Investigators with the FBI and Pima County Sheriff’s Department said they were able to recover footage from a Google Nest camera outside the Arizona home of Nancy Guthrie — the missing mother of “Today” co-host Savannah Guthrie — by extracting “residual data located in backend systems,” raising new questions about how it was possible to retain the video.
Retired special agent Jason Pack told CBS News that locating the missing footage of a masked individual outside Guthrie’s door was “like finding a needle in a haystack,” providing a breakthrough authorities needed more than a week after she was reported missing.
But many are questioning how footage was recovered from a doorbell camera that officials said was disconnected with no active subscription to store video. With a free Google Nest plan, the video should have been deleted within 3 to 6 hours — long after Guthrie was reported missing.
How doorbell cameras store data
Although Nest users with a free plan cannot access cannot access recordings past a certain time frame, cybersecurity experts say doorbell cameras, like Guthrie’s, have built-in backup mechanisms that enable them to store data across multiple layers, which makes short-term recovery possible.
“Internal storage uses a very lazy deletion mechanism, so the data wouldn’t be available to users who didn’t pay,” cybersecurity expert Alex Stamos explained to CBS News. “The video for non-subscribers would be marked for deletion, but depending on the exact implementation details, the actual files might not be deleted for days and the actual data wouldn’t be overwritten until the storage was needed.”
Patrick Jackson, a former NSA data researcher and the chief technology officer for privacy and security company Disconnect, added, “There’s kind of this old saying that data is never deleted, it’s just renamed. And I think this is a perfect, you know, showing of this where once this data’s uploaded, they may mark it for deletion, but it may never get deleted.”
Jackson said most doorbell cameras also have a tamper mode, a security feature that alerts a user when a device is being disconnected or damaged. He believes this may serve as a signal for companies to hold onto data for a longer period of time.
“From Google’s server perspective, it knows if that device goes offline,” Jackson said. “And so if the last event was tamper detected, and it’s a motion event, it could tag it in a way where Google may not delete that and may know that this could have some value to some law enforcement.”
Jackson said there’s nothing in the terms of service that would prevent Google from activating this feature and retaining video for a longer period of time. He suspects most users aren’t aware of this potential feature.
Implications for future investigations
“This is Google tipping their hand for potentially a capability that maybe they’ve never disclosed,” Jackson said. “And maybe this rose to the occasion where they felt, OK, you know, we do have this ability, we’re going to use it for this occasion.”
According to Google’s cloud storage protection backup recovery overview, “Cloud Storage offers a variety of options to help you protect your data from accidental or malicious deletion and recover your data in the event of a disaster. These options can be useful for legal or regulatory compliance, as well as for protecting data that is critical to your business.”
FBI Director Kash Patel told Fox News that authorities executed lawful searches and turned to private sector companies to “expedite results and then go into their systems and actually excavate material that people would think would normally be deleted and no one would look for.”
In a transparency report, Nest explained how the company responds to court orders or requests from law enforcement.
“When we get a request for user information, we review it carefully and only provide information within the scope and authority of the request. Privacy and security are incredibly important to us. Before complying with a request, we make sure it follows the law and Nest’s policies. We notify users about legal demands when appropriate, unless prohibited by law or court order. And if we think a request is overly broad, we’ll seek to narrow it,” the company stated online.
Jackson said the recovery of critical footage from Guthrie’s free account could open Google up to a flood of future law enforcement inquiries.
“We’re not the only ones as consumers looking at this kind of alarm,” Jackson said. “Law enforcement folks are looking at this as like, oh, this could be a new capability that we could add to our pipeline for when we’re trying to source video footage.”
CBS News has reached out to Google for comment on the Nest footage. A Google spokesperson previously told CBS News, “We are assisting law enforcement with their investigation,” and adding that “this is an ongoing investigation, and we cannot share further details at this time.”
New Delhi — India’s government revoked an order on Wednesday that had directed smartphone makers such as Apple and Samsung to install a state-developed and owned security app on all new devices. The move came after two days of criticism from opposition politicians and privacy organizations that the “Sanchar Saathi” app was an effort to snoop on citizens through their phones.
“Government has decided not to make the pre-installation mandatory for mobile manufacturers,” India’s Ministry of Communications said in a statement Wednesday afternoon.
The initial order, issued privately to phone makers by the ministry late last month, was leaked to Indian media outlets on Monday. It directed all phone makers to preinstall the Sanchar Saathi (which means Communication Partner in Hindi) app on new phones within 90 days, and also on older phones through software updates.
A man installs the state-owned and run cybersecurity application Sanchar Saathi on his mobile phone in Srinagar, Jammu and Kashmir, India, Dec. 2, 2025.
Firdous Nazir/NurPhoto/Getty
The order, reported from Monday by numerous Indian media outlets and later acknowledged by the government, had asked manufacturers to ensure that the functions of the app could not be “disabled or restricted.”
There was an immediate backlash on Monday, with opposition political parties quickly labelling the government software a “snooping app” and drawing parallels to Pegasus, the hacking spyware developed, marketed and licensed to governments around the world by the Israeli company NSO Group.
On Tuesday, India’s national Minister of Communications Jyotiraditya Scindia insisted to journalists outside the parliament that the Sanchar Sathi app was non-compulsory and in line with democratic principles. He said smartphone owners could activate the app at their convenience to access its benefits, and they could also delete it from devices at any time.
He did not, however, say anything on Tuesday to deny or change the order to phone makers to ensure the app was pre-installed.
On Wednesday, Scindia insisted that “neither is snooping possible, nor it will be done” with the app.
India’s Minister of Communications Jyotiraditya M. Scindia speaks during a news conference at the National Media Center, in an Oct. 17, 2025 file photo taken in New Delhi, India.
Vipin Kumar/Hindustan Times/Getty
While the order for it to be installed universally was revoked, the government continued defending the app on Wednesday, saying the intent had been to “provide access to cybersecurity to all citizens,” and insisting that it was “secure and purely meant to help citizens.”
Opposition politicians say “it is a snooping app”
The government’s U-turn came after sharp criticism from opposition political parties and digital rights advocates.
“It is a snooping app. It’s ridiculous. Citizens have the right to privacy. Everyone must have the right to privacy to send messages to family, friends, without the government looking at everything,” Priyanka Gandhi, leader of the opposition Congress party, told reporters outside India’s parliament on Tuesday.
“They brought in Pegasus and have been unable to keep it under control. MPs and MLAs all say that their phones are being tapped. For the last 11 years, basic rights of the Indians have been taken away… This is the real violation of National Security,” said Renuka Chowdhury, another Congress member.
Digital privacy advocates also raised concerns about the government order, saying it would breach citizens’ right to privacy in a country with more than 1.2 billion cell phone users.
“No government will ever be expected to acknowledge that a government app is a snooping tool, even in China and Russia, where such apps have been mandated,” Indian technology analyst Prasanto K. Roy told CBS News on Wednesday. “A government statement alone is not adequate to inspire confidence in this.”
Roy said the government should restrict the default permissions settings that enable the app to access data on smartphones to the absolute minimum, and explain why those permissions were deemed necessary. He added that the code for the app should be open-source and published online, to enable independent security professionals to scrutinise it.
“In plain terms, this converts every smartphone sold in India into a vessel for state-mandated software that the user cannot meaningfully refuse, control, or remove,” the Internet for Freedom organization said in a statement Tuesday, before the government revoked its order. “For this to work in practice, the app will almost certainly need system level or root level access … so that it cannot be disabled. That design choice erodes the protections that normally prevent one app from peering into the data of others, and turns Sanchar Saathi into a permanent, non-consensual point of access sitting inside the operating system of every Indian smartphone user.”
Technology analyst Roy told CBS News the real issue was “not about faith in the government’s benevolence,” but rather “concerns about potential access to a wide range of data by many junior or mid-level officials in government or law enforcement,” as there was no clarity about what data could be accessed via the app, or who would have access to it.
Major phone makers did not publicly react to the government order, but the Reuters news agency reported that Apple had planned to refuse to comply.
Indian government says it’s just trying to help
The government argues that the app allows users to track, block and recover lost or stolen smartphones using the device’s International Mobile Equipment Identity (IMEI), a unique code assigned to all handsets sold around the world.
It also enables users to check how many unique mobile data connections are registered under their name, which it says will help people identify and disable fraudulent numbers and accounts opened by scammers.
Other features include tools to report suspected fraudulent calls and to verify the authenticity of devices being used to make purchases, according to officials.
The government said in its multiple statements that the app had already been downloaded 14 million times, and used to help trace 2.6 million lost or stolen phones. It said Sanchar Sathi had helped in the disconnection of over 4 million fraudulent connections, based on citizen reports.
Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, joins “CBS Mornings” to discuss his new Masterclass and share ways people can protect themselves from online scams, identity theft and deepfakes.
Google is filing a federal lawsuit against a network of foreign cybercriminals based in China that is accused of launching massive text-message phishing attacks, the tech giant told CBS News in an exclusive interview.
Google said the messages are part of a criminal network called “Lighthouse.” The texts look legitimate, often warning recipients of a “stuck package” or an “unpaid toll,” but they’re actually phishing or what’s called smishing — a type of phishing scam that uses text messages to try to trick recipients into revealing personal and sensitive information, such as passwords and credit card numbers, which are then stolen.
“These scammers ended up compromising anywhere from 15 [million] to 100 million potential credit cards within the U.S. and impacted, at our current estimates, over a million victims,” Google’s general counsel, Halimah DeLaine Prado, told CBS News.
DeLaine Prado said Google has filed what it calls a first-of-its-kind lawsuit under the RICO Act, which is typically used to take down organized crime rings.
The case targets unknown operators — listed as John Does 1 through 25 — who allegedly built a “phishing-as-a-service” platform to power mass text attacks.
DeLaine Prado said the lawsuit is not meant specifically to help victims recover any losses, but rather to serve as a “deterrent for future criminals to create similar enterprises.”
Google said it found more than 100 fake sites using its logo to trick people into handing over passwords or credit card numbers. According to its complaint, it estimates the group has stolen sensitive information linked to tens of millions of credit cards in the U.S. alone.
Kevin Gosschalk, the CEO of cybersecurity firm Arkose Labs, said that while recovering lost money is a challenge, lawsuits like Google’s could help disrupt scammers’ operations.
“It has an impact on the ecosystem,” Gosschalk told CBS News. He said that if there are three major players and you go after the big one and take it down, “then the other two start second-guessing, ‘Hey, should we be in this business, or should we get out of this business?’”
Google’s move appears aimed as much at setting a legal precedent as at seeking punishment — testing whether a 1970s racketeering law can be applied to a 21st-century digital crime.
Gosschalk said it will be very hard for Google to go after cybercriminals overseas since a lot of them also operate in countries like Cambodia, where there are limited extradition laws.
“But it does mean the individuals behind those things will not be able to travel to the U.S. in the future, so it does add extra risk,” Gosschalk said.
Users can avoid text scams by not clicking links or replying to unknown messages. On an iPhone, users can turn on “Filter Unknown Senders” and “Filter Junk.” On Android, enable Spam Protection and forward scam texts to 7726 (SPAM).
Note that those filters can also catch legitimate messages from numbers that are not in the phone’s contact list, so be sure to check the unknown senders or spam folder once in a while.
The Cybersecurity and Infrastructure Security Agency on Wednesday issued a sweeping emergency order directing all federal agencies to immediately patch critical vulnerabilities in certain devices and software made by F5, a technology vendor, after confirming a nation-state cyber actor gained unauthorized access to F5’s source code.
CISA — a part of the Department of Homeland Security that manages risks to the U.S.’s cyber and physical infrastructure — issued Emergency Directive 26-01 following the company’s disclosure that a foreign threat actor had maintained long-term, persistent access to its internal development and engineering environments using source code.
Officials warned that attackers could exploit the vulnerabilities to steal credentials, move laterally through networks, and potentially take full control of targeted systems. F5 said it first discovered the attack in August but did not disclose exactly when it began.
“This directive addresses an imminent risk,” Nick Anderson, CISA’s executive assistant director for cybersecurity, said during a news briefing Wednesday. “A nation-state actor could exploit these flaws to gain unauthorized access to embedded credentials and API keys. That’s an unacceptable risk to federal networks.”
F5 is a publicly traded American technology company headquartered in Seattle, Washington.
Justice Department delayed breach announcement
Earlier Wednesday, F5 disclosed the breach in a filing with the Securities and Exchange Commission.
In the SEC 8-K report, F5 said the Justice Department on Sept. 12 “determined that a delay in public disclosure was warranted.” It’s one of the first times a company has publicly acknowledged DOJ intervention under the SEC’s cybersecurity disclosure rules.
The rules were adopted in July 2023 and require companies to report cybersecurity incidents within four business days of determining that a material event has occurred.
“Under item 1.05(c), the Department may grant a delay after finding that a disclosure required by Item 1.05 would pose a substantial risk to national security or public safety,” a Department of Justice spokesperson told CBS News in a statement.
F5 CEO François Locoh-Donou signed the filing, which said the company learned of the attack on Aug. 9 and launched an investigation alongside cybersecurity firms CrowdStrike, Mandiant and others, with assistance from federal law enforcement and unnamed “government partners.”
“During the course of its investigation, the Company determined that the threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment and engineering knowledge management platform,” F5 wrote in its filing.
What’s in the CISA emergency order
CISA’s order directed federal civilian executive branch agencies — which include the Department of Justice, Department of State, Department of the Treasury and the Federal Trade Commission, among others — to inventory F5 BIG-IP products, which are application delivery and security services.
The federal agencies need to evaluate if their networks are accessible from the public internet, and apply newly released updates from F5 by Oct. 22, the emergency order stated. They must also complete scoping reports identifying affected devices by Oct. 29.
There are currently thousands of F5 devices in use across federal networks, Anderson told CBS News. The cybersecurity agency said it expects to know more about the scope of exposure by the end of the month.
CISA Acting Director Madhu Gottumukkala said in a statement that the agency remains “steadfast” in its mission to defend U.S. networks, even amid the ongoing government shutdown and the lapse of the Cybersecurity Information Sharing Act of 2015.
“The alarming ease with which these vulnerabilities can be exploited demands immediate and decisive action,” Gottumukkala said. “These same risks extend beyond federal systems — to any organization using this technology.”
No confirmed compromises yet, but broader campaign underway
Anderson confirmed that CISA is not aware of any current data breaches within federal agencies, though the directive is designed to uncover any potential compromises. He said the campaign appears to be part of a broader nation-state effort targeting elements of the U.S. technology supply chain, not just one vendor.
“The broader goal here is persistent access — to gather intelligence, hold infrastructure hostage, or position themselves for future attacks,” Anderson told CBS News during Wednesday’s briefing.
CISA declined to name the country behind the attack, citing ongoing investigations.
“The U.S. government is not making a public attribution at this time,” said Marcy McCarthy, CISA’s director of public affairs.
In a statement to CBS News, the head of threat intelligence for Unit 42, a team of cybersecurity experts and researchers at Palo Alto Networks, said the theft of F5 BIG-IP source code is “significant, as it potentially facilitates rapid exploitation of vulnerabilities.”
“Generally, if an attacker steals source code, it takes time to find exploitable issues,” Unit 42 Chief Technology Officer Michael Sikorski said. “In this case, they also stole information on undisclosed vulnerabilities that F5 was actively working to patch. This provides the ability for threat actors to exploit vulnerabilities that have no public patch, potentially increasing speed to exploit creation.”
Working through the government shutdown
Pressed on the government’s ability to respond amid furloughs and staffing reductions at CISA, Anderson acknowledged the agency’s challenges but said it remains operational.
“We’re sustaining essential functions and providing timely guidance like this to mitigate risk,” he said. “This is core mission work for CISA — exactly what we should be doing.”
Anderson also said the lapse of the Cybersecurity Information Sharing Act of 2015, a law that had governed federal-private sector cyber information sharing before sunsetting, did not delay coordination with F5 or impact the agency’s response.
While the directive applies only to federal agencies, CISA is strongly urging state, local and private sector organizations using F5 technologies to follow the same patching and mitigation steps. F5’s products, including its BIG-IP line, are widely used in both government and commercial networks to manage internet traffic and security.
Until recently, Tim Haugh was among America’s top spymasters. The four-star general spent 33 years in Air Force Intelligence and rose to lead America’s largest and most advanced intelligence agency. Haugh was also in charge of defending America from computer threats. In his first television interview since retirement, General Haugh is here to warn that China has hacked into U.S. computer networks to an astonishing degree. And he believes he knows why. The surprise, Tim Haugh told us, is that China is targeting not just the U.S. military and industry but also Americans in their homes.
Gen. Tim Haugh: I think initially we were surprised that China would target every American with these capabilities. That goes against every norm of international law. That certainly goes against how the United States military would approach targeting in a crisis or a conflict. That the fact that they would go after basic services as part of their effort that they have identified as unrestricted warfare is unconscionable.
Scott Pelley: And what did they target?
Gen. Tim Haugh: They targeted water. They targeted electrical power infrastructure; transportation are examples of the types of things that were targeted. And in many cases they’re vulnerable.
Multiple intrusions at utilities were discovered in 2023. And China had been on some of their computer networks at least five years.
Scott Pelley: You’re saying that the Chinese today are in American power plants, water treatment plants, other parts of the electrical grid, maybe even hospitals, telecommunications, all of that?
Gen. Tim Haugh: So there is a daily contest that is going on to be able to deny China those accesses. But they are certainly attempting every single day to be able to target telecommunications, to be able to target critical infrastructure, both in the United States and in other countries. And they are doing that to try to ensure that they have an advantage in a crisis or a conflict.
Scott Pelley: Is China preparing for war?
Gen. Tim Haugh: There was no other reason to target those systems. There’s no advantage to be gained economically. There was no foreign intelligence-collection value. The only value would be for use in a crisis or a conflict.
Retired four-star Gen. Tim Haugh
60 Minutes
In 2024, Tim Haugh rose to lead both the National Security Agency, America’s largest spy agency, plus U.S. Cyber Command, the military defense in cyberspace. Haugh took over just as the scope of China’s hacking of utilities was becoming clear in a place no one would have imagined.
Scott Pelley: Is Littleton a major supplier of some kind to the federal government?
Nick Lawler: We are not.
Scott Pelley: Major supplier to a military base?
Nick Lawler: Nope.
Nick Lawler is general manager of the Littleton, Massachusetts electric and water utility. His town has 10,000 residents.
Scott Pelley: Can you think of any reason that China would target your little community?
Nick Lawler: That’s the exact question I had for the FBI when they visited me on that first day, and I still can’t answer that question. No, I can’t think of one reason.
The FBI visited in November 2023 to tell Lawler that China had access to his utility’s computer network. He says the feds told him he was one of 200.
Scott Pelley: How much of all of this is controlled, remotely by computer?
Nick Lawler: All of it.
In his water treatment plant, Lawler showed us tanks of dangerous chemicals that are precisely controlled to deliver clean water.
Scott Pelley: If you had control of these tanks, you’ve got control of Littleton, Massachusetts. You can poison the water.
Nick Lawler: You can poison the water.
But China was caught before it had operational control. With Lawler’s permission, the feds watched what China was doing and what they learned was part of an awakening for American security.
Gen. Tim Haugh: If you are willing to go after a small water provider in Littleton, Massachusetts, what other target is off the list? So, from that perspective, this is a national threat. It’s one that needs to be addressed. But it’s also one that every American should understand, because if they’re willing to go after that small provider that doesn’t have a national security connection, that means every target is on the list.
Scott Pelley: So help me understand, why Littleton?
Gen. Tim Haugh: If we’re involved in something in the Indo-Pacific that is– becoming a challenge between the United States and China, the more that China could get us to focus at home means now our resources are focused in the homeland. That would distract us, distract resources, make it more difficult for us to mobilize in a crisis.
Scott Pelley: Littleton may not be a very large place, but if the Chinese took its water offline, the entire country would be focused on it.
Gen. Tim Haugh: And if there were three to four other examples simultaneously plus an information campaign it could seem much larger than it is, or it could be done in critical places that would have a greater effect.
Other critical places believed to have been targeted by China over years include New York City’s Metropolitan Transportation Authority, 13 gas pipeline operators, the port of Houston and major phone companies.
Sen. Mike Rounds: But here’s the bottom line on this. They have gotten to be very, very good at cyber operations.
Mike Rounds thinks he knows why China is doing this.
Sen. Mike Rounds
60 Minutes
The Republican senator of South Dakota is chair of the Armed Services Cybersecurity Subcommittee. He believes China intends to deter the U.S. from standing up in a fight by hacking our most sensitive industries
Sen. Mike Rounds: But all it takes is a blip on the financial markets to delay certain trades by just milliseconds, to put the market into an entirely different attitude about the security and the soundness of being able to make those transactions happen.
Scott Pelley: You’re talking about causing chaos on Wall Street.
Sen. Mike Rounds: Threatening to be able to cause chaos on Wall Street would be something that they would love to do.
Scott Pelley: And turning the lights on and off.
Sen. Mike Rounds: Most certainly. Or to start out with, whether or not you can get an airline reservation. And so those are areas that they would love to– just so that when the time comes, in my opinion, they can look at it and simply say, “We know where you’re at. Don’t mess with us. We’re capable of causing real problems for you long term.”
China is causing those problems by exploiting vulnerabilities in network equipment. In Littleton, Massachusetts, China found a weakness in a network firewall. That’s not unusual when software vulnerabilities go unpatched or when out-of-date equipment is no longer supported with security updates. Once inside, China did not install malware which could be a red flag. Instead, it stole log-in credentials and masqueraded as a legitimate employee.
Gen. Tim Haugh: They are just gaining access to that system and then attempting to lay dormant. They’re not spending more time collecting intelligence or taking other activities.
Scott Pelley: It’s there if they need it later.
Gen. Tim Haugh: Exactly.
Scott Pelley: Do we even know how extensively the Chinese are into our systems?
Gen. Tim Haugh: I don’t think we have a perfect knowledge of that.
Scott Pelley: How many Chinese attacks are there on U.S. systems in a day?
Gen. Tim Haugh: I would exp– expect that automated activity are happening at scans, at the– the m– millions of devices throughout every single day.
China denies the hacking. The White House told us it is working to “assess exposure and mitigate the damage.” In Littleton, the damage forced Nick Lawler to completely rebuild his network, at a cost of more than $50,000.
Scott Pelley and Nick Lawler in Littleton, Massachusetts.
60 Minutes
Gen. Tim Haugh: It is much more consuming to try to get somebody out of a network than to deny them access, which is why it’s so critically important that we get the basics right in our critical infrastructure and in these substantive networks so that we aren’t expending more resource to try to root them out.
Scott Pelley: Tell me we’re good at this.
Gen. Tim Haugh: We are definitely good at this.
Scott Pelley: Really?
Gen. Tim Haugh: But the scale is a challenge.
Very few understood the scale or the challenge as well as Gen. Haugh. In the first Trump administration he was promoted to two star general, then three star. But later, with a fourth star, he led the National Security Agency for only a little over a year.
Gen. Tim Haugh: I got a phone call from a senior official in the Department of Defense that told me that the President had made a decision to remove me.
He was fired, in April, after a far-right activist named Laura Loomer met with the president. Online she explained that Haugh was “disloyal” and had been “referred for firing.” The evidence she pointed to, publicly, was Haugh’s appointment by President Biden. She called Haugh’s firing “a blessing for the American people.”
Scott Pelley: That has got to be galling–after your career.
Gen. Tim Haugh: I– I know in my heart that every day I wanted to achieve the things for our nation that would make us more secure and make every American safe, and that continued to my last day of service. So– from that perspective– it– it certainly was impactful to me and my family. But at the end of the day, it’s about our nation and it’s about our nation’s security.
Scott Pelley: You’re sitting there with four stars on your shoulder, you have spent your entire life in the Air Force, and you’ve been accused of being disloyal. Your reaction is what?
Gen. Tim Haugh: That every day I woke up committed to our national security and to meeting the expectations of the President.
Scott Pelley: Not disloyal?
Gen. Tim Haugh: Absolutely not.
The White House did not answer our questions about Haugh’s firing from the National Security Agency. Later, Haugh retired from the Air Force.
Sen. Mike Rounds: We do not have enough of these types of leaders, and a loss of any one of them without strong justification is disappointing.
A new acting head of the National Security Agency was appointed but the week after the firing, Republican Mike Rounds, chair of the Senate’s Cybersecurity Subcommittee, saw Haugh’s sudden termination this way.
Sen. Mike Rounds: The departure of General Haugh is a loss for our nation but will be a tremendous gain for any private or public entity where he decides to lend his expertise and leadership. I wish him Godspeed. That said, as our adversaries watch this hearing, it will be clear that no matter the scenario, our cyber mission forces are ready.
Gen. Tim Haugh: The National Security Agency and U.S. Cyber Command are consequential organizations. The second I was no longer the leader, focus shifts to them. They have consequential missions to do and for my family, it shifts to, how do we serve in different ways.
Today, Tim Haugh serves by teaching at Yale, and consulting private industry, but sidelined in government, as China expands its aggressive hacking, spying and theft of intellectual property.
Scott Pelley: There have been resignations and firings of other people focused on America’s cyber defense. What does that mean for our national security?
Gen. Tim Haugh: Our overall capacity is getting smaller while we know China’s continues to grow. There is still immense capability in the U.S. government, and now it will be up to the administration to be able, to be able to use that and build partnerships with industry to be able to ensure that we’re countering these threats.
Scott Pelley: If the United States does not dominate in this space, what is at stake?
Gen. Tim Haugh: First, I’m always confident in our nation. But if we don’t dominate in this space, China gains advantage with the ability to continue to steal intellectual property, which impacts our economy. They could gain increased intelligence collection, which would help them every day and also in a crisis in conflict, and they could preposition in critical networks, both in the United States and with allies and partners that could give them advantage in a crisis. We can’t let that happen.
Produced by Aaron Weisz. Associate producer, Ian Flickinger. Broadcast associate, Michelle Karim. Edited by April Wilson.
Tim Haugh, the retired general and ousted former head of both the National Security Agency and U.S. Cyber Command, warns that China has hacked into U.S. computer networks to an astonishing degree, targeting not just the U.S. military and industries, but also every American.
In the months since Mr. Trump’s return to the White House, there have been resignations and firings of other people focused on America’s cyber defense.
“Our overall capacity is getting smaller while we know China’s continues to grow,” Haugh told 60 Minutes. “There is still immense capability in the U.S. government, and now it will be up to the administration to be able to use that and build partnerships with industry to be able to ensure that we’re countering these threats.”
What China is accessing in the U.S.
Haugh rose to lead the National Security Agency and U.S. Cyber Command in 2024, just as the scope of China’s hacking of utilities became clear in a place no one would have imagined: Littleton, Massachusetts.
It’s a small town with around 10,000 residents, 30 miles northwest of Boston. It’s not a major supplier to the federal government or to a military base, yet China targeted the town. The FBI visited in November 2023 to tell Nick Lawler, general manager of the town’s electric and water utility, that China had breached his utility’s computer network. Lawler said the feds told him he was one of 200.
Scott Pelley and Nick Lawler in Littleton, Massachusetts.
60 Minutes
China had been on some American networks for at least five years around the time of the FBI’s visit to Lawler.
At the water treatment plant, Lawler showed how dangerous a hack could have been. If China had managed to get control over the utilities water system, they could have poisoned the water.
But China was caught before it had operational control. Secure from danger, and with Lawler’s permission, the federal investigators watched what China was doing and what they learned was part of an awakening for American security.
“If you are willing to go after a small water provider in Littleton, Massachusetts, what other target is off the list? So, from that perspective, this is a national threat. It’s one that needs to be addressed,” Haugh said. “But it’s also one that every American should understand, because if they’re willing to go after that small provider that doesn’t have a national security connection, that means every target is on the list.”
China denies hacking America’s critical infrastructure. The White House recently told 60 Minutes it is working to “assess exposure and mitigate the damage.”
No utility would talk to 60 Minutes about getting hacked by China except Littleton’s Nick Lawler. He decided to speak out so Americans could understand the danger.
“I think initially we were surprised that China would target every American with these capabilities,” Haugh said. “That goes against every norm of international law. That certainly goes against how the United States military would approach targeting in a crisis or a conflict. That the fact that they would go after basic services as part of their effort that they have identified as unrestricted warfare is unconscionable.”
Other critical places believed to have been targeted by China over the years include New York City’s Metropolitan Transportation Authority, 13 gas pipeline operators, the port of Houston and major phone companies.
China is causing those problems by exploiting vulnerabilities in network equipment. In Littleton, Massachusetts, China found a weakness in a network firewall. That’s not unusual when software vulnerabilities go unpatched, or when out-of-date equipment is no longer supported with security updates. Once inside, China did not install malware, which could be a red flag. Instead, it stole login credentials and masqueraded as a legitimate employee.
“They are just gaining access to that system and then attempting to lay dormant. They’re not spending more time collecting intelligence or taking other activities,” Haugh said.
That access is there if they need it later, Haugh said.
Haugh said it’s unclear how deep China’s reach is into American systems, but believes that China is likely scanning millions of devices across the U.S. every day.
Why China is hacking U.S. systems
China is hacking critical infrastructure to try to ensure that it has an advantage in a crisis or a conflict, Haugh said.
“There’s no advantage to be gained economically. There was no foreign intelligence-collection value. The only value would be for use in a crisis or a conflict,” he said.
A hack in Littleton could distract the U.S., Haugh said.
Retired four-star Gen. Tim Haugh
60 Minutes
“If we’re involved in something in the Indo-Pacific that is becoming a challenge between the United States and China, the more that China could get us to focus at home means now our resources are focused in the homeland,” he said. “That would distract us, distract resources, make it more difficult for us to mobilize in a crisis.”
Sen. Mike Rounds, a Republican from South Dakota and chair of the Armed Services Cybersecurity Subcommittee, said he believes China intends to try to deter the U.S. from engaging in a potential fight by using its cyber program to disrupt key American industries.
“All it takes is a blip on the financial markets to delay certain trades by just milliseconds, to put the market into an entirely different attitude about the security and the soundness of being able to make those transactions happen,” he said.
China, he said, could threaten chaos on Wall Street to deter the United States.
“Those are areas that they would love to [access] just so that when the time comes, in my opinion, they can look at it and simply say, ‘We know where you’re at. Don’t mess with us. We’re capable of causing real problems for you long term,’” Rounds said.
Stopping China
While China continues accessing American systems, Haugh noted that the U.S. is “definitely good” at keeping adversaries out of networks, but that the scale is a challenge.
“It is much more consuming to try to get somebody out of a network than to deny them access, which is why it’s so critically important that we get the basics right in our critical infrastructure and in these substantive networks so that we aren’t expending more resources to try to root them out,” Haugh said.
Haugh was fired in April after far-right activist Laura Loomer met with President Trump. Online she accused Haugh of disloyalty — pointing to his appointment by President Biden as evidence — and said he had been “…referred for firing.” Haugh, in his first television interview since retirement, said he was “absolutely not” disloyal.
Rounds called Haugh’s termination “a loss for our nation.”
Sen. Mike Rounds
60 Minutes
“We do not have enough of these types of leaders, and a loss of any one of them without strong justification is disappointing,” Rounds said.
“The National Security Agency and U.S. Cyber Command are consequential organizations. The second I was no longer the leader, focus shifts to them,” Haugh said. “They have consequential missions to do and for my family, it shifts to, ‘How do we serve in different ways, through education, through partnering with innovators and working with industry to continue to advance many of these issues.’”
Today, Haugh is advancing these issues, teaching at Yale and consulting — sidelined in government as China expands its aggressive hacking, spying and theft of intellectual property.
He shared what he believes is at stake if the U.S. does not dominate in this space.
“First, I’m always confident in our nation. But if we don’t dominate in this space, China gains advantage with the ability to continue to steal intellectual property, which impacts our economy,” Haugh said. “They could gain increased intelligence collection, which would help them every day and also in a crisis in conflict, and they could preposition in critical networks, both in the United States and with allies and partners, that could give them advantage in a crisis. We can’t let that happen.”
While core national security operations continue, the government shutdown is eroding critical support systems. Aviation safety, cyber defense and interagency coordination are strained, increasing the risk of preventable security failures.
While the government shutdown continues, core national security missions are still operating. Counterterrorism and counterintelligence cases continue to be processed. Border security, airport screening, the Coast Guard and other front-line Homeland Security units remain on duty.
But the structure beneath that surface is deteriorating. The support systems that keep these missions resilient are thinning, and the risk of an avoidable failure is rising.
Aviation is the clearest warning sign.
Air traffic controllers and Transportation Security Administration screeners are working without pay and in short-staffed facilities. The result is growing sick calls, widespread delays, mounting overtime and growing fatigue. Fatigue is a well-known amplifier of safety risk.
This is not a hypothetical concern. It is an operating environment where error margins are shrinking.
Cyber defense is more vulnerable today than it was a week ago. With a large share of the Cybersecurity and Infrastructure Security Agency furloughed, 24-hour monitoring, incident response surge capacity and sector information sharing are reduced.
Adversaries often strike during periods of political distraction. This is one of those times.
A major intrusion or ransomware incident is more likely to spread farther and faster while CISA is understaffed.
At the Justice Department, the National Security Division and priority prosecutions are moving forward. Supporting functions are curtailed. Analytics, training and travel are limited. That slows the system’s ability to move leads across agencies and jurisdictions.
Federal courts are open, for now, on nonappropriated funds, but that buffer is temporary.
The Defense Department’s uniformed operations are steady. The strain falls on the civilian backbone. Furloughs slow maintenance, training cycles, testing and acquisition.
Readiness does not collapse in a day; it decays when the factory of preparedness is idle.
Homeland Security personnel are very active, but oversight and policy units are thin. Specialized cyber teams face the same staffing shock as the broader civilian cyber enterprise. Over time, compliance checks and interagency planning will erode.
The personnel risk is immediate.
Uncertainty over back pay is pushing essential workers into financial stress. Stress fuels absenteeism and attrition in critical posts. The longer the shutdown lasts, the higher the odds of a preventable security lapse. The front line has not vanished, but the scaffolding around it is coming apart.
The longer the shutdown continues, the deeper the nation’s adversaries can burrow into the seams of vulnerability. And the seams inside the U.S. are many and clearly exploitable.
Get breaking news and daily headlines delivered to your email inbox by signing up here.
MINNEAPOLIS — Leading cyber security experts will meet for a three-day summit in the Twin Cities this week— just days ahead of the 2024 presidential election.
For the 14th year, the Cyber Security Summit will highlight research, achievement and innovation in the area of online protection.
The event draws in experts from both the private and public sector.
“Cyber security affects everybody,” said Elizabeth Stevens, the event’s communication’s director. “This is something that is going to be just essential.”
1,000+ participants will take place in workshops over the course of the week. For board member Mark Ritchie, the event couldn’t be coming at a better time.
“These cyber questions are serious,” he said.
Ritchie, Minnesota’s former Secretary of State, said the office has and continues to do everything possible to keep elections safe and secure.
“It’s how we keep the trust – and I’m hopeful that Minnesota always puts those two things together,” he said. “We have the most effective, professional, skilled, trained and skilled people on our team protecting our elections. We’re not going to allow someone next door, or someone around the world to manipulate or change or in any way impact our elections.”
French President Emmanuel Macron acknowledged Monday that authorities had arrested the founder and CEO of the widely used messaging app Telegram, saying it was “not a political decision at all” and that Pavel Durov’s fate was in the hands of France’s independent judicial authorities. French media said Durov was detained Saturday over Telegram’s alleged failure to moderate criminal activity on the platform, which has also been used by pro-democracy activists worldwide.
French police did not immediately confirm Durov’s arrest, which was reportedly carried out at Le Bourget airport, north of Paris, but in his own Monday post on social media platform X, Macron said he was “reading false information here” about the detention.
Macron said France remained committed to the tenets of “freedom of expression and communication, to innovation and entrepreneurship,” but added that “freedoms are exercised within a framework established by law to protect citizens and respect their fundamental rights.”
“It is up to the justice system, in total independence, to enforce the law. The arrest of the president of Telegram on French territory took place as part of an ongoing judicial investigation,” Macron said. “This is not a political decision at all. It is up to the judges to decide.”
Telegram founder and CEO Pavel Durov delivers his keynote conference during day two of the Mobile World Congress at the Fira Gran Via complex in Barcelona, Spain, on Feb. 23, 2016.
Manuel Blondeau/AOP.Press/Corbis/Getty
In a statement issued later Monday, the Paris prosecutor’s office also confirmed Durov’s arrest and said the case had been referred “to the Centre for the Fight against Digital Crime (C3N) and the National Anti-Fraud Office (ONAF) for the continuation of the investigations.”
The prosecutor’s office said Durov’s detention was extended on Monday for up to 96 hours, meaning he could remain in custody until at least Wednesday for questioning.
The statement confirmed that the tech CEO he was detained as part of an investigation into alleged complicity in a wide range of cybercrimes, including links to organized crime and the transfer and creation of imagery of child sexual abuse and of narcotics.
Durov, thought to be worth more than $15 billion, was reportedly detained shortly after touching down in his private jet at the Le Bourget airport.
Macron did not offer any detail of the ongoing investigation, but it comes after years of criticism that Telegram has allowed anyone, including those linked to organized crime, terrorism and far-right extremism, to use the app without scrutiny. Communications via the app are encrypted, meaning governments cannot censor or regulate what is said or shared on it.
Asked about ISIS members’ use of Telegram in the wake of the 2015 Paris terrorist attacks, and whether law enforcement should be allowed a backdoor into the app, Durov defended the platform, saying: “The interesting thing about encryption is it cannot be secure just for some people.”
Telegram said in a statement that it abides by EU laws, including the 2022 Digital Services Act that seeks to stop the flow of disinformation online, adding that “its moderation is within industry standards and constantly improving.”
The company said Durov “has nothing to hide and travels frequently in Europe” and called it “absurd to claim that a platform or its owner are responsible for abuse of that platform.”
CBS News senior foreign correspondent Holly Williams said she could personally attest to the wide use of Telegram during the war in Ukraine, which she has covered extensively. She said the app was relied on heavily by President Volodymyr Zelenskyy, and by journalists reporting from the front lines since Russia launched its ongoing full-scale invasion in February 2022.
It has also been used as a vital tool by pro-democracy protesters in Russia, as well as Hong Kong and Iran.
Durov was born in Russia but left the country in 2014, after refusing to shut down anti-government content on a previous app that he launched.
Holly Williams is a CBS News senior foreign correspondent based in the network’s CBS London bureau. Williams joined CBS News in July 2012, and has more than 25 years of experience covering major news events and international conflicts across Asia, Europe and the Middle East.
A software meltdown caused one of the largest tech outages in modern history, grounding thousands of flights worldwide Friday, stranding travelers and leaving airlines scrambling for answers. Kris Van Cleave reports.
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
CrowdStrike, a cybersecurity firm headquartered in Austin, Texas, is linked to the Microsoft outage affecting airlines, banks and other businesses worldwide on Friday.
The company provides antivirus software to Microsoft for its Windows devices, and many industries globally — from banking to retail to health care — use the company’s software to protect against breaches and hackers.
The outages Friday were connected to “a defect found in a single content update for Windows hosts,” CrowdStrike CEO George Kurtz said in a statement. The issue was “not a security incident or cyberattack,” he said, and Mac and Linux hosts were not affected.
“It’s wild that one security update can have such a ripple effect, but it shows how interconnected and fragile a lot of the technology infrastructure that’s used around the world is,” Adam Satariano, a technology correspondent for The New York Times, said Friday on “CBS Mornings.”
CNBC’s Jim Cramer noted in an interview with CrowdStrike’s Kurtz on Friday that the company has a “stellar reputation.” Founded in 2011, it operates in over 170 countries, has about 29,000 customers and reported more than $900 million in revenue for the quarter that ended in April, according to Reuters.
CrowdStrike not only provides security software to industries, but also investigates hacks and tracks hackers. It describes itself as “a leader in protecting customers around the world from cyber threats” and said “it is common for organizations to hire third-party industry experts, like CrowdStrike, to investigate and remediate cyber attacks when they suspect a breach even if they are collaborating with law enforcement.”
The firm investigated the Russian hack on Democratic National Committee computers in 2016, and it says it has also tracked North Korean hackers for years.
When CBS News called CrowdStrike’s technical support line Friday, a pre-recorded message said the company was aware of reports of crashes on Microsoft systems related to its Falcon Sensor software.
Kurtz said Friday a fix has been deployed for the issue. And in an interview with CNBC’s Cramer, he apologized to every organization, person and group it has impacted.
“This was not a code update,” Kurtz said. “This was actually an update of content. And what that means is there’s a single file that drives some additional logic on how we look for bad actors, and this logic was pushed out and caused an issue only in the Microsoft environment specific to this bug that we had.”
“We identified this very quickly and rolled back this particular content file,” he said.
He said many systems can be rebooted “and the problem goes away and is fixed,” while other systems will take more time to recover — “hours” or “a little bit longer.”
“We’re working individually with each and every customer to make sure that we can get them up and running and operational,” Kurtz said.
The company’s shares were down 12.6% in premarket trading.
Sarah Lynch Baldwin is an associate managing editor of CBSNews.com. She oversees “CBS Mornings” digital content, helps lead national and breaking news coverage and shapes editorial workflows.
In a note to clients Saturday, CDK for the first time acknowledged that the hackers that made its dealer management system, or DMS, unavailable to clients for days, are demanding a ransom to restore its systems.
“Thank you for your patience as we recover from the cyber ransom event that occurred on June 19th,” CDK said in a memo to clients on Saturday, according to a copy of the email obtained by CBS MoneyWatch.
CDK added in the note that it has started restoring its systems and expects the process of bringing major applications back online “to take several days and not weeks.”
Beware of phishing
In its memo, the company also warned car dealerships to be alert to phishing scams, or entities posing as CDK but who are in fact bad actors trying to obtain proprietary information like customers’ passwords.
A CDK spokesperson told CBS MoneyWatch that it is providing customers “with alternate ways to conduct business” while its systems remain inoperative.
The cybercriminals behind the CDK attack are linked to a group called BlackSuit, Bloomberg reported on Monday, citing Allan Liska of computer security firm Recorded Future. In a June 21 story, the media outlet also said the hackers were demanding tens of millions of dollars and that CDK planned to pay the ransom.
Liska didn’t immediately respond to a request for comment. CDK itself hasn’t pointed to any group behind the attack on its system that has disrupted car dealerships across the U.S. since last week. Companies targeted in ransomware schemes are often reluctant to disclose information in the midst of negotiations with hackers on a payment.
“When you see an attack of this kind, it almost always ends up being a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told the Associated Press. “We see it time and time again unfortunately, [particularly in] the last couple of years. No industry and no organization or software company is immune.”
“Doing everything manually”
The hack has left some car dealers unable to do business altogether, while others report using pen and paper, and even “sticky notes” to record transactions.
Tom Maoli, owner of Celebrity Motor Car Company, which operates five luxury car dealerships across New York and New Jersey, on Monday told CBS MoneyWatch his employees “are doing everything manually.”
“We are trying to keep our customers happy and the biggest issue is the banking side of things, which is completely backed up. We can’t fund deals,” he said.
Asbury Automotive Group, a Fortune 500 company operating more than 150 new car dealerships across the U.S., in a statement on Monday said the attack has “adversely impacted” its operations and has hindered its ability to do business. Its Koons Automotive dealerships in Maryland and Virginia, however, which don’t rely on CDK’s software, have been able to operate without interruption, the company said.
Ransomware attacks are on the rise. In 2023, more than 2,200 entities, including U.S. hospitals, schools and governments were directly impacted by ransomware, according to Emisoft, an anti-malware software company. Additionally, thousands of private sector companies were targeted. Some experts believe that the only way to stop such attacks is to ban the payment of ransoms, which Emisoft said would lead bad actors to “quickly pivot and move from high impact encryption-based attacks to other less disruptive forms of cybercrime.”
Earlier this year, the U.S. Department of State offered $10 million in exchange for the identities of leaders of the Hive ransomware gang, which since 2021 has been responsible for attacks on more than 1,500 institutions in over 80 countries, resulting in the theft of more than $100 million.
Megan Cerullo is a New York-based reporter for CBS MoneyWatch covering small business, workplace, health care, consumer spending and personal finance topics. She regularly appears on CBS News 24/7 to discuss her reporting.
The annual RSA Conference, with its massive gathering of cybersecurity experts and entrepreneurs, has once again drawn over 40,000 people from 130 countries to the Moscone Center in San Francisco.
This year’s conference brings together the boldest and brightest minds in cybersecurity, featuring guest speaker and tech founder Casey Ellis.
Ellis, a professional hacker and creator of tech company Bugcrowd, focuses on improving the security of programs like election systems and aviation systems, making them hack-proof.
“Essentially what we do is we take all the people that hack computers in good faith, so the good version of hackers — locksmiths, not burglars, in that sense — from all around the world, and connect them with security problems that need to be solved,” he said.
Themes highlighted at this year’s RSA conference include burnout, risk management, and the fast developments around AI.
Casey emphasized the importance of prioritizing security efforts amidst rapid innovation.
“You know the speed of progress, in general, is the biggest kind of threat across all sectors at this point and time,” Casey said. “There’s such a pressure to innovate and get new tech out into the market. You know haste is kind of the natural enemy of making good decisions that reduce risk.”
Regarding concerns about safety in the Bay Area and discussions about alternative locations, Linda Gray Martin, the SVP of the conference, expressed confidence in San Francisco as the secure and ideal location for the annual gathering.
“You know we’ve been in SF for the past 33 years. We often say it’s in our DNA. I mean it really is a great location for us; it’s in the heart of Silicon Valley. It’s in the heart of the technology industry.”
Casey Ellis, who established his company in the Bay Area over a decade ago, shares the sentiment that the cybersecurity conference belongs in San Francisco. He views it as a sort of homecoming.
“It’s how it’s always been. I think there’s an element of, ‘This is my hometown conference.’ It almost feels like a homecoming-con, because over the years of building Bugcrowd here, all of the folk that I’ve worked with, this is kind of a meeting point for everyone, so I kind of love that aspect of it.”
Thirty-three years later, the RSA Conference remains a meeting point for the global technology community, firmly anchored in the city by the bay.
As U.S. lawmakers move forward with legislation that could potentially ban TikTok, China is warning of repercussions. Elizabeth Palmer, CBS News senior foreign correspondent, and Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, joins to unpack the larger national security threat TikTok could pose to the U.S.
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
Washington — Hackers backed by the Chinese government are targeting U.S. water treatment plants and electrical grids, strategically positioning themselves within critical infrastructure systems to “wreak havoc and cause real-world harm to American citizens and communities,” FBI Director Christopher Wray told Congress Wednesday.
“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure,” Wray warned the House Select Committee on the Chinese Communist Party, according to excerpts of his remarks obtained by CBS News. “The risk that poses to every American requires our attention — now.”
The head of the FBI and other national security officials — including Jen Easterly, who leads the Cybersecurity and Infrastructure Security Agency — are testifying at a congressional hearing focused on the cybersecurity threat posed by China’s government.
Wray told Congress that much of the framework upon which Americans rely for daily tasks, like oil and natural gas pipelines and transportation systems, is vulnerable to a cyberattack by hackers supported by China’s ruling party.
FBI Director, Christopher Wray, testifies during a Congressional full committee hearing on the “The CCP [Chinese Communist Party] Cyber Threat to the American Homeland and National Security” in Washington, DC, January 31, 2024.
JULIA NIKHINSON/AFP via Getty Images
The Justice Department and FBI announced Wednesday that they’ve disrupted the hacking operation known as “Volt Typhoon,” a China-backed hacking operation that officials said targeted critical infrastructure in the U.S. and other nations.
Active since mid-2021, researchers at Microsoft previously determined it “could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
U.S. investigators obtained a court order to delete the botnet malware on infected routers and later took measures to prevent future reinfection. Remotely disabling hackers behind cyberattacks as they did in this case is a new weapon in the U.S. government’s cyber defense arsenal.
Volt Typhoon utilizes botnets – networks of infected internet-connected devices that can be used to bring down sensitive targets. Typically, initial access is gained through unsecured home routers or modems.
“Through the course of an investigation, the FBI determined the best action was to conduct a technical operation to decisively neutralize the botnet in a timely and coordinated manner,” the senior FBI official said, “curtailing the PRC’s ability to further target U.S. entities.”
“The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people,” Attorney General Merrick Garland said in a statement Wednesday.
Activity by the China-based hacking group reportedly alarmed U.S. officials, given its proximity to Andersen Air Force Base in Guam. China has ramped up its military activities near the island in recent years in response to what Beijing claims is “collusion” between Taiwan and the U.S.
The naval port in Guam would play a critically important role in launching any U.S. military response in the event of a Taiwanese invasion. Microsoft noted at the time that Chinese intelligence and military hackers routinely prioritize espionage and the gathering of information.
Last week, senior officials from the National Security Agency (NSA) warned that part of the PRC’s strategy behind Volt Typhoon could be to distract the U.S. in the event of conflict over Taiwan.
“This is unique in that it’s prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on a domestic incident at a time when something’s flaring up in a different part of the world,” said Rob Joyce, cybersecurity director at NSA, adding that the PRC doesn’t “want us facing the foreign aspects of that.”
“[T]he reason it’s a whole-of-government effort is because every sector, potentially, is being targeted and impacted and we really have to be all in unison on how we’re doing mitigation,” added Morgan Adamski, chief of the NSA’s Cybersecurity Collaboration Center, which works with private sector companies to detect and prevent against cyber threats.
Joyce said efforts were ongoing across the government to convince China’s leadership that civilian targets should be out of bounds.
“We have to get to the point where PRC leadership decides that the embarrassment in the international community of being caught at this, the horror of the international community that somebody would hold civilians at risk with cyber is intolerable,” he said.
Earlier this month, the FBI and CISA also pushed out a new alert, warning that Chinese-manufactured drones, or UAS, pose a “significant risk” to critical infrastructure and U.S. national security.
“The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities, jeopardizing U.S. national security, economic security, and public health and safety,” the bulletin read.
Other top public officials, like Attorney General Merrick Garland, have also warned of the threat China’s government poses to Americans’ well being, economic prosperity and innovation. In the last year, the Justice Department has announced novel cases calling out Chinese chemical companies for aiding the fentanyl epidemic and secret Chinese police stations working to quiet Chinese dissidents living in the U.S.
“Today, and literally every day, they’re actively attacking our economic security, engaging in wholesale theft of our innovation, and our personal and corporate data,” Wray told Congress Wednesday. “They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents.”
Last year, the Justice Department launched the Disruptive Technology Strike Force to target rival nations like China that seek to use American high-tech advances to undermine national security and upset the rule of law.
U.S. officials are paying more attention to how foreign adversaries try to use investments to gain access to American technology and data. In announcing the department’s new initiative last February, Deputy Attorney General Lisa Monaco said the Biden administration is looking at options to enable federal regulators to monitor the flow of American money into foreign tech sectors, while making sure those funds do not advance the national security interests of other nations, including China.
Robert Legare is a CBS News multiplatform reporter and producer covering the Justice Department, federal courts and investigations. He was previously an associate producer for the “CBS Evening News with Norah O’Donnell.”
Beijing — Chinese state-backed experts have found a way to identify people who use Apple’s encrypted AirDrop messaging service, according to the Beijing municipal government. AirDrop allows users to send content to Apple devices in close proximity without an internet connection, encoded so they cannot be viewed by other people.
Demonstrators shine lights from their smartphones at a memorial for a man who fell to his death during a protest a year earlier at the Pacific Place shopping mall in Hong Kong, China, June 15, 2020.
Justin Chin/Bloomberg/Getty
Apple also limited file-sharing for Chinese iPhone users in 2022 following protests against the ruling Communist Party’s stringent zero-COVID policy.
The Beijing municipal government’s justice bureau said experts at the Beijing Wangshen Dongjian Justice Appraisal Institute in the capital had devised a way to reveal an iPhone’s encrypted device log.
From there, they could identify an AirDrop user’s phone number and email accounts, the Monday statement on the bureau’s website said.
It said the technique “cracked the tough technological problem of the transmission of inappropriate information with anonymous traceability via AirDrop.”
The method also “raised the efficacy and accuracy of case detection and resolution, and has effectively helped police ascertain several case suspects.”
The statement did not mention whether the technique had led to any arrests or convictions.
Apple did not immediately respond to a request for comment from AFP.
There were widespread reports in late 2022 that people in China were using AirDrop to spread digital leaflets critical of the government.
In November of that year, Apple released an AirDrop update that meant users of Apple smartphones in China could only opt-in to receive files from unknown contacts during a 10-minute window before it automatically shuts off. The feature did not previously have a time limit.
The update made it virtually impossible to receive unexpected files from strangers.
Google account holders, beware: If you have an old Google account, you have only days to use it or lose it.
Beginning Dec. 1, Google will delete inactive accounts and all their contents, such as photos, calendar entries, e-mails, contacts and Drive documents, according to the company’s updated account policy. The system-wide purge is intended to protect users from security threats, such as spam, phishing scams and account hijacking, Google has said.
Here’s everything you need to know about how to keep your account active and save your data before the tech giant begins deleting inactive accounts on Friday.
Why is Google deleting inactive accounts?
Google is purging inactive accounts from its system because it says they are “more likely to be compromised.” Unattended accounts often rely on old or re-used passwords, receive fewer security checks by users and are 10 times more likely not to have two-factor authentication set up, Google’s internal data shows.
When an account is compromised, “it can be used for anything from identity theft to … unwanted or even malicious content, like spam,” the company said last May in a statement on the policy change.
When will Google accounts be deleted?
Google will start terminating inactive accounts on Dec. 1, 2023, according to the company’s notice on the updated policy.
It will begin by eliminating accounts that users created and then never revisited, the policy shows.
Which Google accounts are being purged?
According to Google’s new policy, “if a Google Account has not been used or signed into for at least 2 years… the account and its contents — including content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar) and Google Photos” may be deleted.
However, the new policy only applies to personal Google accounts, meaning it does not affect school or business-managed accounts. In addition, Google will not remove accounts that have uploaded Youtube videos or have active subscriptions to apps or news services, the company’s updated account policy shows.
Affected users will receive “multiple notifications” that their accounts will be terminated before it actually happens, the company said in a statement.
How can I make sure my Google account isn’t deleted?
To make sure your Google account remains active, sign into your account and use one of the company’s tools such as Gmail, Google Drive, Google Photos and Google Play.
Here’s a list of actions that will signal to Google that your account is active, according to the company’s account policy:
Reading or sending an email
Using Google Drive
Watching a YouTube video
Downloading an app on the Google Play store
Using Google Search
Using Sign in with Google to access a third-party app or service
How can I save my Google data?
Some Google users may want to download their data, or simply back it up while letting their old accounts expire. To do so, you can go to this Google site, which explains how to use its Google Takeout service to save your data.
Google Takeout will allow you to decide whether to download all your data, or if you want to save data from specific services like email or photos. You can also download the data to different services, such as Dropbox or Microsoft OneDrive.
Elizabeth Napolitano is a freelance reporter at CBS MoneyWatch, where she covers business and technology news. She also writes for CoinDesk. Before joining CBS, she interned at NBC News’ BizTech Unit and worked on the Associated Press’ web scraping team.
A federal appeals court has expanded the scope of a ruling that limits the Biden administration’s communications with social media companies, saying it now also applies to a top US cybersecurity agency.
The ruling last month from the conservative 5th Circuit US Court of Appeals severely limits the ability of the White House, the surgeon general, the Centers for Disease Control and Prevention and the FBI to communicate with social media companies about content related to Covid-19 and elections that the government views as misinformation.
The preliminary injunction had been on pause and a recent procedural snafu over a request from the plaintiffs in the case to broaden its scope led the court on Tuesday to withdraw its earlier opinion and issue a new one that now includes the US Cybersecurity and Infrastructure Security Agency. That agency is charged with protecting non-military networks from hacking and other homeland security threats.
Similar to the ruling last month, in which the appeals court said the federal government had “likely violated the First Amendment” when it leaned on platforms to moderate some content, the new ruling says CISA violates the Constitution.
“CISA used its frequent interactions with social media platforms to push them to adopt more restrictive policies on censoring election-related speech,” the three-judge panel wrote.
“The platforms’ censorship decisions were made under policies that CISA has pressured them into adopting and based on CISA’s determination of the veracity of the flagged information,” they continued. “Thus, CISA likely significantly encouraged the platforms’ content-moderation decisions and thereby violated the First Amendment.”
The plaintiffs in the suit, which include Missouri and Louisiana’s attorneys general, as well as several individual plaintiffs, had also asked the court to expand the scope in other ways, including by making it apply to some State Department officials. But the court’s new ruling was only modified to add CISA as an enjoined entity.
The judges said they were pausing their new injunction for 10 days, and the Biden administration has the option of asking the Supreme Court to issue a more lasting pause on the modified ruling.
With Amazon Prime Day kicking off Tuesday, experts are warning consumers to beware of scams targeting bargain-hunting shoppers.
Fraudsters will employ a number of deceptive tactics, including “phishing” emails and fake websites, social media posts and text messages to trick customers into sharing their personal information, according to the Better Business Bureau.
“More deals are great for consumers, and more people out shopping is great for businesses large and small,” the group said in its Prime Day warning to customers. “Just be careful, and don’t get so caught up in the excitement that you fall for phishing scams, misleading advertisements and lookalike websites.”
A phishing scam happens when a fraudster sends an email or text message to a customer about, for example, a delay in shipping a purchase on Amazon or other e-commerce platform. Such messages will typically include a link where the customer is encouraged to provide account details.
The above screenshot shows an example of an Amazon online phishing scam sent to a customer in 2019.
West Mifflin Borough Police Department
Never click on a link that you’re not 100% confident comes from Amazon, the experts said. Keeping track of what has been ordered and when it’s expected to arrive can also help customers avoid becoming a victim, the BBB said.
“Maybe set up a database with order numbers, tracking numbers [and[ how it’s coming to you,” Melanie McGovern, a BBB spokeswoman, told CBS affiliate WHIO. “Just so you know if you do get a text message or you get an email saying there’s a shipping delay or there’s an issue, you can just refer to that spreadsheet.”
Phishing attempts also can be made via text message, with scammers often falsely telling customers that they’ve won a free gift and inviting them to fill out a form to claim the prize.
Most phishing strategies aimed at Amazon customers prey on their misunderstanding of how the retailer communicates with individual consumers, experts said. A company representative is unlikely ever to contact a shopper directly and ask about order details, Scott Knapp, Amazon’s director of worldwide buyer risk prevention, told CBS affiliate WNCN.
“There’s the message center, which will tell you if we’re trying to get in touch with you or if it’s trying to confirm an order, you can go right to the My Orders page,” Knapp said.
Cybercriminals also sometimes create web pages that look like Amazon.com in order to lure customers into placing orders on the dummy site. Indeed, fraudsters try to mimic an Amazon page more than any other business website, according to the Federal Trade Commission. Amazon helped delete more than 20,000 fake websites last year, Knapp told WNCN.
The simplest way to spot a dummy site is to look for spelling or grammatical errors in the URL or somewhere on the page, the BBB said. Customers are encouraged to report fraudulent websites to the FTC at reportfraud.ftc.gov or on Amazon’s customer service website.
Prime Day this year officially launches at 3 a.m. on Tuesday and will end 48 hours later. Analysts with Bank of America Securities estimate the two-day promotion, which Amazon launched in 2015, could generate nearly $12 billion in merchandise sales.
“With consumers looking for deals, more merchant participation, faster deliveries and steep discounts, we expect a relatively strong Prime Day, with potential for upside to our 12% growth estimate vs. Prime Day last July,” they said in a report on Monday.
Khristopher J. Brooks is a reporter for CBS MoneyWatch covering business, consumer and financial stories that range from economic inequality and housing issues to bankruptcies and the business of sports.
