CBP는 온라인 광고 데이터를 사용하여 전화 위치를 추적했습니다.

The United States and Israel launched a war in Iran last week that has already killed more than 1,200 Iranians and spilled out across the Middle East. There are many unknowns about US president Donald Trump’s goals as the conflict enters its second week and the situation seems poised to trigger an energy crisis with reverberations around the world. Iran is in a nationwide internet shutdown with only the country’s regime-built intranet available, plunging Iranians into digital darkness and making it difficult for humanitarian aid workers, journalists, and others to disseminate information both inside and outside the country. As strikes on Tehran began last weekend, an apparently hacked prayer app sent messages saying “surrender” and “help is on the way” to Iranians around the country. Meanwhile, GPS attacks like jamming—not to mention physical threats—are on the rise in the Strait of Hormuz, threatening shipping vessels. Security camera hacking has emerged as part of the playbook of war. And missile-intercept systems across the Middle East are under strain—and in some cases being destroyed in strikes. Trump ousted Department of Homeland Security secretary Kristi Noem this week. Her tenure was marked by aggressive anti-immigration tactics and ICE and CBP’s killing of two US protesters. A highly sophisticated iPhone hacking tool kit that was likely originally built for the US government is in the hands of multiple other nations as well as scammers who have likely used the tools to infect tens of thousands of phones or more. Some US lawmakers are calling for an investigation into the threat of the decades-old side-channel hacking technique. And WIRED went inside how music streaming CEO Elie Habib built the open-source global threat map World Monitor in his spare time. And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. United States Customs and Border Protection has, for the first time, admitted it purchased phone location data from the sprawling, surveillance-heavy online advertising industry. The agency’s acknowledgement was included in a document, called a Privacy Threshold Analysis, obtained by 404 Media through a Freedom of Information Act request. The document relates to a trial that CBP ran between 2019 and 2021. The publication reports that CBP purchased data linked to real-time bidding processes. When you see ads online or in apps, they have often been shown to you after automated, instantaneous, auctions take place where advertisers bid to show you that specific ad. The murkiest parts of the advertising industry can collect data from your device, including your phone’s identifying details and location data; this is then repackaged and sold to companies and entities. The data has been called a “gold mine” for tracking people’s daily activities. CBP did not respond to 404 Media’s request for comment on whether it is still buying the data; however, ICE has reportedly planned to purchase access to another system, called Webloc, that allows whole neighborhoods to be monitored for mobile phone movements. The FBI was able to identify a protester in Atlanta after ultimately obtaining information from Swiss encrypted email service Proton Mail, court documents have revealed this week. A court document reviewed by 404 Media shows that payment information linked to a Proton email address was provided to US law enforcement by Swiss authorities after a request was made under an Mutual Legal Assistance Treaty (MLAT), which allows agencies to share data internationally. Swiss officials made a request for the data under Swiss laws to Proton for payment information linked to the email address [email protected], which was associated with protests in Atlanta. This information was then provided to US law enforcement officials under the international agreements, and they were able to identify an individual linked to the account. The incident reinforces the differences between privacy and anonymity. Encrypted services can’t provide message data which they can’t access but may still provide information they hold about customers in other forms. A spokesperson for Proton Mail said, “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed.” With a headline that triggered feelings of déjà vu for the cybersecurity community, CNN reported this week that the FBI is investigating a suspected cybersecurity incident involving the portion of its network that handles wiretaps and surveillance warrants. The FBI confirmed that it was responding to that “suspicious activity,” but neither the Bureau nor CNN offered more details, with the n