Law enforcement in the United States, United Kingdom, and Australia this week named a Russian national as the person behind LockBitSupp, the pseudonym of the leader of the LockBit ransomware gang that the US says is responsible for extracting $500 million from its victims. Dmitry Yuryevich Khoroshev has been sanctioned and charged with 26 criminal counts in the US, which combined could result in a prison sentence of 185 years. That is, if he’s ever arrested and successfully prosecuted—an extremely rare event for suspects who live in Russia.
Elsewhere in the world of cybercrime, WIRED’s Andy Greenberg interviewed a representative of Cyber Army of Russia, a group of hackers who have targeted water utilities in the US and Europe and are said to have ties to the notorious Russian military hacking unit known as Sandworm. The responses from Cyber Army of Russia were littered with pro-Kremlin talking points—and some curious admissions.
A deputy director of the FBI has urged the agency’s employees to continue to use a massive foreign surveillance database to search for the communications of “US persons,” sparking the ire of privacy and civil liberty advocates who unsuccessfully fought for such searches to require a warrant. Section 702 of the Foreign Intelligence Surveillance Act requires that “targets” of the surveillance program be based outside the US, but the texts, emails, and phone call of people in the US can be included in the 702 database if one of the parties involved in the communication is foreign. An amendment that would have required the FBI to obtain a warrant for 702 searches of US persons failed in a tie vote earlier this year.
Security researchers this week revealed an attack on VPNs that forces some or all of a user’s web traffic to be routed outside the encrypted tunnel, thereby undermining the whole reason for using a VPN. Termed the “TunnelVision,” this attack touches almost every VPN applications. The researchers indicate that this attack has been feasible since 2022, suggesting that malicious actors may have already exploited it.
But that’s just the tip of the iceberg. Every week, we compile the security and privacy news that we didn’t delve into ourselves. Click the headlines to explore the complete stories. Stay safe out there.
According to Bloomberg, Microsoft has built an offline generative AI model specifically engineered to deal with top-secret information for US intelligence agencies. Based on GPT-4, this system remains isolated from the internet and can be accessed only via a network exclusive to the US government. William Chappell, Microsoft’s Chief Technology Officer for Strategic Missions and Technology, informed Bloomberg that, theoretically, about 10,000 individuals could engage with the system.
While spy agencies are enthusiastic about harnessing the strengths of generative AI, concerns about the potential accidental exposure of classified information have surfaced. This is because these systems usually depend on online cloud services for data processing. Yet, Microsoft asserts that the model it devised for the US government is “clean”, signaling that it can scrutinize files without learning from them thereby thwarting secret information from being incorporated into the platform. Bloomberg remarked that this is the inaugural instance of a significant large language model operating entirely offline.
Sky News reported this week that Britain’s Ministry of Defence was the target of a significant cyberattack on its third-party payroll system. On Tuesday, Grant Shapps, the UK defence secretary, informed members of Parliament that payroll records of approximately 270,000 current and former military personnel, including their home addresses, had been accessed in the cyberattack. “State involvement” could not be ruled out, he said.
While the government has not publicly identified a specific country involved, Sky News has reported that the Chinese government is suspected. China’s foreign ministry has denied the allegations, saying in a statement that it “firmly opposes and fights all forms of cyber attacks” and “rejects the use of this issue politically to smear other countries.”
The payroll company, Shared Services Connected, had known about the breach for months before reporting it to the government, according to The Guardian.
The United States Marine Forces Special Operations Command (MARSOC) is testing robotic dogs that can be armed with artificial-intelligence-enabled gun systems. According to reporting from The War Zone, the manufacturer of the AI gun system, Onyx Industries, confirmed to reporters at a defense conference this week that as many as two of MARSOC’s robot dogs, developed by Ghost Robotics, are equipped with its weapons systems.
In a statement to The War Zone, MARSOC clarified that the robot dogs are “under evaluation” and are not yet being deployed in the field. They noted that weapons are just one possible application for the technology, which could also be used for surveillance and reconnaissance. MARSOC emphasized that they are fully compliant with US Department of Defense policies on autonomous weapons.
The US Marine Corps has previously tested robotic dogs armed with rocket launchers.
Days after a hacker posted to BreachForums offering to sell data from nearly 50 million Dell customers, the company began notifying its customers of a data breach in a company portal. According to the email sent to the people impacted, the leaked data contains names, addresses, and information about purchased hardware. “The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information,” the email to affected customers states.
Emily Mullin
David Cox
Angela Watercutter
Kate O’Flaherty