With the United States presidential election less than two weeks away, Microsoft warned on Wednesday that Russia, Iran, and China are continuing to deploy a diverse array of influence operations against both the Trump and Harris campaigns as well as down-ballot races. One of the areas of policy that the new president will shape is the US’s approach to regulating AI, and experts say that a second Trump presidency could have dangerous implications for the safety, transparency, and fairness of AI platforms as they evolve.
WIRED did a deep dive on the masked bitcoin recovery fanatic known as ZachXBT, who has tracked down billions of dollars in stolen cryptocurrency, including recently tracking $243 million from what may be the biggest-ever cryptocurrency theft from a single victim.
After an eight month saga, Nigeria this week dropped its money laundering and tax evasion charges against the Binance executive and former IRS agent Tigran Gambaryan. An exposed United Nations Women database left more than 115,000 sensitive files accessible online related to organizations working with vulnerable populations around the world. And WIRED examined the anti-Kremlin propaganda group known as North Atlantic Fella Organization, which has raised millions of dollars to buy supplies for Ukrainian soldiers fighting Russia.
The US Department of Homeland Security distributed a report to local agencies in August that warned that there are economic risks of relying on Chinese utility storage batteries, particularly at the expense of developing a secure battery manufacturing supply chain for the US. The document was first obtained by the national security transparency nonprofit Property of the People and viewed by WIRED. And US Immigration and Customs Enforcement's $2 million contract with the surveillance vendor Paragon Solutions is under scrutiny from the White House over potential non-compliance with the Biden administration's executive order on spyware..
But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Chinese Hackers Targeted Trump Campaign via Verizon Breach
When reports surfaced earlier this fall that hackers working on behalf of the Chinese government had penetrated the networks of Verizon, AT&T, and Lumen, officials warned that they had potentially gained vast access to the private communications and metadata of Americans. Now it appears those hackers, known as Salt Typhoon, specifically targeted at least two very prominent Americans in particular: Donald Trump and J.D. Vance.
The New York Times reported Friday afternoon that Chinese hackers had sought to obtain the phone communications of Trump and Vance, a US senator and his running mate in the 2024 US presidential election, via their breach of Verizon, according to unnamed officials. The Wall Street Journal also reported Friday that the same hackers targeted people associated with US vice president Kamala Harris' presidential campaign.
The Verizon breach likely gave the hackers access to—at the very least—metadata about who the candidates were speaking with and when. Theoretically, it could expose even more sensitive data such as the content of unencrypted voice or text conversations, though the extent of the hackers’ access is far from clear. Even metadata could offer sensitive details about the candidates’ contacts that might be used in influence operations or further espionage efforts.
The Chinese spy operation adds to the growing sense of a melee of foreign digital interference in the election, which has already included Iranian hackers’ attempt to hack and leak emails from the Trump campaign—with limited success—and Russia-linked disinformation efforts across social media.
Apple Releases Security Research Tools for Private Cloud Compute
Ahead of the full launch next week of Apple’s AI platform, Apple Intelligence, the company debuted tools this week for security researchers to evaluate its cloud infrastructure known as Private Cloud Compute. Apple has gone to great lengths to engineer a secure and private AI cloud platform, and this week’s release includes extensive detailed technical documentation of its security features as well as a research environment that is already available in the macOS Sequoia 15.1 beta release. The testing features allow researchers (or anyone) to download and evaluate the actual version of PCC software that Apple is running in the cloud at a given time. The company tells WIRED that the only modifications to the software relate to optimizing it to run in the virtual machine for the research environment. Apple also released the PCC source code and said that as part of its bug bounty program, vulnerabilities that researchers discover in PCC will be eligible for a maximum bounty payout of up to $1 million.
Iranian Hackers Found Takers for Their Stolen Trump Emails
Over the summer, Politico, The New York Times, and The Washington Post each revealed that they’d been approached by a source offering hacked Trump campaign emails—a source whom the US Justice Department says was working on behalf of the Iranian government. The news outlets all refused to publish or report on those stolen materials. Now it appears that Iran’s hackers did eventually find outlets outside the mainstream media that were willing to release those emails. American Muckrakers, a PAC run by a Democratic operative, did publish the documents after soliciting them in a public post on X, writing, “Send it to us and we'll get it out.”
American Muckrakers then published internal Trump campaign communications about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna, as well as material that seemed to suggest a financial arrangement between Donald Trump and Robert F. Kennedy Jr., the third-party candidate who dropped out of the race and endorsed Trump. Independent journalist Ken Klippenstein also received and published some of the hacked material, including a research profile on Trump running mate and US senator J.D. Vance that the campaign assembled when assessing him for the role. Klippenstein subsequently received a visit from the FBI, he’s said, warning him that the documents were shared as part of a foreign influence campaign. Klippenstein has defended his position, arguing that the media should not serve as "gatekeeper of what the public should know.”
Russian Cyberspies Hacked the Entire Nation of Georgia
As Russia has both waged war and cyberwar against Ukraine, it’s also carried out a vast campaign of hacking against another neighbor to the West with whom it’s long had a fraught relationship: Georgia. Bloomberg this week revealed ahead of the Georgian election how Russia systematically penetrated the smaller country’s infrastructure and government in a yearslong series of digital intrusion operations. From 2017 to 2020, for instance, Russia’s military intelligence agency, the GRU, hacked Georgia’s Central Election Commission (just as it did in Ukraine in 2014), multiple media organizations, and IT systems at the country’s national railway company—all in addition to the attack on Georgian TV stations that the NSA pinned on the GRU’s Sandworm unit in 2020. Meanwhile, hackers known as Turla, working for the Kremlin’s KGB successor the FSB, broke into Georgia’s Foreign Ministry and stole gigabytes of officials’ emails over months. According to Bloomberg, Russia’s hacking efforts weren’t limited to espionage, but also appeared to include preparing for disruption of Georgian infrastructure like the electric grid and oil companies in the event of an escalating conflict.
This May Be the Worst-Ever Headline About a “Cyberattack”
For years, cybersecurity professionals have argued about what constitutes a cyberattack. An intrusion designed to destroy data, cause disruption, or sabotage infrastructure? Yes, that’s a cyberattack. A hacker breach to steal data? No. A hack-and-leak operation or an espionage mission with a disruptive clean-up phase? Probably not, but there’s room for debate. The Jerusalem Post this week, however, achieved perhaps the clearest-cut example of calling something a cyberattack—in a headline no less—that is very clearly not: disinformation on social media. The so-called “Hezbollah cyberattack” that the news outlet reported was a collection of photos of Israeli hospitals posted by “hackers” identifying as Hezbollah supporters that suggested weapons and cash were stored underneath them and that they should be attacked. The posts seemingly came in response to the Israeli Defense Forces’ repeating similar claims about hospitals in Gaza that the IDF has bombed, as well as another more recently in Lebanon’s capital city of Beirut.
“These are NOT CYBERATTACKS,” security researcher Lukasz Olejnik, the author of the books The Philosophy of Cybersecurity and Propaganda, wrote next to a screenshot of the Jerusalem Post headline on X. “Posting images to social media is not hacking. Such a bad take.”