Notices by BrianKrebs (briankrebs@infosec.exchange)

JD Vance apparently cast the tiebreaking vote on the big GOP tax giveaway. Fitting outcome for the most gutless, rapacious and myopic Congress ever.

https://www.nytimes.com/live/2025/07/01/us/trump-bill-news

I resemble this comment.

https://www.nytimes.com/interactive/2025/06/30/opinion/hhs-cuts-harming-american-health.html

FBI agents briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, Sen. Ron Wyden (D-Ore.) says the feds aren’t doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/

Found a bald-faced hornet's nest near the house -- right in the middle of the garden. These things are about the most aggressive stinging insects I've come across. Our dog loves to bat at the bees when she's bored, no matter how many times I tell her to be nice and that she's going to regret it. I've never seen her get stung,, but they're also usually bumblebees or slower insects she's picking on. Last night, she picked a fight with a bald-faced hornet that stung her at least once and then stung me 3 times and somehow managed to still hang on to me while we both fled indoors. Then while we were frantically searching for this menace it sneaked up and stung me again in the neck. It took about 5 minutes to corner it and kill it.

After I squashed him I looked him up: They are apparently known for being aggressively defensive, swarming anything that gets too close, and they can sting over and over w/out losing their stinger or dying. I also read this little terrifying factoid: These things *can recognize human faces* and can send out pheromones to tell their fellow hornets who to attack. So now I'm wanted in my own front yard. It's like raptors own the yard or something.

I think it's time to call a professional. No way I'm going near that area again. I can't imagine the pain a whole bunch of those things could cause all at once.

So many missed headline opportunities. Balls Dropped. Sacked. It goes on and on.

https://www.wired.com/story/big-balls-coristine-doge-resigned-us-government/

A steady rain has moved into the DC area. Visibility is not great. Whoever ordered it to rain on his parade, <chef's kiss>

IDK why, but out of all the horrible, no good, very depressing news on the front pages today, this one stuck in my head the most so far. From WaPo:

"At least several months ago, Israel’s top spy agency, the Mossad, began to smuggle missiles into Iran and secretly installed swarms of explosive drones deep inside the country, laying the groundwork for a devastating Israeli surprise attack on Friday morning. As Israel launched its air attack, the Mossad activated its planted drones, which struck missile launchers at a base near Tehran, a senior Israeli official said, speaking on the condition of anonymity to discuss intelligence operations."

But sure, let's spend a bajillion dollars building a nationwide golden ICBM shield.

https://www.washingtonpost.com/world/2025/06/12/israel-attacks-iran-tehran-explosions/#link-SFGHTH4RRVBZJPJXL2ZBVMJY5I

New, by me: A Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.

https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

Really enjoyed David Gerard's amusing take on how programming with AI becomes like a gambling addiction for many.

"Large language models work the same way as a carnival psychic. Chatbots look smart by the Barnum Effect — which is where you read what’s actually a generic statement about people and you take it as being personally about you. The only intelligence there is yours."

"With ChatGPT, Sam Altman hit upon a way to use the Hook Model with a text generator. The unreliability and hallucinations themselves are the hook — the intermittent reward, to keep the user running prompts and hoping they’ll get a win this time."

"This is why you see previously normal techies start evangelising AI coding on LinkedIn or Hacker News like they saw a glimpse of God and they’ll keep paying for the chatbot tokens until they can just see a glimpse of Him again. And you have to as well. This is why they act like they joined a cult. Send ’em a copy of this post."

https://pivot-to-ai.com/2025/06/05/generative-ai-runs-on-gambling-addiction-just-one-more-prompt-bro/

PSA: After getting duly sanctioned last month by the EU for being a conduit for Russian disinformation and cyberattacks, the people behind the massive bulletproof hosting service known as Stark Industries Solutions Inc are rebranding.

Stark's two sanctioned owners -- the Neculiti brothers -- have operated Stark via a related business called PQ Hosting, which is now changing its name to the[.]hosting.

"The PQ.Hosting project no longer exists — neither as a legal entity nor as an operational structure. From the moment of transition, full control over all operational and technical activities has passed to new owners with no connection to the previous management or beneficiaries."

Uh huh.

https://the.hosting/en/news/pqhosting-thehosting-important-news-about-the-companys-transformation

I learned a lot writing this, and there is a lot more here to pick at.

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America’s largest Internet service providers (ISPs).

"...A cursory review of all Internet address blocks currently routed through AT&T — as seen in public records maintained by the Internet backbone provider Hurricane Electric — shows a preponderance of country flags other than the United States, including networks originating in Hungary, Lithuania, Moldova, Mauritius, Palestine, Seychelles, Slovenia, and Ukraine.

Asked about the apparent high incidence of proxy services routing foreign address blocks through AT&T, the telecommunications giant said it recently changed its policy about originating routes for network blocks that are not owned and managed by AT&T. That new policy, spelled out in a February 2025 update to AT&T’s terms of service, gives those customers until Sept. 1, 2025 to originate their own IP space from their own autonomous system number (ASN), a unique number assigned to each ISP (AT&T’s is AS7018).

https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/

Attendee at a recent talk: "You're the reason I got into security."

Me: "I'm really sorry."

It's not every day your name is on the top of the Google Cloud blog. Google's engineers wrote about the ginormous 6.3 terabits per second attack on KrebsOnSecurity.com on May 12.

"In the May incident, the attacker sent large data packets to random ports at a rate of approximately 585 million packets per second, which is over 1,000 times the usual rate for KrebsOnSecurity."

https://cloud.google.com/blog/products/identity-security/project-shield-blocked-a-massive-recent-ddos-attack-heres-how

Here's my May 20 story about the attack:
https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/

The closing thank you slide in my talk yesterday had my profile photo from here and a link to my profile, and I actually had multiple people come up afterward saying they were signing up here after meaning to for some time. Guess I'll keep that as my last slide going forward.

In January, I wrote about a vast China-based cloud CDN called Funnul that catered to cybercriminals in China and Russia seeking to route their traffic through US-based Cloud providers, particularly Microsoft and Amazon.

https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/

I did not expect this, or so quickly, but it looks like Treasury just sanctioned Funnel, calling it a major scam distributor.

https://home.treasury.gov/news/press-releases/sb0149

January's story was based on research by Silent Push, which found a large number of domains hosted via Funnull promoting gambling sites that bear the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean Lazarus Group.

In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “triad offenses,” i.e. working with Chinese transnational organized crime syndicates. Suncity is alleged to have built an underground banking system that laundered billions of dollars for criminals.

LOL. I posted the same thing on LinkedIn just as like an FYI, and within minutes the post attracted a comment from a scam HR recruiter whose account is 5 days old.

There are a number of AI platforms now that will allow people to engage agentic AI bots, and I have to say these places are generally libertarian utopias. It's kind of like CoPilot, but w/out any of the ethical and security guardrails.

Come to think of it, we're not far from a future in which nation states are founded on the idea that AI should be unbridled by laws and regulations.

Just FYI, I was asked to talk about what's ahead for AI and then freaked out because I don't know anything about AI. So I set aside a few days to sit w/ a couple of the best red-teamers I know.

Tl;dr: one told it to mimic the IT infrastructure of the target environment, and then run a battery of tests using APIs for some vulnerability testing services. He told it to dox the employees of the targeted company; to provide a roadmap for exploitable vulnerabilities. It did all this and more. The expert said the resulting report produced by the agentic AI bot was the equivalent of an entire team of red-teamers working for a week. The compute time cost less than $10.

Oh yay. Our dystopian AI agentic future is now at 4.0

https://news.ycombinator.com/item?id=44063703

For a clue at how new agentic AI is for most noobs (including me), agentic is not even technically a globally accepted word yet AFAICT.

As much as I detest the term "agentic AI" for all that it stands for, it's a term that everyone should understand and be conversant about. If you thought we had problems already with systems being compromised by botnets, wait until everyone and his mom starts handing control over their system to agentic AI. It won't be long now.