Iran is in a nationwide internet shutdown with only the country’s regime-built intranet available, plunging Iranians into digital darkness and making it difficult for humanitarian aid workers, journalists, and others to disseminate information both inside and outside the country. As strikes on Tehran began last weekend, an apparently hacked prayer app sent messages saying “surrender” and “help is on the way” to Iranians around the country.
Meanwhile, GPS attacks like jamming—not to mention physical threats—are on the rise in the Strait of Hormuz, threatening shipping vessels. Security camera hacking has emerged as part of the playbook of war. And missile-intercept systems across the Middle East are under strain—and in some cases being destroyed in strikes.
Trump ousted Department of Homeland Security secretary Kristi Noem this week. Her tenure was marked by aggressive anti-immigration tactics and ICE and CBP’s killing of two US protesters. A highly sophisticated iPhone hacking tool kit that was likely originally built for the US government is in the hands of multiple other nations as well as scammers who have likely used the tools to infect tens of thousands of phones or more. Some US lawmakers are calling for an investigation into the threat of the decades-old side-channel hacking technique. And WIRED went inside how music streaming CEO Elie Habib built the open-source global threat map World Monitor in his spare time.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
United States Customs and Border Protection has, for the first time, admitted it purchased phone location data from the sprawling, surveillance-heavy online advertising industry. The agency’s acknowledgement was included in a document, called a Privacy Threshold Analysis, obtained by 404 Media through a Freedom of Information Act request. The document relates to a trial that CBP ran between 2019 and 2021.
The publication reports that CBP purchased data linked to real-time bidding processes. When you see ads online or in apps, they have often been shown to you after automated, instantaneous, auctions take place where advertisers bid to show you that specific ad. The murkiest parts of the advertising industry can collect data from your device, including your phone’s identifying details and location data; this is then repackaged and sold to companies and entities. The data has been called a “gold mine” for tracking people’s daily activities.
CBP did not respond to 404 Media’s request for comment on whether it is still buying the data; however, ICE has reportedly planned to purchase access to another system, called Webloc, that allows whole neighborhoods to be monitored for mobile phone movements.
The FBI was able to identify a protester in Atlanta after ultimately obtaining information from Swiss encrypted email service Proton Mail, court documents have revealed this week. A court document reviewed by 404 Media shows that payment information linked to a Proton email address was provided to US law enforcement by Swiss authorities after a request was made under an Mutual Legal Assistance Treaty (MLAT), which allows agencies to share data internationally.
Swiss officials made a request for the data under Swiss laws to Proton for payment information linked to the email address defendtheatlantaforest@protonmail.com, which was associated with protests in Atlanta. This information was then provided to US law enforcement officials under the international agreements, and they were able to identify an individual linked to the account.