Plus: Congress Launches Flock Safety Inquiry |
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. (Did someone forward this to you? To get it in your inbox, subscribe here.)
Records systems used by the Department of Justice and defense counsels have been breached, according to Politico, and the hack could expose highly sensitive information on informants, witnesses and sealed cases.
The breach hit two components of the judiciary’s records system: Case Management/Electronic Case Files, or CM/ECF, used by legal professionals to upload and manage case documents; and PACER, which is used by the public (including Forbes reporters) to access court files.
It’s unclear who carried out the breach, which is still being investigated, though the possibility of a nation state-sponsored attack hasn’t been ruled out. Neither the Administrative Office of the U.S. Courts, which runs the records systems, nor the Justice Department have commented.
The hack itself poses a number of potential harms down the road. Any leak could expose–and consequently endanger–confidential sources. It could also tip off suspects being investigated, but who haven’t yet been arrested or charged, given them a chance to destroy evidence or otherwise cover up their tracks.
Given the sensitivity of the data hosted on the platform, you might expect it to be well secured. But earlier this year, Michael Scudder, chair of the Committee on Information Technology for the federal courts’ national policymaking body, told the House Judiciary Committee the systems were “outdated, unsustainable due to cyber risks, and require replacement.” |
|
404 Media, which has been doing plenty of reporting on Flock Safety of late, notes that two members of Congress have launched a formal investigation into the company.
The Committee on Oversight and Government Reform will be looking into Flock’s “role in enabling invasive surveillance practices that threaten the privacy, safety, and civil liberties of women, immigrants, and other vulnerable Americans.”
Flock says it takes civil liberties seriously and is looking forward to working with the committee. |
|
|
| The Stories You Have To Read Today |
|
Last week, Vegas was home to two major cybersecurity conferences: the Black Hat and DEF CON. These annual gatherings of security pros produced a ton of new security findings. Some highlights:
Security researchers figured out how to crack eight brands of electronic safes using two different techniques, both exposing significant vulnerabilities, Wired reports.
The same publication reports that researchers found a way to hijack Google’s Gemini AI to mess with smart home devices. It began with a poisoned Google Calendar invitation, which included instructions to turn on smart home products. When Gemini was later asked to summarize upcoming calendar events, the instructions were triggered to turn off lights and switch a connected boiler on. Google said the research had led it to speed up security improvements to protect against similar attacks.
Other researchers poked holes in Apple Intelligence privacy, which is shifting data around its company servers “beyond what its privacy policies indicate,” reports Cyberscoop. They claimed that may increase the risk of user information being exposed. Apple said it didn’t agree with the findings and said they didn’t represent privacy violations.
|
|
| Also at DEF CON, a group of researchers from Samsung and Georgia Tech, called Team Atlanta, won the $4 million top prize of the AI Cyber Challenge, run by the Pentagon’s research arm DARPA. Their winning entry was an AI program that could autonomously find and fix cybersecurity vulnerabilities. “As hackers we started this competition as AI skeptics, but now we truly believe in the potential of adopting large language models when solving security problems,” said Georgia Tech professor and Samsung’s vice president of research Taesoo Kim. |
|
| Outside of the conferences, Google suffered a hack in which one of its Salesforce database systems was breached, exposing contact information and related notes for small and medium businesses. The Air France and KLM airlines were hit in similar attacks. |
|
|
