At the end of the Biden administration, the White House released a 40-page executive order on Thursday aimed at strengthening federal cybersecurity protections and putting guardrails on the US government’s use of AI. WIRED also spoke with the outgoing US ambassador for cyberspace and digital policy, Nathaniel Fick, about the urgency that the Trump administration does not cow to Russia and China in the global race for technical dominance. Outgoing FCC chair Jessica Rosenworcel details to WIRED threats facing US telecoms, at least nine of which were recently breached by China’s Salt Typhoon hackers. Meanwhile, US officials are still scrambling to get a handle on multiple spy campaigns and other data breaches, with new revelations this week that an AT&T breach was uncovered last year. hot compromised FBI call and text logs that could reveal the identity of unknown sources.

Huione Guarantee, the large online marketplace that researchers say provides many services to online scammers, has expanded its offerings to include a messaging app, stablecoin, and crypto exchange and has facilitated $24 billion in transactionsaccording to new research. New findings show that GitHub’s efforts to crack down on the use of deep-fake pornography software have failed. And WIRED took a deep dive into the opaque world of predictive travel surveillance and the companies and governments pumping out data about international travelers to AI tools aimed at identifying people who might be a “threat.”

But wait, there’s more! Each week, we round up the security and privacy news we don’t quite understand. Click on the headlines to read the full stories. And stay safe out there.

China is a spy, the US is a spy, everyone is a spy. Mutual espionage is a geopolitical game played by almost every country in the world. So when the US government singles out a hacker for espionage-oriented raids, names him and targets him for sanctions, he must be spying aggressively — or effectively — enough to upset powerful people.

The US Treasury on Friday imposed sanctions on Yin Kecheng, a 39-year-old Chinese man accused of involvement in two breaches of nine US telecommunications companies carried out by the Chinese hacker group known as Salt Typhoon, as well as also another recent violation of the US Treasury. In a statement about the news, the Treasury said Yin was affiliated with China’s Ministry of State Security and had been a “cyber actor” for more than a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company Treasury said was also associated with Salt Typhoon.

The Salt Typhoon breach of US telecoms gave Chinese hackers massive access to real-time texts and phone calls of Americans, and was reportedly used to spy on president-elect Donald Trump and vice president-elect JD Vance, and other targets. FBI director Christopher Wray has called telecom breached “the most significant cyberespionage campaign in Chinese history.”

As the Treasury dials back its spying operations in China, it is also working to determine the scope of the infiltration some of the same hackers are doing inside its network. An internal Treasury report obtained by Bloomberg found that hackers broke into at least 400 of the agency’s PCs and stole more than 3,000 files in a recent breach. The intrusion-focused spy appears to be following sanctions and information related to law enforcement, the report found, as well as other intelligence materials. Despite extensive access, the intruders were unable to access Treasury emails or classified parts of its network, the report said, nor did they leave behind malware that would suggest an attempt to continue. of long-term access.

The Department of Justice revealed this week that the FBI conducted an operation to remove a malware specimen known as PlugX from 4,200 computers worldwide. The malware, which is usually transmitted to computers via infected USB drives, has been around for at least a decade and is sometimes used by Chinese state-sponsored hacker groups to target Chinese dissidents. In July last year, cybersecurity firm Sekoia and French law enforcement took over the command-and-control server behind the malware. This week, the FBI obtained a court order allowing the bureau to send a command to self-destruct software on infected machines.

Following news earlier this week of a cyberattack in December that breached US education technology platform PowerSchool, school districts targeted by the intrusion told TechCrunch on Thursday that the attackers gained access of “all” student and teacher data stored in their accounts. PowerSchool is used by more than 60 million K-12 students in the US. The hackers gained access to the information by stealing login credentials that gave them access to the company’s customer support portal. The attack has not been publicly linked to a specific perpetrator. PowerSchool has not disclosed the exact number of victim schools or if all of its customers were affected.