The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
Multiple telecoms giants have been hacked by a Chinese government cyber espionage unit commonly referred to as Salt Typhoon, according to a report in the Wall Street Journal. The paper cited individuals familiar with the matter, who said China had tried to access systems that police use to intercept traffic for criminal investigations. It’s unknown if the hackers also compromised systems used to intercept traffic abroad.
Among the victims were AT&T, Verizon and Lumen Technologies. None commented on the attacks.
This highlights a potential blind spot in America’s critical networks: the “backdoors” enabling law enforcement to have some level of remote access to telecoms companies when they’re ordered to carry out a wiretap. “When commercial entities build systems that capture or can access mass data, hackers & intelligence services will come for them,” John Scott-Railton, a cybersecurity researcher for the University of Toronto’s Citizen Lab, wrote on X.
“Whether it’s for advertising or lawful interception, they will get breached. It’s just a matter of when.”
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
Roblox ‘Fails To Protect Children,’ Shortseller Warns
Short seller Hindenburg Research has taken a short position on gaming company Roblox and claimed that it both inflated user metrics and failed to protect children from harmful content. Hindenburg, which has a reputation of putting out research on public companies it bets against on the stock market, also accused Roblox of allowing an “X-rated pedophile hellscape” as the firm discovered “requests to trade child pornography and engage in sexual roleplay fantasies with children” on the site.
The allegations have caused Roblox’s share price to fall, but the company slammed the short seller’s report as “misleading,” telling the Wall Street Journal, “We firmly believe that Roblox is a safe and secure platform and in the financial metrics we report.”
Stories You Have To Read Today
Harvard researchers have added facial recognition to Meta’s Ray Ban augmented reality glasses, identifying individuals just by looking at them, based on their online profiles. The scientists combined the glasses with the Pimeyes facial recognition software and other tools, which made it possible to instantly display people’s personal information, including their address and contact details, 404 Media reports.
The Washington Post has an investigation looking at multiple cases where cops apprehended someone partly based on a facial recognition match and didn’t disclose using the tech, even though it’s previously been associated with wrongful arrests. The reporting itself reveals some of this opacity–the Post filed document requests from more than 100 police departments, but only 30 provided arrest records.
Winner of the Week
Jen Easterly, head of the DHS Cybersecurity and Infrastructure Security Agency (CISA), says that there’s zero chance of hackers influencing next month’s presidential election. “Malicious actors, even if they tried, could not have an impact at scale such that there would be a material effect on the outcome of the election,” Easterly told The Associated Press. She said the technologies used to handle ballots had never been more secure.
Loser of the Week
The AP has a longform read on how IronNet, a company cofounded with a former NSA chief and packed with ex-US intelligence staff, fell apart. The business promised to find hackers and weaknesses on clients’ networks but collapsed thanks to what sources described as dubious business practices, poor products and “associations that could have left the firm vulnerable to meddling by the Kremlin.”
