Hackers Dox ICE, DHS, DOJ, and FBI Officials

Its amazing In a new study, researchers at UC San Diego and the University of Maryland revealed this week that satellites are leaking a wealth of sensitive, completely unencrypted data, from calls and texts on T-Mobile to in-flight Wi-Fi browsing sessions, and even military and police communications. And they did it with just $800 worth of off-the-shelf equipment.

Facial recognition systems seem to be everywhere. But what happens when surveillance and identification technology doesn’t recognize your face as a face? WIRED spoke with six people with facial differences who say flaws in these systems prevent them from accessing basic services.

This week, authorities in the US and UK announced the seizure of nearly 130,000 bitcoins from an alleged Cambodian fraud empire. At the time of the seizure, the value of cryptocurrency wealth was $15 billion, the largest amount of any type of money ever seized in the United States.

Control of much of the US election infrastructure is now in the hands of one former Republican operative, Scott Leyendecker, who just bought the voting machine company Dominion Voting Systems and owns Nuink, an electronic poll book company. Election security experts are currently more confused about the ramifications than concerned about any possibility of crime.

While a new type of attack may allow hackers to steal two-factor authentication codes from Android phones, the biggest cybersecurity development this week was the hack of security firm F5. The attack, carried out by a “sophisticated” threat actor said to be linked to China, poses an “imminent threat” of breaches against government agencies and Fortune 500 companies. Finally, we examined the chaos caused by iPhone VPNs and found the only three worth using.

But that’s not all! Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

In recent years, perhaps no single group of hackers has wreaked more havoc than “The Com,” a loose collection of mostly cybercrime gangs whose subgroups such as Lapus$ and Scattered Spider have carried out cyberattacks and ransomware extortion operations targeting victims from MGM casinos to Marks & Spencer. Now they have turned their sites over to US federal law enforcement authorities.

On Thursday, a member of the Com loose group began posting a batch of profile documents for federal officials on Telegram. One spreadsheet, according to 404 Media, contains what appears to be personal information for 680 Department of Homeland Security officials, while another includes personal information for 170 FBI officials, and another 190 Justice Department officials. The data in some cases included names, email addresses, phone numbers, addresses, and, in some cases, the home addresses of officials but not their work locations. The user who posted the data referred in his messages to a statement from the Department of Homeland Security stating that Mexican cartels offered thousands of dollars for identifying information about customers, apparently mocking this unverified claim.

“Mexican cartels, we’re shooting down all the goblins, where’s my million,” the user who posted the files wrote, using shorthand for “hit me” and appearing to demand $1 million. “I want my money in Mexico.”

For the past year — at least — the FBI has operated a “secret” task force that may have worked to disrupt Russian ransomware gangs, according to reports this week in French newspapers Le Monde and German Die Zeit. The publications claim that at the end of last year, the mysterious Group of 78 presented its strategy to two different meetings of European officials, including law enforcement officials and those working in the judicial services. Little is known about the group. However, its controversial tactics appear to have prompted normally silent European officials to speak out about the G78’s existence and tactics.

At the end of last year, according to reports, Group 78 focused on the Russian-speaking Black Basta gang and identified two approaches: running operations inside Russia to disrupt gang members and try to get them to leave the country; And also “manipulating” Russian authorities into prosecuting Black Pasta members. Over the past few years, Western law enforcement officials have taken increasingly destructive action against Russian ransomware gangs — including hacking their technical infrastructure, trying to destroy their reputations, and issuing a wave of sanctions and arrest warrants — but secret action inside Russia against ransomware gangs would be unprecedented (at least in public knowledge). In recent months, the Black Pasta group went into hibernation after 200,000 of its internal messages were leaked and its alleged leader was identified.

Over the past few years, AI-powered license plate recognition cameras — placed on the side of the road or in police cars — have collected billions of images of people’s vehicles and their specific locations. This technology is a powerful surveillance tool and, unsurprisingly, has been adopted by law enforcement officials across the United States, raising questions about how officials are abusing access to cameras and data.

A letter written by Senator Ron Wyden this week revealed that one division of Immigration and Customs Enforcement, the Secret Service and Navy criminal investigators all had access to data from Flock Safety cameras. “I now believe that abuse of your product is not only likely, but inevitable, and that Fluke is unable and uninterested in preventing it,” Wyden’s letter to Fluke says. Wyden’s letter comes on the heels of growing reports that government agencies, including Customs and Border Protection, have gained access to Fluke’s 80,000 cameras. “In my view, local elected officials can best protect their constituents from the inevitable abuses of Fluke cameras by removing Fluke from their communities,” Wyden wrote.