The FBI is warning of AI-assisted fake kidnapping scams: > Criminal actors typically will contact their victims through text message > claiming they have kidnapped their loved one and demand a ransom be paid for > their release. Oftentimes, the criminal actor will express significant claims > of violence towards the loved one if the ransom is not paid immediately. The > criminal actor will then send what appears to be a genuine photo or video of > the victim’s loved one, which upon close inspection often reveals inaccuracies > when compared to confirmed photos of the loved one. Examples of these > inaccuracies include missing tattoos or scars and inaccurate body proportions. > Criminal actors will sometimes purposefully send these photos using timed > message features to limit the amount of time victims have to analyze the > images...

Once you build a surveillance system, you can’t control who will use it: > A hacker working for the Sinaloa drug cartel was able to obtain an FBI > official’s phone records and use Mexico City’s surveillance cameras to help > track and kill the agency’s informants in 2018, according to a new US justice > department report. > > The incident was disclosed in a justice department inspector general’s audit > of the FBI’s efforts to mitigate the effects of “ubiquitous technical > surveillance,” a term used to describe the global proliferation of cameras and > the thriving trade in vast stores of communications, travel, and location > data...

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.” Details: > To retrieve information from and send commands to the hacked machines, the > malware connects to a command-and-control server that is operated by the > hacking group. According to the FBI, at least 45,000 IP addresses in the US > had back-and-forths with the command-and-control server since September 2023. > > It was that very server that allowed the FBI to finally kill this pesky bit of > malicious software. First, they tapped the know-how of French intelligence > agencies, which had ...

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: > The advisory said that the cybercriminals were successful in masquerading as > law enforcement by using compromised police accounts to send emails to > companies requesting user data. In some cases, the requests cited false > threats, like claims of human trafficking and, in one case, that an individual > would “suffer greatly or die” unless the company in question returns the > requested information...