Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s | WIRED

CommentLoader-

Save StorySave this story

CommentLoader-

Save StorySave this story

As the United States-Israel war with Iran barrels into its second month, President Donald Trump is reportedly plotting a potential mission to send US special forces into the country to take Tehran’s enriched uranium. Experts WIRED spoke to say such a plan would be extremely risky, likely putting the lives of troops in peril with a low chance of success.

Since the war with Iran started at the end of February, a mysterious radio station has been broadcasting seemingly random numbers in Persian. It’s unclear who is running the so-called number station, or who its intended audience is. But many speculate that it’s an intelligence operation using cipher technology that dates back more than a century.

In addition to the conflict with Iran, WIRED explored combat from many angles with our War Machine package of coverage, including the saga of one teenager who went missing amid the destruction of Gaza, the Kafkaesque challenges Palestinians face when they’re unable to get a death certificate for a loved one, a family forced into hiding over fears of US immigration agents, a peek inside the challenges at Anduril as it attempts to disrupt the defense industry, and more.

Beyond the many battles, WIRED revealed how one small New Hampshire town is having its police department’s salaries and other costs covered by Immigration and Customs Enforcement. Nearly a thousand other police departments around the US appear to be doing the same thing.

Think using a VPN gives you more privacy? Think again. A letter from US lawmakers this week questioned director of national security Tulsi Gabbard over whether US surveillance authorities allow the National Security Agency to target people who use a VPN. Due to the ways in which US law allows the targeting of people outside the US, it may not even matter if the VPN you use connects to servers overseas.

Also this week, WIRED published an excerpt from author Andrew Guthrie Ferguson’s new book, Your Data Will Be Used Against You, about the ways in which fitness trackers and biometric surveillance are further degrading your right to privacy.

Finally, the United Kingdom imposed sanctions against Xinbi Guarantee, a black market that researchers estimate has facilitated $20 billion in illicit sales. Xinbi, like other markets linked to the global scamming industry, operated on Telegram, where it managed to evade previous bans. It’s unclear whether the new sanctions will negatively impact its business in the long run.

That’s not all! Each week we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines (except the one that has no link) to read the full story. And stay safe out there.

Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s

The Iranian hacker group Handala—perhaps the most public and chaotic face of Iran’s efforts at cyber retaliation in the midst of the US and Israeli war against the country—today announced it had hacked an email account belonging to FBI director Kash Patel. “The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team,” the group wrote in a statement on its website.

The first of those claims appears to be true: A collection of emails posted to the hackers’ site and labeled with the name of Patel’s apparent Gmail address appears to contain years of Patel’s messages and photos, from hotel reservations and business deals to photos of his travels and his family, mostly dated from 2010 to 2019. A Justice Department official confirmed to Reuters that Patel’s email had been breached, and that the leaked emails appeared to be real.

Handala’s second claim, however—that it hacked the FBI—seems, for now, to be fiction. All evidence points to Handala having breached Patel’s older, personal Gmail account. Widely believed to be a “hacktivist” front for Iran’s intelligence agency the MOIS, Handala suggested on its website that the emails contained classified information, but the messages initially reviewed by WIRED didn’t appear to be related to any government work. TechCrunch did find, however, that Patel appears to have forwarded some emails from his Justice Department email account to his Gmail account in 2014.

Handala, which cybersecurity experts have described to WIRED as an “opportunistic” hacker group whose cyberattacks and breaches are often calculated more for their propaganda value than their tactical impacts, has nonetheless made the most of Patel’s embarrassing breach. “To the whole world, we declare: the FBI is just a name, and behind this name, there is no real security,” the group wrote in its statement. “If your director can be compromised this easily, what do you expect from your lower-level employees?”

Handala Hackers Put $50 Million Bounty on Trump and Netanyahu’s Heads

For further evidence of Handala’s bombastic rhetoric, look no further than another post on its website earli