Law enforcement in the United States, United Kingdom, and Australia this week named a Russian national as the person behind LockBitSupp, the pseudonym of the leader of the LockBit ransomware gang that the US says is responsible for extracting $500 million from its victims. Dmitry Yuryevich Khoroshev has been sanctioned and charged with 26 criminal counts in the US, which combined could result in a prison sentence of 185 years. That is, if he’s ever arrested and successfully prosecuted—an extremely rare event for suspects who live in Russia.
Elsewhere in the world of cybercrime, WIRED’s Andy Greenberg interviewed a representative of Cyber Army of Russia, a group of hackers who have targeted water utilities in the US and Europe and are said to have ties to the notorious Russian military hacking unit known as Sandworm. The responses from Cyber Army of Russia were littered with pro-Kremlin talking points—and some curious admissions.
A deputy director of the FBI has urged the agency’s employees to continue to use a massive foreign surveillance database to search for the communications of “US persons,” sparking the ire of privacy and civil liberty advocates who unsuccessfully fought for such searches to require a warrant. Section 702 of the Foreign Intelligence Surveillance Act requires that “targets” of the surveillance program be based outside the US, but the texts, emails, and phone call of people in the US can be included in the 702 database if one of the parties involved in the communication is foreign. An amendment that would have required the FBI to obtain a warrant for 702 searches of US persons failed in a tie vote earlier this year.
Security researchers this week revealed an attack on VPNs that forces some or all of a user’s web traffic to be routed outside the encrypted tunnel, thus negating the entire reason for using a VPN. Dubbed “TunnelVision,” the attack impacts nearly all VPN applications, and the researchers say the attack has been possible since 2022, meaning it’s possible that it’s already been used by malicious actors.
That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Microsoft has developed an offline generative AI model designed specifically to handle top-secret information for US intelligence agencies, according to Bloomberg. This system, based on GPT-4, is isolated from the internet and only accessible through a network exclusive to the US government. William Chappell, Microsoft's chief technology officer for strategic missions and technology, told Bloomberg that, theoretically, around 10,000 individuals could access the system.
Although spy agencies are eager to leverage the capabilities of generative AI, concerns have been raised about the potential unintended leakage of classified information, as these systems typically rely on online cloud services for data processing. However, Microsoft claims that the model it created for the US government is “clean,” meaning it can read files without learning from them, preventing secret information from being integrated into the platform. Bloomberg noted that this marks the first time a major large language model has operated entirely offline.
Sky News reported this week that Britain's Ministry of Defence was the target of a significant cyberattack on its third-party payroll system. On Tuesday, Grant Shapps, the UK defence secretary, informed members of Parliament that payroll records of approximately 270,000 current and former military personnel, including their home addresses, had been accessed in the cyberattack. “State involvement” could not be ruled out, he said.
While the government has not publicly identified a specific country involved, Sky News has reported that the Chinese government is suspected. China’s foreign ministry has denied the allegations, saying in a statement that it “firmly opposes and fights all forms of cyber attacks” and “rejects the use of this issue politically to smear other countries.”
The payroll company, Shared Services Connected, had known about the breach for months before reporting it to the government, according to The Guardian.
The United States Marine Forces Special Operations Command (MARSOC) is testing robotic dogs that can be armed with artificial-intelligence-enabled gun systems. According to reporting from The War Zone, the manufacturer of the AI gun system, Onyx Industries, confirmed to reporters at a defense conference this week that as many as two of MARSOC’s robot dogs, developed by Ghost Robotics, are equipped with its weapons systems.
In a statement to The War Zone, MARSOC clarified that the robot dogs are “under evaluation” and are not yet being deployed in the field. They noted that weapons are just one possible application for the technology, which could also be used for surveillance and reconnaissance. MARSOC emphasized that they are fully compliant with US Department of Defense policies on autonomous weapons.
The US Marine Corps has previously tested robotic dogs armed with rocket launchers.
Days after a hacker posted to BreachForums offering to sell data from nearly 50 million Dell customers, the company began notifying its customers of a data breach in a company portal. According to the email sent to the people impacted, the leaked data contains names, addresses, and information about purchased hardware. “The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information,” the email to affected customers states.
