Latest news with #Wiretap
Forbes
29-07-2025
- Forbes
The Wiretap: OpenAI Agent Checks Box Confirming It's Not A Bot
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here . getty O ne of the constant bits of friction in navigating the modern internet is proving to the site you're browsing that you are, in fact, human. Often you can prove it by simply checking a box saying so. But in the brave new world of agentic AI, such basic checks won't be enough to catch AI agents wandering around the internet to do tasks on their owners' behalf. Ars Technica reports that OpenAI's new agent, which uses its own browser to access the internet and perform tasks, was observed by a Reddit user checking one of those 'I am not a robot' boxes. As it did so, it provided the following narration: 'I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action." In this particular case, the assistant didn't face one of the common puzzles aimed at catching bots–the ones that ask you to identify all the pictures with a bicycle or to move pieces of an image around to have it the right way up. But it's just a matter of time before agents can solve those too. When the bots get so sophisticated they act like humans, the premise of web 'captchas' starts to break down. How do you then protect websites from unwanted, malicious bot traffic? And how do you design sites so that agents representing real people can navigate them effectively? Let's just hope a web designed for bots isn't that much more annoying for us lowly humans to navigate. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964 . Eric Millette P eople are often the weakest link in the cybersecurity chain. Just last week, cleaning product giant Clorox claimed a cyberattack that may have caused as much as $380 million in damages was the result of a contracted service desk staffer resetting a password for a hacker pretending to work for the company. IT departments are aware of the risk of human error, of course, and try to address it with education. Usually, this means a few emails and some simple training. But the advice in these types of training is generalized and only rarely tailored to the specific needs of staff. It's no wonder people never bother to read those emails. This is the problem that cybersecurity startup Fable wants to tackle with a personalized approach. Founded in 2024 by Nicole Jiang, 31, and Dr. Sanny Liao, 42, who spent years at $5.1 billion cybersecurity company Abnormal, Fable claims its AI helps determine which employees need help improving their security practices and offers custom tips and guidance to them. Read more at Forbes . Stories You Have To Read Today Pro-Ukrainian hacker group Silent Crow took credit for a cyberattack that crippled IT systems of Russian airline Aeroflot, which led to dozens of flights being grounded. The viral app Tea, which enabled women to anonymously post images and comments about men they dated, suffered a cyberattack that exposed data about thousands of users. Researchers found security vulnerabilities in door-to-door luggage service Airportr that would enable hackers to access users' flight itineraries and personal information. The bugs could also grant would-be cybercriminals the ability to redirect the final destination of someone's luggage. Winner of the Week Google will be launching new security features for its Workspace apps designed to prevent an exploit that allows hackers to use cookies to take over accounts. The new feature will bind cookies to specific devices, preventing remote hacks. Loser of the Week Apple's latest version of iOS, due this fall, will include more features to filter text spam out of your messaging app. That could have outsized impact for political groups, which worry that this may also filter out their often aggressive fundraising texts. More On Forbes Forbes How The World's Second-Richest Person And His Son Pulled Off The $8 Billion Paramount Deal By Phoebe Liu Forbes Trump Has Spent About One-Third Of His Presidency Visiting His Own Properties By Dan Alexander Forbes Inside Robinhood's Crypto-Fueled Plan For World Domination By Nina Bambysheva
Forbes
08-07-2025
- Forbes
The Wiretap: A Man Had His Identity Stolen By A Child Exploitation Trader. Then The FBI Raided His Home.
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here . getty Getting your identity stolen is bad enough. What if it was abused to buy and sell some of the worst content imaginable? That's what happened to a man in Ohio, whose name and personal details were used by people who were allegedly trading child sexual abuse material (CSAM), according to a search warrant reviewed by Forbes . In 2023, when the FBI began looking into a person uploading CSAM to Dropbox, they discovered they'interacting with an individual who'd been selling links to abuse material. Data from the user's CashApp showed it'd ostensibly been registered by a 31-year-old from Mississippi. When cops learned the man was also under investigation in Dallas, they decided to search his address. But when detectives forensically examined the man's electronic devices, it became clear he was not the perpetrator. One clear indicator, they said, was that a key Gmail address linked to the CSAM deals was not found on any of his phones or computers. It appeared that his name, address and other personal data had been stolen, then used to set up accounts online by the CSAM dealer. According to the FBI, one email from the unidentified user suggested they used multiple different identities when selling child abuse material. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964 . getty A company called The Agora and a sprawling conglomerate of subsidiaries has been flooding Facebook with wild financial claims and health advice to get users to sign up to its newsletters and wellness supplements, Forbes finds. One current spate of ads claims President Trump will soon 'unleash' a $150 trillion 'secret trust' and the American people can get rich from trading on it, as long as they subscribe first. Stories You Have To Read Today Columbia University applicants have had their personal data stolen, according to Bloomberg. The hacker had political motivations, according to a university official, and the pilfered data included university-issued ID numbers, citizenship status and application decision. Among those affected by the leak was New York mayoral candidate Zohran Mamdani, the New York Times reports. IT giant Ingram Micro has been hit by ransomware attack, leading to a shutdown of internal systems, as well as its website and online ordering systems, Bleeping Computer reports. Winner of the Week ICEBlock, a mobile app for anonymously reporting ICE raids, went viral after homeland security chief U.S. attorney general Pam Bondi slammed the app and threatened to go after its creator Joshua Aaron. Bondi and other security officials also said CNN was wrong to report on the app, but the criticisms only boosted ICEBlock, which swiftly rose to the top of Apple's iPhone app downloads chart. Loser of the Week Noah Lamb, a 24-year-old from California, was charged with allegedly soliciting the assassination of federal officials and working with the so-called Terrorgram Collective on a hit list of 'high-value targets.' Acting U.S. attorney for the Eastern District of California, Michele Beckwith, said, 'Individuals on the list were targeted because of race, religion, national origin, sexual orientation, or gender identity, including federal officials.' More On Forbes Forbes Mamdani Doesn't Think We Should Have Billionaires. Here's Why That Will Never Happen. By Kyle Khan-Mullins Forbes Elon Musk's Robotaxi Dream Could Be A Liability Nightmare For Tesla And Its Owners By Alan Ohnsman Forbes This Secretive Company Built An Empire By Hawking Bad Financial And Health Advice On Facebook By Emily Baker-White
Forbes
29-04-2025
- Forbes
The Wiretap: The Worrying Rise Of ‘Violence-As-A-Service'
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here. getty As if there wasn't enough to worry about concerning children and teenagers being targeted online, this week Europol warned that youngsters are being recruited by organized criminal groups to carry out 'violence-as-a-service' According to the agency, this involves ' outsourcing of violent acts to criminal service providers' by 'vulnerable young people being groomed or coerced into doing so.' Cybersecurity company Trend Micro also put out research on this front. It found that there are detailed online forums in Russia where criminals were offering to carry out physical attacks for the highest bidder. In one post, a user offered to commit 'grievous bodily harm' for $5,000. 'Torture with extortion of information' was on offer for $6,000 a day. Arson of a target's apartment was offered at $10,000. The problem has become bad enough that on Tuesday, Europol announced a taskforce to deal with the crime and published advice for parents on how to keep an eye out for signs a child is being targeted by a criminal network. Among the signs to look out for? The use of encrypted messaging apps and a surprisingly healthy cash flow. There may be benign explanations for these but if you don't know how your teen is making money, it's probably a good idea to talk to them about it. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964. getty Researchers at Israeli cybersecurity startup Oligo revealed vulnerabilities in Apple's AirPlay could be used to install malware on connected devices, Wired reports. Dubbing their attacks AirBorne, the researchers showed how they could target the software development kit (SDK) used by third-party devices to work with AirPlay so they could hijack devices like speakers or smart TVs. Apple has patched weaknesses that would've allowed attacks on its own AirPlay-enabled devices, though the company told Wired those bugs could have only been exploited if users had changed default settings. Hacks of connected devices could still be possible, however, meaning tens of millions of products may remain vulnerable. Worried about your own phone? You can disable Airplay by going to settings on your iPhone and searching for it, then turn Automatically AirPlay to 'Never.' Researchers at the University of Toronto's Citizen Lab found malware masquerading as an open source word processing and spell check app for the Uyghur language. Senior members of the World Uyghur Congress living in exile were among the targets. British retail giant Marks & Spencer has been hit by a cyberattack that's downed its online payments for five days, with a ransomware group known as Scattered Spider reportedly linked to the hack. Google put out a report on Tuesday showing how zero-day attacks (which hit previously-unknown and unpatched vulnerabilities) targeting mobile devices had gone down. Zero-day exploitation of mobile devices fell by about 50% compared to this time last year, though Google did warn that it expected to see overall zero-day attacks rise steadily over the next 12 months. That's because 'the average trendline indicates that the rate of zero-day exploitation continues to grow at a slow but steady pace,' Google's researchers wrote. TechCrunch reports on two breaches in the healthcare industry this week. One was at the largest healthcare system Yale New Haven Health, which appeared to have been hit by ransomware, potentially affecting more than 5.5 million people. The other was at insurance giant Blue Health said it had been sharing patients' private health information with Google for years because of a misconfiguration.
Forbes
22-04-2025
- Business
- Forbes
The Wiretap: Trump's Cybersecurity Agency Avoided A Near Disaster
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here. getty An essential, constantly-updated database of cybersecurity vulnerabilities almost went offline last week. Run by Mitre, the Common Vulnerabilities and Exposures (CVE) database has become vital to all manner of digital defenders, from those on enterprise IT teams to those keeping tabs on national security threats. It's proven particularly helpful in understanding the severity of a software or hardware flaw, determining whether it's actively being exploited by hackers, and assessing whether a fix is urgently needed. Mitre had warned users that funding for the CVE project, which came via the DHS Cybersecurity and Infrastructure Security Agency (CISA), was going to run out on Wednesday April 16. In a last minute reprieve, though, CISA confirmed it would continue to provide financial backing for it. Inside CISA, staff told Forbes it was a whirligig week where, within 24 hours, the agency had gone from causing a disaster to averting one. 'It would have been devastating for defenders,' said one CISA employee. 'What a mess,' said another. Beyond saying that 'the CVE Program is invaluable to the cyber community and a priority of CISA,' the agency is yet to offer any kind of explanation for the brinksmanship. CISA is currently without a permanent director, with Sean Plankey, Trump's nominee, yet to be approved by Congress. The sooner the agency has some stability, the less likely such snafus come close to causing catastrophic damage to American cybersecurity. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964. Getty Images Palantir, the $20 billion surveillance company, is upping its work with Immigration Customs Enforcement (ICE) via contracts asking it to build a 'complete target analysis of known populations,' reports 404 Media. A subsequent leak of internal Palantir communications revealed that it's going to be helping locate people in the country illegally, while planning for a backlash externally and internally. Staff have been given guidance on the ethics of working on such large-scale work with an agency like ICE, showing how Palantir is worried about the optics of the contracts. Read the whole story here. Cops across America are starting to utilize AI agents to help spy on social media, according to a Wired and 404 Media report. Among the agents advertised to cops by providers were a fake college protester and a potential child sex trafficking victim. Pedestrian crosswalks were hacked in Seattle last week to have a fake Jeff Bezos start spouting tongue-in-cheek pro-billionaire spiel. 'Please, please don't tax the rich. Otherwise, all the other billionaires will move to Florida too,' it said, referencing the Amazon founder's residency change that saved him an estimated $1 billion. A draft bill currently in the Florida legislature would, if it passed, require social media companies to build backdoors that would allow law enforcement to decrypt messages. Secretary of Defense Pete Hegseth has all but confirmed new reports suggesting he shared sensitive information about U.S. attack plans in Yemen in a second Signal group chat. Forbes 30 Under 30 Europe list was launched last week. One lister was a Ukrainian cybersecurity startup, LetsData. Launched in 2022, it's an AI-driven company that claims it can spot and tackle disinformation campaigns. Michael McMahon, a retired NYPD sergeant turned private detective, has been sentenced to 18 months in prison for his part in harassing and stalking a Chinese expatriate named Xu Jin, who is wanted by his homeland's government. It's alleged McMahon helped his client even though he knew it appeared to be part of a Chinese government plot to get Jin to return to China.
Forbes
15-04-2025
- Forbes
The Wiretap: How Law Enforcement Took Control Of The Dark Web's ‘Gmail'
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here. For people seeking to keep their communications away from the prying eyes of government and law enforcement, the dark web has provided a haven for years. One option was the Darknet Mail Exchange, or DNMX, which advertised itself as just like Gmail, but with one additional benefit: 'We don't care who you are and will never ask for your information or reveal your identity; this is the dark net after all.' But in October 2023, all those promises of anonymity came undone as the Dutch police seized DNMX servers and began rummaging through users' emails. At the time, cops believed DNMX was being used for the trade of child sex abuse material, terrorist communications and narcotics trafficking. The Dutch national police declined to comment further on the seizure, other than to tell Forbes there was an investigation. 'We will do no further notices about the investigation,' said Netherlands Police spokesperson Thérèse Ariaans. She declined to comment on whether or not the police let the service continue running to ensnare more criminals. Although the service is now down, according to the Wayback Machine, the main clearweb (i.e. non darknet) site for DNMX was still active last year. There have also been reports on social media of criminals continuing to message over the platform as recently as late summer 2024. In recent years, investigators have run communications channels used by criminals, the most notable case being that of Anom, an encrypted app that was controlled by police. More recently, the FBI took over the online profile of a money launderer who went by the name ElonMuskWHM to track his clients, according to 404 Media. Court documents show some darknet users had fretted that DNMX had been hit by a law enforcement raid in 2023, though no further information was forthcoming. On Reddit, an apparent note from the DNMX administrator from 2023 warned that DNMX email accounts were 'no longer in our control.' Since the previously unreported seizure, Dutch investigators have been sharing their findings with all manner of other agencies, from Europol to American federal departments. In one case, they found a child sexual exploitation enterprise using DNMX that offered to pay people to produce illegal footage. In some cases, the DNMX user, whose illicit business was known as Newstarz, would offer to pay as much as $500,000 for a year's contract, or up to $50,000 for a series of images around a given narrative. It also offered an 'Elite Membership Level' that would provide 'sexual access to all models and families at meets,' according to court documents filed by the DOJ. The DOJ is now prosecuting a former U.S. Marine Corps officer, Jonathan Laroche, for allegedly creating CSAM and selling it to the DNMX user behind Newsta, who remains unknown, according to a search warrant and a criminal complaint. Laroche, a former Navy detective who had been sentenced in a separate case for choking a detained sailor at Naval Base San Diego earlier this year, has not yet filed a plea for a new charge of producing CSAM. Neither his lawyer nor the DOJ had responded to requests for comment at the time of publication. The owner of DNMX may have seen his service get taken down, but he promised in 2023 to offer a new one. 'The darknet needs a good email provider and I will bring a new one online soon,' according to the Reddit notice. It's unclear if that project ever bore fruit. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964. Chris Krebs, former CISA director. (Photo by Jim Lo Scalzo-Pool/Getty Images) Getty Images The White House has revoked clearance approval for Chris Krebs, former head of the Cybersecurity and Infrastructure Security Agency (CISA), and his employer SentinelOne. Trump infamously fired Krebs in 2020 after he lost the election, blaming the ex-CISA director after the latter assessed there was no evidence of votes being compromised in any way. At the time, Trump had been on the warpath trying to undermine the election result. The White House release doesn't mention that public fracas, but claimed Krebs was 'a significant bad-faith actor who weaponized and abused his Government authority.' Alongside claiming he was involved in hiding information on the Hunter Biden laptop saga, the Trump administration also alleged Krebs 'suppressed conservative viewpoints under the guise of combatting supposed disinformation, and recruited and coerced major social media platforms to further its partisan mission.' Controversial forum 4Chan was inaccessible for many users on Tuesday amid claims it had been hacked and its user data released, including moderators' identities and email addresses. Senator Ron Wyden said he will block Trump's nomination for the next CISA director, Sean Plankey, until the agency releases a report on what he alleged was a 'multi-year cover up' of security flaws at U.S. telecommunication companies, TechCrunch reports. Chinese officials quietly acknowledged to U.S. counterparts in December that the country was behind attacks on American infrastructure, like ports, water utilities and airports, the Wall Street Journal reports. The admission came in December in a Geneva summit with the outgoing Biden administration. Someone has blown the whistle on how DOGE is handling data at the National Labor Relations Board, the federal agency tasked with investigating complaints about unfair labor practices, NPR reports. Silicon Valley residents may've gotten a shock over the weekend after hackers made audio-enabled traffic control buttons imitate the voices of Mark Zuckerberg and Elon Musk. According to a TechCrunch report, one Musk voice told passersby, 'I guess they say money can't buy happiness… I guess that's true. God knows I've tried. But it can buy a Cybertruck and that's pretty sick, right?' 'F—k, I'm so alone,' the Musk voice concluded. Tailscale, which protects network traffic with a peer-to-peer mesh virtual private network, announced a $160 million Series C round, led by Accel with participation from CRV, Insight Partners, Heavybit, and Uncork Capital. Existing angel George Kurtz, CEO of cybersecurity giant Crowdstrike, put in again, alongside new investor Anthony Casalena, the CEO of Squarespace. The company, founded in 2019, claims some major AI customers, including Perplexity, Hugging Face and Groq. A breach at the U.S. Office of the Comptroller of the Currency allowed hackers to spy on over 100 bank regulators' emails for over a year, Bloomberg reports. As a result, some banks, including JPMorgan and BNY, have paused sharing information with the agency.
