Two prototype satellites for the Missile Defense Agency and four missile-tracking satellites for the US Space Force rode a SpaceX Falcon 9 rocket into orbit Wednesday from Florida’s Space Coast.
These satellites are part of a new generation of spacecraft designed to track hypersonic missiles launched by China or Russia and perhaps emerging missile threats from Iran or North Korea, which are developing their own hypersonic weapons.
Hypersonic missiles are smaller and more maneuverable than conventional ballistic missiles, which the US military’s legacy missile defense satellites can detect when they launch. Infrared sensors on the military’s older-generation missile tracking satellites are tuned to pick out bright thermal signatures from missile exhaust.
The New Threat Paradigm
Hypersonic missiles represent a new challenge for the Space Force and the Missile Defense Agency (MDA). For one thing, ballistic missiles follow a predictable parabolic trajectory that takes them into space. Hypersonic missiles are smaller and comparatively dim, and they spend more time flying in Earth’s atmosphere. Their maneuverability makes them difficult to track.
A nearly five-year-old military organization called the Space Development Agency (SDA) has launched 27 prototype satellites over the last year to prove the Pentagon’s concept for a constellation of hundreds of small, relatively low-cost spacecraft in low-Earth orbit. This new fleet of satellites, which the SDA calls the Proliferated Warfighter Space Architecture, will eventually number hundreds of spacecraft to track missiles and relay data about their flight paths down to the ground. The tracking data will provide an early warning to those targeted by hypersonic missiles and help generate a firing solution for interceptors to shoot them down.
The SDA constellation combines conventional tactical radio links, laser inter-satellite communications, and wide-view infrared sensors. The agency, now part of the Space Force, plans to launch successive generations, or tranches, of small satellites, each introducing new technology. The SDA’s approach relies on commercially available spacecraft and sensor technology and will be more resilient to attack from an adversary than the military’s conventional space assets. Those legacy military satellites often cost hundreds of millions or billions of dollars apiece, with architectures that rely on small numbers of large satellites that might appear like a sitting duck to an adversary determined to inflict damage.
Four of the small SDA satellites and two larger spacecraft for the Missile Defense Agency were aboard a SpaceX Falcon 9 rocket when it lifted off from Cape Canaveral Space Force Station at 5:30 pm EST (2230 UTC) Wednesday.
The rocket headed northeast from Cape Canaveral to place the six payloads into low-Earth orbit. Officials from the Space Force declared the launch a success later Wednesday evening.
The SDA’s four tracking satellites, built by L3Harris, are the last spacecraft the agency will launch in its prototype constellation, called Tranche 0. Beginning later this year, the SDA plans to kick off a rapid-fire launch campaign with SpaceX and United Launch Alliance to quickly build out its operational Tranche 1 constellation, with launches set to occur at one-month intervals to deploy approximately 150 satellites. Then, there will be a Tranche 2 constellation with more advanced sensor technologies.
The primary payloads aboard Wednesday’s launch were for the Missile Defense Agency. These two Hypersonic and Ballistic Tracking Space Sensor (HBTSS) satellites, one supplied by L3Harris and the other by Northrop Grumman, will demonstrate medium field-of-view sensors. Those sensors can’t cover as much territory as the SDA satellites but will provide more sensitive and detailed missile tracking data.
A watchdog group’s investigation found that terrorist group Hezbollah and other US-sanctioned entities have accounts with paid check marks on X, the Elon Musk–owned social network that still resides at the Twitter.com domain.
The Tech Transparency Project (TTP), a nonprofit that is critical of Big Tech companies, said in a report on Wednesday that “X, the platform formerly known as Twitter, is providing premium, paid services to accounts for two leaders of a US-designated terrorist group and several other organizations sanctioned by the US government.”
After buying Twitter for $44 billion, Musk started charging users for check marks that were previously intended to verify that an account was notable and authentic. “Along with the check marks, which are intended to confer legitimacy, X promises various perks for premium accounts, including the ability to post longer text and videos and greater visibility for some posts,” the Tech Transparency Project report noted.
The Tech Transparency Project suggests that X may be violating US sanctions. “The accounts identified by TTP include two that apparently belong to the top leaders of Lebanon-based Hezbollah and others belonging to Iranian and Russian state-run media,” the report said. “The fact that X requires users to pay a monthly or annual fee for premium service suggests that X is engaging in financial transactions with these accounts, a potential violation of US sanctions.”
Some of the accounts were verified before Musk bought Twitter, but verification was a free service at the time. Musk’s decision to charge for check marks means that X is “providing a premium, paid service to sanctioned entities,” which may raise “new legal issues,” the Tech Transparency Project said.
Report Details 28 Check-Marked Accounts
Musk’s X charges $1,000 a month for a Verified Organizations subscription and last month added a basic tier for $200 a month. For individuals, the X Premium tiers that come with check marks cost $8 or $16 a month.
It’s possible for US companies to receive a license from the government to engage in certain transactions with sanctioned entities, but it doesn’t seem likely that X has such a license. X’s rules explicitly prohibit users from purchasing X Premium “if you are a person with whom X is not permitted to have dealings under US and any other applicable economic sanctions and trade compliance law.”
In all, the Tech Transparency Project said it found 28 “verified” accounts tied to sanctioned individuals or entities. These include individuals and groups listed by the US Treasury Department’s Office of Foreign Assets Control (OFAC) as Specially Designated Nationals.
“Of the 28 X accounts identified by TTP, 18 show they got verified after April 1, 2023, when X began requiring accounts to subscribe to paid plans to get a check mark. The other 10 were legacy verified accounts, which are required to pay for a subscription to retain their check marks,” the group wrote, adding that it “found advertising in the replies to posts in 19 of the 28 accounts.”
X issued the following statement on Wednesday: “X has a robust and secure approach in place for our monetization features, adhering to legal obligations, along with independent screening by our payments providers. Several of the accounts listed in the Tech Transparency Report are not directly named on sanction lists, while some others may have visible account check marks without receiving any services that would be subject to sanctions. Our teams have reviewed the report and will take action if necessary. We’re always committed to ensuring that we maintain a safe, secure and compliant platform.”
X Removes Some Check Marks
An account with the handle @SH_NasrallahEng appears to be tied to Hezbollah leader Hassan Nasrallah, the TTP report said. The account had a check mark when we first checked it earlier Wednesday, but it has since been removed.
“The account, which has 93,600 followers, posts English-language Hezbollah messages and memes disparaging Israel and the US. It was created in October 2021 and verified in November 2023, the same month that Nasrallah threatened further escalation of Israel’s war with Hamas,” the report said.
It’s been nearly two years since Russia’s invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. In order to “break military parity” with Russia, Ukraine’s top general says that Kyiv needs an inspired military innovation that equals the magnitude of inventing gunpowder to decide the conflict in the process of advancing modern warfare.
If you made some New Year’s resolutions related to digital security (it’s not too late!), check out our rundown of the most significant software updates to install right now, including fixes from Google for nearly 100 Android bugs. It’s close to impossible to be completely anonymous online, but there are steps you can take to dramatically enhance your digital privacy. And if you’ve been considering turning on Apple’s extra-secure Lockdown Mode, it’s not as hard to enable or as onerous to use as you might think.
If you’re just not quite ready to say goodbye to 2023, take a look back at WIRED’s highlights (or lowlights) of the most dangerous people on the internet last year and the worst hacks that upended digital security.
But wait, there’s more! Each week, we round up the security and privacy news we didn’t break or cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
23andMe said at the beginning of October that attackers had infiltrated some of its users’ accounts and abused this access to scrape personal data from a larger subset of users through the company’s opt-in social sharing service known as DNA Relatives. By December, the company disclosed that the number of compromised accounts was roughly 14,000 and admitted that personal data from 6.9 million DNA Relatives users had been impacted. Now, facing more than 30 lawsuits over the breach—even after tweaking its terms of service to make legal claims against the company more difficult—the company said in a letter to some individuals that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” This references 23andMe’s long-standing assessment that attackers compromised the 14,000 user accounts through “credential stuffing,” the process of accessing accounts using usernames and passwords compromised in other data breaches from other services that people have reused on multiple digital accounts. “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the company wrote in the letter.
“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing victims who received the letter, told TechCrunch. “23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing—especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform.”
Russia’s war—and cyberwar—in Ukraine has for years produced novel hybrids of hacking and physical attacks. Here’s another: Ukrainian officials this week said that they had blocked multiple Ukrainian civilians’ security cameras that had been hacked by the Russian military and used to target recent missile strikes on the capital of Kyiv. Ukraine’s SBU security service says the Russian hackers went so far as to redirect the cameras and stream their footage to YouTube. According to the SBU, that footage then likely aided Russia’s targeting in its bombardment on Tuesday of Kyiv, as well as the Eastern Ukrainian city of Kharkiv, with more than a hundred drones and missiles that killed five Ukrainians and injured well over a hundred. In total, since the start of Russia’s full-scale invasion of Ukraine in February 2022, the SBU says it’s blocked about 10,000 security cameras to prevent them from being hijacked by Russian forces.
Last month, a Russian cyberattack hit the telecom firm Kyivstar, crippling phone service for millions of people across Ukraine and silencing air raid warnings amid missile strikes in one of the most impactful hacking incidents since Russia’s full-scale invasion began. Now, Illia Vitiuk, the cyber chief of Ukraine’s SBU security service, tells Reuters that the hackers accessed Kyivstar’s network as early as March 2023 and laid in wait before they “completely destroyed the core” of the company in December, wiping thousands of its machines. Vitiuk added that the SBU believes the attack was carried out by Russia’s notorious Sandworm hacking group, responsible for most of the high-impact cyberattacks against Ukraine over the last decade, including the NotPetya worm that spread from Ukraine to the rest of the world to cause $10 billion in total damage. In fact, Vitiuk claims that Sandworm attempted to penetrate a Ukrainian telecom a year earlier but the attack was detected and foiled.
This week in creepy headlines: 404 Media’s Joseph Cox discovered that a Google contractor, Telus, has offered parents $50 to upload videos of their children’s faces, apparently for use as machine learning training data. According to a description of the project Telus posted online, the data collected from the videos would include eyelid shape and skin tone. In a statement to 404, Google said that the videos would be used in the company’s experiments in using video clips as age verification and that the videos would not be collected or stored by Telus but rather by Google—which doesn’t quite reduce the creep factor. “As part of our commitment to delivering age-appropriate experiences and to comply with laws and regulations around the world, we’re exploring ways to help our users verify their age,” Google told 404 in a statement. The experiment represents a slightly unnerving example of how companies like Google may not simply harvest data online to hone AI but may, in some cases, even directly pay users—or their parents—for it.
A decade ago, Wickr was on the short list of trusted software for secure communications. The app’s end-to-end encryption, simple interface, and self-destructive messages made it a go-to for hackers, journalists, drug dealers—and, unfortunately, traders in child sexual abuse materials—seeking surveillance-resistant conversations. But after Amazon acquired Wickr in 2021, it announced in early 2023 that it would be shutting down the service at the end of the year, and it appears to have held to that deadline. Luckily for privacy advocates, end-to-end encryption options have grown over the past decade, from iMessage and WhatsApp to Signal.
“Just like in the First World War, we have reached the level of technology that puts us into a stalemate,” Ukrainian general Valerii Zaluzhnyi admitted late last year. “There will most likely be no deep and beautiful breakthrough.”
That blunt assessment from the Ukrainian commander in chief, made in a November interview with The Economist, prompted waves of enormous pessimism. Headlines around the world seized on the idea that the war had essentially ended. Ukraine had fought valiantly—and lost.
Politicians in the West, particularly Republicans in the United States Congress, declared that it was time to stop supplying Kyiv and push for major concessions to Moscow.
The general’s actual point, however, wasn’t quite so fatalistic. In an accompanying nine-page essay, published in the British magazine, Zaluzhnyi doesn’t use the word “stalemate.” Instead, he called the war “positional,” with both sides trading just tiny slivers of land. Critically, however, he said Ukraine can still win. But it will mean, he wrote, “searching for new and non-trivial approaches to break military parity with the enemy.”
Technological innovation, more modern equipment, and changes in strategy could still turn the tide of this war, Zaluzhnyi argued. He laid out five areas where progress could mean overcoming their Russian opponent: achieving air superiority, improving mine clearing, expanding counterbattery, recruiting more soldiers, and advancing electronic warfare.
To achieve those goals, he wrote, Ukraine needs a once-in-a-century technological breakthrough.
“The simple fact is that we see everything the enemy is doing and they see everything we are doing,” Zaluzhnyi writes. “In order for us to break this deadlock we need something new, like the gunpowder, which the Chinese invented and which we are still using to kill each other.”
In recent months, WIRED has spoken to a host of NATO leaders and military analysts, as well as Ukrainian officials, regarding the future of the war. The consensus is clear: There is no silver bullet Ukraine can develop that will win this war. But there is agreement that Ukraine can and must innovate if it hopes to overcome its better-resourced and dug-in enemy.
“The thing that will break the logjam will be the right combination of new ideas, new organizations, and new technologies,” Mick Ryan, a 35-year veteran of the Australian Army who writes extensively on the future of war, tells WIRED. “It’s really about how you combine that trinity of ideas, technology, and organizations into something new.”
If you’re looking for a long read to while away your weekend, we’ve got you covered. First up, WIRED senior reporter Andy Greenberg reveals the wild story behind the three teenage hackers who created the Mirai botnet code that ultimately took down a huge swath of the internet in 2016. WIRED contributor Garrett Graff pulls from his new book on UFOs to lay out the proof that the 1947 “discovery” of aliens in Roswell, New Mexico, never really happened. And finally, we take a deep dive into the communities that are solving cold cases using face recognition and other AI.
That’s not all. Each week, we round up the security and privacy stories we didn’t report in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
For years, mercenary hacker companies like NSO Group and Hacking Team have repeatedly been the subject of scandal for selling their digital intrusion and cyberespionage services to clients worldwide. Far less well-known is an Indian startup called Appin that, from its offices in New Delhi, reportedly enabled customers worldwide to hack whistleblowers, activists, corporate competitors, lawyers, and celebrities on a giant scale.
In a sprawling investigation, Reuters reporters spoke to dozens of former Appin staff and hundreds of its hacking victims. It also obtained thousands of its internal documents—including 17 pitch documents advertising its “cyber spying” and “cyber warfare” offerings—as well as case files from law enforcement investigations into Appin launched from the US to Switzerland. The resulting story reveals in new depth how a small Indian company “hacked the world,” as Reuters writes, brazenly selling its hacking abilities to the highest bidder through an online portal called My Commando. Its victims, as well as those of copycat hacking companies founded by its alumni, have included Russian oligarch Boris Berezovsky, Malaysian politician Mohamed Azmin Ali, targets of a Dominican digital tabloid, and a member of a Native American tribe who tried to claim profits from a Long Island, New York, casino development on his reservation.
The ransomware group known as Scattered Spider has distinguished itself this year as one of the most ruthless in the digital extortion industry, most recently inflicting roughly $100 million in damage to MGM Casinos. A damning new Reuters report—their cyber team has had a busy week— suggests that at least some members of that cybercriminal group are based in the West, within reach of US law enforcement. Yet they haven’t been arrested. Executives of cybersecurity companies who have tracked Scattered Spider say the FBI, where many cybersecurity-focused agents have been poached by the private sector, may lack the personnel needed to investigate. They also point to a reluctance on the part of victims to immediately cooperate in investigations, sometimes depriving law enforcement of valuable evidence.
Denmark’s critical infrastructure Computer Emergency Response Team, known as SektorCERT, warned in a report on Sunday that hackers had breached the networks of 22 Danish power utilities by exploiting a bug in their firewall appliances. The report, first revealed by Danish journalist Henrik Moltke, described the campaign as the biggest of its kind to ever target the Danish power grid. Some clues in the hackers’ infrastructure suggest that the group behind the intrusions was the notorious Sandworm, aka Unit 74455 of Russia’s GRU military intelligence agency, which has been responsible for the only three confirmed blackouts triggered by hackers in history, all in Ukraine. But in this case, the hackers were discovered and evicted from the target networks before they could cause any disruption to the utilities’ customers.
Last month, WIRED covered the efforts of a whitehat hacker startup called Unciphered to unlock valuable cryptocurrency wallets whose owners have forgotten their passwords—including one stash of $250 million in bitcoin stuck on an encrypted USB drive. Now, the same company has revealed that it found a flaw in a random number generator widely used in cryptocurrency wallets created prior to 2016 that leaves many of those wallets prone to theft, potentially adding up to $1 billion in vulnerable money. Unciphered found the flaw while attempting to unlock $600,000 worth of crypto locked in a client’s wallet. They failed to crack it but in the process discovered a flaw in a piece of open-source code called BitcoinJS that left a wide swath of other wallets potentially open to be hacked. The coder who built that flaw into BitcoinJS? None other than Stefan Thomas, the owner of that same $250 million in bitcoin locked on a thumb drive.