New research released this week shows that over the past few years the US Department of Homeland Security has collected DNA data of nearly 2,000 US citizens. The activity raises questions about legality and oversight given that DHS has been putting the information into an FBI crime database. Some of the genetic data is from US citizens as young as 14.
The US Secret Service said on Tuesday that it had discovered facilities across the “New York tristate area” running so-called SIM servers—devices that manage and coordinate 100,000 SIM cards at a time for illicit operations. The Secret Service warned, though, that in addition to being used by cybercriminals for scamming, the apparatuses could also be used to launch critical infrastructure attacks that could disrupt mobile networks.
A cyberattack on the UK-based automaker Jaguar Land Rover has been causing a supply chain meltdown, halting vehicle production, costing JLR tens of millions of dollars, and forcing its parts suppliers to lay off workers. The beleaguered company will have to shoulder the full cost of the attack because of inadequate insurance coverage, prompting talks of possible UK government assistance.
If you’re worried about phone searches while traveling or doing specific activities, the password manager known as 1Password has a Travel Mode feature that can help you manage sensitive data and temporarily remove it from your device. We’ve got advice on how to use the tool most effectively.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
An app used to out those who spoke ill of the murdered right-wing activist Charlie Kirk was found to be leaking its users’ personal information, doxing the very people it had invited to dox its targets.
The app Cancel the Hate, founded in the wake of Kirk’s September 10 assassination, suspended its services this week after it was revealed that security flaws in the website where the app was hosted exposed users’ email addresses and phone numbers. That site had asked its users to collect and share employment and other personal information of critics of Kirk and others “supporting political violence.” But a security researcher who identified themselves only as BobDaHacker demonstrated to news outlet Straight Arrow News that privacy settings on the site didn’t work as advertised, publicly leaking users’ information even when it was set to private. The hacker also reportedly had the ability to delete users’ accounts at will.
Cancel the Hate, which displayed a photo of Kirk on its homepage and was founded by a Kirk supporter who cited his death as the motivation for creating the site, has since taken down its reporting features. It now displays a message on its homepage that it’s moving to a “new service provider.” The page that allows visitors to buy a $23 T-shirt remains online.
Ransomware Hackers Steal Kids’ Personal Info and Photos in Preschool Breach
Ransomware groups continued to plumb the depths of abject immorality this week with a new tactic: extorting preschools by stealing toddlers’ personal information and threatening their parents. The BBC reports that a hacker group says it has stolen the names, addresses, and photos of around 8,000 children from the preschool chain Kido, which has sites largely around London but also in the US and India. The hackers are threatening to leak the data if a ransom isn’t paid, going so far as to contact some of the children’s parents to reinforce their threat. The group has also posted sample information and photos of 10 children on their dark-web site.
Microsoft Blocks Israeli Military From Using Cloud Services for Surveillance
In August, The Guardian, Israeli-Palestinian publication +972 Magazine, and Hebrew-language publication Local Call revealed how Israeli signals intelligence agency Unit 8200 had built a comprehensive surveillance system to intercept and store Palestinian phone calls. More than “a million calls an hour” could be collected by the system, which reportedly amassed around 8,000 terabytes of call data and stored it in Microsoft’s Azure cloud service in the Netherlands, the publications reported.
This week, following an external investigation commissioned by Microsoft, the company pulled some of the Israeli military’s access to its technology. In a statement, Microsoft president Brad Smith said the firm has taken the decision to “cease and disable” some “specific cloud storage and AI services and technologies” that it was providing to Israeli forces. Microsoft’s action—its investigation is still ongoing—follows a wave of staff protests at its ties to Israel and its ongoing war in Gaza. “We do not provide technology to facilitate mass surveillance of civilians. We have applied this principle in every country around the world, and we have insisted on it repeatedly for more than two decades,” Smith wrote in a statement.
However, while Microsoft has pulled some of the services it provides, The Guardian reports that the surveillance data was likely moved days after its initial investigation was published. Sources told the publication that Unit 8200 was planning to move the data to Amazon’s cloud storage, and move it outside of the European Union, which has strong data protection laws.
Call-Recording App Neon Pauses Service Over Security Holes
This week, call-recording app Neon has raced up the free iPhone app charts. But far from being an app for personal use, Neon is one the latest efforts to collect training data for generative AI systems. The startup claims it will sell your call recordings to AI companies and pay you up to $30 per day for the data, raising more than a few privacy and ethics questions.
However, after probing the app, reporters at TechCrunch found that it was possible for “anyone to access the phone numbers, call recordings, and transcripts of any other user” due to security holes in its setup. The app’s creator “temporarily” paused Neon’s operations after TechCrunch got in touch. “Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth,” Neon founder Alex Kiam said in an email to the app’s users, adding “extra layers of security” would be added in the future.
Chinese Hackers Have a Stealthy New Backdoor to Help Them Steal Data
For decades, China’s hackers have been breaking into companies around the world and stealing data and intellectual property. Over the past few months, they’ve been using a stealthy new backdoor as part of their hacking operations, Google’s security firm Mandiant reported this week. The malware campaign, dubbed Brickstorm, is linked to the Chinese hacking group UNC5221, Mandiant says, and the company first spotted it being used in March against legal companies, software-as-a-service firms, and tech companies.
“It’s very hard to detect them and to investigate them,” Google threat researcher Austin Larsen told Cyberscoop, and the hackers have been seen to have access to systems for more than 400 days. “These intrusions are conducted with a particular focus on maintaining long-term stealthy access by deploying backdoors on appliances that do not support traditional endpoint detection and response (EDR) tools,” the company wrote in a brief about Brickstorm.
Crypto Stablecoins Are Helping Russia Evade Sanctions and Interfere in Moldova’s Election
The A7 group, cofounded by Moldovan fugitive politician and Vladimir Putin ally Ilan Shor, has long been suspected of serving as a vehicle for cryptocurrency-based sanctions evasion. A new leak of internal communications from the company shows the scale of that alleged sanctions circumvention and also spells out how the company, half-owned by Russian state banks, has facilitated Russian interference in Moldovan politics ahead of its election on Sunday. Crypto-tracing firm Elliptic found references to crypto addresses in the leak that allowed it to track nearly $8 billion in payments of crypto stablecoins to the company, including Tether and A7’s own ruble-backed stablecoin A7A5. Most of that money likely passed through A7, says Elliptic’s founder Tom Robinson, and was used to carry out international deals that would otherwise have been blocked by the West’s sanctions on Russia following its 2022 full-scale invasion of Ukraine. But Robinson says some portion of the money has also been used to interfere in Moldovan politics, such as an app called Taito that Moldovan police say was used for illegal campaign financing and bribery of voters.
