For years, a mysterious figure who goes by the handle Stern led the Trickbot ransomware gang and evaded identificationâeven as other members of the group were outed in leaks and unmasked. This week German authorities revealed, without much fanfare, who they believe that enigmatic hacker kingpin to be: ViÂtaÂly NiÂkoÂlaeÂvich Kovalev, a 36-year-old Russian man who remains at large in his home country.
Closer to home, WIRED revealed that Customs and Border Protection has mouth-swabbed 133,000 migrant children and teenagers to collect their DNA and uploaded their genetic data into a national criminal database used by local, state, and federal law enforcement. As the Trump administrationâs migrant crackdown continues, often justified through invocations of crime and terrorism, WIRED also uncovered evidence that ties a Swedish far-right mixed-martial-arts tournament to an American neo-Nazi âfight clubâ based in California.
For those seeking to evade the US government surveillance, we offered tips about more private alternatives to US-based web browsing, email, and search tools. And we assembled a more general guide to protecting yourself from surveillance and hacking, based on questions our senior writer Matt Burgess received in a Reddit Ask Me Anything.
But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The FBI is investigating who impersonated Susie Wiles, the Trump White Houseâs chief of staff and one of the presidentâs closest advisors, in a series of fraudulent messages and calls to high-profile Republican political figures and business executives, the Wall Street Journal reported. Government officials and authorities involved in the probe say the spear phishing messages and calls appear to have targeted individuals on Wilesâ contact list, and Wiles has reportedly told colleagues that her personal phone was hacked to gain access to those contacts.
Despite Wilesâ reported claim of having her device hacked, it remains unconfirmed whether this was actually how attackers identified Wilesâ associates. It would also be possible to assemble such a target list from a combination of publicly available information and data sold by gray market brokers.
âIt’s an embarrassing level of security awareness. You cannot convince me they actually did their security trainings,â says Jake Williams, a former NSA hacker and vice president of research and development at Hunter Strategy. âThis is the type of garden variety social engineering that everyone can end up dealing with these days and certainly top government officials should be expecting it.â
In some cases, the targets received not just text messages but phone calls that impersonated Wilesâ voice, and some government officials believe the calls may have used artificial intelligence tools to fake Wilesâ voice. If so, that would make the incident one of the most significant cases yet of so-called âdeepfakeâ software being used in a phishing attempt.
Itâs not yet clear how Wilesâ phone might have been hacked, but the FBI has ruled out that a foreign nation is involved in the impersonation campaign, the Bureau reportedly told White House officials. In fact, while some of the impersonation attempts appeared to have political goalsâa member of Congress, for instance, was asked to assemble a list of people Trump might pardonâin at least one other case the impersonator tried to trick a target into setting up a cash transfer. That attempt at a money grab suggests that the spoofing campaign may be less of an espionage operation than a run-of-the-mill cybercriminal fraud scheme, albeit one with a very high-level target.