@dangoodin Thank you, Dan
Kim Zetter
Journalist - cybersecurity/national security. Author COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. Speaker/Signal. Newsletter is called Zero Day. Find it here: https://www.zetter-zeroday.com/. Become a paid subscriber to help support my independent journalism.
New court document in Peter Williams case reveals the former Trenchant exec continued to sell stolen code to Russian zero-day broker even after realizing that code he'd written and previously sold to Russian buyer was being "utilized" by a South Korean broker, indicating wide distribution of the code. The new doc also reveals that Williams was contracted to earn $4 million from the code he stole and sold between April 2022 and Aug 2025, though prosecutors don't say how much he actually collected on the contracts; they only say that he received $1.3 million in cryptocurrency for "upfront" payments (the contracts specified upfront payments as well as additional payments for customer support to keep the exploits working after the sale). Also, in an interview Williams did with the FBI in July 2025 while agents were still trying to determine who stole the code from Trenchant, Williams told agents that the theft of just two of the trade secrets from Trenchant amounted to about a $35 million loss for his company. Here's my story about the information in the new document:
I forgot to post this here yesterday. I attended the hearing yesterday for Peter Williams -- the former general manager of Trenchant charged with selling zero days to a Russian zero-day purchasing platform -- and this is my piece for Wired about what prosecutors revealed at the hearing. I had expected Williams to plead not guilty at the hearing so it was a surprise when his attorneys stated that he'd already agreed to plead guilty.
https://www.wired.com/story/peter-williams-trenchant-trade-secrets-theft-russian-firm/
The John Bolton indictment released on Thursday contains a lot of interesting info about the AOL email account that prosecutors say he used to send classified info to his wife and daughter while national security advisor - an email account that Iran allegedly hacked. I took a look at the indictment here.
Yesterday prosecutors in Florida took the unusual move of charging voting machine vendor Smartmatic with violating Foreign Corrupt Practices Act for a bribery/money-laundering scheme aimed at winning contracts overseas (Smartmatic currently only supplies voting machines in the US to Los Angeles County). Previously the feds had charged only three executives of the company. Charging a company is rare, so it raises questions of why the feds have added the company to the indictment. Last February, Trump paused all enforcement of the FCPA and ordered Attorney General Pam Bondi to review all current cases being investigated/prosecuted under FCPA. Any cases allowed to continue after this have to be specifically authorized by the AG, suggesting that Bondi must have authorized adding Smartmatic to the indictment. I spoke with a former federal prosecutor who says charging Smartmatic may be political. Smartmatic is currently embroiled in lawsuits against Trump supporters after the President and allies accused the company of vote-rigging in the 2020 election to give Biden the win. Here's my piece about it.
[Note: I wrote this for my own Zero Day publication instead of a media outlet. If you appreciate my work, please consider becoming a paid subscriber to Zero Day.]
Scott Leiendecker who acquired Dominion Voting Systems last week vows to make the systems 100% domestically programmed. But Dominion has long had programmers in Serbia & Canada. Does this mean he'll rewrite all code written by foreigners? I took a deep dive into implications of the acquisition. Dominion is the 2nd top maker of voting machines used in the US, and Leiendecker already owns Knowink, the top maker of electronic pollbooks used to sign in voters at the polls and verify their eligibility to cast a ballot. This means, after acquiring Dominion, Leiendecker, a former Republican Party operative with ties to Trump allies, now controls election equipment across 29 states, DC and Puerto Rico. Here's my story for Wired:
https://www.wired.com/story/scott-leiendecker-dominion-liberty-votes/
Apple has super-sized its bug-bounty program. It will now pay up to $2 million to anyone disclosing a chain of bugs that can be used to install spyware like Pegsus and is also offering bonus awards for bugs that can be used to bypass Lockdown Mode https://security.apple.com/blog/apple-security-bounty-evolved/
Tile device-finding tags, unlike Apple/Google tags, broadcast their MAC address and unique ID unencrypted, letting stalkers, Tile or law enforcement track people/items, per new study done by security researchers. Tile stores all of this location information in a database on its servers. The tag's anti-theft mode also undoes its anti-stalking protection - making any tag put in anti-theft mode invisible to someone doing a scan to detect rogue tags being used to stalk them. My story for Wired:
In 2013, Mandiant published its groundbreaking APT 1 report, tracing the hacking operations of the Chinese group to a specific PLA unit and specific individuals. The Mandiant staffers behind the report published it anonymously. But I interviewed the architect of the report, Visi Stark, about the backstory behind it -- how it came to be, why they included what they did, and the surprising government response to it.
https://www.zetter-zeroday.com/how-the-infamous-apt-1-report-exposing-chinas-pla-hackers-came-to-be/
@bertdriehuis Fair point
@GossiTheDog lol
Posting this because the email address is so ridiculous (and yet people probably clicked on it anyway). WSJ published a story yesterday about hackers from China posing as House committee chair Rep. John Moolenaar to send a phishing email to trade groups, law firms and U.S. government agencies. I got hold of the email and the sender address is: johnmoolenaar.mail.house.gov@zohomail.com
https://www.wsj.com/politics/national-security/china-trade-talks-spy-5c4801ca
Two years ago when researchers found and publicly exposed an intentional backdoor in a TETRA encryption algorithm used to secure radio communications for police/military/intel agencies around the world -- the algorithm involved a key advertised as one strength but secretly reduced to 32 bits -- the European organization that produced the algorithm told users that to secure their communications they could deploy an end-to-end encryption solution on top of the backdoor'd algorithm. Now the same researchers say they found a security problem with the end-to-end solution as well -- another reduced key. Here's my story for Wired:
China's APT cyberspies are some of the best in the business. But how did the hackers get their start? Turns out many were "Honkers" - patriotic hackers in their teens and 20s who, in the late 90s, launched nationalistic cyberattacks against countries they deemed disrespectful to China. But as the Honkers developed their skills over time, the PLA and MSS came calling. In recent years they have been tied to prolific APT groups responsible for hundreds of intrusions in the US and around the world; and some have been indicted. Some of them also launched companies, like i-Soon, that have played an integral role in China's state hacking operations. Here's my story, based on great research from Eugenio Benincasa and Adam Kozy.
https://www.wired.com/story/china-honkers-elite-cyber-spies/
In light of the news this week that Cellebrite has acquired Corellium, here's an in-depth piece I previously wrote about Cellebrite, which looks at how the Israeli firm became the go-to hackers for the FBI and other federal agencies who want to get physical access into locked phones they seize
@buherator DOGE comes in and designates projects to be canceled. In the early days, they were designating people to be eliminated and projects to be canceled without consulting with heads of agencies or cabinet secretaries. Weeks after that started occurring, cabinet secretaries began pushing back saying only they had the authority to do this. So now DOGE designates to agencies what needs to be cut, and agencies follow their direction
@buherator Did you read the story? I didn't say DOGE fired them. I said they resigned enmasse after being displaced by DOGE
The UAE has been trying to recruit Pentagon workers displaced by DOGE to move to Abu Dhabi to work on AI for the UAE's military. A UAE brigadier general met last month with two former staffers of the Defense Digital Service who have worked on US classified projects and tried to recruit them and their entire DDS team to move to Abu Dhabi. The general was apparently given permission by the Pentagon to recruit the members of Defense Digital Service -- who resigned enmasse from their jobs last month due to DOGE --- despite warnings last year from US spy agencies and federal lawmakers that the UAE could share AI tech with China and despite the UAE's disturbing history of recruitment of US workers. Remember Dark Matter when the UAE recruited former NSA operators/analysts to work on cybersecurity jobs only to have them help UAE spy agencies hack other nations, members of the royal family and dissidents and journalists? One of the people from the UAE who assisted with the recruiting of DDS workers has ties to Dark Matter. Here's my story:
Chris Krebs has quit his job at SentinalOne to launch a legal and public relations fight against Trump and the presidential memo Trump he signed against Krebs last week. "Krebs said he understood why some have kept a low profile and tried not to further anger the president. But he said he disagreed with that approach. "I don’t think this lay-low-and-hope-this-blows-over approach is the right one for the moment we’re in."
Miles Taylor who was also targeted by Trump said "the memos targeting him and Krebs were 'punishment for dissent' and that he too planned to fight back.... 'How we respond will set the tone inevitably for how others targeted by these EOs decide to respond.”
https://www.wsj.com/politics/policy/chris-krebs-trump-cybersecurity-executive-action-31cb99cb
Trump has signed a presidential memorandum revoking any active security clearance held by former CISA Director Chris Krebs. Krebs famously and publicly rumbled with Trump in 2020 over the latter's claims about election fraud in the presidential election. Two weeks after losing his re-election bid to Biden, Trump fired Krebs via a tweet. The memorandum also suspends active security clearances held by any employees of SentinelOne, the security firm that currently employs Krebs, until a review can determine if the clearances are in the national interest.
The memo calls Krebs "a significant bad-faith actor who weaponized and abused his government authority" during his time leading CISA and calls for an investigation of Krebs' activities during his time as the leader of CISA and a government employee.
"The review will include a comprehensive evaluation of all of CISA’s activities over the last 6 years and will identify any instances where Krebs’ or CISA’s conduct appears to be contrary to the administration’s commitment to free speech and ending federal censorship, including whether Krebs’ conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information," the memo states.
The invocation of federal censorship is noteworthy. It means the president is claiming he had a First Amendment right to claim to the American public that the 2020 presidential election was stolen and rife with fraud, and suggests that under Krebs' leadership CISA not only exceeded its authority in countering the claims but potentially violated the Constitution.
Here's my piece about it:
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst