The marketing of illegal drugs on open platforms is “gaining prominence,” authorities note, while the number of drug transactions on the darkweb has decreased in recent years.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

For every illegal drug, there is a combination of emojis that dealers and consumers use to evade detection on social media and messaging platforms. Snowflakes, snowfall, and snowmen symbolize cocaine. Love hearts, lightning bolts, and pill capsules mean MDMA, or “molly.” Brown hearts and dragons represent heroin. Grapes and baby bottles are the calling cards for codeine-containing cough syrup, aka “lean.” The humble maple leaf, meanwhile, is the universal symbol for all drugs.

The proliferation of open drug dealing on Instagram, Snapchat, and X—as well as on encrypted messaging platforms Telegram and WhatsApp—has transformed the fabric of illegal substance procurement, gradually making it more convenient, and arguably safer, for consumers, who can receive packages in the mail without meeting people on street corners or going through the rigmarole of the dark web. There is no reliable way to gauge drug trafficking on social media, but the European Union Drugs Agency acknowledged in its latest report on the drivers of European drug sales that purchases brokered through such platforms “appear to be gaining in prominence.”

Initial studies into drug sales on social media began to be published in 2012. Over the next decade, piecemeal studies began to reveal a notable portion of drug sales were being mediated by social platforms. In 2021, it was estimated some 20 percent of drug purchases in Ireland were being arranged through social media. In the US in 2018 and Spain in 2019, a tenth of young people who used drugs appear to have connected with dealers through the internet, with the large majority doing so through social media, according to one small study.

Some dealers these days are even brazen enough to boost their posts and pay for sponsored advertising. “Mushrooms and marijuana used to be hard to get and now they’re being marketed to me in beautiful packaging on Instagram,” says one 34-year-old in Austin, Texas that WIRED spoke to. Dealers ran hundreds of paid advertisements on Meta platforms in 2024 to sell illegal opioids and what appeared to be cocaine and ecstasy pills, according to a report this year by the Tech Transparency Project, and federal prosecutors are investigating Meta over the issue.

“You’re seeing a more sophisticated commoditization of the available marketplaces,” says Adam Winstock, a British consultant psychiatrist and addiction medicine specialist who is also the founder of the Global Drug Survey. The current drug-using younger generation are entirely used to getting everything online, he adds, reflecting the increasing integration of social media in people’s lives. “It’s convenient, \[and\] there’s less chance of violence.”

There are heightened concerns over the presence of super-strength opioids like fentanyl in drugs. But despite some contaminated pills having lethal effects on those who purchased them on the internet, Winstock says that drugs purchased through online networks are subject to “potentially better quality control”—with Telegram channels devoted to discussing the quality of drugs purveyed by certain dealers, and Amazon-style feedback sections within some vendors’ stores. “The question is where in the food chain that they’re cut,” Winstock says.

The menus provided by dealers through messaging apps and on social media are often lengthy and diverse, featuring prized varieties advertised for their purity and sold at significantly lower costs than equivalents available on the streets of London and New York. However, there’s been no formal evaluation of online and street drug sales that can attest to the relative purity and safety of what’s sold in either place—and illegal drugs always come with a safety risk, regardless of where they are bought from.

Even while traditional drug transactions continue to dominate, the apparent rise in sales of drugs through social media has coincided with a steep increase in the average value of transactions on the dark web, amid a fall in the overall number of transactions, according to the UN Office on Drugs and Crime’s 2024 World Drug Report. To the UNODC, this suggests “an increase in wholesale activities” on the dark web—though this could also reflect consumers who buy smaller quantities shifting from the darknet to the clearnet and encrypted messaging apps.

“End users seem to be buying their drugs on the dark web to a lesser extent than in previous years,” the UNODC said in its 2023 report. “Qualitative information provided by people who use social media suggests that the use of such media for drug purchasing purposes has been increasing, especially at the retail level.”

The shifting market trends also bring troubling developments. New and potentially more vulnerable population segments can be reached by exploitative drug dealers as they begin to sell on social platforms and the number of drug consumers in the US and around the world grows. The US Drug Enforcement Administration has warned that because dealers are “no longer confined to street corners and the dark web,” social media users’ posts and inboxes can be peppered by dealers seeking to purvey these addictive and, when misused, harmful drugs. “Social media extends the reach of the Sinaloa and Jalisco cartels directly into drug users’ phones, with potentially fatal consequences,” the DEA said in its 2024 national drug threat assessment report, bemoaning that dealers are more difficult to apprehend online than the streets.

Social media companies are under growing pressure to eradicate drug dealing on their platforms, says Ashly Fuller, a PhD candidate at University College London researching the sale and advertisement of illegal drugs to young people on social media. Data released by social media companies shows that millions of pieces of drug-related content are already taken down every year. (Facebook and Instagram took action against 9.3 million pieces of drug-related content last year, while Snapchat says it did so in 241,227 cases in the second half of 2023.) But these companies’ actions are sometimes indiscriminate. The accounts of organizations promoting drug harm reduction and social media personalities who post content about drugs and psychedelics, but who do not sell them, are being caught in the crossfire of efforts to get a grip on the issue.

A study by Fuller last year indicates that as many as 13 percent social media posts may advertise illegal drugs—underlining the scale of the issue Meta, X, TikTok, and Snapchat have on their hands. Drug sale advertisements could even be increasing in prevalence, according to a forthcoming study by Fuller which was shared with WIRED. She surveyed 1,100 13- to 18-year-olds and found that 60 percent of young people have seen drug-related content on social media (mostly for cannabis and psychedelics, which have been legalized or decriminalized in a few parts of the world). “They’re common enough that young people stumble upon them on TikTok and Instagram.”

In response, social media companies’ algorithms to detect drug-selling behavior are getting smarter and are aggregating images and emojis, Fuller says. “There is an understanding that seeing these ads on social media is correlated to a decreased risk perception, and young people are led to think the drugs are safer.” Of the teenagers she sampled, 10 percent reported purchasing drugs via social media. “Those exposed to drug ads were 17 times more likely to purchase drugs on social media compared to those who had not seen such ads,” she adds.

But according to Meta, no more than 1 in 2,000 views on Facebook is of content that violates its restricted goods policy. Between July and September 2024, Meta says that 96 percent of drug sales content that violated its terms was removed before a user reported it. TikTok, meanwhile, removed 99.5 percent of content violating its policy on alcohol, tobacco, and drugs before it was reported, according to its Community Guidelines Enforcement Report for the second quarter of 2024.

Meta, SnapChat, and TikTok declined to offer an on-the-record statement. X did not respond to requests for comment. A Telegram spokesperson said: “Telegram actively combats misuse of the platform, including for the sale of illicit substances. Moderators, empowered with custom AI and machine learning tools, remove millions of pieces of harmful content each day to keep the platform safe.”

The world’s first internet-facilitated sale, in the early 1970s and on the internet precursor Arpanet, was for an undetermined amount of cannabis. The agreement was between students. Today, strangers may contact you on social media offering drugs to buy. For as many people who believe this is something of a utopian development, you can be sure many more view it as dystopian—especially if the dealers are in fact scammers or selling dodgy goods.

“We were wondering if you will be interested in having a trip with our products,” one Instagram account messaged me recently. On X, meanwhile, posts related to psychedelics are regularly infiltrated by bots directing traffic to dealers. “Virtually all psychedelic post\[s\] are followed by bots selling microdoses,” leading psychedelics researcher Matthew Johnson posted on X in December. “All my blocking & spam reporting seems futile.” An account recently replied to one of my posts, linking to the profile of their apparent boss: “He’s got all Psyche meds & acids.”

Some dealers lurking on social media are even more shady. The drug information organization Pill Report has told of people wiring cash to dealers and getting duped, with nothing sent to them. When one such person interviewed by WIRED sent money for cannabis through a cash transfer app but received nothing in the mail, he reported the account. “It became a threatening match and they sent photos of thugs with guns saying they were going to come for me,” he says.

In a VICE documentary on drug sales on social media, it took the host just 5 minutes to connect with a dealer in London. “Anyone can sell nowadays,” another dealer told the journalist. “You see little kids, 12-year-olds and everything, setting up accounts. It’s easy, isn’t it? You can sit at home, make an account, and make money. Who doesn’t want to do that?” As part of a separate research project, a 15-year-old was able to locate an account selling Xanax tablets in mere seconds on Instagram.

Telegram’s drug markets remain somewhat complicated to access for the average person, but are still far easier to access than those on the darknet. “The problem with darknet markets is that you need to install Tor, get a PGP, and have cryptocurrencies,” says Francois Lamy, an associate professor at Mahidol University in Thailand who researches the sociology of drug use. “It’s a little bit more difficult to navigate. With Telegram, you type a few keywords, and there you go. You can find everything.”

When the Telegram founder Pavel Durov was arrested outside of Paris, France, in August, prosecutors cited the scale of drug trafficking on the platform as part of the justification. The next month, a new Telegram user policy was introduced to “discourage criminals” and hand over the data of users who are accused of illegal behavior on the platform by authorities with search warrants. “While 99.999% of Telegram users have nothing to do with crime, the 0.001% involved in illicit activities create a bad image for the entire platform, putting the interests of our almost billion users at risk,” Durov said in a statement at the time.

But experts warn that any increased enforcement on Telegram will simply cause dealers to go elsewhere, disrupting a market that has largely established itself as a safer source of drugs. “If one supply avenue is closed by enforcement, another is soon found to replace it,” says Steve Rolles, senior policy analyst at the Transform Drug Policy Foundation, a UK-based NGO. “Enforcement has, somewhat ironically, actually accelerated these innovations—driving the evolution of ever more sophisticated sales models. The only way such markets can be defeated in the longer term is to replace them through legal regulation.”

Drug Dealers Have Moved Onto Social Media

## Summary 

### ASA-2024-0012
Name: ASA-2024-0012,  Transaction decoding may result in a stack overflow
Component: Cosmos SDK
Criticality: High (Considerable Impact, and Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md))
Affected versions: cosmos-sdk versions <= v0.50.10, <= v0.47.14
Affected users: Chain Builders + Maintainers, Validators, node operators

### ASA-2024-0013
Name: ASA-2024-0013: CosmosSDK: Transaction decoding may result in resource exhaustion  
Component: Cosmos SDK
Criticality: High (Considerable Impact, and Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md))
Affected versions: cosmos-sdk versions <= v0.50.10, <= v0.47.14
Affected users: Chain Builders + Maintainers, Validators, node operators



### Impact

### ASA-2024-0012

When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet.

### ASA-2024-0013

Nested messages in a transaction can consume exponential cpu and memory on `UnpackAny` calls.  The`max_tx_bytes` sets a limit for external TX but is not applied for internal messages emitted by wasm contracts or a malicious validator block. This may result in a node crashing due to resource exhaustion.  This was addressed by adding additional validation to prevent this condition.


### Patches

The issues above are resolved in Cosmos SDK versions v0.47.15 or v0.50.11.
Please upgrade ASAP.

### Timeline for ASA-2024-0012

* October 1, 2024, 12:29pm UTC: Issue reported to the Cosmos Bug Bounty program
* October 1, 2024, 2:47pm UTC: Issue triaged by Amulet on-call, and distributed to Core team
* December 9, 2024, 11:13am UTC: Core team completes patch for issue
* Dec 14, 2024,16:00 UTC: Pre-notification delivered
* Dec 16, 2024, 16:00 UTC: Patch made available

This issue was reported to the Cosmos Bug Bounty Program on HackerOne on October 1, 2024.

### Timeline for ASA-2024-0013

* October 19, 2024, 8:12pm UTC: Issue reported to the Cosmos Bug Bounty program
* October 19, 2024, 8:28pm UTC: Issue triaged by Amulet on-call, and distributed to Core team
* December 11, 2024, 3:31pm UTC: Core team completes patch for issue
* Dec 14, 2024, 16:00 UTC: Pre-notification delivered
* Dec 16, 2024, 16:00 UTC: Patch made available

This issue was reported by LonelySloth to the Cosmos Bug Bounty Program on HackerOne on October 19, 2024. 


If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.

If you have questions about Interchain security efforts, please reach out to our official communication channel at [security@interchain.io](mailto:security@interchain.io).  For more information about the Interchain Foundation’s engagement with Amulet, and to sign up for security notification emails, please see https://github.com/interchainio/security.  

**Summary****ASA-2024-0012**

Name: ASA-2024-0012, Transaction decoding may result in a stack overflow  
Component: Cosmos SDK  
Criticality: High (Considerable Impact, and Possible Likelihood per ACMv1.2)  
Affected versions: cosmos-sdk versions <= v0.50.10, <= v0.47.14  
Affected users: Chain Builders + Maintainers, Validators, node operators

**ASA-2024-0013**

Name: ASA-2024-0013: CosmosSDK: Transaction decoding may result in resource exhaustion  
Component: Cosmos SDK  
Criticality: High (Considerable Impact, and Possible Likelihood per ACMv1.2)  
Affected versions: cosmos-sdk versions <= v0.50.10, <= v0.47.14  
Affected users: Chain Builders + Maintainers, Validators, node operators

**Impact****ASA-2024-0012**

When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet.

**ASA-2024-0013**

Nested messages in a transaction can consume exponential cpu and memory on UnpackAny calls. Themax_tx_bytes sets a limit for external TX but is not applied for internal messages emitted by wasm contracts or a malicious validator block. This may result in a node crashing due to resource exhaustion. This was addressed by adding additional validation to prevent this condition.

**Patches**

The issues above are resolved in Cosmos SDK versions v0.47.15 or v0.50.11.  
Please upgrade ASAP.

**Timeline for ASA-2024-0012**

*   October 1, 2024, 12:29pm UTC: Issue reported to the Cosmos Bug Bounty program
*   October 1, 2024, 2:47pm UTC: Issue triaged by Amulet on-call, and distributed to Core team
*   December 9, 2024, 11:13am UTC: Core team completes patch for issue
*   Dec 14, 2024,16:00 UTC: Pre-notification delivered
*   Dec 16, 2024, 16:00 UTC: Patch made available

This issue was reported to the Cosmos Bug Bounty Program on HackerOne on October 1, 2024.

**Timeline for ASA-2024-0013**

*   October 19, 2024, 8:12pm UTC: Issue reported to the Cosmos Bug Bounty program
*   October 19, 2024, 8:28pm UTC: Issue triaged by Amulet on-call, and distributed to Core team
*   December 11, 2024, 3:31pm UTC: Core team completes patch for issue
*   Dec 14, 2024, 16:00 UTC: Pre-notification delivered
*   Dec 16, 2024, 16:00 UTC: Patch made available

This issue was reported by LonelySloth to the Cosmos Bug Bounty Program on HackerOne on October 19, 2024.

If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.

If you have questions about Interchain security efforts, please reach out to our official communication channel at security@interchain.io. For more information about the Interchain Foundation’s engagement with Amulet, and to sign up for security notification emails, please see https://github.com/interchainio/security.

**References**

*   GHSA-8wcc-m6j2-qxvm
*   cosmos/cosmos-sdk@c6b1bdc
*   https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.15
*   https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.11

GHSA-8wcc-m6j2-qxvm: ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion 

The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.

Vichai Levy, Vice President of R&D, Overseeing Architecture, Protegrity 

December 16, 2024

4 Min Read

Source: Aleksei Gorodenkov via Alamy Stock Photo

COMMENTARY

We often think of high-risk industries like finance or healthcare when considering the risks of data being targeted and exfiltrated. However, the education industry and its infrastructure — which require personal identifiable information (PII) — are often overlooked.

For many, this exchange of PII for goods and services (in this case, enrolling in school) may not seem worrisome. But for K-12 students, it's a potentially early introduction to cybercrime and its damages.

With some schools already under cyber threat, the urgency of reevaluating data protection strategies becomes increasingly clear.

**Identity Theft Before High School**

In 2023, educational institutions saw increased data breach activity. For many adults, the reality of data breaches is well-known and often just a part of daily life — don't click on suspicious links, enable credit monitoring, and be wary of scam calls. This is a faraway concept for younger students in K-12 schools, yet their data is some of the most vulnerable.

One vulnerability in an application used across the education sector can have a huge attack surface for these students. For example, schools use apps and online resources to support teaching materials. Still, educators can't ensure these vendors are appropriately safeguarding the PII, such as names and emails. Examples like Los Angeles Unified School District and its experience with a chatbot named "Ed." On the surface, Ed was meant to be a personal assistant to the district's students and used their data. However, when the bot's startup company, AllHere, went dark and the chatbot disappeared, questions remained regarding where precisely the student data went.

Schools across the United States are well into their school year, meaning parents have already provided shot records, medical history, and other sensitive information regarding their children. That information is stored across school servers, possibly even in third-party databases like AllHere's chatbot.

These parents of K-12 students may be unknowingly giving threat actors the information they need to steal their child's identity before they ever enter college.

Tucson Unified School District experienced its own run-in with cybercriminals and ransomware in 2023 when the ransomware group Royal extorted what they claimed to be all student personal information — including passports, Social Security numbers, birth certificate information, and more.

Research from Comparitech shows that data breaches have affected more than 37.6 million records across K-12 schools and higher education since 2005. Between 2018 and 2021, 61% of targeted institutions in the United States education sector were K-12 schools. While more records were affected in ransomware attacks targeting universities and colleges, this interest in our youth's data highlights their vulnerability to cyberattacks.

Instances like the Tucson incident are not as rare as many educators and parents would hope. Our youth, lacking the same access or abilities to monitor their credit or make informed decisions after cyber events, are particularly vulnerable. The full effects of a successful ransomware attack like the one Tucson Unified School District experienced can be devastating for the incredibly vulnerable student demographic.

**Misconceptions Regarding Data Thieves**

We've reached record-breaking ransomware attacks in 2024, and our data across all industries is at risk. However, the inundation of data breaches and data theft paired with daily organizational demand for consumer data has created an interesting phenomenon: Consumers don't trust their data will ever be secured.

Cybercriminals are opportunistic and self-serving, often looking for the easiest way to steal valuable information they can exfiltrate and extort for money. They are exploiting vulnerabilities and pushing out phishing campaigns to steal data for their own benefit, but this behavior doesn't just affect adults.

While historically the education sector has not been a priority target for these groups, the outbreak of 2023 highlights a new reality. Threat actors are becoming more aggressive in their methods, and data protection across K-12 and higher education institutions must be prioritized moving forward.

**Preventing Data Theft in the Education Sector**

Higher and lower education organizations have reported increasing ransomware attack rates starting in 2021 according to the "2024 Sophos State of Education" report.

The same report also shows attacks across both lower and higher education institutions are becoming more dangerous:

*   Eighty-five percent of ransomware attacks in lower education institutions and 77% of higher education organizations in the last year ended in threat actors encrypting the school's data.
    
*   Across lower and higher education organizations, the cost of recovery from these attacks doubled and quadrupled in 2024 compared with 2023.
    
*   Most worryingly, the education sector is the least likely to report data theft from cyberattacks, with lower education facilities tied with the healthcare industry at 22% reporting.
    

While creating an impenetrable defense is impossible, current strategies rely on creating barriers like firewalls, intrusion detection systems, and regular security audits that are proving inadequate against sophisticated threats. The education sector must reassess its data security.

The education sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment. By doing so, schools and universities can mitigate identity theft and ransomware risks, ensuring data security for students and faculty. Moving forward, it is crucial for the education sector to recognize its vulnerability and take proactive steps to strengthen its defenses, protecting the future of our children and educators.

**About the Author**

Vice President of R&D, Overseeing Architecture, Protegrity 

Vichai Levy currently serves as the Vice President of Research and Development at Protegrity. He is an experienced software engineer with over two decades in the field, and a career rooted in creating impactful and resilient technology. Levy specializes in designing, developing, and implementing enterprise data security solutions driven by passion for innovation and robust software design.

The Education Industry: Why Its Data Must Be Protected

Task scams are a new type of scams where victims are slowly tricked into paying to get paid for repetitive simple tasks

An unfamiliar type of scam has surged against everyday people, with a year-over-year increase of some 400%, putting job seekers at risk of losing their time and money.

The emerging threat is delivered in “task scams” or “gamified job scams.” While these scams were virtually non-existent in 2020, the FTC reported 5,000 cases in 2023 and a whopping 20,000 cases in the first half of 2024.

In these scams, online criminals prey on people looking for remote jobs by offering them simple repetitive tasks such as liking videos, optimizing apps, boosting product interest, or rating product images. These tasks are usually organized in sets of 40 tasks that will take the victim to a “next level” once they are completed.

Sometimes the victim will get a so-called double task that earns a bigger commission. The trick is that the scammers will make the victim think they are earning money to raise trust in the system. The money can be fake and only displayed in the system, but some victims report actually receiving small sums.

But at some point, the scammers will tell the victims, they have to make a deposit to get the next set of tasks or get your earnings out of the app. So, victims are likely to make that deposit, or all their work will have been for naught.

Scammers use cryptocurrency like USDT (a digital stable-coin with a value tied to the value of the US dollar) to make their payments.

Task scams typically begin with unsolicited text messages or messages via platforms like WhatsApp, Telegram, or other messaging apps. These messages often come from unknown numbers or profiles that may appear professional to gain trust. Reportedly, these scams like to impersonate legitimate companies such as Deloitte, Amazon, McKinsey and Company, and Airbnb.

Scammers count on the urge that victims do not want to “cut their losses” and will try to pull victims in even deeper, sometimes inviting them into groups where newcomers can learn and hear success stories from (fake) experienced workers.

**How to avoid task scams**

Once you know the red flags, it is easier to shy away from task scams.

*   Do not respond to unsolicited job offers via text messages or messaging apps.
*   Never pay to get paid.
*   Verify the legitimacy of the employer through official channels.
*   Don’t trust anyone who offer to pay for something illegal such as rating or liking things online.

It’s also important to keep in mind that legitimate employers do not ask employees to pay for the opportunity to work. And as with most scams, if it sound to good to be true, it probably is.

If you run into a task scam, please report them to the FTC at ReportFraud.ftc.gov.

 Task scams surge by 400%, but what are they? 

The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

_The original version of_ _this story_ _appeared in Quanta Magazine._

For thousands of years, if you wanted to send a secret message, there was basically one way to do it. You’d scramble the message using a special rule, known only to you and your intended audience. This rule acted like the key to a lock. If you had the key, you could unscramble the message; otherwise, you’d need to pick the lock. Some locks are so effective they can never be picked, even with infinite time and resources. But even those schemes suffer from the same Achilles’ heel that plagues all such encryption systems: How do you get that key into the right hands while keeping it out of the wrong ones?

The counterintuitive solution, known as public key cryptography, relies not on keeping a key secret but rather on making it widely available. The trick is to also use a second key that you never share with anyone, even the person you’re communicating with. It’s only by using this combination of two keys—one public, one private—that someone can both scramble and unscramble a message.

To understand how this works, it’s easier to think of the “keys” not as objects that fit into a lock, but as two complementary ingredients in an invisible ink. The first ingredient makes messages disappear, and the second makes them reappear. If a spy named Boris wants to send his counterpart Natasha a secret message, he writes a message and then uses the first ingredient to render it invisible on the page. (This is easy for him to do: Natasha has published an easy and well-known formula for disappearing ink.) When Natasha receives the paper in the mail, she applies the second ingredient that makes Boris’ message reappear.

In this scheme, anyone can make messages invisible, but only Natasha can make them visible again. And because she never shares the formula for the second ingredient with anyone—not even Boris—she can be sure the message hasn’t been deciphered along the way. When Boris wants to receive secret messages, he simply adopts the same procedure: He publishes an easy recipe for making messages disappear (that Natasha or anyone else can use), while keeping another one just for himself that makes them reappear.

In public key cryptography, the “public” and “private” keys work just like the first and second ingredients in this special invisible ink: One encrypts messages, the other decrypts them. But instead of using chemicals, public key cryptography uses mathematical puzzles called trapdoor functions. These functions are easy to compute in one direction and extremely difficult to reverse. But they also contain “trapdoors,” pieces of information that, if known, make the functions trivially easy to compute in both directions.

One common trapdoor function involves multiplying two large prime numbers, an easy operation to perform. But reversing it—that is, starting with the product and finding each prime factor—is computationally impractical. To make a public key, start with two large prime numbers. These are your trapdoors. Multiply the two numbers together, then perform some additional mathematical operations. This public key can now encrypt messages. To decrypt them, you’ll need the corresponding private key, which contains the prime factors—the necessary trapdoors. With those numbers, it’s easy to decrypt the message. Keep those two prime factors secret, and the message will stay secret.

Illustration: Mark Belan/_Quanta Magazine_

The foundations for public key cryptography were first discovered between 1970 and 1974 by British mathematicians working for the U.K. Government Communications Headquarters, the same government agency that cracked the Nazi Enigma code during World War II. Their work (which remained classified until 1997) was shared with the US National Security Agency, but due to limited and expensive computing capacity, neither government implemented the system. In 1976, the American researchers Whitfield Diffie and Martin Hellman discovered the first publicly known public key cryptography scheme, influenced by the cryptographer Ralph Merkle. Just a year later, the RSA algorithm, named after its inventors Ron Rivest, Adi Shamir and Leonard Adleman, established a practical way to use public key cryptography. It’s still in wide use today, a fundamental building block of the modern internet, enabling everything from shopping to web-based email.

This two-key system also makes possible “digital signatures”—mathematical proof that a message was generated by the holder of a private key. This works because private keys can be used to encrypt messages too, not just decrypt them. Of course, this is useless for keeping messages secret: If you used your private key to scramble a message, anyone could just use the corresponding public key to unscramble it. But it does prove that you, and only you, created the message, since as the holder of the private key, only you could have encrypted the message. Cryptocurrencies like bitcoin couldn’t exist without this idea.

If two cryptographic keys instead of one is so effective, why did it take millennia to discover? According to Russell Impagliazzo, a computer scientist and cryptography theorist at the University of California, San Diego, the concept of a trapdoor function just wasn’t useful enough before the invention of computers.

“It’s a matter of technology,” he said. “A person in the 19th century thought of encryption as being between individual agents with military intelligence in the field—literally, in a field with guns firing. So if your first step is ‘pick two 100-digit prime numbers to multiply together,’ the battle is going to be over before you do that.” If you reduce the problem to something a human can do quickly, it’s not going to be terribly secure.

But while computers helped make public key cryptography possible, they’ve also created cracks in its armor. In 1994, the mathematician Peter Shor discovered a way for quantum computers to efficiently reverse the trapdoor functions that underlie most current public key cryptography systems, including prime factorization. This algorithm, if implemented, would act like an all-purpose “reappearing ink,” capable of making any invisible message reappear. Goodbye, internet security.

Luckily, quantum computers themselves are “still in the ENIAC phase,” Impagliazzo said, referring to the room-size machine built for the US Army in 1945. By the time quantum computers become sophisticated enough to pose a real threat to public key cryptography, its original trapdoor functions could be replaced by “quantum-safe” versions called lattice problems. Of course, this new computational “ink” may also become susceptible to attack in the future. But that’s the great thing about public key cryptography: As long as we can find new functions to use, we can just keep reinventing the wheel. Or in this case, the key.

_Original story_ _reprinted with permission from Quanta Magazine, an editorially independent publication of the_ _Simons Foundation_ _whose mission is to enhance public understanding of science by covering research developments and trends in mathematics and the physical and life sciences._

The Simple Math Behind Public Key Cryptography

The white supremacist Robert Rundo faces years in prison. But the “Active Club” network he helped create has proliferated in countries around the world, from Eastern Europe to South America.

American neo-Nazi Robert Rundo’s six-year “battle with the feds”—a fight that spans two dismissals, three appellate reversals, and an extradition and deportation from at least two countries—concludes today with his sentencing to federal prison for attacking ideological opponents at political rallies across California in 2017.

Along with several members of the Rise Above Movement, a fight club-cum-street gang Rundo cofounded with fellow extremist Ben Daley in Southern California during the peak of the alt-right movement, Rundo was convicted on 2018 charges of conspiracy to violate the federal Anti-Riot Act for training and planning a series of attacks on political opponents at rallies across California and Unite the Right in Virginia the year prior. While Rundo may be locked behind bars for years, the movement he created is running wild around the globe.

In the interceding years since his initial arrest, indictment, imprisonment, and flight from the US after his case was initially dismissed in 2019, Rundo helped mastermind an international network of RAM clones known as “Active Clubs.” A transnational alliance of far-right fight clubs that closely overlap with skinhead gangs and neofascist political movements in North America, Europe, the Antipodes, and South America, the Active Club network is proliferating internationally. There are dozens of Active Clubs in the United States, United Kingdom, Ireland, France, Germany, Holland, Scandinavia, Australia, and Colombia, according to the groups’ presence on Telegram and extremism researchers.

Seemingly harmless from the outside, Active Clubs are small groups of young men who go on hikes, train in combat sports, weight-lift, and build camaraderie—all part of the Rise Above Movement’s original program. But the darkness is in the details: The groups’ membership often overlaps with other extremist organizations like Patriot Front, criminal skinhead groups like the Hammerskins, and other violent extremists in foreign nations. Some US-based Active Clubs are branching out into political intimidation and violence, like the Rise Above Movement before them.

“I definitely do believe that in the future there needs to be a mass movement, a mass organization, but when it comes for that, do you really want a bunch of guys coming strictly from the online world to come join a mass movement without having any experience or skills?” Rundo said in a video posted online shortly before his March 2023 arrest in Bucharest, Romania. “Active clubs are a great local way to start guys off as they come from the online world into the real world, to learn actual skills.”

Hannah Gais, a senior research analyst at the Southern Poverty Law Center who has long researched Rundo and his associates, says the Active Club model stands out for its low barrier to entry, emphasis on positive community building to draw new blood from outside of extremist circles, and a ready-made international network. “The model has really made it easier to facilitate those transnational connections,” Gais says. “If you’re not an organization, then you can network with whoever you want.”

The Active Club network is seeing expanded breadth and growing significance in street politics (American members appeared alongside foreign counterparts at extreme right-wing demonstrations in Paris this May and Warsaw this fall), a fact emphasized by US prosecutors in their filing seeking prison time for Rundo. Federal attorneys scoured Rundo’s media output—which is considerable, ranging from a series of far-right “influencer” Telegram channels to the Media2Rise propaganda outlet that he ran in conjunction with stateside followers and members of Patriot Front—for their explanation of how seemingly innocuous fitness organizations like Active Clubs serve as vehicles for radicalization.

In a November 26 sentencing memorandum, prosecutors flagged Rundo’s description of the Active Cub network as “brush fire effect” that will be difficult for authorities to stamp out “because these clubs are generally small and local, helping to shield it from infiltrators and broader law enforcement actions.”

The Active Club ideology also leans heavily on young male grievances against a world that supposedly singles them out in favor of people of color and LGBTQ+ youth. “Defendant lamented that ‘\[b\]oy scouts no longer teach boys how to be men, instead softening them up, discouring \[sic\] any forms of competition, accepting girls, and promoting LGBT values,’ and encouraged Active Clubs to ‘put out propaganda’ to ‘let\[\] our own know the fight is not over,’ the government’s filing reads.

The Active Club network was not Rundo’s creation alone: He came up with the idea along with Denis Nikitin, a German-Russian neo-Nazi who started out as a soccer hooligan before moving into combat sports as a fighter, promoter, and organizer of far-right tournaments. According to exhibits filed by US prosecutors, Nikitin counseled Rundo on how to flee the US in 2018 while dodging what he believed to be his first arrest warrant, and sought to smuggle him into Ukraine with the assistance of the Azov Movement (a neo-Nazi political movement that has its own paramilitary forces integrated with the Ukrainian military and organizes with other similar extremist groups across Europe) and its allies in that country’s security services. Nikitin is not currently charged with an offense by the United States government.

Nikitin, whose legal surname is Kapustin, is one of Europe’s most influential neo-Nazi activists, starting out small with fight club events held in backwater Russian cities among amateurs from soccer hooligan and skinhead groups. In 2012, Nikitin’s MMA tournament promotion vehicle, White Rex, ran its first tournament outside Russia, in Kyiv. Soon Nikitin was hosting tournaments in Italy, Hungary, France, Germany, Greece, and elsewhere.

Nikitin also got his hands dirty. He allegedly participated in the hooligan riot during Russia’s 2016 European Championship clash with England in Marseille and trained British Nazis in armed combat tactics in 2014 at camps in England and Wales, as well as Swiss extremists in 2017. In 2019, he was reportedly banned from the European Union’s Schengen Zone for promoting extremism in several countries.

Nikitin currently leads a volunteer combat battalion of far-right wing extremists in association with Ukrainian command that spearheaded a surprise assault on Russia’s Kursk region earlier this year.

Since Rundo and Kapustin coined the concept of an Active Club in 2021 on an eponymous podcast, the neo-Nazi fight clubs have proliferated throughout Western Europe, Australia, and the United States, and are currently the preeminent organizing model for far-right streetfighters. Their members have been involved in political violence in the US and France, have been banned and arrested in Germany, and are a growing concern for UK and Irish law enforcement as the place of their recruiting has skyrocketed following this summer's riots.

Michael Vandelune, a research fellow at the American Counterterrorism Targeting & Resilience Institute, has long studied transnational networking by neo-fascist groups, including Rundo’s relationship with Nikitin. “Rundo was building on the Eastern European emphasis on hypermasculinity and physical fitness, and in many ways, he was a perfect Western mouthpiece for Nikitin and similar peoples’ ideas,” Vandelune says. Rundo’s devotion to Nikitin is apparent: While getting RAM off the ground, he repeatedly cited Nikitin’s white-nationalist clothing brand and MMA promotion company White Rex as inspiration, and got the company’s logo tattooed on his shin in 2018.

Along with members of the Azov Movement’s 3rd Assault Battalion who have been integrated into the regular units of Ukraine military intelligence directorate (HUR), Nikitin hosted a September conference in Lviv that gathered representatives from extreme right-wing organizations across Europe for a strategy conference. Italian fascist organization Casapound, which Rundo visited in 2018 and views as an exemplar, sent a representative, as did Germany’s openly neo-Nazi party Dritte Weg (Third Way).

Patrick Macdonald, a Canadian known as ‘Dark Foreigner’ who allegedly produced the neo-Nazi group Atomwaffen Division’s eyecatching signature far-right propaganda at the end of the last decade, did the same work for the Active Club network, according to testimony given during his trial in Ottawa this month (Macdonald has plead not guilty to several charges, including participating in terrorist activity). Last year, the Canadian Anti-Hate Network identified Macdonald as a participant in Canada’s Active Club.

Outside of North America, the Active Clubs have proliferated most widely in France, the first European country to start such an organization. There are currently at least 50 such organizations in operation across the country, from Normandy to Provence and the Swiss border.

Sébastien Bourdon, a French journalist with Le Monde’s video investigations unit who authored a forthcoming book on that country’s far-right, says Active Clubs are the fastest-expanding facet of far-right militancy in France.

“When they launched the first Active Club in France in early 2022, within a few months they had 10 to15 groups. That’s already quite a lot. The fact that within two years they’ve grown from 15 groups to 50-plus groups throughout the country is mad,” Bourdon says. “Historically, most far-right groups in France have been active in big cities like Paris, Lyon, but if you look at some of the places they claim, some of them I’ve never heard of before.”

In France, where far-right street violence has a decades-long history despite authorities’ attempts to ban and dissolve organized groups, Bourdon says Active Clubs have proved effective at dodging legal crackdowns while appearing to have carried out acts of violence including an attack on an asylum center near Nantes last year. At least one founding member of the Active Club in Lyon has gone on to fight in Ukraine alongside other far-right volunteers.

As for Rundo, he will likely spend years in prison—a place he’s been before. He previously served nearly two years for stabbing a rival gang member in Flushing Queens in 2009. While he did radicalize during his stint at New York’s Greene Correctional Facility, starting a small white power gang, Rundo’s forthcoming prison term will mark his first federal term as a certified domestic extremist. But it remains unlikely that federal lockup will change his ideologies.

Rundo “has not renounced the violent extremist ideology that motivated that conduct,” US prosecutors wrote in their sentencing memo. It’s also likely that Rundo will hold out for help from a friendlier government.

Prior to the US election in November, Rundo urged his supporters to vote for Donald Trump specifically in the hope that the Republican president-elect would pardon him and other extremists who plead guilty to federal crimes. Since the election, there has been a sustained pardon campaign from corners of the far-right internet, which is a possibility since Rundo will be serving time in a federal prison when the incoming administration is sworn in this January.

As the Mastermind of Far-Right ‘Active Clubs’ Goes to Prison, His Violent Movement Goes Global

You are not alone, ChatGPT and Sora AI are down worldwide. OpenAI says it is aware of the…

You are not alone, ChatGPT and Sora AI are down worldwide. OpenAI says it is aware of the issue and working on a fix.

ChatGPT, the popular AI-powered chatbot from OpenAI, is currently experiencing a global outage. This includes other OpenAI products like the recently launched video generation model Sora and the company’s API.

While the cause of the outage remains unknown, OpenAI has acknowledged the issue and is working on a fix. The outage began around 3:17 PM PST on December 11th, 2024. Users visiting ChatGPT’s website (chatgpt.com) were initially greeted with a message stating:

> _“ChatGPT is currently unavailable. Status: Identified – We have reports of API calls returning errors, and difficulties logging in to platform.openai.com and ChatGPT. We have identified the issue and are working to roll out a fix.”_

This message was later updated to simply state that ChatGPT is unavailable and a fix is being worked on.

Screenshot from ChatGPT’s status page (Credit: Hackread.com

Given its massive user base of over 200 million weekly active users, ChatGPT is a prime target for cyberattacks. In February 2024, a group called Anonymous Sudan **claimed** responsibility for a DDoS attack that coincided with another service outage. OpenAI hasn’t confirmed whether the current outage is due to a similar attack.

The service disruption came the same day when META’s Facebook, WhatsApp and Instagram faced similar connectivity issues and went offline worldwide. Nevertheless, if you rely on ChatGPT, keep an eye on the **official status page** for updates. This article will also be updated as soon as more information becomes available.

Sora and ChatGPT Currently Down Worldwide: OpenAI Working on a Fix

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Source: B Christopher via Alamy Stock Photo

NEWS BRIEF

The US government unsealed charges yesterday against a Chinese national who allegedly broke into approximately 81,000 of Sophos firewall devices around the world in 2020.

Guan Tianfeng, also known as gbigmao and gxiaomao, was charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Tianfeng has also been accused of developing and testing a zero-day security vulnerability used to conduct the Sophos attacks.

The zero-day vulnerability in question is tracked as CVE-2020-12271 and has a CVSS score of 9.8, a critical SQL injection flaw that could allow a threat actor to achieve remote code execution (RCE).

A federal arrest warrant was issued for Tianfeng in the US District Court, Northern District of Indiana, Hammond Division, and it is believed that he is currently residing in Sichuan Province, China.

The Rewards for Justice Program through the US Department of State is offering an award of up to $10 million for information on Tianfeng and the offices he worked out of, Sichuan Silence Technology Company Ltd., as well as associated individuals and their malicious activity.

"The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world," said Assistant Attorney General for National Security Matthew Olsen, in a press release. "The Department of Justice will hold accountable those who contribute to the dangerous ecosystem of China-based enabling companies that carry out indiscriminate hacks on behalf of their sponsors and undermine global cybersecurity."

Any tips or information can be made with the FBI via WhatsApp, Signal, Telegram, or tips.fbi.gov.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

Several recent schemes were uncovered involving poker players at casinos allegedly using miniature cameras, concealed in personal electronics, to spot cards. Should players everywhere be concerned?

Matt Berkey was becoming suspicious.

Berkey, a 42-year-old poker pro known for his presence in some of the highest-stakes cash games in Las Vegas, was playing in a well-known casino poker room over the summer. One player in the game who wasn’t particularly familiar to Berkey and other regulars at the table, but who was believed to be an amateur based on his play style, was displaying some strange behavior.

For one, the player was wearing earbuds—typically a no-no in these kinds of semi-private games where many players have existing friendships.

“Nobody has headphones on during our games,” Berkey says. “The player in question had headphones in, so that’s already a bit off.”

The player’s style of play also raised some alarms.

Texas Hold’em, the game being played, features two individual cards dealt to each player, plus five community cards dealt in stages to the center of the table. Players combine their own cards with the community cards to make the best possible five-card poker hand. There are four rounds of betting: One before any communal cards are dealt, one after the first three communal cards are spread at once (the part of the game known as “the flop”), one after the fourth communal card (“the turn”), and one more after the fifth and final communal card (“the river”).

Berkey noticed that, despite presenting as an amateur who was clearly the least skilled player at the table, the suspicious player never seemed to lose on the river. When he was in a hand that reached that point, he always either folded or showed the winning hand—one of the first red flags seasoned poker players have come to recognize in suspected cheating situations. As the thinking goes, cheaters with knowledge of their opponents’ cards prefer to wait until all communal cards are dealt before making large bets, allowing them to do so with perfect information about who holds the best hand, which often isn’t certain until that final card.

“Playing all rivers perfectly over an eight-hour sample—that’s an anomaly that isn’t really statistically possible, especially from a recreational player,” Berkey says. “When you start to see things that don’t add up, like the least skilled player in the game never showing down a losing hand, that kind of begins to trigger your suspicions.”

The player also had his phone and earbuds case arranged around him, with the case on the felt and his phone on the rail that runs along the table’s edge. While occasional phone usage at poker tables is normal, that kind of arrangement is unusual and is even something many casinos have guarded against for years. Berkey began to wonder if this game was falling victim to a new cheating scheme that word had been spreading about in high-stakes circles for months: Hidden cameras placed at felt level, capturing the faces of cards as they’re dealt and transmitting that intel to an accomplice, who then relays it back to the player at the table through an earpiece.

Berkey also noticed that the player always seemed to sit in the seats directly to the left of the casino’s dealer, even across multiple days and playing sessions. That furthered suspicions, as the rumored cheating method required a player to be in these seats to maximize camera visibility.

Berkey says he quietly alerted other regulars of his suspicions, and the game eventually broke down, but not before the player had made enormous profits. “Not just for his skill level but for the stakes he was playing,” Berkey says. “He was up hundreds of thousands of dollars playing a $10,000 buy-in game.”

Berkey says he and the other regulars in the game flagged the incident to casino staff, but they are unsure what, if any, action was taken. Security for the casino declined to comment on this incident.

Several other such incidents involving the same suspected cheating method have been rumored in various locations over the past 18 months, including one other instance WIRED verified independently. (Specific casinos where these incidents are alleged are not being named in this story to protect the safety of players who confirmed the incidents occurred.) This form of cheating is now a known concern to high-stakes poker players everywhere.

But each of these rumored incidents has lacked a “smoking gun”—proof of the measures, methods, and equipment the cheaters were using to see the cards being dealt. That is, until recently. A breaking case in France has provided revealing new evidence, fueling concerns that this cheating method is rampant around the globe and may be more advanced than anyone had assumed.

What kinds of modern technology can facilitate such a scheme? Should poker players at all levels, not just high-stakes pros, be worried about scofflaws attempting it in games they play, and what can be done to prevent it?

The recent scandal sounds like a rejected _Ocean’s_ movie script.

Following tips of suspicious behavior at a major casino in Enghien-les-Bains, French police with the Central Racing and Gaming Service (SCCJ) launched an elaborate in-person and video surveillance operation around two suspected players at both blackjack and Ultimate Texas Hold’em poker (a type of poker played against the casino rather than against fellow players). Though they were initially in the dark about the method being used, investigators soon noticed a pattern.

“They were putting \[something\] beside the \[dealing\] shoe,” Stéphane Piallat, commissioner of SCCJ, alleges to WIRED, referring to the tabletop container a dealer pulls from to draw new cards. “But it was quite difficult to understand why.”

Both players were arrested inside the French casino in late July after weeks of surveillance, with police recovering a variety of items from both their person and their hotel rooms (including ID cards from casinos around Europe that suggested a prolonged scheme). The technology seized by law enforcement amazed even a seasoned gambling fraud officer like Piallat, both for its ingenuity and its relative simplicity.

The players had allegedly modified existing smartphone cameras with simple mirrors, allowing them to capture footage on a phone’s camera sensor laterally, while the phone was in a flat position. Sitting in the seat nearest to the dealer’s shoe, they placed these devices either on the felt (concealed in some situations by a hat or another piece of clothing) or within pockets of their own clothing (with tiny holes cut out to afford the camera a view of the cards). Police say they used these devices to capture card faces as they were dealt from the shoe—a stunning realization given that casino shoes are quite literally designed to prevent card exposure by allowing the dealer to slide new cards directly onto the felt. Clearly, some exposure was still being captured.

“It’s quite incredible,” Piallat says. “They didn’t need to mark cards … Those cards were normal cards.”

Police also recovered basic communication devices that transmitted these feeds to an outside accomplice, believed to be sitting in the casino parking lot. (As of WIRED’s interview with French police, this accomplice remains at large.) The accomplice is thought to have relayed information about which cards the dealer was holding back to their partner at the table, but not through a standard earbud.

“This device is so small that you can’t take it off with your fingers,” Piallat says of the hearing device recovered by police. “You need a magnet to pull it off, otherwise you can’t do it. It looks like a typical James Bond movie device.”

Due to the ongoing nature of the investigation, police declined to provide any pictures or further details about the specific items used to facilitate this scheme. A simple look at available technology, though, offers a number of cheap, simple candidates, including several that don’t require pairing with a phone or any other large device.

“The same kind of modules that are used in your iPhone or your DSLR, you can just buy them,” says John Coles, the director of technology for the VR company Rezzil, who has also spent years working in camera and broadcast technology.

The alleged cheaters in France used simple techniques to conceal their cameras, like hiding the devices in their clothing, but much more robust options exist on the open market. A device that looks like a battery charger may not cause alarm if it was spotted sitting on a poker or blackjack table, at least in casinos where devices are generally allowed (some have stopped allowing any devices on tables); one can find a 4K, Wi-Fi capable “hidden camera powerbank” on Amazon. (It’s marketed as a “nanny camera” for surveilling your child’s babysitter, naturally.) Even smaller options exist, like a “spy camera pen” or a pinhole camera that could easily be inserted into various items. And that’s just a fraction of the true marketplace, says Coles: “If that’s what you know about publicly, the stuff that exists behind closed doors is like 10 times what you’re aware of.”

“You could probably build that into a lighter,” Coles says of a typical tiny camera rig. “There are lighters and pens that have modules integrated that still work as those items so they’re less conspicuous.”

For bad actors at traditional poker tables that feature “pitch”-style dealing instead of a more secure casino shoe, the video quality demands are even lower. Card faces are visible for exponentially longer when pitched from a dealer’s hand situated a foot or so above the card table.

The transmission element of the scheme is similarly attainable using today’s technology. You can buy a “mini spy earpiece” from Amazon that receives signals from an inductive coil for just $18. An entire industry of earpieces appears to exist for exam cheating purposes, from tiny Bluetooth earpieces that connect to a phone to setups contained within glasses and pens. It’s easy to imagine these methods converted for use in cheating at the card table, especially when aided by basic video-calling technology and access to the Wi-Fi networks offered at most casinos. In fact, while police say the suspects in France allegedly used separate devices for capture and transmission, Coles believes it would be simple enough to handle the entire operation with a single device.

“I think it’s kind of surprising that a lot of these things don’t happen sooner, to be perfectly honest,” Coles says, noting that many of these cameras, earpieces, and transmitters have existed for a decade or more.

“You could do it with a very cheap investment,” Piallat says. “You won’t need a lot of money.”

Clearly, these schemes are out there and available. So should poker players everywhere be concerned?

Mini-camera cheating is now an open secret in the poker community, from its references in forums to an entire August episode from Berkey’s _Only Friends_ podcast that covered the alleged methods in detail. And if casinos and law enforcement weren’t aware of it much earlier, they certainly are now; Piallat confirmed to WIRED that his unit dispersed information about the case around the globe through Interpol networks.

What can casinos, players, and law enforcement do about it, though?

The first step is simple vigilance, something all these parties are well-versed in. Policing of suspicious players happens at casino level. WIRED independently confirmed a separate alleged incident at a different casino in June that included an individual reportedly earning seven-figure profits before disappearing. The alleged cheater in this case hasn’t been seen since, and Berkey wonders if he was banned from this and possibly other casinos.

“It would seem as though the Vegas casinos have acted,” Berkey says.

Those are retroactive measures, though; what about stopping this cheating as or before it happens?

Some Vegas casinos, per multiple sources, have begun banning phones from being set down at felt level on tables. Many casinos have long had policies prohibiting phone use during hands, and some have even banned phones entirely in prior years, and now these efforts are growing more widespread. However, with the knowledge that today’s miniature cameras can be built into lighters, pens, and other non-phone devices, is that enough of a safety measure? A true “no items on the table whatsoever” rule feels more prudent, but will casinos view that as too invasive toward their clientele? Then there’s a whole separate conversation about placing devices on the rail, which is where players rest their elbows and which sits slightly higher than the felt itself.

“There will be guys who want to watch the game at the table and have their phone propped up,” Berkey says. “That should just be fine. It’s a fine line; it’s a gray line.”

Berkey even suggested some sort of hybrid arrangement where phones or other devices are allowed so long as they sit behind chips or some other item that blocks their view of the felt. These solutions, though, also fail to account for rings or other jewelry that may contain a concealed camera.

The device removal tactic would have run into another big snag when the arrests in France took place: One of the suspects had nothing on the table at all. He allegedly concealed a camera in his clothing. If that scheme worked to capture card faces out of a dealer’s shoe, it would definitely work for the traditional dealer-pitch style used in Vegas.

The better long-term solution, one Berkey and others in the poker world support, involves retraining the dealers—a process that’s already begun.

The European Poker Tour has introduced a new form of dealer pitch known as slide dealing, where the deck remains on the table and the dealer slides each top card off individually to greatly minimize or eliminate any exposure. EPT tournament director Toby Stone directly cited issues of camera cheating as the impetus behind this change, which took effect within the past couple of months.

Casinos could take it even further; some have been cracking down for years. The Star casinos in Australia, for instance, have long used a modified version of a blackjack shoe meant for a single poker deck, which sits at the center of the table and allows cards to slide out from within it. This ostensibly makes it much harder to capture cards than from the traditional blackjack shoe placed at the very side of the table, closer to potential cameras. Anecdotally, these contraptions also seem to limit or eliminate other common risks like bottom-dealing or cards flipping over while being dealt.

While it might take time to retrain the world’s legion of poker dealers to mitigate these schemes, that could be the eventual outcome here.

“I’ve spoken to a few of the \[casino\] higher-ups, and it seems they’re all open to the idea of retraining dealers,” Berkey says.

Maybe even that eventual move wouldn’t completely eliminate mini camera cheating. As the suspects in France allegedly showed us, today’s video technology is truly amazing. Would you ever have guessed a mini camera could accurately capture which cards are being dealt during the split second they’re exposed as they’re pulled from a blackjack shoe?

Anyone putting their money down at a casino, particularly higher up the stakes spectrum, should at least be aware of the risk of bad actors—particularly in a game like poker, where your opponents are other patrons rather than the casino itself. Whether to combat this or any other potential scheme, a dose of diligence goes a long way.

“As long as there’s a fair game to be offered, there will be people who will try to corrupt it,” Berkey says. “The best we can do is continually work hard to keep the game as fair as possible.”

Poker Cheaters Allegedly Use Tiny Hidden Cameras to Spot Dealt Cards

Plus: Russian spies keep hijacking other hackers’ infrastructure, Hydra dark web market admin gets life sentence in Russia, and more of the week’s top security news.

A consortium of global law enforcement agencies led by Britain’s National Crime Agency announced a takedown operation this week against two major Russian money-laundering networks that process billions of dollars each year in more than 30 locations around the world. WIRED had exclusive access to the investigation, which uncovered new and troubling laundering techniques, particularly schemes to directly change cryptocurrency for cash. As the United States government scrambles to address China’s “Salt Typhoon” digital espionage campaign into US telecoms, two senators demanded this week that the Department of Defense investigate its failure to secure its own communications and address known vulnerabilities in US telecom infrastructure. Meanwhile, Signal Foundation president Meredith Whittaker spoke at WIRED’s The Big Interview event in San Francisco this week about Signal’s enduring commitment to bring private, end-to-end encrypted communication services to people all over the world regardless of geopolitical climate.

A new smartphone scanner from the mobile device security firm iVerify can quickly and easily detect spyware and has already flagged seven devices infected with the invasive Pegasus surveillance tool. Programmer Micah Lee built a tool to help you save and delete your X posts after he offended Elon Musk and was banned from the platform. And privacy advocate Nighat Dad is fighting to protect women from digital harassment in Pakistan after escaping from an abusive marriage.

The US Federal Trade Commission is targeting data brokers who it says unlawfully tracked protesters and US military personnel, but the enforcement efforts seem likely to trail off under the Trump administration. Similarly, the US Consumer Financial Protection Bureau has devised a strategy to impose new oversight on predatory data brokers, but the new administration may not continue the initiative. Some new laws are finally coming around the world in 2025 that will attempt to regulate the dysfunction of the digital advertising industry, but malicious advertising is still booming around the world and continues to play a big role in global scamming.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in-depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**US Officials Urge Americans to Encrypt Calls and Texts After Chinese Telecom Hacking**

Remember how the US federal government spent much of the last three decades periodically decrying the dangers of strong, freely available encryption tools, arguing that because they enable criminals and terrorists, they should be outlawed or required to implement government-approved backdoors? As of this week, the government will never again be able to make that argument without privacy advocates pointing to a particular phone call where two officials recommended Americans use exactly those encryption tools to protect themselves amidst an ongoing massive breach of US telecoms by Chinese hackers.

In a briefing with reporters about the breach of no fewer than eight phone companies by the Chinese state-sponsored espionage hackers known as Salt Typhoon, officials from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI both said that amid the still-uncontrolled infiltration of US telecoms that have exposed calls and texts, Americans should use encryption apps to safeguard their privacy. “Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” said Jeff Greene, CISA’s executive assistant director for cybersecurity. (Signal and WhatsApp, for instance, end-to-end encrypt calls and texts, though the officials didn’t name any particular apps.)

The recommendation amid what one senator has called “the worst telecom hack in our nation’s history” represents a stunning reversal from previous US officials’ rhetoric on encryption, and in particular the FBI’s repeated calls for access to backdoors in encryption. In fact, it was exactly this sort of government-approved wiretap capability requirement for US telecoms that the Salt Typhoon hackers in some cases exploited to access Americans communications.

**Russia’s FSB Hackers Keep Hijacking Other Hackers’ Infrastructure for Spying**

The hacker group known as Secret Blizzard, Snake, or Turla, widely believed to work for Russia’s FSB intelligence agency, is known for using some of the most ingenious hacking techniques ever seen to spy on its victims. One of the tricks that’s now become its signature move: hacking the infrastructure of other hackers to stealthily piggyback on their access. This week Microsoft’s threat intelligence researchers and security firm Lumen Technologies revealed that Turla gained access to the servers of a Pakistan-based hacker group and used its visibility into victim networks to spy on government, military and intelligence targets in India and Afghanistan of interest to the Kremlin. In some cases, Turla hijacked the Pakistani hackers’ access to install their own malware, while in other instances they appear to have used the other group’s tools for even greater stealth and deniability. The incident marks the fourth known time since 2017, when it penetrated an Iranian hacker group’s command-and-control servers, that Turla has freeloaded on another hacker group’s infrastructure and tooling, according to Lumen.

**Admin of Russian Dark Web Market Hydra Sentenced to Life in Prison**

The Russian government is known for turning a blind eye to cybercrime—until it doesn’t. This week 15 convicted members of the notorious dark web market Hydra learned the limits of that forbearance when they reportedly received prison sentences ranging from 8 years to 23 years, as well an unprecedented life sentence for the site’s creator Stanislav Moiseyev. Before it was taken down two years ago in a law enforcement operation led by IRS criminal investigators in the US and Germany’s BKA police agency, Hydra was a uniquely sprawling dark web marketplace, one that not only served as the post-Soviet world’s biggest online bazaar for narcotics but also a vast money laundering machine for crimes including ransomware, scams, and sanctions evasion. In total, Hydra enabled more than $5 billion dollars in dirty cryptocurrency transactions since 2015, according to crypto tracing firm Elliptic.

**Suspected Ransomware Actor “Wazawaka” Reportedly Charged and Apprehended by Russia**

Russian law enforcement charged and arrested a software developer last week who is suspected of prolific contributions to multiple ransomware groups, including building malware to extort money from businesses and other targets. The suspect is reportedly Mikhail Matveev, or “Wazawaka,” who has worked as an affiliate with ransomware gangs like Conti, LockBit, Babuk, DarkSide, and Hive. Social media reports indicate that Matveev confirmed his indictment and said that he has been released from law enforcement custody on bail.

Russia’s prosecutor general did not name Matveev, but described charges last week against a 32-year-old hacker under Article 273 of Russia’s Criminal Code, which bans the creation or use of malware. The move came as Russia seemed to be sending some sort of message about its tolerance for cybercrime with the sentencing of the dark web marketplace Hydra’s staff, including a life sentence for its administrator. In 2023, the US government indicted and sanctioned Matveev.

**FBI Is Investigating Exxon Lobbyist Firm Over Hack-and-Leak Operation Targeting Activists**

In a disturbing scoop (one we didn’t cover last week due to the Thanksgiving holiday), Reuters reporters have revealed that the FBI is now investigating a lobbying consultancy hired by Exxon over the firm’s role in a hack-and-leak operation that targeted climate change activists. DCI Group, a lobbying firm hired at the time by Exxon, allegedly gave a list of target activists to a private investigator who then outsourced a hacking operation against those targets to mercenary hackers. After the private investigator—an Israeli man named Amit Forlit, who was later arrested in London and faces US hacking charges—allegedly gave the hacked material to DCI, it leaked the activists’ internal communications about climate change litigation against Exxon to the media, Reuters discovered. The FBI, according to Reuters, has determined that DCI also first previewed that material to Exxon before leaking it. “Those documents were directly employed by Exxon to come after me with all guns blazing,” one attorney working with the activist group, the Center for Climate Integrity, told Reuters. “It turned my life upside down.”

Exxon has denied knowing about any hacking activities and DCI told Reuters in a statement that “we direct all our employees and consultants to comply with the law.”

Tag

#sap