Latest news with #DellCameron
WIRED
09-08-2025
- WIRED
The US Court Records System Has Been Hacked
Dell Cameron Andrew Couts Aug 9, 2025 6:30 AM Plus: Instagram sparks a privacy backlash over its new map feature, hackers steal data from Google's customer support system, and the true scope of the Columbia University hack comes into focus. Photo-Illustration:This is the week of Black Hat and Defcon, which means a flood of news coming out of the Las Vegas security conferences. As you might expect, artificial intelligence was one popular topic—specifically, using AI chatbots to cause mischief. One team of researchers, from Tel Aviv University, created a clever attack that allowed them to take over a target's smart home devices using a 'poisoned' Google Calendar invite. It's the first known attack method that used AI to impact physical devices. Another researcher used a poisoned document that included a malicious prompt to trick ChatGPT into leaking a user's private information when it's connected to a Google Drive. In non-AI news, an end-to-end encryption algorithm recommended for radio communications used by police and military around the world can be easily cracked, according to new research. The researchers warn that weak implementations of the encryption algorithm could allow eavesdroppers to listen in—or even transmit their own messages. Speaking of weaknesses, a security researcher found that misconfigured APIs in some streaming platforms used for company meetings and sports livestreams can allow someone to watch the streams without logging in. And a teen hacker discovered that an internet-connected smoke and vape detector in his high school's bathroom contained microphones—and can be exploited for secret spying. A leaked trove of data has exposed how teams of suspected North Korean IT scam workers operate, from their meticulous record keeping to the after-work activities—and their near-constant surveillance by people running the schemes. Finally, in the last of our Black Hat- and Defcon-related news (so far), a pair of security researchers discovered a backdoor in an electronic lock used in at least eight brands of safes, and created a way to open the locks in seconds. They also found another vulnerability that allows them to figure out a safe's unlock code. We also took a deep dive into the US military's slot machine program, spoke with experts who say it's inevitable that AI will become part of nuclear weapons systems, and revealed a string of break-ins of National Guard armories in Tennessee that experts say is part of a disturbing trend. And that's not all. Each week, we round up the security and privacy news we didn't cover in-depth ourselves. Click the headlines to read the full stories. And stay safe out there. Hack of US Court System Exposed Sealed Records, FBI Says A previously unreported cyberattack breached the federal judiciary's electronic case filing system, potentially exposing the identities of confidential informants and compromising sealed court records across multiple US states, Politico reports. The breach was discovered around July 4 and affects the CM/ECF—or 'case management/electronic case files'—system used by courts to manage sensitive documents. Sources told Politico the hack may have impacted criminal dockets, arrest warrants, and sealed indictments, raising concerns that cooperating witnesses could be at risk. The actor behind the intrusion has not been exposed. The Administrative Office of the US Courts and FBI declined to provide Politico with a comment. In response to recent cyberattacks, the federal judiciary said its been in the process of implementing new safeguards to address the judiciary's ongoing exposure to 'constant and sophisticated' cyber threats. The incident highlights longstanding warnings that the judiciary's systems are outdated and vulnerable. A top federal judge told Congress in June that CM/ECF and PACER face 'unrelenting security threats' and need urgent replacement. Instagram's New Map Feature Triggers Privacy Backlash Instagram's latest feature—a searchable map showing user-posted content tagged to specific locations—has sparked a wave of privacy concerns, CNBC reports. Rolled out this week, the feature lets users explore photos and videos by browsing a visual map interface. But users quickly raised alarms about the potential for stalking, harassment, and data misuse, especially for influencers and others posting real-time content from identifiable locations. 'Instagram randomly updating their app to include a maps feature without actually alerting people is so incredibly dangerous to anyone who has a restraining order and actively making sure their abuser can't stalk their location online,' one viral post warned. Instagram said the feature only shows content from public accounts and reiterated that users can turn off location tagging. Still, the backlash echoes broader concerns about how tech platforms rapidly aggregate and expose personal data in ways that outpace users' expectations and consent. Hackers Breached Google's Salesforce Database, Stole Customer Data Hackers stole data from Google's customer support system in a breach linked to a compromised Salesforce account, TechCrunch reports. The intrusion, disclosed Wednesday, affected an undisclosed number of Google customers and involved unauthorized access to data such as contact details and 'related notes for small and medium-sized businesses.' The attackers reportedly targeted the data through Salesforce cloud systems. Google's Threat Intelligence Group pinned the attack on ShinyHunters, a hacking group known for targeting large companies' cloud-based databases, including Salesforce systems. The breach affecting Google follows similar attacks on Cisco, Qantas, and Pandora, where attackers used voice phishing to trick employees into granting access. Google says the group may be preparing a leak site to extort victims and is linked to other cybercriminal collectives like The Com, which has a history of hacking and extortion. Columbia University Hack Exposed Data of 870,000 People A cyberattack on Columbia University compromised the personal information of nearly 870,000 individuals, including students, applicants, and possibly staff, Bloomberg reports. The stolen data includes contact information, academic records, financial aid details, and some health and insurance information, according to draft letters, intended for victims, obtained by the news outlet. The breach, which dates back to mid-May, was only publicly acknowledged after Columbia filed reports with state attorneys general in California and Maine. A university official previously claimed the perpetrator was politically motivated. The school claims it has implemented new safeguards and continues to notify affected individuals. The incident preceded a campus-wide IT outage in June. The school reportedly suspected a potential cyberattack at the time.
WIRED
14-05-2025
- Business
- WIRED
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
Dell Cameron Dhruv Mehrotra May 14, 2025 12:53 PM Russell Vought, acting director of the Consumer Financial Protection Bureau, has canceled plans to more tightly regulate the sale of Americans' sensitive personal data. Photograph:The Consumer Financial Protection Bureau (CFPB) has cancelled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers. CFPB proposed the new rule in early December under former director Rohit Chopra, who said the changes were necessary to combat commercial surveillance practices that 'threaten our personal safety and undermine America's national security.' The agency quietly withdrew the proposal on Tuesday morning, issuing a notice published in the Federal Register declaring the rule no longer 'necessary or appropriate.' CFBP received more than 600 comments from the public this year concerning the proposal, titled 'Protecting Americans from Harmful Data Broker Practices.' The rule was crafted to ensure that data brokers obtain Americans' consent before selling or sharing sensitive personal information, including financial data such as income; regulations that US credit agencies are currently required to abide by under the Fair Credit Reporting Act, one of the nation's oldest privacy laws. In its notice, CFBP's acting director, Russel Vought, wrote that he was withdrawing the proposal 'in light of updates to Bureau policies,' and that it did not align with the agency's 'current interpretation of the FCRA,' which he added CFBP is 'in the process of revising.' CFBP did not immediately respond to a request for comment. Data brokers operate within a multi-billion-dollar industry built on the collection and sale of detailed personal information—often without individuals' knowledge or consent. These companies create extensive profiles on nearly every American, including highly sensitive data such as precise location history, political affiliations, and religious beliefs. This information is frequently resold for purposes ranging from marketing to law enforcement surveillance. Many people are unaware that data brokers even exist, let alone that their personal information is being traded. In January, the Texas Attorney General's Office, led by Attorney General Ken Paxton, accused Arity—a data broker owned by Allstate—of unlawfully collecting, using, and selling driving data from over 45 million Americans to insurance companies without their consent. The harms from data brokers can be severe–even violent. The Safety Net Project, part of the National Network to End Domestic Violence, warns that people-search websites, which compile information from data brokers, can serve as tools for abusers to track down information about their victims. Last year, Gravy Analytics—which processes billions of location signals daily—suffered a data breach that may have exposed the movements of millions of individuals, including politicians and military personnel. 'Russell Vought is undoing years of painstaking, bipartisan work in order to prop up data brokers' predatory, and profitable, surveillance of Americans,' says Sean Vitka, executive director of Demand Progress, a nonprofit that supported the rule. Added Vitka: 'By withdrawing the CFPB's data broker rulemaking, the Trump administration is ensuring that Americans will continue to be bombarded by scam texts, calls and emails, and that military members and their families can be targeted by spies and blackmailers.' Vought, who also serves as director of the White House Office of Management and Budget, received a letter on Monday from the Financial Technology Association (FTA) calling for the rule to be withdrawn, claiming the rules exceed the agency's statutory mandate and would be 'harmful to financial institutions' efforts to detect and prevent fraud.' The FTA is a US-based trade organization that represents the interests of banks, lenders, payment platforms, and their executives. Privacy advocates have long pressed regulators to use the Fair Credit Reporting Act to crack down on the data broker industry. Common Defense, a veteran-led nonprofit, urged CFBP to take action in November, blaming data brokers for recklessly exposing sensitive information about US service members that placed them at 'substantial risk' of being blackmailed, scammed, or targeted by hostile foreign actors. A 2023 study cited by the group—funded by the US Military Academy at West Point—concluded that the current data broker ecosystem is a threat to US national security, permitting the sale of sensitive personal data that can be used to not only identify service members and 'other politically sensitive targets,' but offer details about medical conditions, financial problems, and political and religious beliefs. 'Foreign and malign actors with access to these datasets could uncover information about high-level targets, such as military service members, that could be used for coercion, reputational damage, and blackmail,' the authors report. Common Defense political director Naveed Shah, an Iraq War veteran, condemned the move to spike the proposed changes, accusing Vought of putting the profits of data brokers before the safety of millions of service members. "For the sake of military families and our national security, the administration must reverse course and ensure that these critical privacy protections are enacted," Shah says. Investigations by WIRED have shown data brokers have collected and made cheaply available information that can be used to reliably track the locations of American military and intelligence personnel overseas, including in and around sensitive installations overseas where US nuclear weapons are reportedly stored. WIRED reported in February that US data brokers were using Google's ad-tech tools to sell access to information about devices linked to military service members and national security decision makers, as well as federal contractors that manufacture and export classified defense-related technologies. Experts say it proves trivial for foreign adversaries to de-anonymize the data. "Data brokers inflict severe harm on individuals by degrading privacy, threatening national security, enabling scams and fraud, endangering public officials and survivors of domestic violence, and putting immigrant populations at risk,' says Caroline Kraczon, law fellow at the Electronic Privacy Information Center focused on consumer protection. 'The CFPB had a critical opportunity to address these harms by clarifying that data brokers must follow the Fair Credit Reporting Act,' adds Kraczon. 'This withdrawal is deeply disappointing and another attack in the administration's war against consumers on behalf of corporate interests." Last month, more than 1,400 CFPB employees had their positions at the agency terminated, leaving the agency with a staff of around 300 people. Elon Musk, whose so-called Department of Government Efficiency (DOGE) has spearheaded the White House's efforts to radically restructure the federal government by slashing the size of the its workforce, last November called on President Donald Trump to 'delete' the CFBP, whose job includes shielding Americans from predatory lending practices.
