Enlarge (credit: Getty Images)

The FBI has dismantled a massive network of compromised devices that Chinese state-sponsored hackers have used for four years to mount attacks on government agencies, telecoms, defense contractors, and other targets in the US and Taiwan.

The botnet was made up primarily of small office and home office routers, surveillance cameras, network-attached storage, and other Internet-connected devices located all over the world. Over the past four years, US officials said, 260,000 such devices have cycled through the sophisticated network, which is organized in three tiers that allow the botnet to operate with efficiency and precision. At its peak in June 2023, Raptor Train, as the botnet is named, consisted of more than 60,000 commandeered devices, according to researchers from Black Lotus Labs, making it the largest China state botnet discovered to date.

Burning down the house

Raptor Train is the second China state-operated botnet US authorities have taken down this year. In January, law enforcement officials covertly issued commands to disinfect Internet of Things devices that hackers backed by the Chinese government had taken over without the device owners’ knowledge. The Chinese hackers, part of a group tracked as Volt Typhoon, used the botnet for more than a year as a platform to deliver exploits that burrowed deep into the networks of targets of interest. Because the attacks appear to originate from IP addresses with good reputations, they are subjected to less scrutiny from network security defenses, making the bots an ideal delivery proxy. Russia-state hackers have also been caught assembling large IoT botnets for the same purposes.

Enlarge (credit: Aurich Lawson | Getty Images)

Wireless communication devices have exploded again today across Lebanon in a second attack even deadlier than yesterday's explosion of thousands of Hezbollah pagers. According to Lebanon's Ministry of Health, the new attack has killed at least 14 more people and injured more than 450.

Today's attack targeted two-way radios ("walkie-talkies") issued to Hezbollah members. The radios exploded in the middle of the day, with at least one going off during a funeral for people killed in yesterday's pager attacks. A New York Times report on that funeral described the moment:

When the blast went off, a brief, eerie stillness descended on the crowd. Mourners looked at one another in disbelief. The religious chants being broadcast over a loudspeaker abruptly stopped.

Then panic set in. People started scrambling in the streets, hiding in the lobbies of nearby buildings, and shouting at one another, “Turn off your phone! Take out the battery!” Soon a voice on the loudspeaker at the funeral urged everyone to do the same...

One woman, Um Ibrahim, stopped a reporter in the middle of the confusion and begged to use the reporter’s cellphone to call her children. The woman dialed a number with her hands shaking, then screamed into the phone, “Turn off your phones now!”

The story appears to capture the current mood in Lebanon, where no one seems quite sure what will explode next. While today's attack against walkie-talkies is well-attested, various unconfirmed reports suggest that people fear an explosion from just about anything with a battery.

Enlarge / NASA officials inside SpaceX's launch control center at Hangar X watch the liftoff of a Falcon 9 rocket a few miles away on March 3, 2024. (credit: NASA/Aubrey Gemignani)

The Federal Aviation Administration alleged Tuesday that SpaceX violated its launch license requirements on two occasions last year by using an unauthorized launch control center and fuel farm at NASA's Kennedy Space Center in Florida.

The regulator seeks to fine SpaceX $633,009 for the alleged violations, which occurred during a Falcon 9 launch and a Falcon Heavy launch last year. Combined, the proposed fines make up the largest civil penalty ever imposed by the FAA's commercial spaceflight division.

“Safety drives everything we do at the FAA, including a legal responsibility for the safety oversight of companies with commercial space transportation licenses,” said Marc Nichols, the FAA's chief counsel, in a statement. “Failure of a company to comply with the safety requirements will result in consequences.”

Enlarge / An ambulance arrives at the site after wireless communication devices known as pagers exploded in Sidon, Lebanon, on September 17, 2024. (credit: Ahmad Kaddoura/Anadolu via Getty Images)

A massive wave of pager explosions across Lebanon and Syria beginning at 3:30 pm local time today killed at least 11 people and injured more than 2,700, according to local officials. Many of the injured appear to be Hezbollah members, although a young girl is said to be among the dead.

Anonymous officials briefed on the matter are now describing it as a supply chain attack in which Israel was able to hide small amounts of explosives inside Taiwanese pagers shipped to Lebanon. The explosive was allegedly triggered by a small switch inside the pagers that would be activated upon receiving a specific code. Once that code was received, the pagers beeped for several seconds—and then detonated.

New York Times reporters captured the chaos of the striking scene in two anecdotes:

Enlarge (credit: Getty Images)

A supply chain failure that compromises Secure Boot protections on computing devices from across the device-making industry extends to a much larger number of models than previously known, including those used in ATMs, point-of-sale terminals, and voting machines.

The debacle was the result of non-production test platform keys used in hundreds of device models for more than a decade. These cryptographic keys form the root-of-trust anchor between the hardware device and the firmware that runs on it. The test production keys—stamped with phrases such as “DO NOT TRUST” in the certificates—were never intended to be used in production systems. A who's-who list of device makers—including Acer, Dell, Gigabyte, Intel, Supermicro, Aopen, Foremelife, Fujitsu, HP, and Lenovo—used them anyway.

Medical devices, gaming consoles, ATMs, POS terminals

Platform keys provide the root-of-trust anchor in the form of a cryptographic key embedded into the system firmware. They establish the trust between the platform hardware and the firmware that runs on it. This, in turn, provides the foundation for Secure Boot, an industry standard for cryptographically enforcing security in the pre-boot environment of a device. Built into the UEFI (Unified Extensible Firmware Interface), Secure Boot uses public-key cryptography to block the loading of any code that isn’t signed with a pre-approved digital signature.

Enlarge / Andrew J. Pincus, attorney for TikTok and ByteDance, leaves the E. Barrett Prettyman US Court House with members of his legal team as the US Court of Appeals hears oral arguments in the case TikTok Inc. v. Merrick Garland on September 16 in Washington, DC. (credit: Kevin Dietsch / Staff | Getty Images News)

The fight to keep TikTok operating unchanged in the US reached an appeals court Monday, where TikTok and US-based creators teamed up to defend one of the world's most popular apps from a potential US ban.

TikTok lawyer Andrew Pincus kicked things off by warning a three-judge panel that a law targeting foreign adversaries that requires TikTok to divest from its allegedly China-controlled owner, ByteDance, is "unprecedented" and could have "staggering" effects on "the speech of 170 million Americans."

Pincus argued that the US government was "for the first time in history" attempting to ban speech by a specific US speaker—namely, TikTok US, the US-based entity that allegedly curates the content that Americans see on the app.