Hackers may have deep chief of staff in the phishing campaign

Over the years, The mysterious figure walking at the stern of the handle ship led the Trickbot ransomware gang and evaded identity proof, even if the rest of the group was leaked and revealed. German authorities revealed this week that there was no big fanfare that they thought he was a mysterious hacker: Vitaly Nikolaevich Kovalev, a 36-year-old Russian man who is still big in his home country.
Wired, close to home, revealed that customs and border protection measures have allowed 133,000 immigrant children and teenagers to collect their DNA and upload their genetic data to a national crime database used by local, state and federal law enforcement. As the Trump administration’s immigration crackdown continues, often justified by invocations of crime and terrorism, Cable also found evidence that links the Swedish far-right hybrid martial arts tournament to the California-based neo-Nazi “fight club.”
For those seeking to escape U.S. government surveillance, we provide tips on more private alternatives to U.S.-based web browsing, email, and search tools. Based on the questions our senior writer Matt Burgess received in Reddit, we have put together a more general guide to protecting ourselves from surveillance and hacking.
But that’s not all. Every week, we fill in security and privacy news that we don’t cover in depth. Click on the headlines to read the full story. And stay safe.
According to the Wall Street Journal, the FBI is investigating who imitated Trump’s White House Chief of Staff and one of the president’s closest advisers, Susie Wiles, among a series of fraudulent messages and calls for high-profile Republican politicians and business executives. Government officials and authorities involved in the investigation said the spear-like messages and calls appeared to target individuals on Wells’ contact list, and Wells reportedly told colleagues that her personal phone was hacked to access the contacts.
Although Wells reported that her device was hacked, it has not been confirmed whether this is how the attacker determined Wells colleagues. Such target lists can also be combined from public information and data combinations sold by gray market brokers.
“It’s an embarrassing sense of security. You can’t convince me they actually got training in security,” said Jack Williams, NSA Hacker and vice president of R&D at Hunter Strategy. “This is the type of garden social engineering that everyone can eventually handle these days, and of course, government officials should expect that.”
In some cases, the target received not only text messages, but also calls that mimic Wells’ voice, which some government officials believe may use artificial intelligence tools to fake Wells’ voice. If so, that would make the event one of the most important cases of using the so-called DeepFake software in phishing attempts.
The bureau reportedly told White House officials that it was unclear how Wells’ phone could have been hacked, but the FBI has ruled out a foreign involvement in the imitation campaign. In fact, while some imitation attempts seem to have political goals—for example, members of Congress are asked to assemble a list of people Trump may pardon—the imitators try to deceive the target to establish a cash transfer, at least in another case. This money-making attempt shows that the deception campaign may be less than espionage than a frequently used cybercrime fraud scheme, despite its very advanced goals.