TSA’s Terrorist Watch List Comes for Amtrak Passengers

As Russia’s war continues in Ukraine, the Biden White House has been scrambling to use every tool at its disposal in countering, or ideally preempting, Kremlin-backed cyberattacks. But as the physical carnage continues, WIRED took a look at the destructive toll of explosives and how blast trauma really works.

Meanwhile, the European Union is working on a massive international facial recognition system that links databases of millions of face photos. Meta commissioned an independent study on the human rights value of end-to-end encryption and possibilities for finally ending the crypto wars. And German and United States law enforcement confiscated $25 million worth of bitcoins and took down the Russian-language dark-web marketplace Hydra, disrupting its criminal money laundering and exchange services in the process.

The firewall maker WatchGuard kept a vulnerability quiet even after it was actively exploited by a Russian hacking group. And we took a look at two blockchain-related issues: the utter inadequacy of NFT security and privacy protections, and the security shortcomings that leave “blockchain bridges” vulnerable to currency theft.

And if you’re looking for a weekend long-read, WIRED has an early excerpt from reporter Andy Greenberg’s forthcoming book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, which details the international law enforcement effort to take down the notorious child sexual abuse material platform Welcome to Video.

But wait, there’s more. We’ve rounded up all the news that we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

The US Transportation Security Administration confirmed on Friday that it has been screening some Amtrak rail passengers’ information against a terrorist watch list. Amtrak requested that the TSA begin the program, and the Department of Homeland Security announced its launch in December as part of an Amtrak Rail Passenger Threat Assessment. A report on Wednesday first highlighted a Privacy Impact Assessment that describes the ongoing screening. “To conduct the assessment, Amtrak will provide TSA with rail passenger personally identifiable information (PII) collected over the course of several months for TSA to match against the Threat Screening Center’s (TSC) Terrorist Screening Database (TSDB), commonly known as the ‘watchlist,’ ” DHS said in December. Those months have now occurred. If anyone flags on the screenings, the Privacy Impact Assessment says that, at least for now, TSA will only provide Amtrak with anonymized information about riders and not their names.

Microsoft said on Thursday that it had seized domains used to target Ukrainian institutions by the Russian military-intelligence hacking group APT 28, known as Fancy Bear. The group used the infrastructure to attack Ukrainian media groups, geopolitical think tanks, and government institutions. Using a legal tactic it has leaned on previously, Microsoft obtained a court order on April 6 to authorize the domain takeovers. 

Earlier in the week, Ukraine’s Computer Emergency Response Team (CERT) warned that it has been seeing new phishing attempts that target Ukrainian institutions and European Union government agencies. CERT attributes the attacks to the Russian hacking group known as Armageddon, Gamaredon, or Primitive Bear. The attacks involved phishing emails about Russia’s war in Ukraine that lured victims to inadvertently download malware.

Cash App, which is owned by Block Inc, notified 8.2 million current and former US-based customers this week of a data breach in which a former employee accessed user account information. Data exposed in the breach includes customers’ names, brokerage account numbers and, in some cases, portfolio values, trading activity for a single day, and holdings. The company says the incident occurred on December 10, 2021, when the rogue former employee, who had already left the company at the time, downloaded internal reports from a Cash App system they still had access to.

In an interview with Atlantic editor Jeffrey Goldberg on Wednesday, former US president Barack Obama said that during his presidency he did not anticipate the degree to which disinformation would impact the stability of democracies around the world. “It’s something I grappled with a lot during my presidency. I saw it sort of unfold, and that is the degree to which information— disinformation, misinformation—was being weaponized, and we saw it,” Obama said. “But I think I underestimated the degree to which democracies were as vulnerable to it as they were, including ours.” He added later, “You have to fight to provide people the information they need to be free and self-governing. That doesn’t just happen inevitably.”


More Great WIRED Stories

www.wired.com

Leave a Reply