DHS Loses Track of Migrants | Falsehoods Follow Close Behind Natural Disasters | Why America Needs to Out-Innovate TikTok, and more
Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country’s national electric utility, though it’s not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.
The unnamed country whose grid was targeted in the breach was one that China would “have an interest in from a strategic perspective,” hints Dick O’Brien, a principal intelligence analyst on Symantec’s research team. O’Brien notes that Symantec doesn’t have direct evidence that the hackers were focused on sabotaging the country’s grid, and says it’s possible they were merely carrying out espionage. But other researchers at security firm Mandiant point to clues that these hackers may be the same ones that had been previously discovered targeting electrical utilities in India. And given recent warnings about China’s hackers breaching power grid networks in US states and in Guam—and specifically laying the groundwork to cause blackouts there—O’Brien warns there’s reason to believe China may be doing the same in this case.
How China Demands Tech Firms Reveal Hackable Flaws in Their Products (Andy Greenberg, Wired)
For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they’re revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray market.
But for the past two years, China has added another approach to obtaining information about those vulnerabilities: a law that simply demands that any network technology business operating in the country hand it over. When tech companies learn of a hackable flaw in their products, they’re now required to tell a Chinese government agency—which, in some cases, then shares that information with China’s state-sponsored hackers, according to a new investigation. And some evidence suggests foreign firms with China-based operations are complying with the law, indirectly giving Chinese authorities hints about potential new ways to hack their own customers.
Today, the Atlantic Council released a report—whose findings the authors shared in advance with WIRED—that investigates the fallout of a Chinese law passed in 2021, designed to reform how companies and security researchers operating in China handle the discovery of security vulnerabilities in tech products. The law requires, among other things, that tech companies that discover or learn of a hackable flaw in their products must share information about it within two days with a Chinese agency known as the Ministry of Industry and Information Technology. The agency then adds the flaw to a database whose name translates from Mandarin as the Cybersecurity Threat and Vulnerability Information Sharing Platform but is often called by a simpler English name, the National Vulnerability Database.
Phoenix Sets New Heat Record, Hitting 43.3 C on 54 Days This Year (AP / VOA News)
How hot is it in Phoenix? In what has been the hottest summer ever measured, the sizzling city in the Sonoran Desert broke yet another record Saturday when temperatures topped 43.3 Celsius.
It was the 54th day this year that the official reading at Phoenix Sky Harbor Airport made the mark, eclipsing the previous record of 53 days set in 2020.
Phoenix experienced the hottest three months since record-keeping began in 1895, including the hottest July and the second-hottest August.
September 11: Evacuating the World Trade Center, Twice (Mitchell Simmons, HSToday)
This is a personal story of a survivor of the September 11 attacks, and it is one of many as there were an estimated 14,000 people below the impact zones of both towers of the World Trade Center who successfully evacuated that morning in 2001. However, 22 years have passed and many of those survivors, especially survivors aged 50 or older in 2001, are now well into their 70s or have passed away. The documented firsthand accounts of those who survived September 11 are being lost each year, and we as nation should pause, reflect, honor, and learn from that day. This personal story has never been officially documented to this extent and accuracy before. On the 21st anniversary, Homeland Security Today also published a personal survivor story to commemorate that tragic day.
What Keeps the Homeland Security Enterprise Up at Night? (Gina Scott Ligon, RealClearDefense)
Over the past 22 years, everyday Americans have been able to sleep because those who work to prevent terrorism do not.
Despite—and perhaps because of—these quiet successes, America is on the brink of a sea change in federal support and attention for the counterterrorism mission. An upcoming federal budget portends to slash prevention programming at the Department of Homeland Security, reallocate defense and intelligence priorities away from the counterterrorism mission, and jettison critical collection capabilities such as Section 702, which provides intelligence on activities of terrorist organizations, weapons of mass destruction, and malicious cyber actors.
Homeland Security Loses Track of Migrants, Report Finds (Casey Harper, Center Square)
The federal government has little ability to keep track of migrants once they are apprehended entering the U.S. and subsequently released into the country, according to a new report.
The Department of Homeland Security’s Inspector General, a federal watchdog group, released the report showing that DHS has major room for improvement in maintaining valid addresses for migrants to follow up with them.
“[Immigration and Customs Enforcement] must be able to locate migrants to enforce immigration laws, including to arrest or remove individuals who are considered potential threats to national security,” the report said. “The notable percentage of missing, invalid for delivery, or duplicate addresses on file means DHS may not be able to locate migrants following their release into the United States. As the Department continues to apprehend and release tens of thousands of migrants each month, valid post-release addresses are essential.”
Falsehoods Follow Close Behind This Summer’s Natural Disasters (Tiffany Hsu, New York Times)
As natural disasters and extreme environmental conditions became more commonplace around the world this summer, scientists pointed repeatedly to a shared driver: climate change.
Conspiracy theorists pointed to anything but.
Some claimed falsely that the record-smashing heat waves blistering parts of North America, Europe and Asia were normal, and that they had been sensationalized as part of a globalist hoax. Others made up tales that cloud-seeding airplanes or a nearby dam, rather than torrential rains, had caused the unusually intense flooding in northern Italy (and in places like Vermont and Rwanda).
The devastating wildfire on Maui this month produced especially ludicrous claims. Social media that racked up millions of views blamed the blaze on a “directed energy weapon” (the evidence: years-old footage not recorded in Hawaii). And as Florida braced this week for Hurricane Idalia, some people claimed incorrectly online that such storms are not affected by fossil fuel emissions.
The unfounded claims that now regularly follow natural disasters and dangerous weather, contradicting a preponderance of scientific evidence, can often seem frivolous and fantastical. They persist, however — attracting large audiences and frustrating climate experts, who say the world has little time to evade a global warming catastrophe.
