Agencies warn of voter data deception.

The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach.  SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory?

Today is Monday September 16th 2024.  I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The FBI and CISA dismiss false claims of compromised voter registration data. 

The FBI and CISA are warning the public about false claims that U.S. voter registration data has been compromised in cyberattacks. According to the agencies, malicious actors are spreading disinformation to manipulate public opinion and undermine trust in democratic institutions. These actors often use publicly available voter registration data to falsely claim that election infrastructure has been hacked. However, possessing or sharing such data does not indicate a security breach.

The FBI and CISA emphasize that there is no evidence of cyberattacks affecting U.S. election infrastructure, voting processes, or results. They advise the public to be cautious of suspicious claims, especially on social media, and to rely on official sources for accurate election information.

As elections approach, the agencies are increasing awareness about efforts by foreign actors to erode confidence in U.S. elections, though no attacks have been shown to compromise election integrity.

The State Department accuses RT of running global covert influence operations. 

The U.S. State Department has accused Russian media outlet RT of running covert influence operations globally, supported by a cyber unit linked to Russian intelligence. Secretary of State Antony Blinken revealed that in early 2023, this cyber unit was embedded within RT with the leadership’s knowledge. The unit gathers intelligence for Russian state entities and helps procure military supplies for Russia’s war in Ukraine through a crowdfunding campaign.

RT’s influence operations extend beyond the U.S., targeting countries like Moldova, where Russia allegedly aims to incite unrest if pro-Russian candidates lose in elections. Blinken also highlighted RT’s influence via platforms like African Stream and Red, used to spread Kremlin narratives.

The U.S., U.K., and Canada have launched a joint campaign against Russian disinformation and imposed sanctions on Russian media. The State Department warned that these operations aim to manipulate democratic elections and destabilize societies globally.

Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. 

Chinese state-sponsored hackers are suspected of breaching the Pacific Islands Forum (PIF) Secretariat’s networks, a regional diplomatic body in Fiji. According to ABC News, Australia’s government sent cybersecurity specialists to Suva after discovering the intrusion. PIF Secretary General Baron Waqa confirmed the cyberattack, though no specific threat actor has been officially identified. The breach, occurring months before a PIF meeting, provided attackers with information on PIF operations and communications between member states.

China denied involvement, following controversy at the PIF meeting over Taiwan’s inclusion as a “developing partner,” which Beijing opposes. The cyberattack is part of rising regional tensions, with Beijing increasing its influence among Pacific nations. Australia has responded by bolstering regional cybersecurity efforts, including signing defense agreements with countries like Vanuatu and deploying cyber specialists to counter China-linked incidents.

A look at Apple’s Private Cloud Compute system. 

In a story for Wired, Lily Hay Newman examines Apple’s approach to privacy with the introduction of Apple Intelligence in iOS 18 and macOS Sequoia. Apple’s approach stands out due to its focus on security-first infrastructure, particularly through its Private Cloud Compute (PCC) system. Apple built custom servers running Apple silicon with a unique operating system, blending iOS and macOS features. These servers prioritize user privacy by operating without persistent storage, meaning no data is retained after a reboot. Each server boot generates a new encryption key, ensuring that previous data is cryptographically irrecoverable.

PCC servers also leverage Apple’s Secure Enclave for encryption management and Secure Boot for system integrity. Unlike typical cloud platforms, which allow administrative access in emergencies, Apple has eliminated privileged access in PCC, making the system virtually unbreakable from within. Additionally, Apple implemented strict code verification through its Trusted Execution Monitor, locking down servers so no new code can be loaded once the system boots, significantly reducing attack vectors.

Apple’s transparency measures are also unique. Each PCC server build is publicly logged and auditable, ensuring that no rogue servers can process user data without detection. Apple has engineered its cloud system to minimize reliance on policy-based security and instead uses technical enforcement.

This highly secure, on-device processing approach, paired with minimal cloud exposure, defines Apple’s cloud architecture as one of the most privacy-focused in the industry.

In unrelated Apple news, Cupertino has requested the dismissal of its lawsuit against spyware firm NSO Group, citing challenges in obtaining critical files related to NSO’s Pegasus tool. The company expressed concerns that Israeli officials, who seized files from NSO, could hinder discovery. Apple also warned that disclosing its security strategies to NSO’s lawyers could expose them to hacking, potentially aiding NSO and its competitors.

Since the lawsuit began, NSO has declined in influence, with many employees leaving to join or start competing firms. While Pegasus spyware was once notorious for targeting dissidents and journalists, U.S. sanctions have severely limited NSO’s reach. Apple has strengthened its threat detection capabilities, notifying users targeted by spyware and collaborating with organizations like Citizen Lab to expose hacking operations. Its introduction of “Lockdown Mode” has also enhanced iPhone security, with no successful commercial spyware attacks reported against it.

23andMe will pay $30 million to settle a lawsuit over a 2023 data breach.  

23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit over a 2023 data breach affecting 6.9 million customers. The breach exposed sensitive genetic information, with hackers specifically targeting individuals of Chinese and Ashkenazi Jewish ancestry. The settlement, which requires court approval, includes cash payments and security monitoring for affected customers. 23andMe, facing financial difficulties, expects $25 million of the settlement to be covered by cyber insurance. The breach impacted 5.5 million DNA Relatives profiles and 1.4 million Family Tree users

SolarWinds releases patches for vulnerabilities in its Access Rights Manager. 

SolarWinds has released patches for two vulnerabilities in its Access Rights Manager, including a critical bug (CVE-2024-28991) with a CVSS score of 9.0. This flaw allows authenticated attackers to execute arbitrary code remotely via deserialization of untrusted data. The second vulnerability (CVE-2024-28990) involves hardcoded credentials that could let attackers bypass authentication for the RabbitMQ management console. Both vulnerabilities were reported by Piotr Bazydlo of Trend Micro’s Zero Day Initiative and are resolved in version 2024.3.1. No exploitation in the wild has been reported.

Browser kiosk mode frustrates users into giving up credentials. 

A malware campaign discovered by OALabs uses a browsers kiosk mode to trap users on a Google login page, frustrating them into entering their credentials, which are then stolen by the StealC info-stealer. The malware blocks the “Esc” and “F11” keys, preventing users from easily exiting the browser. Users, hoping to unlock their systems, may save their credentials in the browser, which StealC then retrieves from the credential store. This attack is primarily delivered by the Amadey malware, which has been active since 2018. To escape, users can try keyboard shortcuts like “Alt + F4” or “Ctrl + Alt + Delete” to close the browser. If unsuccessful, a hard reset or Safe Mode reboot is recommended, followed by a malware scan to remove the infection.

Brian Krebs reveals the threat of growing online “harm communities.”

Krebs on Security’s analysis of the 2023 cyberattack on Las Vegas casinos sheds light on a troubling evolution in the cybercriminal landscape. The attack, which temporarily shut down MGM Resorts, was linked to the Russian ransomware group ALPHV/BlackCat. However, what makes this incident particularly significant is the involvement of young, English-speaking hackers from the U.S. and U.K., marking the first known collaboration of this kind with Russian ransomware groups.

One of the key figures in the MGM hack was a 17-year-old from the U.K., who explained how the breach occurred. Using social engineering, the hackers tricked MGM staff into resetting the password for an employee account, which ultimately led to the disruption of casino operations. CrowdStrike, a cybersecurity firm, later dubbed the group responsible as “Scattered Spider” due to the decentralized nature of its members, who are spread across various online platforms such as Telegram and Discord.

Krebs discovered that many of these young hackers are not only involved in financially motivated cybercrime but are also part of growing online communities that engage in far more dangerous activities. These groups, collectively known as “The Com,” serve as forums where cybercriminals collaborate, boast about their exploits, and compete for status within the community. However, beyond financial crime, these groups are increasingly associated with harassment, stalking, and extortion—often targeting vulnerable teens.

In some cases, victims are pushed to commit extreme acts, including self-harm, harming family members, or even suicide. According to court records and investigative reporting, members of these groups have also been involved in real-world crimes, including robberies, swatting, and even murder.

Krebs notes that these cybercriminal communities are becoming more widespread and are recruiting new members through gaming platforms and social media. The growing threat from these “harm communities” has even prompted law enforcement agencies to consider using anti-terrorism laws to prosecute their members, as the activities they engage in often involve violent extremism. However, as Krebs points out, applying terrorism statutes to cybercrime can be legally challenging and may not always result in convictions.

Ultimately, the analysis reveals that the 2023 MGM hack was just the tip of the iceberg. Beneath the surface, a much darker cybercriminal ecosystem is emerging, where financial crime, harassment, and violence intersect, raising concerns about the broader implications of these growing online communities.

 

 

Next up, we’ve got our Senior Security Researcher at Snyk Elliot Ward sharing insights on their recent work "Agent Hijacking: the true impact of prompt injection attacks." 

We’ll be right back.

Welcome back. You can find a link to the research Elliot shared in our show notes. 

How theoretical is the Dead Internet Theory?

And finally, in an article for Prospect magazine, James Ball asks you to Picture this: you’re walking down a silent, empty street in the dead of night. For a fleeting moment, it feels like you’re the last person on Earth—until someone else appears, breaking the illusion. Now imagine that feeling on the internet, but instead of someone else showing up, you’re surrounded by bots, and you might actually be the last real human online.

Welcome to Dead Internet Theory, a half-joke, half-conspiracy suggesting that if you’re reading this, you’re the only living person left online. Everyone else? Bots. The comments, the videos, the memes—it’s all automated. While it sounds absurd, the internet today is teetering closer to this reality. AI-generated content is flooding social media, search results, and news sites, with bots driving engagement to the top of your feed, all in the name of ad revenue.

Platforms like Facebook are brimming with low-quality, strange memes—AI slop—boosted by fake accounts and clickfarms. Entrepreneurs in places like India and the Philippines are turning this slop into viral content, all to cash in on ads placed by Facebook. This trend, which began as a joke, is now a reality: content for content’s sake, with bots liking, sharing, and commenting just to make a buck.

Meanwhile, actual human interaction is being sidelined. Facebook feeds, once full of personal stories, are now stuffed with bizarre, AI-generated images. Google search results are getting worse, and social media feels increasingly like an endless stream of junk.

The real tragedy? It’s not even a glitch—it’s by design. The big tech companies aren’t fighting it; they’re fueling it. As algorithms prioritize engagement over quality, bots are more effective at gaming the system than we are. It’s all about ad clicks, and real human needs just aren’t part of the equation anymore.

But here’s the catch: a bot-run internet won’t last. In the end, the economy depends on humans, not bots. If the tech giants don’t course-correct and make the internet work for real people again, someone else will. Just like that deserted street you walk down late at night, the internet isn’t really empty. The real people are still there, just out of sight, waiting for something better.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.