The CyberWire Daily Podcast 3.7.24
Ep 2019 | 3.7.24

A secret scheme resulting in stolen secrets.


A former Google software engineer is charged with stealing AI tech for China. State attorneys general from forty-one states call out Meta over account takeover issues. Researchers demonstrate a Stuxnet-like attack using PLCs. Buyer beware - A miniPC comes equipped with pre installed malware. A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. There’s a snake in Facebook’s walled garden. Bruce Schneier wonders if AI can strengthen democracy. On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. And NIST works hard to keep their innovations above water.

Today is March 7th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A former Google software engineer is charged with stealing AI tech for China. 

Linwei Ding, a former Google software engineer, has been indicted on charges of stealing trade secrets related to Google's AI technology. Hired by Google in 2019, Ding had access to sensitive information about AI models due to his role in developing software for Google's supercomputing datacenters. Between May 2022 and May 2023, he is accused of uploading over 500 confidential files to a personal cloud account. Allegedly, after receiving a CTO job offer from a Chinese tech startup in June 2022, Ding founded his own company in May 2023, focusing on machine learning acceleration, and applied to a Chinese startup program. He is accused of plotting to replicate and improve upon Google's computational power platform for China. The Department of Justice claims Ding employed methods to evade Google's data loss prevention checks, including transferring data to PDFs via Apple Notes. He also allegedly manipulated access controls to disguise his location. The FBI emphasized the seriousness of such intellectual property theft for American innovation, economic security, and national security. Ding faces up to 10 years in prison and a $1 million fine if convicted.

State attorneys general from forty-one states call out Meta over account takeover issues. 

State attorneys general from forty-one states have expressed significant concern to Meta over a sharp rise in account takeovers on Facebook and Instagram, highlighting an alarming trend that strains both their resources and affects users profoundly. These takeovers lead to unauthorized access, privacy breaches, financial fraud, and misuse of personal information. Victims experience distress and disruption, especially when their accounts, integral to personal and professional lives, are compromised. Complaints to Meta about these issues have surged, with reports of inadequate support and response from the company. The problem has escalated, with complaints increasing drastically across various states, indicating a pervasive issue on Meta platforms. The attorneys general are demanding immediate action from Meta to bolster its efforts in preventing account takeovers and improving support for affected users, stressing the importance of safeguarding user accounts and alleviating the burden on state resources.

Researchers demonstrate a Stuxnet-like attack using PLCs. 

Researchers from the Georgia Institute of Technology have developed a new form of malware targeting modern programmable logic controllers (PLCs) to demonstrate the potential for remote Stuxnet-like attacks on industrial control systems (ICS). This malware, named IronSpider, exploits web-based features of modern PLCs to infiltrate and manipulate industrial processes through the PLC's web server and APIs, which are accessed via a regular web browser interface. Unlike traditional malware that requires physical or network access, IronSpider can be deployed remotely, leveraging cross-origin vulnerabilities and service workers for persistence, making it both easy to deploy and hard to detect. The malware can perform actions like overwriting input/output values and spoofing HMI displays, with the potential for significant industrial damage while avoiding detection. This demonstration underscores the expanded attack surface and security risks associated with the advanced capabilities of modern PLCs.

Buyer beware - A miniPC comes equipped with pre installed malware. 

Graham Cluley reported that ACEMAGIC, a Chinese mini PC manufacturer, unintentionally shipped malware, including the Redline spyware and Bladabindi backdoor Trojan, with its products. This admission came after consumers in the United States and Europe reported issues, leading to the discovery of the malware by Windows Defender (now Microsoft Defender Antivirus). The company's attempt to enhance user experience by modifying Microsoft's source code and adjusting network settings without proper digital signatures resulted in the malware distribution. The affected PCs lacked digital signatures for both the altered code and RGB lighting control software, making them vulnerable. ACEMAGIC has acknowledged the oversight, offering full refunds to customers with affected PCs and a 10% discount on future purchases, promising greater caution in the future. 

A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. 

Shane Jones, a Microsoft engineer, has raised safety concerns with the Federal Trade Commission about Microsoft's AI image generator, Copilot Designer. He claims this is due to its ability to produce harmful and inappropriate images. The AI-generated content allegedly includes disturbing and violent imagery, sexualization, and misuse of popular characters in sensitive contexts. Jones, who has been with Microsoft for six years, has repeatedly tried to address these issues internally since December and even contacted US senators after explicit images of Taylor Swift were spread online. Microsoft CEO Satya Nadella acknowledged the need for more safety guardrails, and the company says they are committed to addressing employee concerns and has protocols for investigating and remediating such issues, but Jones's efforts have led to pushback from the company's legal team.

We note that Microsoft is an  N2K Cyberwire partner, but we cover them just like we do any other company.

There’s a snake in Facebook’s walled garden. 

Researchers at Cybereason have identified a Python-based information stealer, Snake, being spread through Facebook messages by threat actors. This malware campaign, active since August 2023, involves sending victims archive files containing malicious scripts that install one of three variants of the Snake malware on their systems. The malware targets a variety of web browsers to steal credentials and cookie information, including data specific to Facebook, which could allow attackers to hijack victims' Facebook accounts. The Snake malware transmits the stolen information to platforms like Discord, GitHub, and Telegram by exploiting their APIs. Indicators suggest that the threat actors behind this campaign are Vietnamese-speaking, targeting not only international browsers but also Coc Coc, a browser popular within the Vietnamese community.

Bruce Schneier wonders if AT can strengthen democracy.  

Bruce Schneier has written a thoughtful piece on How Public AI Can Strengthen Democracy. In it, Schneier says the intersection of democracy and AI presents dual challenges: AI's influence on democracy and democracy's ability to govern AI technology. With Big Tech firms like Microsoft, Google, and Amazon dominating AI development, there's a risk of AI reflecting corporate interests over public welfare. The centralization of AI control raises concerns for democratic governance, and Schneier advocates for a public AI option to ensure universal access and counterbalance corporate AI. A public option could foster innovation, allow public input on ethical considerations, and ensure equitable access to AI technologies. Inspired by global examples like Taiwan's efforts to democratize AI development, the proposal suggests creating a federal agency dedicated to developing and managing public AI models. This agency would prioritize democratic values in AI deployment, offering foundational AI models as public goods, and ensuring ethical and equitable AI development. 


Next up on our Industry Voices segment, Jason Lamar of Cobalt talks about offensive security strategy. 


NIST works hard to keep their innovations above water. 

And finally, The Washington Post writes that The National Institute of Standards and Technology (NIST), who play a key role in President Biden's AI regulation plans, faces severe underfunding and infrastructural decay, putting its mission at risk. With budget cuts and only $10 million allocated to the new U.S. AI Safety Institute, NIST's resources are dwarfed by the billions invested by tech giants and international counterparts. The institute's staff battles with leaking roofs, frequent blackouts, and inadequate internet, forcing manual data transfers and protective measures for sensitive equipment, like covering microscopes with sheets of plastic during rain storms. Over 60% of NIST's facilities fail to meet federal standards, significantly hindering productivity and delaying critical technology evaluations. This situation risks making NIST vulnerable to industry influence as it increasingly relies on outside tech companies for computing resources. The agency's challenges are representative of the broader issue of the U.S. government's struggle to prioritize and fund technological advancements and safety, jeopardizing its competitive stance and regulatory capabilities in the global tech race.

Our hearts go out to the good folks at NIST who are working under these sorts of challenging circumstances. The labs may not be waterproof, but their spirits are unsinkable. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.


Hey CyberWire listeners, as we near the end of the year, it’s the perfect time to reflect on your company’s achievements and set new goals to boost your brand across the industry next year. We’d love to help you achieve those goals. We’ve got some unique end-of-year opportunities, complete with special incentives to launch 2024. So tell your marketing team to reach out! Send us a message to or visit our website so we can connect about building a program to meet your goals.

We’d love to know what you think of this podcast. You can email us at—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.

We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.

N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at


This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.