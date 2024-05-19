



Laser warfare, of all the long-unfulfilled imaginations of science fiction writers, is a match for flying cars. Now it's finally becoming a reality. After decades of research, the U.S. military is actively deploying laser defense systems in the Middle East to shoot down drones launched by adversaries like Yemen's Houthi rebels, one of several recent deployments of laser technology in war situations. real combat.

In less bench-focused security news, debate continues over the extension of Section 702 of the Foreign Intelligence Surveillance Act, signed by President Biden last month, as 20 organizations civil liberties advocates have sent a letter to the Justice Department demanding more clarity on when the NSA can require U.S. tech companies to cooperate in its wiretapping. Elsewhere, WIRED obtained emails showing how New York City decided to deploy a gun detection system called Evolv on subways despite false positive rates as high as 85 percent.

Meanwhile, at the Google I/O developer conference, the search giant launched a new AI-powered feature in Android, designed to detect if a phone has been stolen and automatically lock it. And we delved deeper into the financial privacy and surveillance challenges posed by the $2.3 billion Tornado Cash money laundering case, whose co-founder was convicted and sentenced to more of five years in prison on Tuesday.

That's not all. Every week, we round up security and privacy news that we haven't covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

The system known as SS7, which connects cellular networks run by different providers, and its most recent upgrade called Diameter have long been considered a serious security and privacy problem. Researchers have warned that hackers who can access a cell phone provider's system or even create their own have the ability to redirect cellular data, allowing them to track individuals or listen to their communications. Today, an American official is sounding the alarm: this technique has been used on numerous occasions against real victims in the United States.

As first reported by 404 Media, Kevin Briggs, CISA's senior advisor for telecommunications, responded to questions from the Federal Communications Commission in a public filing, confirming that he had seen several cases of Americans being tracked via SS7 or Diameter, including one person whose location was tracked with the technique in March 2022 and three others the following month. He also warned that there were signs that many more people had been targeted, but that the spies had used techniques to mask their exploitation of the system.

The revelation serves as a clear warning that telecommunications companies and their regulators must do more to lock down a known critical vulnerability that exposes hundreds of millions of Americans to espionage. Much more could be said, Briggs concluded cryptically, but this ends my public comments.

The post-pandemic era of the virtual workplace has led to a strange new problem: North Korean tech workers are secretly infiltrating American companies as remote workers to make money for the world's most authoritarian regime . This week, the Justice Department announced three arrests, including an American woman in Arizona and a Ukrainian man in Poland, who allegedly helped thousands of North Korean workers based in China and Russia obtain jobs at Western companies, often through fraudulent job applications and stolen identities. A third man, a Vietnamese national, was arrested in Maryland for allegedly presenting his own identity to the North Koreans as a cover. In total, North Korean workers obtained jobs at more than 300 companies, including a high-end retail chain and a major Silicon Valley technology company, and earned a total of at least $6.8 million. dollars, the Justice Department said. Much of this money was funneled to Kim Jong-Un's regime, including its weapons programs.

Since Teslas are massive collections of cameras on wheels, they have always had the potential to serve as powerful surveillance devices. But Tesla drivers probably didn't expect all that video surveillance to be activated against them. Reuters revealed this week that Tesla staff had collected and released videos recorded by the cars' cameras, ranging from mundane shots turned into memes to a violent video of a child on a bicycle being hit by the car, to a man completely naked. approaching his vehicle. (They also included a video showing a submarine used in a James Bond movie in Elon Musk's garage, filmed from cameras on the Tesla CEO's own car.) Tesla assures its customers, in its small characters, that videos collected by Tesla personnel remain anonymous and are not recorded. It is not linked to a particular vehicle. But seven former employees told Reuters the videos were linked to location data that could likely be used to identify vehicle owners.

BreachForums has long been one of the most well-known gathering places for cybercriminals to sell hacking tools and stolen data. Today it was removed for the second time in two years in an FBI operation that also seized the forum's Telegram channel and that of its alleged operator, who goes by the name Baphomet. The bust follows the arrest of the site's former administrator, Conor Brian Fitzpatrick, last year, when the FBI seized a previous incarnation of the site. This earlier version of BreachForums itself replaced an older cybercriminal marketplace called RaidForums. Given this history, BreachForums' latest takedown may be the least surprising IT security news of the year, writes Troy Hunt, security entrepreneur and creator of HaveIBeenPwned.

