Select Page
The ‘Emergency Powers’ Risk of a Second Trump Presidency

The ‘Emergency Powers’ Risk of a Second Trump Presidency

Donald Trump appears to dream of being an American authoritarian should he return to office. The former US president, who on Tuesday secured enough delegates to win the 2024 Republican nomination, plans to deport millions of undocumented immigrants and house scores of them in large camps. He wants to invoke the Insurrection Act to deploy the military in cities across the nation to quell civil unrest. He wants to prosecute his political opponents. There’s an organized and well-funded effort to replace career civil servants in the federal government with Trump loyalists who will do his bidding and help him consolidate power.

What’s also concerning to legal experts, though, are the special powers that would be available to him that have been available to all recent presidents but have not typically been used. Should Trump decide to go full authoritarian, he could utilize what are called “emergency powers” to shut down the internet in certain areas, censor the internet, freeze people’s bank accounts, restrict transportation, and more.

Utilizing laws like the National Emergencies Act, the Communications Act of 1934, and the International Emergency Economic Powers Act (IEEPA), he would be able to wield power in ways this country has never seen. Furthermore, America’s vast surveillance state, which has regularly been abused, could theoretically be abused even further to surveil his perceived political enemies.

“There really aren’t emergency powers relating to surveillance, and that’s because the non-emergency powers are so powerful and give such broad authority to the executive branch. They just don’t need emergency powers for that purpose,” says Elizabeth Goitein, senior director of the Brennan Center for Justice’s Liberty & National Security Program at the New York University School of Law.

Goitein says she worries most about what a president could do with the emergency powers available to them, though, when she considers whether a president might decide to behave like an authoritarian. She says the laws surrounding these powers offer few opportunities for another branch of government to stop a president from doing as they please.

“Emergency powers are meant to give presidents extraordinary authorities for use in extraordinary circumstances. Because they provide these very potent authorities, it is critical that they have checks and balances built into them and safeguards against abuse,” Goitein says. “The problem with our current emergency powers system—and that system comprises a lot of different laws—is that it really lacks those checks and balances.”

Under the National Emergencies Act, for example, the president simply has to declare a national emergency of some kind to activate powers that are contained in more than 130 different provisions of law. What constitutes an actual emergency is not defined by these laws, so Trump could come up with any number of reasons for declaring one, and he couldn’t easily be stopped from abusing this power.

“There’s a provision of the Communications Act of 1934 that allows the president to shut down or take over communications facilities in a national emergency. There is a provision that allows the president to exert pretty much unspecified controls over domestic transportation, which could be read extremely broadly,” Goitein says. “There’s IEEPA, which allows the president to freeze the assets of and block financial transactions with anyone, including an American, if the president finds it necessary to address an unusual or extraordinary threat that is emanating at least partly from overseas.”

Security News This Week: US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

Security News This Week: US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

A major coordinated disclosure this week called attention to the importance of prioritizing security in the design of graphics processing units (GPUs). Researchers published details about the “LeftoverLocals” vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could be exploited to steal sensitive data, such as responses from AI systems. Meanwhile, new findings from the cryptocurrency tracing firm Chainalysis show how stablecoins that are tied to the value of the US dollar were instrumental in cryptocurrency-based scams and sanctions evasion last year.

The US Federal Trade Commission reached a settlement earlier this month with the data broker X-Mode (now Outlogic) over its sale of location data gathered from phone apps to the US government and other clients. While the action was hailed by some as a historic privacy win, it also illustrates the limitations of the FTC and the US government’s data privacy enforcement power and the ways in which many companies can avoid scrutiny and consequences for failing to protect consumers’ data.

The US internet provider Comcast Xfinity may gather data about customers’ personal lives for personalized ads, including information about their political beliefs, race, and sexual orientation. If you’re a customer, we’ve got advice for opting out—to the extent that’s possible. And if you need a good long read for the weekend, we have the story of how a 27-year-old cryptography graduate student systematically debunked the myth that bitcoin transactions are anonymous. The piece is an excerpt from WIRED writer Andy Greenberg’s nonfiction thriller Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, out this week in paperback.

And there’s more. Each week, we round up the security and privacy news we didn’t break or cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

On Friday, the US Cybersecurity and Infrastructure Security Agency issued an emergency directive requiring federal agencies to patch two vulnerabilities that are being actively exploited in the popular VPN appliances Ivanti Connect Secure and Policy Secure. CISA’s executive assistant director, Eric Goldstein, told reporters that CISA has notified every federal agency that is running a version of the products, amounting to “around” 15 agencies that have applied mitigations. “We are not assessing a significant risk to the federal enterprise, but we know that risk is not zero,” Goldstein said. He added that investigations are ongoing into whether any federal agencies have been compromised in the attackers’ mass exploitation spree.

Analysis indicates that multiple actors have been hunting for and exploiting vulnerable Ivanti devices to gain access to organizations’ networks around the world. The activity began in December 2023, but it has ramped up in recent days as word of the vulnerabilities and a proof of concept have emerged. Researchers from the security firm Volexity say that at least 1,700 Connect Secure devices have been compromised overall. Both Volexity and Mandiant see evidence that at least some of the exploitation activity is motivated by espionage. CISA’s Goldstein said on Friday that the US government has not yet attributed any of the exploitation activity to particular actors, but that “exploitation of these products would be consistent with what we have seen from PRC [People’s Republic of China] actors like Volt Typhoon in the past.”

Ivanti Connect Secure is a rebrand of the Ivanti product series known as Pulse Secure. Vulnerabilities in that VPN platform were notoriously exploited in a rash of high-profile digital breaches in 2021 carried out by Chinese state-backed hackers.

Microsoft said on Friday that it detected a system intrusion on January 12 that it is attributing to the Russian state-backed actor known as Midnight Blizzard or APT 29 Cozy Bear. The company says it has fully remediated the breach, which began in November 2023 and used “password spraying” attacks to compromise historic system test accounts that, in some cases, then allowed the attacker to infiltrate “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” With this access, Cozy Bear hackers were then able to exfiltrate “some emails and attached documents.” Microsoft notes that the attackers appeared to be seeking information about Microsoft’s investigations into the group itself. “The attack was not the result of a vulnerability in Microsoft products or services,” the company wrote. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.”

Gift card scams in which attackers trick victims into purchasing gift cards for them are a long-standing issue, but new reporting from ProPublica shows how Walmart has been particularly remiss in addressing the problem. For a decade, the retailer has skirted pressure from both regulators and law enforcement to more closely scrutinize gift card sales and money transfers and expand employee training that could save customers from being tricked and exploited by bad actors. ProPublica conducted dozens of interviews and reviewed internal documents, court filings, and public records in its analysis.

“They were concerned about the bucks. That’s all,” Nick Alicea, a former fraud team leader for the US Postal Inspection Service, told ProPublica. Walmart defended its efforts, claiming that it has stopped more than $700 million in suspicious money transfers and refunded $4 million to victims of gift card fraud. “Walmart offers these financial services while working hard to keep our customers safe from third-party fraudsters,” the company said in a statement. “We have a robust anti-fraud program and other controls to help stop scammers and other criminals who may use the financial services we offer to harm our customers.”

As rebel groups in Myanmar violently oppose the country’s military government, the human trafficking and abuse fueling pig butchering scams is exacerbating the conflict. The scams have exploded in recent years, carried out not just by bad actors, but by a workforce of forced laborers who have often been kidnapped and are being held against their will. In one case this fall, a collection of rebel groups in Myanmar known as the Three Brotherhood Alliance took control of 100 military outposts in the country’s northern Shan state and seized several towns along the border with China, vowing to “eradicate telecom fraud, scam dens and their patrons nationwide, including in areas along the China-Myanmar border.”

The UN estimates that there may be as many as 100,000 people held in scam centers in Cambodia and 120,000 in Myanmar. “I’ve worked in this space for over 20 years and to be honest, we’ve never seen anything like what we’re seeing now in Southeast Asia in terms of the sheer numbers of people,” Rebecca Miller, regional program director for human trafficking at the UN Office on Drugs and Crime told Vox.

In a new investigation, Consumer Reports and The Markup crowdsourced three years of archived Facebook data from 709 users of the social network to assess which data brokers and other organizations are tracking and monitoring them. In analyzing the data, reporters found that a total of 186,892 companies sent data about the 709 individuals to Facebook. On average, each of those users had information sent to Facebook about them by 2,230 companies. The number varied, though. Some users had less than the average while others had more than 7,000 companies tracking them and providing information to the social network.

The Startup That Transformed the Hack-for-Hire Industry

The Startup That Transformed the Hack-for-Hire Industry

If you’re looking for a long read to while away your weekend, we’ve got you covered. First up, WIRED senior reporter Andy Greenberg reveals the wild story behind the three teenage hackers who created the Mirai botnet code that ultimately took down a huge swath of the internet in 2016. WIRED contributor Garrett Graff pulls from his new book on UFOs to lay out the proof that the 1947 “discovery” of aliens in Roswell, New Mexico, never really happened. And finally, we take a deep dive into the communities that are solving cold cases using face recognition and other AI.

That’s not all. Each week, we round up the security and privacy stories we didn’t report in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

For years, mercenary hacker companies like NSO Group and Hacking Team have repeatedly been the subject of scandal for selling their digital intrusion and cyberespionage services to clients worldwide. Far less well-known is an Indian startup called Appin that, from its offices in New Delhi, reportedly enabled customers worldwide to hack whistleblowers, activists, corporate competitors, lawyers, and celebrities on a giant scale.

In a sprawling investigation, Reuters reporters spoke to dozens of former Appin staff and hundreds of its hacking victims. It also obtained thousands of its internal documents—including 17 pitch documents advertising its “cyber spying” and “cyber warfare” offerings—as well as case files from law enforcement investigations into Appin launched from the US to Switzerland. The resulting story reveals in new depth how a small Indian company “hacked the world,” as Reuters writes, brazenly selling its hacking abilities to the highest bidder through an online portal called My Commando. Its victims, as well as those of copycat hacking companies founded by its alumni, have included Russian oligarch Boris Berezovsky, Malaysian politician Mohamed Azmin Ali, targets of a Dominican digital tabloid, and a member of a Native American tribe who tried to claim profits from a Long Island, New York, casino development on his reservation.

The ransomware group known as Scattered Spider has distinguished itself this year as one of the most ruthless in the digital extortion industry, most recently inflicting roughly $100 million in damage to MGM Casinos. A damning new Reuters report—their cyber team has had a busy week— suggests that at least some members of that cybercriminal group are based in the West, within reach of US law enforcement. Yet they haven’t been arrested. Executives of cybersecurity companies who have tracked Scattered Spider say the FBI, where many cybersecurity-focused agents have been poached by the private sector, may lack the personnel needed to investigate. They also point to a reluctance on the part of victims to immediately cooperate in investigations, sometimes depriving law enforcement of valuable evidence.

Denmark’s critical infrastructure Computer Emergency Response Team, known as SektorCERT, warned in a report on Sunday that hackers had breached the networks of 22 Danish power utilities by exploiting a bug in their firewall appliances. The report, first revealed by Danish journalist Henrik Moltke, described the campaign as the biggest of its kind to ever target the Danish power grid. Some clues in the hackers’ infrastructure suggest that the group behind the intrusions was the notorious Sandworm, aka Unit 74455 of Russia’s GRU military intelligence agency, which has been responsible for the only three confirmed blackouts triggered by hackers in history, all in Ukraine. But in this case, the hackers were discovered and evicted from the target networks before they could cause any disruption to the utilities’ customers.

Last month, WIRED covered the efforts of a whitehat hacker startup called Unciphered to unlock valuable cryptocurrency wallets whose owners have forgotten their passwords—including one stash of $250 million in bitcoin stuck on an encrypted USB drive. Now, the same company has revealed that it found a flaw in a random number generator widely used in cryptocurrency wallets created prior to 2016 that leaves many of those wallets prone to theft, potentially adding up to $1 billion in vulnerable money. Unciphered found the flaw while attempting to unlock $600,000 worth of crypto locked in a client’s wallet. They failed to crack it but in the process discovered a flaw in a piece of open-source code called BitcoinJS that left a wide swath of other wallets potentially open to be hacked. The coder who built that flaw into BitcoinJS? None other than Stefan Thomas, the owner of that same $250 million in bitcoin locked on a thumb drive.

Anduril’s New Drone Killer Is Locked on to AI-Powered Warfare

Anduril’s New Drone Killer Is Locked on to AI-Powered Warfare

After Palmer Luckey founded Anduril in 2017, he promised it would be a new kind of defense contractor, inspired by hacker ingenuity and Silicon Valley speed.

The company’s latest product, a jet-powered, AI-controlled combat drone called Roadrunner, is inspired by the grim reality of modern conflict, especially in Ukraine, where large numbers of cheap, agile suicide drones have proven highly deadly over the past year.

“The problem we saw emerging was this very low-cost, very high-quantity, increasingly sophisticated and advanced aerial threat,” says Christian Brose, chief strategy officer at Anduril.

This kind of aerial threat has come to define the conflict in Ukraine, where Ukrainian and Russian forces are locked in an arms race involving large numbers of cheap drones capable of loitering autonomously before attacking a target by delivering an explosive payload. These systems, which include US-made Switchblades on the Ukrainian side, can evade jamming and ground defenses and may need to be shot down by either a fighter jet or a missile that costs many times more to use.

Roadrunner is a modular, twin-jet aircraft roughly the size of a patio heater that can operate at high (subsonic) speeds, can take off and land vertically, and can return to base if it isn’t needed, according to Anduril. The version designed to target drones or even missiles can loiter autonomously looking for threats.

Brose says the system can already operate with a high degree of autonomy, and it is designed so that the software can be upgraded with new capabilities. But the system requires a human operator to make decisions on the use of deadly force. “Our driving belief is that there has to be human agency for identifying and classifying a threat, and there has to be human accountability for any action that gets taken against that threat,” he says.

Samuel Bendett, an expert on the military use of drones at the Center for New American Security, a think tank, says Roadrunner could be used in Ukraine to intercept Iranian-made Shahed drones, which have become an effective way for Russian forces to target stationary Ukrainian targets.

Bendett says both Russian and Ukrainian forces are now using drones in a complete “kill chain,” with disposable consumer drones being used for target acquisition and then either short- or long-range suicide drones being used to attack. “There is a lot of experimentation taking place in Ukraine, on both sides,” Bendett says. “And I’m assuming that a lot of US [military] innovations are going to be built with Ukraine in mind.”

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

United States lawmakers are receiving a flood of warnings from across civil society not to be bend to the efforts by some members of Congress to derail a highly sought debate over the future of a powerful but polarizing US surveillance program.

House and Senate party leaders are preparing to unveil legislation on Wednesday directing the spending priorities of the US military and its $831 billion budget next year. Rumors, meanwhile, have been circulating on Capitol Hill about plans reportedly hatched by House speaker Mike Johnson to amend the bill in an effort to extend Section 702, a sweeping surveillance program drawing fire from a large contingent of Democratic and Republican lawmakers favoring privacy reforms.

WIRED first reported on the rumors on Monday, citing senior congressional aides familiar with ongoing negotiations over the bill, the National Defense Authorization Act (NDAA), separate versions of which were passed by the House and Senate this summer.

More than 80 civil rights and grassroots organizations—including Asian Americans Advancing Justice | AAJC, Color of Change, Muslims for Just Futures, Stop AAPI Hate, and United We Dream—signed a statement this morning opposing “any efforts” to extend the 702 program using the NDAA. The statement, expected to hit the inboxes of all 535 members of Congress this afternoon, says that failure to reform contentious aspects of the program, such as federal agents’ ability to access Americans’ communications without a warrant, poses an “alarming threat to civil rights,” and that any attempt to use must-pass legislation to extend the program would “sell out the communities that have been most often wrongfully targeted by these agencies and warrantless spying powers generally.”

“As you’re aware, this extremely controversial warrantless surveillance authority is set to expire at the end of the year, but will continue to operate as it does currently until April, as government officials have recognized for many years,” the groups say.

Johnson and Senate majority leader Chuck Schumer did not respond to WIRED’s request for comment. Leadership of the House and Senate armed services committees likewise did not respond.

Section 702 of the Foreign Intelligence Surveillance Act authorizes the US government, namely, the US National Security Agency, to surveil the communications of foreign citizens believed to be overseas. Oftentimes, these communications—texts, calls, emails, and other web traffic—“incidentally” involve Americans, whom the government is forbidden from directly targeting. But certain methods of interception, those that tap directly into the internet’s backbone, may make it impossible to fully disentangle foreign communications from domestic ones.