Federal contract files reviewed by WIRED this week show that U.S. Customs and Border Protection is transitioning from testing small drones to using them as standard surveillance tools, a move that will further expand CBP’s already expansive scope that, in some cases, extends well beyond U.S. land borders.
Meanwhile, U.S. Immigration and Customs Enforcement is considering incorporating a broad cybersecurity contract that will include extensive surveillance and monitoring of employees. This decision comes as the US government increases investigations into leaks and condemns internal dissent.
Chinese-language artificial intelligence app Haotian can be used to create “near-perfect” face swaps during live video chats, and it’s a favorite tool of Southeast Asian scammers. An investigation by WIRED as well as independent research indicates that the company has actively marketed its tools to fraudsters, often through Telegram. Haotian’s main Telegram channel disappeared after WIRED contacted Telegram for comment.
In China, fraudsters are using AI-generated images of allegedly faulty products and services gone bad (from dead crabs to shredded sheets) to convince e-commerce sites to refund them.
And there’s more. Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
The hacker collective known as Com has been plaguing the Internet for years, hacking hundreds of companies for nihilistic fun and profit. They now have access to a particularly important and sensitive trove of highly personal data: user records from PornHub, the largest porn site in the world.
ShinyHunters, a subgroup within Com, appears to have stolen more than 200 million records for PornHub’s premium users, a total of 94GB of data detailing users’ history on the site linked to their account information, including their email addresses. According to a public statement from PornHub, the data appears to have been taken from MixPanel, a data analytics company that the porn site used until 2021, suggesting that the hacked data could be four years or more old. BleepingComputer, the news outlet that broke the news of the breach, reports that PornHub has received extortion emails from the hackers over the past week. There is no doubt that many users of the site are hoping that PornHub will pay up and that ShinyHunters will keep their personal browsing private.
Venezuela’s national oil company, Petróleos de Venezuela (PDVSA), says a cyberattack disrupted its administrative systems shortly after the U.S. military seized an oil tanker carrying nearly 2 million barrels of Venezuelan crude. In a public statement, PDVSA said operations were continuing, but accused the United States of orchestrating the intrusion as part of a broader campaign against the country’s energy sector. Reuters reports suggest the attack may have been more damaging than PDVSA acknowledged, temporarily halting deliveries of oil goods and knocking internal systems completely offline.
The episode follows an unusual escalation by Washington in its ongoing conflict with Caracas, marked by conflicting sovereignty and security claims, as well as maritime strikes and seizures targeting vessels that U.S. officials have linked to criminal networks operating under the protection of Venezuelan President Nicolas Maduro — an allegation for which the Trump administration has presented no public evidence.
Network “edge” devices, such as routers, VPNs and firewalls, have become a prime target for hackers looking for breaches to reach their targets. So news of a critical, unpatched security vulnerability in a Cisco product line represents a feeding frenzy that network intruders have been quietly taking advantage of for weeks. Cisco’s Talos research team this week revealed a zero-day in Cisco’s Secure Email Gateway and Secure Email and Web Manager products that use its AsyncOS software, noting that it had been exploited since late November by hackers who appear to be a Chinese state-sponsored group. Worse still, Cisco doesn’t yet appear to have a patch ready to fix the vulnerability.
A Cisco advisory, however, states that the vulnerability lies in the devices’ “spam quarantine” functionality, which is not exposed to the Internet by default and may be taken offline as a mitigation measure until a patch is available. “We strongly urge customers to follow the advice in the advisory to assess any exposure and mitigate risks,” read a statement from Cisco. “Cisco is actively investigating the issue and developing a permanent solution.”
Many cybersecurity professionals must have thought that the dark side is more lucrative. But two men who worked at cybersecurity firms Sygnia Consulting and DigitalMint decided to try it. After launching their own ransomware campaign, going so far as to extort a million dollars from a Florida medical device company, they have now pleaded guilty to hacking charges. Ryan Clifford Goldberg worked for Israeli company Sygnia as an incident responder, while Kevin Tyler Martin worked for American cybersecurity company DigitalMint as a ransomware negotiator, while allegedly acting as an affiliate of the notorious ALPHV ransomware gang. A third alleged co-conspirator is mentioned in court documents but has not been charged in the case.
