axon ethics advisory board chair, told The Markup.

Within a week of the announcement, nine of Axon’s 12-member ethics board resigned, saying in a joint letter that they had “lost faith in Axon’s ability to be a responsible partner.”

“Although we all joined this Board understanding that we are advisory only—and have seen Axon reject our advice on some prior occasions—rushing ahead to embrace use of surveillance-enabled, Taser-equipped drones, especially when its Board was urging against unnecessarily precipitate action, is more than any of us can abide,” the exiting members wrote then.

An illustration of a Taser-equipped drone, taken from Axon’s patent application.Illustration: Axon

In the wake of the board’s dissolution, Axon halted its Taser-drone program temporarily. Former board members, meanwhile, continued to speak out against the company’s efforts. The group released a report in January 2023 criticizing company leaders for “trading on the tragic shootings which had just occurred in Uvalde and Buffalo.” The report included a number of recommendations about Taser-drone technology, including the need for accuracy and safety thresholds, as well as local lawmakers’ approval and internal department policies governing the drones’ use. Drones deploying force should never be autonomous, either, the ex-board members recommended—a human should make that decision.

The former members also noted that in addition to the physical risk of injury or death posed by an electroshock weapon, the proposed devices would rely on surveillance systems that would be triggered by the sound of gunshots, posing privacy and accuracy risks. Additional surveillance in schools might also lead to increased disciplinary action, even for minor offenses, they said. There’s potential for disparate, racist impact here, too, the former members pointed out, saying, “Black students are four times more likely to attend a school with a high level of surveillance.”

Weaponized drones are also vulnerable to misuse and might increase how frequently force is used, the experts said in their report. “A growing literature on military use of drones notes the unique characteristics of remote use of force—humans appear as figures on a computer screen, and decisions to use force often are made by teams rather than by a single individual,” the experts wrote. This “could lead to dehumanization of individuals targeted by the drone and could diminish operators’ sense of personal moral culpability for their decisions, leading to increased use of force.”

However, Axon, which did not reply to a request for comment by press time, still appears to be moving forward with its armed drone plan.

“On a longer time horizon, Axon sees opportunities to explore how robotics can expand to include less-lethal robotic payloads and operations,” company leadership said in a statement on its website from April of this year. “While this is still in early concept, we believe with ample research, ethical development and identifying the most amenable use cases, this capability can positively contribute to the future of public safety.”

Then, in July, the company acquired Sky-Hero, a company based in Belgium that manufactures drones and unmanned ground vehicles. Sky-Hero has already developed so-called “distraction” technology for some of its drones and rovers that produces the same sound pressure levels as a semiautomatic rifle, it said in the description of a YouTube video demonstrating the tech, acting as a “true non-lethal flashbang.”

In interviews with The Markup, former ethics advisory board members expressed concern about the company’s plans to continue developing weaponized drone technology.

“Vendors like Axon are selling products to public agencies for the benefit of the public, and I think they have a responsibility to consider the harms their products might cause and to try to mitigate those harms,” said Max Isaacs, a senior staff attorney at the Policing Project who worked with the board.

“Everyone deserves public safety,” Isaacs added. “Everyone wants more public safety. That’s not the question. The question is, when companies sell these products claiming all of these public safety benefits, have they proven those benefits? Has there been any independent testing? Do we know that these products are making us safer? Oftentimes the answer is no.”

Isaacs and others The Markup interviewed noted that ethics boards are an imperfect patch for the regulatory void around evolving technology like drones and artificial intelligence.

“The fact that we’re relying on companies to set up these advisory boards in order to address the harms of their products is itself a very problematic concept to me,” Isaacs said.

Though Axon leadership says it is committed to the “responsible” development of new technology, it’s not clear whether the company is still consulting with ethics experts on the plan.

The Markup found that mentions of the former AI ethics board appear to have been removed from the company’s website, including the board’s once-public recommendations and reports. The webpage axon.com/ethics, where the former board’s governing principles and work was hosted, now sends searchers to a letter from Smith announcing the company would pause its Taser-drone plan. In September 2022, the company unveiled its Ethics and Equity Advisory Council, a panel of academics and community leaders who advise Axon on “a limited number of products per year,” according to the company. Axon says the body is independent, but unlike the former ethics board, it is led by an Axon executive vice president.

The company declined to make members of this group available for interviews. Public reports from the body are not available on its website, nor is a copy of its operating principles.

Because ethics is both subjective and not legally binding, they can readily be trumped by capitalist imperatives, said Ryan Calo, a professor at the University of Washington School of Law and a former member of the ethics board at Axon.

“Ethics is important,” said Calo. “Ethics is good. But law needs to be a backstop. Law is the place where society goes to decide what’s forbidden and what’s required.”

The End of Killing?

The Arizona-based company has not shipped any Taser-equipped drones to any client, it said in a 2022–23 annual report, the most recent available. It also pledged to never build “lethal” drones.

Axon, which launched in 1993, is a premier player in the law enforcement and military technology space. Technology developed by the company, which makes Taser devices and body-worn cameras, is used by more than 95 percent of state and local law enforcement agencies in the United States, it claims in investor reports. Axon also owns the evidence.com platform, a cloud-based evidence management system for police officers and what the company calls “the world’s leading repository of law enforcement data.” Regarding Taser drones, Axon maintains they should be developed. “We believe there is no organization in the world better suited to develop it the right way,” its most recent investor report reads.

Company leadership expects to generate more than $1.5 billion in revenue in 2023, it said in an August investor statement. And by 2025, Rick Smith has set a target of reaching $2 billion. According to its own reports, Axon, which went public in 2001, has generated “over $15 billion in wealth” for its shareholders.

Still, the plan to arm drones with Tasers was not universally well-received by Axon’s shareholders, some of whom criticized the company for Smith’s announcement about the weaponized drones. A shareholder proposal submitted by the Jubitz Family Foundation, a Portland, Oregon–based foundation that promotes nonviolent alternatives to conflict, encouraged shareholders to vote to discontinue developing these drones.

“Axon proposed using AI surveillance, algorithmic predictors, and virtual reality simulations to stop mass shootings,” the proposal, which was included as part of the company’s 2022–23 annual report, reads. “Axon did not seek meaningful input from its in-house Community Advisory Coalition, AI Ethics Board, or Vice President of Community Impact prior to the announcement.”

After the ethics board’s resignations last year, “Axon has now replaced both the Community Advisory Coalition and the AI Ethics Board with a new advisory council, which Smith still does not commit to heeding,” the foundation added in its proposal.

“The rollout of this proposal demonstrates a tremendous failure of management’s self-governance procedures,” the Foundation wrote, and risked not only harming children psychologically and physically, but possible litigation and reputational damage.

The Jubitz Family Foundation did not respond to a request for comment on the proposal from The Markup.

In a lengthy response to the Jubitz proposal, Axon said robotic security could save lives, slashing gun-related deaths by presenting police with longer-range, remotely operable weapons.

“Axon is working to reduce violence and displace lethal uses of force with less-lethal alternatives that can save—rather than take—lives,” the company said.

“Based on our analysis of _The Washington Post_’s data set of fatal officer-involved shootings, we estimate that a more effective, longer-range handheld Taser device has the potential to reduce fatal officer-involved shootings by around 40 percent,” the company said. “When we run this same analysis looking at instances where police could have utilized a less-lethal capable drone, we estimate that a drone could likely have been used instead of lethal force in 57 percent of these fatal shootings. When we combine an advanced handheld Taser device together with remotely operated drone and robotic capabilities, we estimate that up to 72 percent of fatal shootings might be averted.” (The company did not share information about its analysis in response to questions about it.)

While Axon technology is used by major police departments and federal agencies, including the New York Police Department, the Los Angeles Police Department, the US Department of Homeland Security, and the Departments of Defense and Justice, according to the company, there isn’t proof that the products are solving the problem of police violence. According to the _Washington Post_ database of fatal police shootings, the number of such shootings was higher in 2022 than it was in any of the previous seven years tracked. And recently, some police unions have argued they should be paid more just to use body cameras, a barrier to critical transparency even where these tools are available.

Axon did not respond to questions in time for publication about when taser-equipped drones might arrive on the market, whether its new Equity and Ethics Advisory Council is advising it on the weaponized drone program, or whether the company has received any demand from school districts for these products. However, some insight into CEO Smith’s vision for this kind of drone technology can be gleaned from his 2019 book _The End of Killing_.

In a chapter of the book on school safety, Smith presents readers with a fictitious scenario about a day care center shooting, a tragedy averted because of a Taser-equipped drone installed in the room and activated by a “AI algorithm … designed to constantly monitor for potential firearm discharge sounds, not all that different from the iPhones of millions of people around the world that are awakened by the ‘Hey Siri’ sound pattern,” Smith writes.

An algorithm, Smith writes, would subsequently calculate the direction of the sound and, combined with a panic-alert signal system, trigger the drop of a small drone within a second. A “computer vision algorithm” on the drone would detect muzzle flashes. Sensing a probable weapon, he added, police could remotely deploy the Taser-armed drone, shooting electrical impulses “designed to paralyze the human nervous system” toward the shooter. All of this could take place within two seconds of gunfire.

Axon's Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang.
“Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including

The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang.

"Russia has long been a safe haven for cybercriminals, including the TrickBot group," the U.S. Treasury Department said, adding it has "ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including hospitals."

The targets of the sanctions are administrators, managers, developers, and coders who are believed to have provided material assistance in its operations. Their names and roles are as follows -

*   Andrey Zhuykov (aka Adam, Defender, and Dif), senior administrator
*   Maksim Sergeevich Galochkin (aka Bentley, Crypt, Manuel, Max17, and Volhvb), software development and testing
*   Maksim Rudenskiy (aka Binman, Buza, and Silver), team lead for coders
*   Mikhail Tsarev (aka Alexander Grachev, Fr\*ances, Ivanov Mixail, Mango, Misha Krutysha, Nikita Andreevich Tsarev, and Super Misha), human resources and finance
*   Dmitry Putilin (aka Grad and Staff), purchase of TrickBot infrastructure
*   Maksim Khaliullin (aka Kagas), HR manager
*   Sergey Loguntsov (aka Begemot, Begemot\_Sun, and Zulas), developer
*   Vadym Valiakhmetov (aka Mentos, Vasm, and Weldon), developer
*   Artem Kurov (aka Naned), developer
*   Mikhail Chernov (aka Bullet and m2686), part of the internal utilities group
*   Alexander Mozhaev (aka Green and Rocco), part of the team responsible for general administrative duties

Evidence gathered by threat intelligence firm Nisos late last month revealed that Galochkin "changed his name from Maksim Sergeevich Sipkin, and that he has significant financial debt as of 2022."

"The individuals, all Russian nationals, operated out of the reach of traditional law enforcement and hid behind online pseudonyms and monikers," the U.K. government said. "Removing their anonymity undermines the integrity of these individuals and their criminal businesses that threaten U.K. security."

The development marks the second time in seven months the two governments have levied similar sanctions against multiple Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime syndicates.

It also coincides with the unsealing of indictments against nine defendants in connection with the Trickbot malware and Conti ransomware schemes, counting seven of the newly sanctioned individuals.

Dmitriy Pleshevskiy, one among those sanctioned in February 2023, has since denied any involvement with the TrickBot gang, stating he used the "Iseldor" alias online to do unspecified programming tasks on a freelance basis.

"These tasks did not seem illegal to me, but perhaps that is where my involvement in these attacks comes in," Pleshevskiy was quoted as saying to WIRED, which unmasked Galochkin as one of the key members of TrickBot after a monthslong investigation.

Two other TrickBot developers have been apprehended and indicted in the U.S. to date. Alla Witte, a Latvian national, pleaded guilty to conspiracy to commit computer fraud and was sentenced to 32 months in June 2023. A Russian named Vladimir Dunaev is currently in custody and pending trial.

An evolution of the Dyre banking trojan, TrickBot started off along similar lines in 2016 before evolving into a flexible, modular malware suite that allows threat actors to deploy next-stage payloads such as ransomware.

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats

Supercharge Your Skills

The e-crime group, which managed to survive a takedown effort in 2020, was absorbed into the Conti ransomware cartel in early 2022, and as evidenced by the roles mentioned above, functioned akin to a legitimate enterprise with a professional management structure.

Conti formally disbanded in May 2023 following a wave of leaks two months earlier that offered unprecedented insight into the group's activities, which, in turn, was triggered by the group's support for Russia in the latter's war against Ukraine.

The anonymous dumps, dubbed ContiLeaks and TrickLeaks, sprang up within days of each other at the start of March 2022, resulting in the release of reams of data on their internal chats and infrastructure online. A prior account named TrickBotLeaks that was created in X (formerly Twitter) was quickly suspended.

"In total, there are approximately 250,000 messages which contain over 2,500 IP addresses, around 500 potential crypto wallet addresses, and thousands of domains and email addresses," Cyjax noted in July 2022, referring to the cache of TrickBot data.

According to the U.K. National Crime Agency (NCA), the group is estimated to have extorted at least $180 million from victims globally, and at least £27m from 149 victims in the U.K.

Despite ongoing efforts to disrupt Russian cybercriminal activity through sanctions and indictments, the threat actors continue to thrive, albeit operating under different names to evade the ban and leveraging shared tactics to infiltrate targets.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.K. and U.S. Sanction 11 Russia-based Trickbot Cybercrime Gang Members

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines.
The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines.

The findings come from Google's Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships with potential targets and build trust.

"In one case, they carried on a months-long conversation, attempting to collaborate with a security researcher on topics of mutual interest," security researchers Clement Lecigne and Maddie Stone said. "After initial contact via X, they moved to an encrypted messaging app such as Signal, WhatsApp, or Wire."

The social engineering exercise ultimately paves the way for a malicious file containing at least one zero-day in a popular software package. The vulnerability is currently in the process of being fixed.

The payload, for its part, performs a number of anti-virtual machine (VM) checks and transmits the collected information, along with a screenshot, back to an attacker-controlled server.

A search on X shows that the now-suspended account has been active since at least October 2022, with the actor releasing proof-of-concept (PoC) exploit code for high-severity privilege escalation flaws in the Windows Kernel such as CVE-2021-34514 and CVE-2022-21881.

This is not the first time North Korean actors have leveraged collaboration-themed lures to infect victims. In July 2023, GitHub disclosed details of an npm campaign in which adversaries tracked as TraderTraitor (aka Jade Sleet) used fake personas to target the cybersecurity sector, among others.

"After establishing contact with a target, the threat actor invites the target to collaborate on a GitHub repository and convinces the target to clone and execute its contents," the Microsoft-owned company said at the time.

Google TAG said it also found a standalone Windows tool named "GetSymbol" developed by the attackers and hosted on GitHub as a potential secondary infection vector. It has been forked 23 times to date.

The rigged software, published on GitHub way back in September 2022 and now taken down, offers a means to "download debugging symbols from Microsoft, Google, Mozilla, and Citrix symbol servers for reverse engineers."

But it also comes with the ability to download and execute arbitrary code from a command-and-control (C2) domain.

The disclosure comes as the AhnLab Security Emergency Response Center (ASEC) revealed that North Korean nation-state actor known as ScarCruft is leveraging LNK file lures in phishing emails to deliver a backdoor capable of harvesting sensitive data and executing malicious instructions.

It also follows new findings from Microsoft that "multiple North Korean threat actors have recently targeted the Russian government and defense industry – likely for intelligence collection – while simultaneously providing material support for Russia in its war on Ukraine."

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats

Supercharge Your Skills

The targeting of Russian defense companies was also highlighted by SentinelOne last month, which revealed that both Lazarus Group (aka Diamond Sleet or Labyrinth Chollima) and ScarCruft (aka Ricochet Chollima or Ruby Sleet) breached NPO Mashinostroyeniya, a Russian missile engineering firm, to facilitate intelligence gathering.

The two actors have also been observed infiltrating arms manufacturing companies based in Germany and Israel from November 2022 to January 2023, not to mention compromising an aerospace research institute in Russia as well as defense companies in Brazil, Czechia, Finland, Italy, Norway, and Poland since the start of the year.

"This suggests that the North Korean government is assigning multiple threat actor groups at once to meet high-priority collection requirements to improve the country's military capabilities," the tech giant said.

Earlier this week, the U.S. Federal Bureau of Investigation (FBI) implicated the Lazarus Group as behind the theft of 41 million in virtual currency from Stake.com, an online casino and betting platform.

It said that the stolen funds associated with the Ethereum, Binance Smart Chain (BSC), and Polygon networks from Stake.com have been moved to 33 different wallets on or about September 4, 2023.

"North Korean cyber threat actors pursue cyber operations aiming to (1) collect intelligence on the activities of the state's perceived adversaries: South Korea, the United States, and Japan, (2) collect intelligence on other countries' military capabilities to improve their own, and (3) collect cryptocurrency funds for the state," Microsoft said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Authorities have sanctioned 11 alleged members of the cybercriminal groups, while the US Justice Department unsealed three federal indictments against nine people accused of being members.

The United States Department of Treasury and United Kingdom Foreign Office announced today that they have sanctioned 11 people for their alleged involvement in the Trickbot cybercriminal gang. The US Department of Justice also unsealed indictments against nine people whom it says are connected to Trickbot and its sibling organization Conti. Seven of those nine also appear on today's sanctions list.

US and UK law enforcement working with officials around the world have made a concerted effort in recent years to deter cybercrime—particularly ransomware attacks and those launched by Russia-based actors. And Trickbot, a notorious and prolific gang, has repeatedly been a specific target of these actions. In February, the US and UK announced sanctions against seven alleged Trickbot actors and an indictment against them.

The new round of censures includes alleged Trickbot members who are accused of acting as coders and administrators for the group, as well as senior staff, the developer team lead, and a human resources and finance manager. The sanctions also name Trickbot's alleged head of testing for the gang's malware and technical infrastructure. This individual, Maksim Galochkin, goes by the handle Bentley, among others. WIRED identified Galochkin last week as part of an extensive investigation into Trickbot and its operations. 

The Department of Justice announced three indictments today that include Galochkin. One in the Northern District of Ohio, filed on June 15, charges him and 10 other alleged Trickbot members with “conspiring to use the Trickbot malware to steal money and personal and confidential information from unsuspecting victims, including businesses and financial institutions located in the United States and around the world, beginning in November 2015.” This timeline means that the charges essentially relate to all Trickbot activity going back to the group's inception. 

An indictment from the Middle District of Tennessee, filed on June 12, charges Galochkin and three others with use of the Conti ransomware in attacks targeting “businesses, nonprofits, and governments in the United States” between 2020 and June 2022. And an indictment in the Southern District of California, filed on June 14, charges Galochkin in connection with the May 1, 2021, Conti ransomware attack on Scripps Health.

“Today’s announcement shows our ongoing commitment to bringing the most heinous cyber criminals to justice—those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses,” FBI director Christopher Wray said in a statement on Thursday. “Cyber criminals know that we will use every lawful tool at our disposal to identify them, tirelessly pursue them, and disrupt their criminal activity. We, alongside our federal and international partners, will continue to impose costs through joint operations no matter where these criminals may attempt to hide.”

It has been difficult for global law enforcement to make progress on deterring cybercrminal activity, especially when actors are based in countries like Russia that allow them to operate with impunity. But independent researchers say that imposing public accountability does have impacts on the individuals as well as the broader criminal landscape.

Cybercriminals “often think they can conduct cyberattacks against corporations and individuals under anonymity,” says Landon Winkelvoss, vice president of research for the digital intelligence firm Nisos, which conducted a detailed investigation of Bentley's real-world identity at WIRED's request. But “they all make mistakes and the very nature of their crimes requires that their digital footprint is in the wild."

Winkelvoss notes that while cybercriminals have systematized strategies for maintaining their operational security and staying out of the limelight, their efforts to remain invisible are far from foolproof.

“Reusing command and control infrastructure servers and selectors like emails addresses and phone numbers is often the quickest return on their investment,” Winkelvoss says. "Unfortunately for them, this makes their unmasking relatively straightforward, especially when law enforcement and private industry \[have\] more publicly available data than they do.”

US and UK Mount Aggressive Crackdown on Trickbot and Conti Ransomware Gangs

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.

Thursday, September 7, 2023 14:09

Welcome to this week’s edition of the Threat Source newsletter.

Up until last week, I had never considered the timing of a scam to be important. I’m so used to just swiping away emails or text messages at random times during the day that I’d never considered what would happen if an adversary happened to get me at _just_ the right time.

That’s what happened to my wife last week.

We were on vacation, and I was away for a few hours at lunch with my friends while she and the other spouses stayed back with our children to hang out at the pool for a bit.

She received a text message from an unknown number asking her to confirm a Zelle payment to someone she had never heard of for a not-insignificant amount of money. Not even a minute later, she received a call from the same number from someone claiming to represent our bank asking if the transaction was fraudulent and if could she provide some personal information to verify the transaction or cancel it.

In most cases, she probably would have put them on hold and Googled the number to see if it was legitimate or logged into her online account to view her recent transactions. The problem was this scammer had hit her at the worst possible time. It was right in the middle of a diaper change for our 10-month-old daughter, and she was trying to change our daughter out of a wet bathing suit and stop her from crying because they were just a few minutes away from naptime.

Already in a panic (and not to mention exhausted from the heat at the beach), she answered the phone call and listened to the person on the other line, growing increasingly frustrated and just wanting to end the phone call as quickly as possible so she could return her attention to our daughter while trying to make sure we weren’t legitimately about to be scammed out of money.

Our friends thankfully intervened after she put the phone on speaker, and they all noticed some similar red flags and she ended the conversation before giving away any significant information the scammer didn’t already seem to have.

But it did get me thinking about how the timing and urgency of these scams can make such a difference. I can’t say the same thing wouldn’t have happened to me had I been in the middle of a diaper change and having to worry about something as stressful as money. Or what if they had caught my wife while she was in the car and didn’t have the internet or friends at her disposal?

This timing was purely blind luck on the attacker’s part, but it nonetheless almost worked out for them. I’m not trying to throw my wife under the bus or anything, I just wanted to use this story to illustrate that anyone can be a target of these types of scams at any time, and the scammers don’t care if you have to change a dirty diaper or not.

**The one big thing**

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows. The campaign, active since late last year, appears to primarily target graphic designers or any other engineers who may rely on 3-D modeling software who speak French. Cybercriminals are likely targeting these users because this type of software requires large GPUs, which also happen to be extremely useful when mining cryptocurrency.

**Why do I care?**

This campaign specifically targets business verticals such as architecture, engineering, construction, manufacturing and entertainment, though anyone using a computer of any type could be a target of a cryptocurrency mining malware. The attackers’ use of Advanced Installer also allows the backdoors used in this campaign to often slip by undetected.

**So now what?**

Cisco Secure Endpoint users can use Orbital Advanced Search to run complex OSqueries to see if their endpoints are infected with this specific threat. And if you’re ever curious about what your GPU is up to, use Task Manager on Windows or Activity Monitor on Mac to check out what your machine’s computing power is going toward. There are also specific Cisco Secure protections available that we outlined in Talos’ blog on this campaign.

**Top security headlines of the week**

With students around the globe going back to school over the past few weeks, **cyber attacks against the education sector are back in the spotlight.** This time of year is often a popular time for attackers to strike against schools, colleges and universities because their systems are under the most stress at the start of a new school year. Private security companies in the U.K. issued public warnings to school leaders that their systems are likely not prepared for a sophisticated threat actor, days after a school in northern London had to delay its start date by six days due to a cyber attack. More than 100,000 people may have also had their personal information stolen as the result of a data breach against Minneapolis’ school district, with the Medusa ransomware group claiming it was behind the attack. Although the intrusion took place in February, the district last week sent home letters to students and parents describing the results of an investigation into the breach. (The Record by Recorded Future, Yahoo! News, BBC)

The FBI announced last week that it **successfully dismantled the infamous Qakbot botnet.** Known as “Operation: Duck Hunt,” the takedown involved the FBI deploying an in-house uninstaller tool to Qakbot-infected devices. International law enforcement also seized Qakbot infrastructure located in the U.S. and across Europe. In the announcement of the takedown, U.S. officials blamed Qakbot for more than 40 ransomware attacks over the past 18 months, generating $58 million in ransom payments. Authorities also seized millions of dollars’ worth of cryptocurrency from Qakbot, which they are working to return to the original owners. However, security researchers are warning that the operation likely won’t be gone forever, as the operators and creators of Qakbot apparently still remain at large, and these types of botnets typically find ways to be reborn after takedowns. (BankInfoSecurity, TechCrunch)

**Researchers and reporters at “Wired” have unmasked one of the leaders of the Trickbot threat actor.** A 41-year-old is allegedly behind the online monikers “Bentley” and “Manuel” who are known as being the creators of Trickbot. The investigation also uncovered potential connections between Trickbot and the Russian government and other cybercriminal games. Thousands of messages in a Trickbot group message were leaked last year, which included sensitive information researchers have been able to use to unmask some of the group’s operations. A single CEO-like figure also appears to be at the helm of Trickbot and the Conti ransomware gang, receiving daily updates on the groups’ operations, the messages show. (Wired, NISOS)

**Can’t get enough Talos?**

*   Talos Takes Ep. #153: You're never going to believe this, but Lazarus Group is back again
*   Vulnerability Roundup: Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
*   Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants
*   Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses
*   Healthcare remains the top target of hackers, reports Cisco

**Upcoming events where you can find Talos**

**LABScon** **(Sept. 20 - 23)**

Scottsdale, Arizona

> Vitor Ventura gives a presentation that’s a detailed account and timeline of one such mercenary organization, from almost bankrupt to having a fully working spyware targeting iOS and Android with one-click zero-day exploit.

**Grace Hopper Celebration** **(Sept. 26 - 29)**

Orlando, Florida

> Caitlin Huey, Susan Paskey and Alexis Merritt present a "Level Up Lab" titled "Don’t Fail Knowledge Checks: Accelerating Incident Response with Threat Intelligence." Participate in several fast-paced activities that emphasize the importance of threat intelligence in security incident investigations. Attendees will act as incident responders investigating a simulated incident that unfolds throughout this session. Periodic checkpoints will include discussions that highlight how incident response and threat intelligence complement each other during an active security investigation.

**ATT&CKcon 4.0** **(Oct. 24 - 25)**

McLean, Virginia

> Nicole Hoffman and James Nutland discuss the MIRE ATT&CK framework in “One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK.” Even though ATT&CK has become an industry standard for cyber threat intelligence reporting, all too often, techniques are thrown at the bottoms of reports and blogs without any context never to be seen again after dissemination. This is not useful for intelligence producers or consumers. In this presentation, Nicole and James will show analysts how to use ATT&CK as a guideline for creating a contextual knowledge base for adversary tracking.

**Most prevalent malware files from Talos telemetry over the past week**

**SHA 256:** d5219579eec1819d52761730a72ce7a95ee3f598fcfd9a4b86d1010ea103e827  
**MD5:** bf357485cf123a72a46cc896a5c4b62d  
**Typical Filename:** bf357485cf123a72a46cc896a5c4b62d.virus  
**Claimed Product:** N/A  
**Detection Name:** W32.Auto:d5219579ee.in03.Talos

**SHA 256:** 1fa0222e5ae2b891fa9c2dad1f63a9b26901d825dc6d6b9dcc6258a985f4f9ab  
**MD5:** 4c648967aeac81b18b53a3cb357120f4  
**Typical Filename:** iptjqbjtb.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::1201

**SHA 256:** 975517668a3fe020f1dbb1caafde7180fd9216dcbf0ea147675ec287287f86aa  
**MD5:** 9403425a34e0c78a919681a09e5c16da  
**Typical Filename:** vincpsarzh.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91  
**MD5:** 7bdbd180c081fa63ca94f9c22c457376  
**Typical Filename:** c0dwjdi6a.dll  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.33515991

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

A secondhand account of the worst possible timing for a scammer to strike

And the first case on the docket may well be Russia’s cyberattacks against civilian critical infrastructure in Ukraine.

For years, some cybersecurity defenders and advocates have called for a kind of Geneva Convention for cyberwar, new international laws that would create clear consequences for anyone hacking civilian critical infrastructure, like power grids, banks, and hospitals. Now the lead prosecutor of the International Criminal Court at the Hague has made it clear that he intends to enforce those consequences—no new Geneva Convention required. Instead, he has explicitly stated for the first time that the Hague will investigate and prosecute any hacking crimes that violate existing international law, just as it does for war crimes committed in the physical world.

In a little-noticed article released last month in the quarterly publication _Foreign Policy Analytics_, the International Criminal Court’s lead prosecutor, Karim Khan, spelled out that new commitment: His office will investigate cybercrimes that potentially violate the Rome Statute, the treaty that defines the court’s authority to prosecute illegal acts, including war crimes, crimes against humanity, and genocide.

“Cyber warfare does not play out in the abstract. Rather, it can have a profound impact on people’s lives,” Khan writes. “Attempts to impact critical infrastructure such as medical facilities or control systems for power generation may result in immediate consequences for many, particularly the most vulnerable. Consequently, as part of its investigations, my Office will collect and review evidence of such conduct.”

When WIRED reached out to the International Criminal Court, a spokesperson for the office of the prosecutor confirmed that this is now the office’s official stance. “The Office considers that, in appropriate circumstances, conduct in cyberspace may potentially amount to war crimes, crimes against humanity, genocide, and/or the crime of aggression,” the spokesperson writes, “and that such conduct may potentially be prosecuted before the Court where the case is sufficiently grave.”

Neither Khan’s article nor his office’s statement to WIRED mention Russia or Ukraine. But the new statement of the ICC prosecutor’s intent to investigate and prosecute hacking crimes comes in the midst of growing international focus on Russia’s cyberattacks targeting Ukraine both before and after its full-blown invasion of its neighbor in early 2022. In March of last year, the Human Rights Center at UC Berkeley’s School of Law sent a formal request to the ICC prosecutor’s office urging it to consider war crime prosecutions of Russian hackers for their cyberattacks in Ukraine—even as the prosecutors continued to gather evidence of more traditional, physical war crimes that Russia has carried out in its invasion.

In the Berkeley Human Rights Center’s request, formally known as an Article 15 document, the Human Rights Center focused on cyberattacks carried out by a Russian group known as Sandworm, a unit within Russia’s GRU military intelligence agency. Since 2014, the GRU and Sandworm, in particular, have carried out a series of cyberwar attacks against civilian critical infrastructure in Ukraine beyond anything seen in the history of the internet. Their brazen hacking has ranged from targeting Ukrainian electric utilities and triggering the only two blackouts ever caused by cyberattacks to the release of the data-destroying NotPetya malware that spread from Ukraine to the rest of the world and inflicted more than $10 billion in damage, including to hospital networks in both Ukraine and the United States.

Though the Berkeley group’s submission initially focused on Sandworm’s 2015 and 2016 attacks on Ukraine’s power grid as the clearest example of cyberattacks with physical effects comparable to those of traditional warfare, it later expanded its argument to include Sandworm’s NotPetya cyberattack, as well as a third attempt by the hackers to sabotage Ukraine’s power grid and another cyberattack on the Viasat satellite modem network used by Ukraine’s military, which caused outages of the satellite modems across Europe.

The fact that Khan doesn’t explicitly mention Russia in his article doesn’t actually mean he’s shying away from investigating war crimes carried out by Sandworm or other Russians involved in the Ukraine attacks, says Lindsay Freeman, the Human Rights Center’s director of technology, law, and policy. Instead, she sees the article as a broader statement that hacking activities that violate international law will be considered as part of any investigation the prosecutors carry out. “The fact that he’s not just saying that he’s going to do this in Ukraine, that he’s going to do this in _all_ investigations is really important,” says Freeman. “Seeing that this is the reality of cyberwar now and this is something they, as an office, have to investigate in every single case—that goes beyond what we were pushing for, and it’s a really important and powerful move.”

Ukraine’s government, meanwhile, has already opened its own investigation into Russian war crimes carried out via cyberattacks. Aside from charging any Russian hackers or their superiors in its own court system, evidence from that investigation could now also be provided to the ICC’s prosecutors to aid any case that the Hague prosecutors bring against Russia.

Six of Sandworm’s hackers are already facing an indictment in the United States for hacking crimes related to their cyberattacks targeting Ukraine, as well as the network of the 2018 Winter Olympics in Pyeongchang, Korea. But Freeman points out that charges against Russian hackers at the Hague would have a broader effect: 123 countries are parties to the Rome Statute, and so have agreed to help detain and extradite convicted war criminals. That includes some countries that don’t have extradition treaties with the United States, such as Switzerland and Ecuador. The Hague’s remit also extends not only to the hands-on-keyboards hackers themselves, Freeman notes, but to the command structure above those hackers, opening the possibility of new charges against higher-level officers within Russia’s military or even Russian president Vladimir Putin himself.

In terms of legal precedents, Khan’s statement that the Hague prosecutor’s office will now consider hacking a potential violation of international law is “novel but not surprising,” says Bobby Chesney, director of the Strauss Center for International Security and Law at the University of Texas Law School. “I don’t think anyone who’s serious about international law would dispute that there are at least some circumstances in which intentional harm to civilians can be carried out through cyber means in a way that qualifies as an attack and therefore a violation” of the Rome Statute’s principle that combatants distinguish between civilian and military targets, Chesney says.

Chesney says he was more intrigued to see other parts of Khan’s article that mention disinformation as a separate area of concern and “gray zone” tactics that “operate in the area between war and peace.” As a precedent for sources of disinformation being charged under international law, Chesney points to rare incidents, like radio journalists who were convicted in an international criminal tribunal for helping incite genocide in Rwanda in 1994. Investigating or charging hacking that occurs outside the context of war as a violation of international law, as Khan’s article seems to suggest, would be newer territory.

But the Human Rights Center’s Freeman argues that given the ICC prosecutor’s limited resources and discretion to choose which cases to prosecute, any commitment to examine and potentially charge cyberwar crimes is a historic moment. “Just looking at how cyber is being used in war, and that \[Khan\] sees it in his remit and something worth investigating as a priority within his power of discretion, I think is incredibly important,” she says.

Khan clearly sees the stakes as equally high: He ends his article by quoting (or perhaps misquoting) Albert Einstein’s stated fear that “technology would exceed our humanity.”

“Undoubtedly, we shall be tested,” Khan writes. “But through our common efforts—and above all the belief that we can mobilize the law on these new front lines to deliver justice—we may collectively ensure that a more humane world is forged. The ICC will play its part, now and in years to come.”

The International Criminal Court Will Now Prosecute Cyberwar Crimes

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author.
An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering

Malvertising / Endpoint Security

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called **Atomic Stealer** (or AMOS), indicating that it's being actively maintained by its author.

An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering features were detected in the wild, targeting gamers and cryptocurrency users.

Malvertising via Google Ads has been observed as the primary distribution vector in which users searching for popular software, legitimate or cracked, on search engines are shown bogus ads that direct to websites hosting rogue installers.

The latest campaign involves the use of a fraudulent website for TradingView, prominently featuring three buttons to download the software for Windows, macOS, and Linux operating systems.

"Both the Windows and Linux buttons point to an MSIX installer hosted on Discord that drops NetSupport RAT," Jérôme Segura, director of threat intelligence at Malwarebytes, said.

The macOS payload ("TradingView.dmg") is a new version of Atomic Stealer released at the end of June, which is bundled in an ad-hoc signed app that, once executed, prompts users to enter their password on a fake prompt and harvest files as well as data stored in iCloud Keychain and web browsers.

"Atomic stealer also targets both Chrome and Firefox browsers and has an extensive hardcoded list of crypto-related browser extensions to attack," SentinelOne previously noted in May 2023. Select variants have also targeted Coinomi wallets.

The ultimate goal of the attacker is to bypass Gatekeeper protections in macOS and exfiltrate the stolen information to a server under their control.

The development comes as macOS is increasingly becoming a viable target of malware attacks, with a number of macOS-specific info stealers appearing for sale in crimeware forums in recent months to take advantage of the wide availability of Apple systems in organizations.

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats

Supercharge Your Skills

"While Mac malware really does exist, it tends to be less detected than its Windows counterpart," Segura said. "The developer or seller for AMOS actually made it a selling point that their toolkit is capable of evading detection."

Atomic Stealer is not the only malware propagated via malvertising and search engine optimization (SEO) poisoning campaigns, as evidence has emerged of DarkGate (aka MehCrypter) latching onto the same delivery mechanism.

New versions of DarkGate have since been employed in attacks mounted by threat actors employing tactics similar to that of Scattered Spider, Aon's Stroz Friedberg Incident Response Services said last month.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.

Cybercriminals target graphic designers with GPU miners

Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.

As Meta, the company behind Facebook, continues to develop its generative artificial intelligence tools, you can now request the removal of some of the personal data the company uses to train its AI model. There are a ton of caveats, though.

Earlier this year, CEO Mark Zuckerberg announced plans to build a range of AI features into Meta’s platforms like Facebook, Instagram, and WhatsApp. Despite the popularity of generative AI in Silicon Valley, murky legal questions remain for the technology, and many people are anxious about its rapid advancement.

Want to stop Meta from using all of your info to improve its AI? The company added a new form to one of its help centers titled “Generative AI Data Subject Rights at Facebook.” With this form, you can request that Meta give you access to the third-party data it uses for AI development and that the personal information is deleted. The operative word here is “request.” There’s no guarantee from the company that it’ll delete it, or that it’ll provide you with the information you’re asking for, even if it’s yours.

It’s important to point out that this form does not pertain to the gobs of personal information Meta has already collected from you on its platforms; it only applies to outside data the company may bring in to beef up its generative AI. This outside data could include stuff that’s elsewhere on the internet as well as data purchased from third-party data brokers.

You don’t need to be signed in to a Facebook account to submit the opt-out request. All that Facebook requires is your country of residence, full name, and email address. In my experience, the website was quite glitchy on mobile, and it was easier to fill out the form on my desktop. It took the company over 24 hours to send a basic confirmation email stating it was “reviewing \[my\] request.”

For those in the US, it’s unclear if anything happens at all when you fill out this form. Data privacy laws protecting UK residents make this form more worthwhile for people who live in the UK. “Depending on where people live, they may be able to exercise their data subject rights and object to certain data being used to train our AI models,” said Thomas Richards, a Meta spokesperson, to Gizmodo. Meta did not respond to multiple requests from WIRED to comment on this story.

A company blog post about Meta’s use of personal info to train its AI goes just a little further in detail about its different approaches to personal data collection, but specifics are scant: “In the European region and United Kingdom, we rely on the basis of legitimate interests to collect and process any personal information included in these publicly available and licensed sources to train our generative AI models. For other jurisdictions where applicable, we rely on an adequate legal basis to collect and process this data.”

This opt-out form comes just a few months after European regulators struck Meta with a $1.3 billion fine for misusing data that originated in the UK.

Tag

#intel