内容来源：https://www.wired.com/story/ice-has-spyware-now/

内容总结：

本周国际安全与政治局势出现多项值得关注的动态。在美国前总统特朗普政策持续影响下，地缘政治格局出现新变化。中国于近日在天安门广场举行盛大阅兵式，公开展示最新高科技武器装备，引发国际社会广泛关注。

特朗普政府时期多项争议政策出现新进展。其曾推动将美国国防部更名为"战争部"，相关域名变更已生效。更引发担忧的是，特朗普多次质疑美国选举制度，选举专家紧急发声强调总统无权干预各州选举事务。

国土安全领域出现争议性举措。隶属国土安全部的移民与海关执法局(ICE)在获得1700亿美元巨额预算后，即将获得新型监控工具。特朗普政府撤销了拜登时期禁令，允许该部门使用以色列Paragon公司开发的间谍软件。该软件曾被用于监视记者和活动人士，引发人权担忧。

网络安全领域面临多重挑战。一种新型"信息窃取"恶意软件通过监控用户浏览成人内容的行为实施敲诈勒索。与此同时，Salesloft公司聊天机器人系统遭黑客攻击，导致Cloudflare等多家科技安全公司客户数据泄露，超过700家企业可能受到影响。

军事行动方面，《纽约时报》披露了2019年美国海豹六队对朝鲜实施的秘密侦察行动细节。该行动试图在朝鲜境内安装电子监视设备，但以失败告终，并导致一艘朝鲜渔船平民伤亡。值得注意的是，特朗普政府未向国会监督委员会通报此次行动。

网络安全研究显示，传统反网络钓鱼培训效果有限。一项针对2万名医疗系统员工的研究发现，培训仅使员工受骗率降低1.7%，75%的员工培训时间不足一分钟。这再次印证了"人是安全链条中最薄弱环节"的行业共识。

在打击网络盗版方面，全球最大体育流媒体盗版网站Streameast已被查封。该网站年访问量超16亿次，涉及英超、NBA等多项赛事盗播。埃及当局逮捕两名嫌疑人，并发现涉嫌洗钱620万美元的空壳公司。

（注：本文严格遵循新闻报道客观中立原则，对涉及中国的表述基于原文事实进行客观转述，对国际事件的处理符合中国读者阅读习惯。）

中文翻译：

随着唐纳德·特朗普领导下的美国持续颠覆地缘政治格局并可能引发全球外交体系重组，中国于周三在天安门广场举行盛大阅兵仪式，公开展示最新高科技武器装备。周五，特朗普宣布计划将美国国防部更名为所谓"美国战争部"并签署相关行政令后，国防部官网Defense.gov开始自动跳转至War.gov域名。

与此同时，特朗普屡次抨击美国选举程序与投票基础设施，促使选举专家紧急发出警告：根据美国宪法，总统无权干预各州投票运作方式，更不可能启动联邦接管选举的程序。本月，由退役海军陆战队狙击手丹·拉洛塔经营的公司未经竞标，就从美国国土安全部获得3万美元合约提供狙击作战培训。拉洛塔向《连线》杂志透露，其担任共和党议员的兄长尼克·拉洛塔未参与合约获取过程。

新型"信息窃取"恶意软件正通过监控受害者浏览成人内容的习惯实施性勒索诈骗，在截取色情材料屏幕截图的同时，还会启动网络摄像头拍摄受害者观看时的面容。

若需了解替代传统密码的新一代安全验证技术"通行密钥"，我们为您详解其原理与使用方法。无论您已全面采用通行密钥，或刚开始规划密码管理方案，我们都更新了最佳密码管理器指南。

更多资讯：我们每周汇总未深入报道的安全隐私新闻。点击标题阅读全文，请注意网络安全。

ICE获准使用Paragon间谍软件：特朗普政府撤销拜登禁令
移民与海关执法局（ICE）——这个在特朗普政府"宏伟法案"中获得史无前例1700亿美元拨款、负责大规模驱逐任务的国土安全部机构，即将获得又一项强大工具：间谍软件。本周特朗普政府撤销了拜登政府禁止ICE获取Paragon黑客工具的命令。该以色列公司去年九月与ICE签署了200万美元合同，如今ICE将能使用其可远程入侵手机获取内容信息的间谍软件。

Paragon常被与更臭名昭著的以色列NSO集团相提并论，其工具同样被用于监视记者与活动家：WhatsApp今年初发现Paragon间谍软件被用于针对欧洲活动家与记者，两家意大利媒体已向检方提起刑事申诉要求调查黑客事件。据《国土报》报道，意大利情报部门因此取消了与该公司的合同。

拜登政府认为手机黑客间谍软件争议过大，在2024年3月签署的行政令中严格限制美国政府使用。而特朗普为强化其驱逐力量（已是美国政府资金最雄厚的执法机构）不惜打破限制，这可能导致新型国内监控机制的诞生。

AI聊天机器人制造商遭黑客攻击波及安全公司
包括Cloudflare、Palo Alto Networks、Spycloud和Zscaler在内的多家科技安全公司确认，最初针对销售公司Salesloft聊天机器人系统的黑客攻击导致客户信息被盗。这场大规模数据盗窃始于八月，近日更多公司披露客户信息遭窃。

八月底Salesloft首次确认其Drift应用（一款用于追踪潜在客户的AI聊天机器人系统）存在"安全问题"，并表示问题与Drift和Salesforce的集成有关。8月8日至18日期间，黑客利用被盗的OAuth令牌窃取账户数据。

谷歌安全研究员八月底披露此次漏洞："攻击者系统性地从大量企业Salesforce实例导出海量数据"，并指出黑客试图获取数据中的密码及其他凭证。超过700家企业可能受影响，谷歌后续发现Drift的邮件集成功能遭滥用。

8月28日Salesloft暂停Salesforce集成功能进行调查；9月2日宣布"Drift将很快临时下线"以"增强系统韧性与安全性"。预计更多受影响企业将在近日通知客户。

海豹六队朝鲜安装间谍设备行动失败
获取统治朝鲜三代的金氏政权内部情报长期困扰美国情报机构。《纽约时报》本周披露的一起高度机密事件显示：2019年海豹六队执行两栖任务，试图在朝鲜境内安装电子监视设备，最终行动失败并导致一船朝鲜人死亡。据描述，海豹队员乘坐核潜艇部署的微型潜艇游抵朝鲜海岸，但因缺乏侦察且监控困难，特种部队误判水面船只威胁，射杀船上所有人后中止任务。调查显示船上朝鲜人可能为采集贝类的无辜平民。《纽约时报》称特朗普政府从未向监督军事情报活动的国会委员会领导人通报此事。

研究显示反钓鱼培训效果甚微
网络钓鱼仍是黑客初始入侵最传统有效的方式。一项研究揭示其原因：培训员工识别抵抗钓鱼攻击异常困难。对加州大学圣地亚哥健康中心2万名员工的研究显示，接受模拟钓鱼培训的员工失败率仅比未受训群体低1.7%。研究发现75%的员工打开培训链接后停留时间不足一分钟，而完成培训问答的员工后续测试失败率降低19%——仍远未达到理想防护水平。结论是：需采用不依赖受害者识别的反钓鱼方案。正如网络安全业常言：人类仍是组织安全中最薄弱环节，且这种状况难以改变。

全球最大体育流媒体盗版网站被关停
网络盗版仍是暴利行业——去年盗版电影电视剧体育内容网站访问量超2160亿次。本周，经反盗版行业组织"创意与娱乐联盟"与埃及当局联合调查，最大非法体育流媒体平台Streameast被关停。该盗版网络运营80个域名，年访问量超16亿次，非法转播英超、欧洲赛事及北美四大职业体育联赛。据《The Athletic》报道，埃及两名男子因侵犯版权指控被捕，当局发现其与空壳公司关联，过去15年涉嫌洗钱约620万美元广告收入。

英文来源：

As the United States under Donald Trump continues to upend geopolitics and prompt potential diplomatic realignment around the world, China held an extensive military parade in Tiananmen Square on Wednesday that put its latest high-tech weaponry on display. And after announcing his desire to rebrand the US Department of Defense as the so-called US Department of War and signing an executive order about the change on Friday, Defense.gov began redirecting to War.gov.
Meanwhile, Trump has repeatedly attacked US election processes and voting infrastructure, prompting election experts to issue urgent warnings that under the US Constitution, the president has no power to direct how states conduct voting—much less initiate federal control of US elections.
A company owned by retired Marine sniper Dan LaLota won a $30,000 no-bid contract from the US Department of Homeland Security this month to offer sniper and combat training. LaLota told WIRED this week that his brother, GOP congressman Nick LaLota, did not play a role in helping his firm land the contract.
A new type of “infostealer” malware is conducting sextortion scams by monitoring victims’ browsing habits for mature content and then taking screenshots of the adult material while also taking webcam photos of the target as they view the content.
If you need a primer on the new generation of secure password replacements—known as “passkeys”—we’ve got you covered on what they are and how to use them. And whether you’re all in on passkeys or just first thinking about how to organize your passwords, we’ve got an update on our guide to the best password managers.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
ICE Can Use Paragon Spyware After Trump White House Rescinds Biden Order
Immigrations and Customs Enforcement, the Department of Homeland Security agency given an unprecedented $170 billion under the Trump administration’s “big beautiful bill” and charged with carrying out mass deportations, will soon have another powerful tool at its disposal: spyware. The Trump administration this week rescinded a Biden administration order that blocked the ICE from obtaining hacking tools sold by Paragon, the Israeli firm with which it signed a $2 million contract last September. Now ICE will have access to the company’s spyware, including tools for remotely breaking into phones and obtaining their contents and messages.
Paragon has been compared to the more notorious Israeli spyware firm NSO Group, with similar examples of its tools being used to spy on journalists and activists: WhatsApp said earlier this year that it had discovered Paragon’s spyware being used against activists and journalists in Europe, and two Italian media outlets filed a criminal complaint with prosecutors seeking an investigation into the hacking incidents. As a result of that blowup, Italian intelligence services canceled a contract with the company, according to Israeli news outlet Haaretz.
The Biden administration considered spyware used to hack phones controversial enough that it was tightly restricted for US government use in an executive order signed in March 2024. In Trump’s no-holds-barred effort to empower his deportation force—already by far the most well-funded law enforcement agency in the US government—that’s about to change, and the result could be a powerful new form of domestic surveillance.
Security Companies Impacted in Hacking Campaign Against AI Chatbot Maker
Multiple tech and security companies—including Cloudflare, Palo Alto Networks, Spycloud, and Zscaler—have confirmed customer information was stolen in a hack that originally targeted a chatbot system belonging to sales and revenue generation company Salesloft. The sprawling data theft started in August, but in recent days more companies have revealed they had customer information stolen.
Toward the end of August, Salesloft first confirmed it had discovered a “security issue” in its Drift application, an AI chatbot system that allows companies to track potential customers who engage with the chatbot. The company said the security issue is linked to Drift’s integration with Salesforce. Between August 8 and August 18, hackers used compromised OAuth tokens associated with Drift to steal data from accounts.
Google’s security researchers revealed the breach at the end of August. “The actor systematically exported large volumes of data from numerous corporate Salesforce instances,” Google wrote in a blog post, pointing out that the hackers were looking for passwords and other credentials contained in the data. More than 700 companies may have been impacted, with Google later saying it had seen Drift’s email integration being abused.
On August 28, Salesloft paused its Salesforce-Salesloft integration as it investigated the security issues; then on September 2 it said, “Drift will be temporarily taken offline in the very near future” so it can “build additional resiliency and security in the system.” It’s likely more companies impacted by the attack will notify customers in the coming days.
Seal Team 6 Tried—and Failed—to Plant a Spy Device in North Korea
Obtaining intelligence on the internal workings of the Kim regime that has ruled North Korea for three generations has long presented a serious challenge for US intelligence agencies. This week, The New York Times revealed in a bombshell account of a highly classified incident how far the US military went in one effort to spy on the regime. In 2019, SEAL Team 6 was sent to carry out an amphibious mission to plant an electronic surveillance device on North Korean soil—only to fail and kill a boatful of North Koreans in the process. According to the Times’ account, the Navy SEALs got as far as swimming onto the shores of the country in mini-subs deployed from a nuclear submarine. But due to a lack of reconnaissance and the difficulty of surveilling the area, the special forces operators were confused by the appearance of a boat in the water, shot everyone aboard, and aborted their mission. The North Koreans in the boat, it turned out, were likely unwitting civilians diving for shellfish. The Trump administration, the Times reports, never informed leaders of congressional committees that oversee military and intelligence activities.
Phishing Training Doesn’t Really Work, Study Suggests
Phishing remains one of the oldest and most reliable ways for hackers to gain initial access to a target network. One study suggests a reason why: Training employees to detect and resist phishing attempts is surprisingly tough. In a study of 20,000 employees at the health care provider UC San Diego Health, simulated phishing attempts designed to train staff resulted in only a 1.7 percent decrease in the staff’s failure rate compared to staff who received no training at all. That’s likely because staff simply ignored or barely registered the training, the study found: In 75 percent of cases, the staff member who opened the training link spent less than a minute on the page. Staff who completed a training Q&A, by contrast, were 19 percent less likely to fail on subsequent phishing tests—still hardly a very reassuring level of protection. The lesson? Find ways to detect phishing that don’t require the victim to spot the fraud. As is often noted in the cybersecurity industry, humans are the weakest link in most organizations’ security—and they appear stubbornly determined to stay that way.
World Largest Sports Streaming Piracy Site Shut Down
Online piracy is still big business—last year, people made more than 216 billion visits to piracy sites streaming movies, TV, and sports. This week, however, the largest illegal sports streaming platform, Streameast, was shut down following an investigation by anti-piracy industry group the Alliance for Creativity and Entertainment and authorities in Egypt. Before the takedown, Streameast operated a network of 80 domains that saw more than 1.6 billion visits per year. The piracy network streamed soccer games from England’s Premier League and other matches across Europe, plus NFL, NBA, NHL, and MLB matches. According to the The Athletic, two men in Egypt were allegedly arrested over copyright infringement charges, and authorities found links to a shell company allegedly used to launder around $6.2 million in advertising revenue over the past 15 years.