The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation’s emergency alert systems and update security rules for the nation’s undersea cables.

The new rule would overhaul two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors.

The EAS is a national public warning system that state and local authorities use to disseminate information related to weather events, AMBER alerts and other emergencies via radio and television broadcasting stations. The WEA handles much of the same messaging via text.

A compromise of either system by a foreign government, cybercriminal group or other rogue actor could be used to sow chaos and disinformation in calmer times, or impede coordination efforts in the face of a genuine emergency. Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

The new rules amount to basic – but still critical – cyber hygiene practices for users accessing and updating the EAS and WEA systems. They must use strong passwords, quickly install security patches from vendors and use firewalls to limit access to their equipment.

The rule also creates a new authentication ID system to verify alerts before they’re submitted and avoid duplicate or unauthorized alerts from spreading.

Another rule passed by the Commission Thursday provided the first comprehensive update to the FCC’s submarine cable regulations in decades, and moves to tighten cybersecurity requirements in some areas while loosening them in others.

It exempts some undersea cable providers from submitting to stringent national security licensing reviews needed to land and operate cables that touch U.S. territory.

The review, called “Team Telecom,” is an interagency body led by the Department of Justice’s Foreign Investment Review Section and other federal agencies that advise the FCC on the national security implications of their telecom policies.

The new rules would presumptively exempt applications for undersea cable licensees when the provider can self-certify to “high security standards” that are “structured to increase certainty, predictability, and faster timelines for the licensing process.”

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

Other parts of the rule give the FCC greater oversight of critical functions within undersea cable operations. Owners and operators of submarine line terminal equipment, who connect submarine cables to land-based facilities in the U.S., will be subject to a new licensing requirement.

The rule also moves to update safeguards meant to address vulnerabilities related to principal equipment, third-party service providers, and other areas of concern in the undersea cable supply chain.

The post FCC passes new cybersecurity rules for emergency systems, undersea cables appeared first on CyberScoop.

A federal judge in Massachusetts struck down major sections of a Trump administration executive order  that would have restricted mail-in ballots through the U.S. Postal Service and required states to adopt federally approved voter lists.

The ruling Thursday from Judge Indira Talwani of the U.S. District Court of Massachusetts found those parts of the order were unconstitutional, while declaring another section that directs federal law enforcement agencies to investigate and prosecute noncompliant state and local officials legally nonbinding.

Talwani wrote that the U.S. Constitution empowers States and Congress in different roles but “does not grant the President any specific power over elections.”

While the White House has cited the 2002 Help America Vote Act (HAVA) and Civil Rights-era voting laws as justification, Talwani found those laws do not authorize the government to regulate state voter registration practices.

“Notably, nowhere in HAVA does Congress prescribe who should be included on State voter lists,” Talwani wrote. “Further, neither in HAVA nor any other federal statute does Congress authorize the federal government to create their own voting database. Instead, Congress, consistent with the Constitution, has left that authority to the States alone.”

Talwani also declined to remove President Trump and Commerce Secretary Howard Lutnick as named defendants in the suit, rejecting the administration’s argument that the court could not regulate or intrude upon the president’s’ constitutional authority “in the performance of his official duties.”

“Contrary to Defendants assertion, Presidential action is not inherently unreviewable,” Talwani wrote.

The order, issued in March, instructs the Homeland Security secretary, the director of U.S. Citizenship and Immigrations Services and the commissioner of the Social Security Administration to compile lists of American voters for each state, including their supposed citizenship status.

To build the lists, the agencies would rely on the controversial Systemic Alien Verification for Entitlements (SAVE) database that DHS has been building under the Trump administration, as well as Social Security and federal citizenship and naturalization records.

Those lists would then be sent to states, most of which have already refused similar Trump administration efforts to control voter registration.. The order instructs the Department of Justice to investigate  and prosecute  state and local election officials who issue  ballots to ineligible voters. 

The order also requires mail-in ballots to be sent in special barcoded envelopes for tracking. Crucially, it demands states provide lists of voters eligible for mail-in voting, and threatens to deny ballots to states that refuse. It also claims the attorney general is entitled to withhold federal funding from noncompliant states.

Talwani found that states have shown they already have a rigorous voter registration and verification process to ensure non-citizens and other ineligible voters aren’t able to vote in U.S. elections, and have laws in place to investigate and prosecute those who do.

Executive branch lawyers argued the order was merely an internal federal directive that does not impedestate authorities. But Talwani noted that states like Connecticut were already pulling staff from critical activities, such as translating election materials required under the Voting Rights Act, to develop compliance plans for the order.

Nearly half of the states in the lawsuit have already purchased mail-in ballots for this election cycle that are out of compliance with the Postal Service’s envelope and design standards.

Despite a string of losses in the courts and Congress, the White House has continued to assert broad authority over the way states and localities administer elections.

The Department of Justice has sued dozens of states to force them to hand over sensitive voter data. In the 10 cases decided so far, states have won every one.

In their opinions, judges cited the executive branch’s lack of inherent authority to create state voter lists. Others accused the DOJ of misusing Civil Rights-era laws designed to protect Black and minority voters,  creating an “unreliable” database that would disenfranchise  legitimate voters.

The Massachusetts ruling comes to the same conclusion, with Talwani writing “it is clear that the federal agencies charged with compiling Confirmed Citizen Lists lack the ability to create complete and accurate lists of the U.S. citizens residing in every State.”

On Wednesday, Trump canceled a signing ceremony for a bipartisan housing bill in an attempt to pressure  congressional Republicans to pass the SAVE America Act, which would implement many of the same changes to U.S. elections. In a Truth Social post, Trump said he considered passage of the bill to be a “National Emergency.”

The post Federal court rules Trump election-focused executive order illegal appeared first on CyberScoop.

The U.S. Departments of Justice and Homeland Security seized multiple internet domains this week, accusing them of being used to publishing thousands of AI or digitally-altered images and videos of nude women.

The domains, CFAKE.com and SOCFAKE.com, specialized in digital forgeries that “were made to appear to be sexual images of famous women, including politicians, first ladies of multiple countries, royalty, journalists, television presenters, athletes, entertainers, and others” either nude or engaged in sexual activity,” according to a Department of Justice release.

In addition to creating sexual images and videos of women without their consent, the service allowed people to browse by topics, including “rape,” “forced,” and “degradation.”

That description comes from a Department of Justice release describing the contents of its probable cause affidavit and search warrants. CyberScoop has not viewed the court documents.  

The sites were seized under the TAKE IT DOWN Act, a law passed last year giving federal authorities the ability to criminally prosecute those who create and distribute deepfake porn. The law was a rare moment of bipartisan agreement in Washington D.C., gaining support from both Democrats and Republicans who said their constituents were demanding tougher laws to curb the use of AI to create nonconsensual deepfake porn.

The operation marks one of the largest seizures since the law went into effect. The details of the operation disclosed by the government show how creators of deepfake porn rely on a web of international assets and infrastructure to evade law enforcement.

Robert Fraiser, U.S. Attorney for the District of New Jersey, said U.S. authorities worked in coordination with law enforcement agencies in France and Italy. According to U.S. officials, they were first notified about the website by Italian Polizia de Stato, while a parallel investigation run by the Paris Public Prosecutor’s Office in France resulted in the arrest of a suspect connected with the site, along with seized cryptocurrency funds.

“These seizures stopped a website that trafficked in humiliation, exploitation, and the violation of personal privacy on a massive scale,” said Frazer in a statement. “For the victims whose images were distributed without their consent, the harm is not virtual — it is deeply personal and often enduring.”

According to the Paris Prosecutor’s Office, Cyrille B., a 47-year-old French national was arrested and accused of being an administrator for CFAKE. A search of his home in Nice found computer equipment related to the site and a little more than $48,000 in Ethereum cryptocurrency that they said came from the site’s advertising.

The French investigation identified 300,000 images, 7,000 videos depicting 14,000 individuals from different countries. The site had approximately 200,000 user accounts, 4 million views per month and uploaded 50 pieces of new content every day.

The suspect had no prior criminal record, and will go to trial on July 7. The charges carry potential penalties of up to seven years in prison and €500,000.

U.S. Immigration and Customs Enforcement’s Homeland Security Investigation division is leading the federal investigation, in conjunction with the U.S. Attorney’s office for New Jersey.

The post US, France, and Italian authorities shut down massive deepfake porn site appeared first on CyberScoop.

The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation.

The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is “primarily the purview of the states,” the administration’s efforts are a lawful exercise of federal oversight. 

The Justice Department grounds that rationale in a provision of the 1960 Civil Rights Act, requiring election officials to keep voter records for 22 months after an election so it can investigate potential civil rights violations. Under the memo’s reading, that retention rule also gives the Attorney General authority to obtain copies of those records “upon demand in writing.” 

The memo also cites several other federal election laws – like the Help America Vote Act, the National Voter Registration Act and the Voting Rights Act – as support for the executive branch’s efforts. It argues that those statutes have long required states to modernize and secure voting systems (including accessibility upgrades) and maintain accurate voter rolls by removing ineligible voters.

The memo further argues that the potential presence of one or more non-citizens on state voter rolls is enough to trigger the federal government’s nationwide data collection and sharing efforts with immigration authorities.

“Because illegal aliens are ineligible to vote, these generally applicable laws are also implicated by an illegal alien’s presence on a state’s voter rolls,” the memo states.

Multiple federal courts have come to the opposite conclusion, dismissing half a dozen lawsuits from DOJ and the Department of Homeland Security that would force states to comply. Further, states have repeatedly confirmed through recounts, audits, investigations and lawsuits that the number of non-citizens registered to vote (and who end up actually casting ballots) in U.S. elections is infinitesimal.

David Becker, executive director of the Center of Election Innovation and Research, noted in a post on BlueSky that “6 courts, including 2 judges appointed by the current president, think this ‘opinion’ isn’t worth the paper it’s written on.” Becker, a former DOJ senior trial attorney in the voting section of the Civil Rights Division, has consistently argued that the executive branch and White House have no legal or constitutional role to play in vetting state voter registration. 

Sarah Copeland Hanzas, Secretary of State for Vermont, gave a similar reaction when CyberScoop reached out for comment.

“It’s not worth the paper it’s printed on,” Hanzas said in a statement. “Or the electrons it takes to store and transmit 41 pages of fantasy.”

Election officials have largely resisted the federal government’s demands. Earlier this year, West Virginia Secretary of State Kris Warner told CyberScoop he had no intentions of handing over more information than is already publicly available.

“If they want it, they can have it: $500 dollars for [anyone to buy] the statewide list, but they’re not getting personal information,” Warner said in a January interview. “State law says we’re not sharing that and my job is to carry out the law laid out by the West Virginia legislature.”

The inability of the federal government to point to serious evidence of mass voter fraud or non-citizen voting has led states to rebuff attempts to collect sensitive data on every voter in their state, including names, social security numbers, home addresses, voter history and other details.

The administration says it intends to cross-check state data against immigration records, share that data with DHS and immigration enforcement agencies and ultimately create its own list of eligible voters. An executive order issued by the White House earlier this year sought to deny federal funding to states that did not accept voter lists from the federal government and directed the Attorney General to investigate state election officials for voter roll discrepancies. Voting groups have challenged the order’s legality, and a previous election-related executive order was largely ruled unconstitutional by the courts.

The administration has sued dozens of states who have refused to hand such data over, though it has yet to convince courts of the merit. One judge called the administration’s efforts “unprecedented and illegal” and accused the administration of twisting the Civil Rights Act and other federal laws that were passed “to protect hard won civil rights victories allowing access to the ballot box” in order to obtain unfettered access to state voter data.

The post DOJ releases legal rationale for nationwide voter data collection appeared first on CyberScoop.

An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday.

Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering for his alleged role with RedLine. Infostealers thieve billions of user credentials such as passwords annually.

“Hambardzum Minasyan allegedly conspired with others to enrich himself by developing and administering RedLine, one of the most prevalent infostealing malware variants in the world, which has previously been used to conduct intrusions against major corporations,” a Justice Department news release said. “When executed, RedLine would steal data, including access devices, from victims’ computers.”

According to a summary of the indictment, Minasyan allegedly registered two virtual private servers to host RedLine, established repositories of online file sharing for distributing Redline to affiliates and registered a cryptocurrency account to receive affiliate payments.

Collectively, the conspirators also responded to questions and requests from affiliates, conspired to steal and own financial information and laundered cybercrime proceeds through cryptocurrency exchanges, the indictment states.

In 2024, the U.S. Justice Department teamed with Belgium, the Netherlands, Eurojust and others on Operation Magnus to disrupt the RedLine and Meta infostealers, the latter of which derived from the former. That same year, the Justice Department charged a Russian man, Maxim Rudometov, for his alleged role in developing RedLine.

Eurojust assisted with the extradition of Minasyan.

Court records related to Minasyan’s case had not been posted on the Pacer court system as of Wednesday afternoon. The U.S. Attorney’s Office for the Western District of Texas, which is prosecuting the case, did not immediately respond to requests for a copy of the indictment.

The post Alleged RedLine infostealer conspirator extradited to US appeared first on CyberScoop.