A major leak reveals the tools and intentions of a Chinese hacking contractor

USA This week it issued a forfeiture order against Starlink in relation to satellite internet infrastructure used by a fraud complex in Myanmar. The move is part of an interagency US law enforcement initiative announced this week called the District of Columbia Anti-Fraud Center Task Force.

Meanwhile, Google this week filed a lawsuit against 25 people it claims are behind an “astonishing” and “relentless” text scam that uses a notorious phishing platform as a service called Lighthouse.

WIRED reported this week that the U.S. Department of Homeland Security collected data on Chicago residents accused of gang ties to see if police files could feed an FBI watchlist — and then, more importantly, kept the records for months in violation of local espionage laws.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there

China’s vast intelligence apparatus has never had an Edward Snowden moment. So any peak in surveillance and hacking capabilities represents a rare find. And now one of them has been leaked in the form of some 12,000 leaked documents from Chinese hacking contractor KnownSec, which were first revealed on the Chinese-language blog Mxrn.net, then picked up by Western media this week. The leak includes hacking tools such as remote access Trojans as well as data mining and analysis software. Perhaps most interesting is the target list of more than 80 organizations that the hackers claim to have stolen information from. According to Mrxn, the stolen data listed includes 95GB of Indian immigration data, three terabytes of call logs from South Korean telecom carrier LG U Plus, and mentions 459GB of route planning data obtained from Taiwan. In case there was any doubt about who KnownSec hacked for, reports indicate that the leak also included details of its contracts with the Chinese government.

The cybersecurity community has warned for years that government hackers will soon begin using artificial intelligence tools to enhance their hacking campaigns. The first known AI-powered hacking campaign has now emerged, according to Anthropic, which says it has discovered a group of Chinese-backed hackers using its Claude tool, which has been extensively tuned to suit each stage of hacking. According to Entropic, hackers used the cloud to write malware and extract and analyze stolen data with minimal human interaction. Although the hackers bypassed cloud protection with malicious cloud tools in terms of defensive and white hat hacking, Anthropic says it detected and stopped them. However, by then, the espionage campaign had successfully infiltrated four organizations.

However, Ars Technica points out that entirely AI-based hacking isn’t necessarily ready for prime time yet. According to Entropic, the hackers had a relatively low penetration rate considering they targeted 30 organizations. The AI ​​startup also points out that the tools falsified some of the stolen data when it didn’t exist. For now, government-sponsored spies still enjoy some job security.

North Korea raises money for Kim Jong Un’s regime by taking jobs because remote IT workers do not work alone under fake identities. Four Americans pleaded guilty this week to allowing North Korea to use their identities as well as receiving and operating the company’s laptops to remotely control North Korean workers. Another man, Oleksandr Dendenko, a Ukrainian national, pleaded guilty to stealing the identities of 40 Americans to sell to North Korea for use in profiling information technology workers.

A report by 404 Media reveals that a Customs and Border Protection program that uses facial recognition to identify immigrants is hosted by Google. This application can be used by local law enforcement to determine if a person is a potential interest to ICE. While Google is working to power the CBP app, it has also recently removed some apps from the Google Play Store that were used for community discussions about ICE activity and ICE agent viewing. Google deemed the removal of the apps necessary under its terms of service because the company says ICE customers are a “vulnerable group.”