This week, revelations from a United States Customs and Border Protection (CBP) request for information highlighted the agency’s intention to acquire face recognition technology aimed at capturing data on all individuals entering the country via vehicles, including those in the back seats. CBP representatives later informed WIRED of plans to enhance real-time face recognition capabilities at border crossings for individuals leaving the US. This initiative may be linked to the previous administration’s strategy promoting the self-deportation of undocumented migrants.
In another development, WIRED disclosed a recent CBP memorandum that rescinded several internal policies established to protect vulnerable groups, including pregnant women, infants, the elderly, and those with serious medical conditions, while under the agency’s custody. Signed by acting commissioner Pete Flores, the order nullifies four policies that were enacted during the Biden administration.
Concurrently, the “SignalGate” situation continues to unfold, with the communication app TeleMessage halting all services pending an investigation. This suspension follows comments from former U.S. National Security Adviser Mike Waltz, which brought unwanted attention to the app, leading to data breaches. Analysis of the TeleMessage source code revealed that it transmits user message logs in plaintext, effectively undermining its security assurances. Subsequently, when it was discovered that some CBP agents might use this app, the agency confirmed its usage and announced the precautionary measure of disabling it.
A WIRED investigation also uncovered that Tulsi Gabbard, the U.S. Director of National Intelligence, reused a weak password across multiple accounts for several years. Researchers have raised concerns about an open-source tool known as “easyjson,” which potentially exposes U.S. government and corporate entities due to its affiliation with the Russian social network VK, whose CEO faces sanctions.
Further investigations revealed the consequences of a security breach at GlobalX, an airline involved in deportation flights for the Trump administration, often referred to as “ICE Air.” Hackers disclosed sensitive data, including detailed flight manifests from deportation flights, raising ethical concerns regarding transparency in governmental deportation processes. One case highlighted involved Ricardo Prada Vásquez, a Venezuelan man whose location had been obscured by U.S. immigration authorities, reflecting systemic failures in record-keeping practices.
On another note, cybersecurity researcher Micah Lee has identified potential security risks within Elon Musk’s Department of Governmental Efficiency (DOGE). A staffer managed to access FEMA’s financial system while reportedly infected with information-stealing malware. This incident underscores the risks associated with the deployment of inexperienced personnel within sensitive government operations.
In the realm of artificial intelligence, Musk’s AI tool Grok has invoked controversy as users have reportedly exploited the system to request inappropriate image modifications. Despite not generating explicit content, Grok has responded to such prompts with lingerie images, further provoking scrutiny of its content moderation capabilities.
This week also brought attention to ongoing extortion threats faced by schools in North Carolina and Canada, stemming from a December ransomware breach at PowerSchool, a major education software firm. The attack highlights vulnerabilities in sensitive data management, emphasizing the reluctance of bad actors to destroy stolen data even after ransom payments are made.
Finally, the notorious site MrDeepFakes.com has gone offline after the identification of its creator, a Canadian pharmacist. The shutdown followed investigative work by multiple outlets revealing that the operator had left digital trails leading back to his personal accounts. The closure of such a site underscores the ongoing battle against nonconsensual pornography facilitated by advances in AI technology.
As these incidents unfold, each serves as a stark reminder of the potential vulnerabilities in both government operations and private institutions. Awareness and proactive measures in cybersecurity are vital in a continually evolving threat landscape.
