WIRED published a shocking investigation this week based on records, including audio recordings, of hundreds of emergency calls from United States Immigration and Customs Enforcement (ICE) detention centers. The calls—which include reports of incidents of staff sexual assaults, suicide attempts, and head injuries—indicate a system inundated by life-threatening incidents, delayed treatment, and overcrowding.
In a 6-3 decision on Friday, the US Supreme Court upheld a Texas porn ID law, finding that age verification for explicit sites is constitutional. In a dissent, Justice Elena Kagan warned that this determination ignores First Amendment precedent and will have privacy implications for adults.
Looking at the US bombing of Iranian nuclear sites last weekend, President Donald Trump posted initial announcements of the strikes on the social Network Truth Social, which then began suffering intermittent outages. And WIRED reported on assessments of the damage to the nuclear sites based on satellite photos taken before and after the bombing.
Meanwhile, Taiwan is scrambling to make its own unmanned aerial vehicles domestically as drones increasingly become a crucial weapon of war. The urgency comes as a potential conflict with China looms. And Telegram launched a purge of Chinese cryptocurrency markets last month, banning black markets that sold tens of billions of dollars in crypto-scam-related services. Now, though, the markets are rebranding and bouncing back with no further action from the communication platform.
But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Immigration and Customs Enforcement (ICE) is now using a mobile app called Mobile Fortify that allegedly allows agents to identify individuals by pointing a smartphone at their face or capturing contactless fingerprints, 404 Media reports. The app reportedly taps into government databases, including Customs and Border Protection’s Traveler Verification Service and a DHS biometric intelligence system, in an attempt to match facial images taken in the field against prior government-collected records. ICE says the tool is intended to help officers identify “unknown subjects,” but civil liberties advocates tell 404 Media that it may open the door to surveillance-driven profiling and wrongful arrests.
Nathan Freed Wessler of the ACLU told the site, “Face recognition technology is notoriously unreliable, frequently generating false matches and resulting in a number of known wrongful arrests across the country. Immigration agents relying on this technology to try to identify people on the street is a recipe for disaster. Congress has never authorized DHS to use face recognition technology in this way, and the agency should shut this dangerous experiment down.”
US Feds Charge Group of Alleged Hackers Behind a Notorious Cybercrime Forum
Global law enforcement this week announced the bust of a group of alleged cybercriminal hackers accused of carrying out years of profit-focused data breaches and running a notorious cybercriminal forum and market known as Breachforums. French authorities arrested four members of the group who went by the names “ShinyHunters,” “Hollow,” “Noct,” and “Depressed,” though the police sources who shared the news with the French newspaper Le Parisien didn’t reveal the suspects’ real names. The US Justice Department, meanwhile, criminally charged Kai West, a young British man, with carrying out a broad, years-long hacking spree under the handle “Intelbroker” that inflicted $25 million total damage against victims before he was arrested in February. In addition to hacking and selling vast troves of stolen data, the group—or at least some subset of its members—appears to have served as administrators for Breachforums, a notorious sales forum for cybercriminal information and tools that was shut down in a law enforcement operation in 2023 but was later relaunched by its staff.
Scattered Spider Hackers Shift Their Targeting to the Airline Industry
The loose cybercriminal gang known as Scattered Spider has carried out data theft and ransomware incidents for years, most recently targeting the grocery industry, other retailers, and the insurance industry in the US and the UK. Now cybersecurity analysts at Mandiant and Palo Alto Networks say the group is turning their attention to the aviation and transportation sector. Specifically, hackers were behind a cybersecurity incident last week that took down some IT systems and the mobile app for Canadian airline WestJet, Axios reports. Now Hawaiian Airlines has said it’s experiencing a “cybersecurity incident” affecting its network, though it hasn’t yet revealed more details or any evidence that Scattered Spider is responsible. Cybersecurity firms tracking the group warn that other potential aviation and transportation industry targets should be on the lookout for the group, which often uses sophisticated social engineering to trick staff into letting them bypass multi-factor authentication and gain a foothold on target systems.
Hackers Breach a Norwegian Dam to Open Valve
Here’s a curiosity that we missed a couple weeks ago: A rare industrial control system hijacking incident in which an unknown hacker appears to have messed with the computer systems that control the Lake Risevatnet dam in southwest Norway, opening a valve to its maximum setting. The tampering, the motivation for which was far from clear, increased the dam’s water flow by nearly 500 liters a second, but didn’t come close to approaching a dangerous level. No one appears to have spotted the change for close to four hours. Officials told the Norwegian energy news outlet Energiteknikk, which broke the story, that a weak password on a web-accessible control panel allowed the unauthorized access.
