RISKS-LIST: Risks-Forum Digest Saturday 19 July 2025 Volume 34 : Issue 72
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/34.72>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Growing Challenge of Radar Interference in Autonomous Vehicles (EE Times) Financial institutions should prepare for subsea cable sabotage (FT)
Railroad industry first warned about this nasty vulnerability in 2005.
(Security Boulevard)
Driving assistance systems could backfire: Some warning alerts can lead to
more hazardous driving (phys.org)
Bug / Feature of Google Maps (Amos Shapir)
Calif hit hard by weather service cuts (LA Times)
Ghostwriting Scam (Schneier on Security)
Trial against Meta higher-ups ends on 2nd day as investors, Zuckerberg reach
settlement (CDC)
Mercedes-Benz will let you use an in-car camera in Microsoft Teams while
driving (The Verge)
Hackers exploit a blind spot by hiding malware inside DNS records
(ArsTechnica)
Crypto Industry Reaches Milestone with Passage of Its First Major Bill
(NY Times)
Plans to augment or replace government with AI (WashPost)
Looking for a job? An AI recruiter might interview you next (NBCNews)
AI videos are tricking tourists into visiting places that don't exist.
That's just the beginning (Fast Company)
Artificial Intelligence, Cybersecurity, and National Security
(Richard Danzig)
Name collisions meet AI with predictable results (Dave Barry)
Malware finding a way (Sundry sources via Spaf)
Update on where has @grok been & what happened on July 8th. (xAI)
'I can't drink the water': life next to a U.S. data centre (bbc.com)
Meta Built a Data Center Next Door. The Neighbors’ Water Taps Went Dry.
(The New York Times)
Musicians fight uphill battle as AI infiltrates streaming platforms, cutting
into royalties (CBC)
Garbage AI Overviews from Google (Lauren Weinstein)
Got a weird text message? 'Smishing' scams likely rising because of AI,
experts warn (CDC)
Chinese authorities are using a new tool to hack seized phones and extract
data (TechCrunch)
Spain chooses Huawei for intelligence wiretaps despite risks
(European Times)
National Guard hacked by Chinese 'Salt Typhoon' campaign for nearly a year,
DHS memo says (NBC News)
Microsoft Digital Escorts Could Expose Defense Dept Data to Chinese Hackers
(ProPublica)
ICEBlock isn't completely anonymous, but no app is (The Verge)
Not just no. HELL NO! ChatGPT Agent Wants You to Hand Over Full Control of
Your Computer (Gizmodo)
UK lowering voting age to 16 ... (Lauren Weinstein)
Re: Interesting Quirky Japanese research result (Martin Ward)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 16 Jul 2025 09:15:37 -0700
From: geoff goodfellow <
[email protected]>
Subject: Growing Challenge of Radar Interference in Autonomous
Vehicles (EE Times)
Radar technology has become a foundational sensor modality in modern
vehicles, offering reliable object detection and distance measurement across
a variety of environmental conditions.
As automakers advance towards higher levels of autonomy, the prevalence of radar sensors is increasing not only in front-facing configurations but also around the entire vehicle perimeter. However, this growing sensor density is giving rise to an emerging challenge that has largely gone unnoticed: radar interference.
While it is not yet a widespread concern, the risk of radar-to-radar interference is becoming more significant as the automotive radar landscape continues to evolve. If this issue is not addressed, it could lead to perception failures, degraded performance, and ultimately, a decline in
"Those in need of emergency services should call 911 but also be prepared to call nonemergency lines in their counties, he said.
"Next Generation 911 is based on the Internet and designed to route calls around problems.
"The outages came after the push of a software update for the state's
system, Padfield said, but so far, the push doesn't appear to be the
culprit."
------------------------------
Date: Wed, 16 Jul 2025 09:08:39 -0700
From: geoff goodfellow <
[email protected]>
Subject: Financial institutions should prepare for subsea cable sabotage
(FT)
Attacks on the infrastructure that moves money could be a bigger threat
than cyber hacks.
A string of mysterious undersea cable incidents is spooking governments and NATO. But they should spook another group too: the financial services
industry. If several cables connecting Britain or the US east coast were severed, the City of London and Wall Street would face colossal disruption
and losses. Both London and New York should prepare for it.
On Christmas Day last year, the Cook Islands-flagged tanker Eagle S hit five cables in the Gulf of Finland. Had the Finnish Border Guard not boarded the tanker, which belongs to Russia's so-called shadow fleet, the destruction
could have been even worse. The cables' operators closely followed the developments -- and so did Jaakko Weuro, the head of Finland's Financial Stability Authority (RVV).
RVV, established in 2015 to protect taxpayers from the effects of financial crises and to prevent financial crises, is not in charge of undersea infrastructure. But money travels through the world's more than 500 data
cables -- some $10tn of it every single day.
Weuro knew that if the Eagle S had hit more cables before the Border Guard intervened, Finland's financial stability could have been shaken. Since
2022, Finland has been working to set up a rudimentary system ensuring
payments in case of a blackout.
But most other countries don't even have a Finnish-style backup. ``We need with satellites.'' Compared to undersea cables, satellites are costly and cumbersome. No wonder the workhorses of the ocean carry 99 per cent of all Internet traffic, including virtually all financial transactions.
If the cable system fails, what do we do? There is no clear answer. London
and New York, too, are profoundly dependent on the cables. The coasts off
these two cities just happen to be hubs for the cables connecting the UK
with Europe and the east coast of the US with Europe, which makes them even more attractive for sabotage. [...]
https://on.ft.com/4nWOyoc
------------------------------
Date: Wed, 16 Jul 2025 17:35:21 -0400
From: Gabe Goldberg <
[email protected]>
Subject: Railroad industry first warned about this nasty vulnerability
in 2005. (Security Boulevard)
Freight trains in the U.S. use a radio link between front and rear, designed around 40 years ago. It’s emerged that the Flashing Rear End Device (FRED) can be told to slam on the brakes via an extremely weak wireless protocol.
The latest researcher to signal the problem says, “You could shutdown the entire railway system.” In today’s SB Blogwatch, we get to the points.
https://securityboulevard.com/2025/07/train-fred-vuln-20-years-richixbw
------------------------------
Date: Sat, 12 Jul 2025 09:31:42 +0000
From: Richard Marlon Stein <
[email protected]>
Subject: Driving assistance systems could backfire: Some warning alerts can
lead to more hazardous driving (phys.org)
https://techxplore.com/news/2025-07-backfire-hazardous.html
"In recent years, every new car driver has been getting used to bells and beeps. As automakers try to make cars safer, they've introduced
increasingly sophisticated driving assistance systems, to warn a driver when they're drifting out of their lane or someone's in their blind spot.
"But do these features actually improve safety? Proponents point to studies showing that blind spot and lane departure warnings lead to decreases in collisions. Skeptics contend the systems can make drivers less attentive, relying too much on warning signals."
------------------------------
Date: Sat, 12 Jul 2025 12:05:50 +0300
From: Amos Shapir <
[email protected]>
Subject: Bug / Feature of Google Maps
I was driving while navigating with Waze, when I noticed it was directing
me to a wrong address. It turned out that whenever I searched for a
specific address (say, "32 State Ave"), Waze would direct to another (say,
"21 Main st.").
I filed a complaint with Waze, they indicated that the culprit was Google
Maps -- which indeed showed the same behavior for that address. It seems
that someone had saved the location at 21 Main st., but labeled it as
"32 State Ave". Consequently, anyone searching for the latter, would
(also) receive a suggestion directing to the former.
A human searching on Google Maps, could note the wrong address, but it seems that when Waze does that, it accepts Google Maps' first suggestion. It
seems that Google Maps allows *anything* in a saved location's label,
including a wrong address.
------------------------------
Date: Wed, 16 Jul 2025 06:16:29 -0700
From: Jim Geissman <
[email protected]>
Subject: Calif hit hard by weather service cuts (LA Times)
NWS offices in California suffering staff vacancies
http://enewspaper.latimes.com/infinity/article_share.aspx?guid=fd7ee0af-f0e1 -464c-b2b1-2d767162cdb8
[LW's comment on this:
In wake of Texas flooding, Trump orders NOAA to SHUT DOWN emergency
warning systems to save money.
https://bsky.app/profile/markey.senate.gov/post/3ltzxwu4ohs2y
]
------------------------------
Date: Wed, 16 Jul 2025 15:38:05 -0400
From: Gabe Goldberg <
[email protected]>
Subject: Ghostwriting Scam (Schneier on Security)
The variations seem to be endless. Here’s a fake ghostwriting scam that
seems to be making boatloads of money.
This is a big story about scams being run from Texas and Pakistan
estimated to run into tens if not hundreds of millions of dollars,
viciously defrauding Americans with false hopes of publishing bestseller
books (a scam you’d not think many people would fall for but is
surprisingly huge). In January, three people were charged with defrauding
elderly authors across the United States of almost $44 million by
“convincing the victims that publishers and filmmakers wanted to turn
their books into blockbusters.”
https://www.schneier.com/blog/archives/2025/06/ghostwriting-scam.html
------------------------------
Date: Thu, 17 Jul 2025 13:15:01 -0600
From: Matthew Kruk <
[email protected]>
Subject: Trial against Meta higher-ups ends on 2nd day as investors,
Zuckerberg reach settlement (CDC)
https://www.cbc.ca/news/business/meta-trial-settlement-1.7587412
Mark Zuckerberg and current and former directors and officers of Meta
Platforms agreed on Thursday to settle claims seeking $8 billion for the
damage they allegedly caused the company by allowing repeated violations of Facebook users' privacy, a lawyer for the shareholders told a Delaware
judge on Thursday.
None of the parties disclosed details of the settlement, and defence
lawyers did not address the judge, Kathaleen McCormick of the Delaware
ReCourt of Chancery. McCormick adjourned the trial -- which was entering its second day -- and she congratulated the parties.
------------------------------
Date: Thu, 17 Jul 2025 09:05:00 -0400
From: Monty Solomon <
[email protected]>
Subject: Mercedes-Benz will let you use an in-car camera in Microsoft Teams
while driving (The Verge)
https://www.theverge.com/news/708481/microsoft-teams-mercedes-benz-integration-in-car-camera-support
------------------------------
Date: Thu, 17 Jul 2025 09:08:01 -0400
From: Monty Solomon <
[email protected]>
Subject: Hackers exploit a blind spot by hiding malware inside DNS records
(ArsTechnica)
https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/
------------------------------
Date: Fri, 18 Jul 2025 15:05:44 PDT
From: Peter Neumann <
[email protected]>
Subject: Crypto Industry Reaches Milestone with Passage of Its First Major
Bill (NY Times)
David Yaffe-Bellany and Robert Jimson, *The New York Times*,
National Edition page A18, 18 Jul 2025
Determined lobbyig efforts overcome a week of squabbling
Bipartisan vote in the U.S. House sent the Genius Act to the
President, for his expected signature. The House also passed the
Clarity Act, sending the Senate legislation that would establish
cryptocurrency market regulation that industry executives have
championed for months.
Final para:
If the Clarity Act passed, ``we'd definitely be boxed out of
bringing any cases for past misconduct. It would retroactively
bless all the conduct of the crypto[currency] industry.'' Quote
from Amanda Fischer, who was a top SEC official during the Biden
administration.
------------------------------
Date: Tue, 15 Jul 2025 10:15:01 -0700
From: Jim Geissman <
[email protected]>
Subject: Plans to augment or replace government with AI (WashPost)
The government wants AI to fight wars and review your taxes.
The Trump administration is pushing federal agencies to rapidly adopt artificial intelligence tools. Are the efficiency gains worth the risks?
Elon Musk has receded from Washington but one of his most disruptive ideas about government is surging inside the Trump administration.
Artificial intelligence, Musk has said, can do a better job than federal employees at many tasks - a notion being tested by AI projects trying to automate work across nearly every agency in the executive branch. <
https://www.bloomberg.com/news/articles/2025-05-05/musk-at-milken-says-ai-c an-offset-losing-some-government-workers>
The Federal Aviation Administration is exploring whether AI can be a better
air traffic controller. The Pentagon is using AI to help officers
distinguish between combatants and civilians in the field, and said Monday
that its personnel would begin using the chatbot Grok offered by Musk's start-up, xAI, which is trying to gain a foothold in federal agencies.
Artificial intelligence technology could soon play a central role in tax audits, airport security screenings and more, according to public documents
and interviews with current and former federal workers.
Many of these AI programs aim to shrink the federal workforce - continuing
the work of Musk's U.S. DOGE Service that has cut thousands of government employees. Government AI is also promised to reduce wait times and lower
costs to American taxpayers.
Government tech watchdogs worry the Trump administration's automation drive
-- combined with federal layoffs - will give unproven technology an outsize role.
If AI drives federal decision-making instead of aiding human experts,
glitches could unfairly deprive people of benefits or harm public safety,
said Elizabeth Laird, a director at the Washington-based nonprofit Center
for Democracy and Technology.
There is "a fundamental mismatch" between what AI can do and what citizens expect from government, she said.
President Joe Biden in 2023 signed an executive order <
https://img3.washingtonpost.com/technology/2023/10/30/biden-artificial-intelligence-executive-order/> aimed at spurring government use of AI, while
also containing its risks. In January, President Donald Trump repealed that order. His administration has removed AI guardrails while seeking to
accelerate its rollout.
A comprehensive White House AI plan is expected this month.
"President Trump has long stressed the importance of American AI dominance,
and his administration is using every possible tool to streamline our government and deliver more efficient results for the American people,"
White House spokeswoman Anna Kelly said in a statement.
The Washington Post reviewed government disclosures and interviewed current
and former federal workers about plans to expand government AI. Some
expressed alarm at the administration's disregard for safety and government staff. Others saw potential to improve efficiency.
"In government, you have so much that needs doing and AI can help get it
done and get it done faster," said Jennifer Pahlka, who was deputy U.S.
chief technology officer in President Barack Obama's second term.
Sahil Lavingia, a former DOGE staffer who pushed the Department of Veterans Affairs to use AI to identify <
https://www.propublica.org/article/inside-ai-tool-doge-veterans-affairs-con tracts-sahil-lavingia> potentially wasteful spending, said government
should aggressively deploy the technology becoming so prevalent elsewhere. Government processes are efficient today, he said, "but could be made more efficient with AI."
Lavingia argued no task should be off limits for experimentation,
"especially in war."
"I don't trust humans with life and death tasks," he said, echoing a
maximalist view of AI's potential shared by some DOGE staffers.
Here's how AI is being deployed within some government agencies embracing
the technology. [The article discusses these areas.]
1.
<
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#YSAISJBYYZCFLHY5Z3P5V2REKE-0> Waging war
2.
<
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#655D26QBO5CQZLG6RU6MRNRSWU-1> Air traffic control
3.
<
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#2DSI3R4NTJBAJPTWJJRXQ3PHR4-2> Examining patents
4.
<
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#BULDPXMZVJBUTMUR4ZFDLULRSU-3> Airport security screening
5.
<
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#LEMZM5ESTJCT5NO5BHB3MKYZCE-4> Tax audits
6.
<
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#C6DJDKBET5HGPGYOAWWZFVHUY4-5> Caring for veterans
https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war-t axes-jobs/
------------------------------
Date: Sat, 12 Jul 2025 07:46:10 -0700
From: Steve Bacher <
[email protected]>
Subject: Looking for a job? An AI recruiter might interview you next
(NBCNews)
The use of AI recruiters has rolled out quickly among major companies
despite glitches and privacy concerns.
Wafa Shafiq, a 26-year-old Canadian marketing professional and lifestyle influencer, has been job hunting off and on since winter 2024.
She applied for a Marketing Specialist II position with a retirement plan company around midnight and was emailed by someone named Alex almost immediately. Shafiq answered screening questions and scheduled an initial interview with Alex for the next day.
But there was a catch — Alex wasn’t human.
Alex was an AI talent recruiting agent that would also be interviewing her
for the position, Shafiq discovered after an Internet deep dive into
Apriora, the company behind Alex.
Shafiq had stumbled into the world of AI recruiting agents that can interact with candidates via text, phone and even video calls. These AI talent acquisition agents have been used and tested by major brands including the Boston Red Sox, Zillow, Chipotle, Ace Hardware, Sears Home Services, Club Pilates, McDonald’s and more, according to AI recruiting companies.
The use of the technology has quickly scaled to some of the world’s biggest companies, despite viral videos showing glitches with the technology and a security vulnerability that potentially exposed applicants’ data to hackers. [...]
https://www.nbcnews.com/tech/innovation/ai-job-recruiters-used-top-companies-glitches-rcna215128
------------------------------
Date: Fri, 18 Jul 2025 16:12:05 -0600
From: Jim Reisert AD1C <
[email protected]>
Subject: AI videos are tricking tourists into visiting places that
don't exist. That's just the beginning (Fast Company)
Jesus Diaz, Fast Company, 07-17-2025
I can perfectly imagine the pain, confusion, and betrayal in the voice of
the elderly Malaysian woman who, according to a hotel staff member, asked
"Why do they do this to people?" when she found out that her dream holiday destination wasn't real but a video fabricated with Veo3, the generative artificial engine made by Google. She and her husband had just driven three hours from Kuala Lumpur to this location in Perak state, convinced they
would find a scenic cable car attraction called the Kuak Skyride. Instead of
a gondola to wander across paradise, they found nothing but a quiet town and
a hotel worker trying to explain that the glamorous TV journalist they'd watched on TikTok—the one who had ridden the tram through lush forests and interviewed happy tourists—had never existed at all.
https://www.fastcompany.com/91368492/ai-video-tricking-tourists-places-that-dont-exist
------------------------------
Date: Tue, 15 Jul 2025 21:21:31 PDT
From: Peter Neumann <
[email protected]>
Subject: Artificial Intelligence, Cybersecurity, and National Security
(Richard Danzig)
Richard Danzig,
Artificial Intelligence, Cybersecurity, and National Security
The Fierce Urgency of Now
https://www.rand.org/pubs/perspectives/PEA4079-1.html
------------------------------
Date: Fri, 18 Jul 2025 17:03:57 -0400
From: Gabe Goldberg <
[email protected]>
Subject: Name collisions meet AI with predictable results (Dave Barry)
Dave Barry explains it all:
https://davebarry.substack.com/p/death-by-ai
------------------------------
Date: Fri, 18 Jul 2025 09:46:10 -0400
From: Gene Spafford <
[email protected]>
Subject: Malware finding a way (Sundry sources via Spaf)
We've been seeing malware in the wild for at least 40 years (there are some disputes about the first instances, so it may be longer).
Two recent developments suggest that we aren't going to see the topic go
away any time soon.
1) Malware over DNS
https://www.wired.com/story/dns-records-hidden-malicious-code/
As noted in the article, the increasing use of encrypted DNS (DOH and DOT)
will make detection more difficult. DOT and DOH are largely a reaction to concerns over privacy and censorship, so the tradeoff is privacy
vs. security -- a classic risk tradeoff.
2) Malware using AI
This was hinted at in the previous article, with chatbot commands embedded
in DNS records. But here is a case of malware using an AI agent more
directly to hack systems:
https://cip.gov.ua/en/news/art28-atakuye-sektor-bezpeki-ta-oboroni-za-dopomogoyu-programnogo-zasobu-sho-vikoristovuye-shtuchnii-intelekt
AI in malware isn't a new idea. It has been speculated about for decades (I recall it being discussed nearly 30 years ago at a workshop, and before that
in science fiction literature). However, here is the first realized
instance.
Soon, expect hardened DNS clients that use scanning techniques pioneered in IDS-aware firewalls and web browsers from years ago.
Arguably, a root cause was in the design of DNS by making it extensible.
That contributed to its utility, but not all extensions are benign. A risk tradeoff every protocol designer should understand!
------------------------------
Date: Sat, 12 Jul 2025 08:06:45 -0700
From: geoff goodfellow <
[email protected]>
Subject: Update on where has @grok been & what happened on July 8th. (xAI)
First off, we deeply apologize for the horrific behavior that many
experienced.
Our intent for @grok is to provide helpful and truthful responses to users. After careful investigation, we discovered the root cause was an update to a code path upstream of the@grok bot. This is independent of the underlying language model that powers @grok.
The update was active for 16 hrs, in which deprecated code made @grok susceptible to existing X user posts; including when such posts contained extremist views.
We have removed that deprecated code and refactored the entire system to prevent further abuse. The new system prompt for the @grok bot will be published to our public github repo.
We thank all of the X users who provided feedback to identify the abuse of @grok functionality, helping us advance our mission of developing helpful
and truth-seeking artificial intelligence.
https://x.com/grok/status/1943916977481036128
[Technical Details of what happened to @grok on July 8th. (xAI)
https://x.com/grok/status/1943916979494232378]
------------------------------
Date: Sat, 12 Jul 2025 03:08:53 +0000
From: Richard Marlon Stein <
[email protected]>
Subject: 'I can't drink the water': life next to a U.S. data centre
(bbc.com)
https://www.bbc.com/news/articles/cy8gy7lv448o
"The cloud lives in over 10,000 data centres around the world, most of them located in the US, followed by the UK and Germany. With AI now driving a
surge in online activity, that number is growing fast. And with them, more complaints from nearby residents. The U.S. boom is being challenged by a
rise in local activism -- with $64bn (£47bn) in projects delayed or blocked nationwide, according to a report from pressure group Data Center Watch.
And the concerns aren't just about construction. It's also about water
usage. Keeping those servers cool requires a lot of water."
A pattern emerges: technological infrastucture installation followed by
environmental impact and deterioration.
Legal latency callously exploited and leveraged for industrial profit.
Pychopathy is often characterized by cruel unemotional traits.
------------------------------
Date: Fri, 18 Jul 2025 15:29:02 -0400
From: "Gabe Goldberg" <
[email protected]>
Subject: Meta Built a Data Center Next Door. The Neighbors’ Water Taps
Went Dry. (The New York Times)
In the race to develop artificial intelligence, tech giants are building
data centers that guzzle up water. That has led to problems for people
who live nearby.
https://www.nytimes.com/2025/07/14/technology/meta-data-center-water.html
[LW's comment on this article:
Big Tech Billionaire CEO's AI data centers are leaving people without
water -- and the CEOs couldn't care less.]
------------------------------
Date: Sun, 13 Jul 2025 13:11:41 -0600
From: Matthew Kruk <
[email protected]>
Subject: Musicians fight uphill battle as AI infiltrates streaming
platforms, cutting into royalties (CBC)
https://www.cbc.ca/news/entertainment/musicians-ai-bands-streaming-1.7581400
Musicians are calling for regulations and finding creative ways to fight
back as AI "bands" climb the charts on streaming platforms, soaking up
already meagre royalty payments.
But as a major musicians' union works for legal change, a copyright expert
says the law is failing to keep up with artificial intelligence. This comes
as an act called The Velvet Sundown has hit 1.2 million monthly listeners
on Spotify after stirring controversy over its use of AI, sparking conversations about the future of the music business.
"It's obviously a challenge in the industry," Allistair Elliott, director of Canadians affairs for the American Federation of Musicians, which represents 70,000 professional musicians in the U.S. and Canada, told CBC News.
------------------------------
Date: Thu, 17 Jul 2025 08:09:43 -0700
From: Lauren Weinstein <
[email protected]>
Subject: Garbage AI Overviews from Google
One of the increasingly annoying aspects of Google AI Overviews in
Search is that Google is so desperate to present an Overview for as
many searches as possible, and divert every possible user from
clicking on the sites from which Google took the data to feed Gemini,
that many of the Overviews are just brainless garbage comments that
don't even make sense, because Gemini has absolutely no idea of what
your search query actually was about. It's like asking a six-year-old
for advice about nuclear physics. They'll say something, but it won't
help you at all. -L
------------------------------
Date: Fri, 11 Jul 2025 15:45:28 -0600
From: Matthew Kruk <
[email protected]>
Subject: Got a weird text message? 'Smishing' scams likely rising because of
AI, experts warn (CDC)
https://www.cbc.ca/news/business/smishing-scams-rise-1.7582672
If it seems like your phone has been blowing up with more spam text messages recently, you're probably right.
The Canadian Anti-Fraud Centre says so-called "smishing" attempts appear to
be on the rise, thanks in part to new technologies that allow for
co-ordinated bulk attacks.
Smishing is "more than likely increasing" with help from artificial intelligence tools that can craft convincing messages or scour data from security breaches to uncover new targets, according to the centre's spokesperson, Jeff Horncastle.
------------------------------
Date: Wed, 16 Jul 2025 19:47:10 +0000 (UTC)
From: Steve Bacher <
[email protected]>
Subject: Chinese authorities are using a new tool to hack seized phones and
extract data (TechCrunch)
Security researchers say Chinese authorities are using a new type of malware
to extract data from seized phones, allowing them to obtain text messages -- including from chat apps such as Signal -- images, location histories, audio recordings, contacts, and more.
On Wednesday, mobile cybersecurity company Lookout published a new report -- shared exclusively with TechCrunch -- detailing the hacking tool called Massistant, which the company said was developed by Chinese tech giant
Xiamen Meiya Pico.
Massistant, according to Lookout, is Android software used for the forensic extraction of data from mobile phones, meaning the authorities using it need
to have physical access to those devices. While Lookout doesn't know for
sure which Chinese police agencies are using the tool, its use is assumed widespread, which means both Chinese residents, as well as travelers to
China, should be aware of the tool's existence and the risks it poses.
``It's a big concern. I think anybody who's traveling in the region needs to
be aware that the device that they bring into the country could very well be confiscated and anything that's on it could be collected,'' Kristina Balaam,
a researcher at Lookout who analyzed the malware, told TechCrunch ahead of
the report's release. ``I think it's something everybody should be aware of
if they're traveling in the region.'' [...]
https://techcrunch.com/2025/07/16/chinese-authorities-are-using-a-new-tool-to-hack-seized-phones-and-extract-data/
------------------------------
Date: Sat, 12 Jul 2025 14:35:37 -0700
From: geoff goodfellow <
[email protected]>
Subject: Spain chooses Huawei for intelligence wiretaps despite risks
(European Times)
MADRID: In a move that has sparked concern among cybersecurity experts and
law enforcement circles, the Spanish government has awarded contracts worth =E2=82=AC12.3 million to Huawei, the Chinese tech conglomerate, to store and manage judicially ordered police wiretaps. The decision, made by Spain's Ministry of the Interior, involves the use of Huawei's OceanStor 6800 V5
data storage systems for archiving sensitive legal intercepts -- despite growing warnings from NATO allies over Huawei's close ties to the Chinese Communist Party.
The contract, part of Spain's centralized procurement framework between 2021 and 2025, places the custody of police surveillance data in the hands of a company banned from critical infrastructure in multiple Western
countries. The OceanStor system is a high-performance enterprise-grade
storage solution already used in various countries across Africa and Eastern Europe due to its competitive cost. However, its manufacturer's geopolitical affiliations have long been a matter of international concern.
Huawei's involvement in Spanish law enforcement systems is not new. The company has supported Spain's SITEL system -- used for legal surveillance -- since previous administrations. However, recent revelations have intensified debate about the strategic prudence of continuing to rely on a supplier
flagged as high-risk by U.S. and EU intelligence agencies. [...]
https://europeantimes.org/spain-chooses-huawei-for-intelligence-wiretaps-despite-risks/
------------------------------
Date: Wed, 16 Jul 2025 11:47:32 -0700
From: Steve Bacher <
[email protected]>
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)