A screenshot of AFP Technology Detection Dog Georgia finding a phone hidden in a vacuum cleaner.
Image: AFP
The Australian Federal Police (AFP) this week revealed some of its canine squad have been trained to sniff out devices, such as USBs and SIM cards, at crime scenes or during the execution of search warrants.In a Facebook post showing a video of one dog, Georgia, finding a phone hidden in a vacuum cleaner, the AFP said since 2019, its three AFP technology detection dogs have located more than 120 devices in support of investigations ranging from child protection investigations to counter terrorism operations.It said over the next three years, at least 12 more labradors will be trained and deployed across the country.”A single USB can hold hundreds of thousands of child exploitation images, or documents of crucial evidence for a police investigation,” an AFP spokesperson told ZDNet. “However, with the Technology Detection Dogs, we are able to detect their presence, even when concealed.”AFP said the government is boosting funding by AU$35.4 million over four years to combat child sexual abuse and exploitation, which includes AU$5.7 million to expand the team of technology detection dogs. “The increased funding for the tech dogs capability will greatly enhance the ability of the AFP to collect vital digital evidence, bringing to justice not only online child sex offenders, but also violent extremists and those involved in organised crime,” the spokesperson said.According to the AFP, initial training of the dog squad takes at least three months of intensive work, followed by ongoing dedicated work between the handler and the dog once they are teamed.   

“These dogs are the very top tier among detection dogs, requiring specific traits such as a high drive, a high level of intelligence, endurance, and the ability to learn how to detect these devices in repetitive learning,” the spokesperson said. “The other critical element to this capability is, of course, the handler selection to pair with the dogs. “This is a highly technical capability and requires an experienced handler to work with the dogs and use them effectively.”Each dog can expect to work for around six years in the field, before enjoying a well-deserved retirement with their handler or a volunteer family. MORE FROM THE AFP More

Jason Hiner/ZDNETThis month, Apple officially launched TVOS 26 to the public. This upgrade introduces a significant visual overhaul and several unprecedented entertainment features. The platform offers a new layout and interface, along with smart features that weren’t available in TVOS 18.At the heart of the update is a new design language called Liquid Glass, which gives the interface a more vibrant and expressive look. Across iOS 26 devices, Liquid Glass offers floating, three-dimensional menus and windows, translucent UI elements like icons and menus allowing background visibility, and a rounded design with softer edges for a more organic interface look.Also: The best Apple TV VPNs of 2025: Expert tested and reviewedFor Apple TV, in particular, the redesign will now showcase cinematic poster art for a more immersive browsing experience. The update also streamlines profile switching and app logins, making it easier to access personalized content. Apple’s TVOS 26 is also expected to incorporate new Apple Intelligence features in the coming year. More

The NATO Cyber Security Centre (NCSC) has completed its test run of secure communication flows that could withstand attackers using quantum computing.

Konrad Wrona, principal scientist at the NCSC, told ZDNet that it is becoming increasingly important to create protection schemes against current and future threats.  “Securing NATO’s communications for the quantum era is paramount to our ability to operate effectively without fear of interception,” Wrona said. “The trial started in March 2021. The trial was completed in early 2022. Quantum computing is becoming more and more affordable, scalable and practical. The threat of ‘harvest now, decrypt later’ is one all organizations, including NATO, are preparing to respond to.”The NCSC, which is run by the NATO Communications and Information Agency (NCI Agency), protects NATO networks around the clock and works with UK company Post-Quantum to conduct the test. Allied Command Transformation’s VISTA framework financed the project.Post-Quantum provides organizations with different algorithms to ensure security even if attackers are using quantum computing. A VPN can use algorithms to secure communications, ensuring that only the correct recipient can read the data, the company claimed. Wrona said the NCSC does not have a follow-on contract with Post-Quantum but sees the potential of technologies like what Post-Quantum offers and will continue to look into the technology. Andersen Cheng, CEO of Post-Quantum, called Post-Quantum a ‘Hybrid Post-Quantum VPN’ because it combines both new post-quantum and traditional encryption algorithms. Cheng said that because it will take many years for the world to completely migrate to a “quantum-safe” future, it is more realistic to combine these new algorithms with better understood traditional encryption in order to ensure interoperability. They noted that this kind of software is increasingly relied upon to protect remote connections when working from outside of traditional office environments and can be used to ensure secure communications between organizations in an operational environment.  Cheng founded Post-Quantum 12 years ago and said his team had spent a decade developing encryption capable of withstanding a quantum attack.His team has focused on building useable commercial grade ‘quantum-safe’ products like the Hybrid VPN system NATO tested. “Our encryption algorithm NTS-KEM (now known as Classic McEliece, after merging with the submission from renowned cryptographer Professor Daniel Bernstein and his team), is now the only ‘code-based’ finalist in the National Institute of Standards and Technology (NIST) process to identify a cryptographic standard to replace RSA and Elliptic Curve, for public-key cryptography (PKC). We’ve also designed a new specification for a quantum-safe VPN as part of the Internet Engineering Taskforce (IETF),” Cheng said. “We have undertaken work for a number of high-security stakeholders, such as NATO, but the challenges posed by quantum computers are universal. Everything that we do over the internet today — from buying things online to online banking to nation-state communications — is encrypted. Once a functioning quantum computer arrives, that encryption can be broken. This means that, almost instantly, bank accounts will be emptied, Bitcoin wallets will be drained, and entire power grids will be shut off.”  More

FBI is seeking certain people of interest. See notice at the end of this article.
When hostile actors penetrated the Capitol Building on January 6, they gained access to individual chambers and offices and remained  at large within the Capitol complex for well over two hours.
We have reports that items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated “items, electronic items were stolen from senators’ offices, documents and … we have to identify what was done to mitigate that.”  My local Senator, Jeff Merkley (D-Ore.), reported that at least one laptop had been stolen. 
Also: Best VPNs
Amid stolen laptops, lost data and potential espionage, the cybersecurity consequences of this attack will take months to sort out. Here’s a look at the cybersecurity issues.  

National security issues
While surveillance undoubtedly tracked many of the hundreds who made it inside the building, we cannot assume we know the exact second-by-second movements of everyone who gained entrance. That means there is absolutely no knowing what actions were taken against digital gear inside the building.
Passwords, documents, access codes, and confidential or secret information may have been stolen. We also need to assume that some computers may have been compromised, with malware loaded onto them. Since malware is key to any systemic penetration, we must assume that bad actors have gained some persistent, hidden, ongoing access to Capitol Building systems.
In all likelihood, only a small number of machines were probably compromised. But given the sensitive nature of information stored on digital gear inside the Capitol, and given that it may be impossible to quickly ascertain which devices were compromised, federal IT personnel must assume that ALL the digital devices at the Capitol have been compromised.

The situation is actually worse than it may appear at first. According to a USA Today timeline, Congress reconvened at 8pm on January 6. It’s likely that staff computer use began mere minutes after Congress reconvened. Obviously, there was no way to completely lift and replace thousands of machines instantly. Therefore, from that moment until now, members and their staff have been using digital devices that may have been compromised. That means that all communications, files, and network connections from and to those devices may have also been compromised.
Physical access raises the stakes
If the Capitol’s computers were penetrated by a traditional malware-driven hack followed by a breach over the Internet, mitigation could have been moderately straightforward, if not inconvenient and painful. Systems could have been scanned for malware, and — in the most sensitive cases — hard drives could have been zeroed or replaced.
But there were hundreds of unauthorized people in the building, people who were photographed having gained access to the desks and private offices of members. These people could have gone anywhere within the building.
We also have to assume that there were some foreign actors who entered the building by blending into the crowd. Yes, I know this sounds paranoid, but hear me out. We know that Russia and other nations have been conducting cyberattacks against America for some time.
We also know that the final congressional certification of ballots for the 2020 presidential election was Constitutionally mandated for January 6 — and because of the heated rhetoric, it was all but a certainty that there would be crowds and unrest.
It is therefore highly likely that enemy (or frenemy) actors were likewise aware of the potential for unrest around the Capitol Building. While the specific details of exactly what would unfold in what order on January 6 was impossible to predict, there’s good reason to expect that international handlers would find it prudent to keep small squads of agents on standby. That way, if the opportunity presented itself, they could surreptitiously insert those agents into the situation.
Therefore, we have to assume that some of the people who penetrated Capitol Hill were probably foreign actors. And from that observation, we have to expect one or more of those foreign actors who made it inside took some physical action against machines normally out of reach.
Physical access is more than stealing computers
Once an enemy agent gains physical access, a lot can happen. And by a lot, I mean stealth attacks that will require the Capitol’s IT teams to use a scorched Earth remediation effort. First, let’s be aware that malware often doesn’t show itself until a set period of time or trigger happens. So machines that seem perfectly fine may well be Trojan horses.
It is possible that machines were opened and thumb drives or even extra drives were placed inside machines, which were then sealed back up. With a power screwdriver, it’s possible to open up the skins of a tower PC, shove a USB stick into an open internal port, and seal the thing back up in a minute or two. These might never be detected.

When Stuxnet destabilized the Natanz centrifuges in IRan, the worm was delivered via USB drives smuggled into the facility. In the case of Capitol security, hundreds of people were inside the Capitol building. An effective attack would simply be to leave random, generic USB drives in various drawers and on various desks. Without a doubt, someone would see the drive, assume it was one of their own, and plug it in. Malware delivered.
There are other physical attacks possible. We’ve talked previously about a USB charger with a wireless keylogger. We’ve written about the Power Pwn, a device that looks like a power strip but which hides wireless network hacking tools. We’ve discussed how a man-in-the-middle attack was launched against EU offices, siphoning Wi-Fi traffic to an illegal listener.
With hundreds of people inside the Capitol Building, devices like these could have been left in place. It could take weeks or months to discover them, especially if they were left as if they were clutter, to be used by random staffers when they need a spare piece of hardware.
What must be done
There are some IT best practices that can reduce the risk. Network micro-segmentation can prevent malware from crossing between zones, for example. But no network-based security practice can completely mitigate a physical attack.
The Capitol Building must be completely scrubbed. All machines must be scanned. Any desktop PC that is not hermetically sealed must be opened and the internals carefully inspected. USB drive slots must be locked, so Capitol Hill staffers can’t plug in random USB drives. The building must be repeatedly scanned on a room-by-room, floor-by-floor basis for radiant signal broadcast.
Congressional staffers must be educated about what to look for, about best practices, and about taking extra care even if it takes extra time.
Every single digital device within the Capitol grounds must be considered suspect. It’s essential that a strong security standing be maintained even after active machines have been tested and scanned, because we need to be on the lookout for delayed threats and attacks that are hiding, waiting for their opportunity to trigger access.
Espionage Act violations
Finally, everyone who participated in the attack, particularly those who penetrated the building, must be prosecuted to the fullest extent of the law and possibly even charged with Espionage Act violations. While some of the participants may have been characterized as “patriots” or angry “fine people,” the fact is that their actions may have provided cover for acts of espionage by our nation’s enemies.
I can hear what you’re saying. “But David, isn’t it being a little paranoid to think other countries would take advantage of our own internal disputes?” Okay, fine. Nobody would say that. Instead, there’d be a lot of fist waving and yelling at me. But for our purposes, let’s go with the civil version.
And no, it’s not a little paranoid. Russia did meddle with the 2016 election. It’s part of basic tradecraft to incite anger and disagreements among a target’s population. We know Russian meddling has contributed to the anger and rage we’re all feeling — although our own politicians certainly leveraged off of it for their own selfish interests.
The Capitol Building attack was absolutely rage and anger based. Given that sowing unrest is a major part of Russia’s playbook, it’s entirely likely that they were very aware of the significance of the January 6 date and were quite prepared to capitalize on it to the fullest extent. And all that brings us to espionage — conducted by foreign actors, but very likely aided and abetted by duped or complicit Americans strung out on a rage high.
Those who stormed Capitol Hill may have violated 18 U.S. Code § 792 – Harboring or concealing persons. This code is simple, stating, “Whoever harbors or conceals any person who he knows, or has reasonable grounds to believe or suspect, has committed, or is about to commit, an offense.” If a case can be made that any of the attackers might merely suspect an external agent would breach the building with them, they’re in violation of this statute.
They may have also violated 18 U.S. Code § 793 – Gathering, transmitting or losing defense information. This is one of the big ones, opening with “Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation…” Stopping or overturning an election can definitely be considered “to the injury of the United States,” and again, if any of this information is disclosed to a foreign power — even via a photo on Twitter, it’s a serious violation.
It goes on to list a vast array of government resources that, if breached, would be in violation, including “…building, office, research laboratory or station or other place connected with the national defense owned or constructed, or in progress of construction by the United States or under the control of the United States, or of any of its officers, departments, or agencies…” Clearly, the Capitol Building falls under this, especially since congressional committees do deal with highly classified information.
People who commit crimes under these codes “shall be fined under this title or imprisoned not more than ten years, or both.”
It’s with 18 U.S. Code § 794 – Gathering or delivering defense information to aid foreign governments that things start to get serious. The statute begins with “Whoever, with intent or reason to believe that it is to be used to the injury of the United States or to the advantage of a foreign nation,” and, again, blocking the Constitutionally-mandated certification of an election is injurious to the United States.
But here’s where it gets dicey for those who broke in on January 6. The statute continues:

…communicates, delivers, or transmits, or attempts to communicate, deliver, or transmit, to any foreign government, or to any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, or to any representative, officer, agent, employee, subject, or citizen thereof, either directly or indirectly, any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, note, instrument, appliance, or information relating to the national defense…

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

This statute is very broad, essentially saying that even if delivery is made to someone not officially recognized as a foreign national, or even delivery is made indirectly (say via a friend, an eBay auction, pictures on Instagram, etc.), it’s in violation. So those pictures we saw of desks with documents, screens with email, etc? If any one item in any of those pictures was confidential or classified, and could be seen by a foreign agent, this clause is triggered.
The punishment? Well, let’s let the statute speak for itself: “shall be punished by death or by imprisonment for any term of years or for life.” Ouch!
Let’s be clear here. Most of the attackers were Americans. And as despicable as their actions were — and breaking into and interrupting a Constitutional practice is despicable, regardless of which side of the aisle you’re on — most of them most likely thought they were acting on behalf of the US, not with intent to injure it.
The law often takes into account intent. But when it comes to espionage, the law has a very large hammer. The United States does not take kindly to espionage. With thousands of people in the crowd outside the building and hundreds who broke in, there was no way for those committing the crime to know who their fellow mob members might be at the time. Providing cover for enemy agents, even if it could be argued it was done through naivety or stupidity, is still providing cover for enemy agents. 
This is going to play out for months or years, both in our courts and within the United States Intelligence Community. If any secured information resulting from this breach winds up in any foreign hands, the stakes will go up immeasurably and those good ol’ boys from middle America wearing dad jeans and baseball caps or goat horns, face paint, and fur bikinis may well find themselves subject to the full might and wrath of the United States Government — the very government they tried to overthrow.
You can help
InfraGard posted a recent alert that I’m now sharing with you. The Federal Bureau of Investigation’s Washington Field Office is seeking the public’s assistance in identifying individuals who made unlawful entry into the US Capitol Building on January 6, 2021, in Washington, D.C.
In addition, the FBI is offering a reward of up to $50,000 for information leading to the location, arrest, and conviction of the person(s) responsible for the placement of suspected pipe bombs in Washington, D.C. on January 6, 2021. 
At approximately 1:00 p.m. EST on January 6, 2021, multiple law enforcement agencies received reports of a suspected pipe bomb with wires at the headquarters of the Republican National Committee (RNC) located at 310 First Street Southeast in Washington, D.C.
At approximately 1:15 p.m. EST, a second suspected pipe bomb with similar descriptors was reported at the headquarters of the Democratic National Committee (DNC) at 430 South Capitol Street Southeast #3 in Washington, D.C.
Anyone with information regarding these individuals, or anyone who witnessed any unlawful violent actions at the Capitol or near the area, is asked to contact the FBI’s Toll-Free Tipline at 1-800-CALL-FBI (1-800-225-5324) to verbally report tips. You may also submit any information, photos, or videos that could be relevant online at fbi.gov/USCapitol. You may also contact your local FBI office or the nearest American Embassy or Consulate.

Disclosure: David Gewirtz is a member of InfraGard, a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Image: Roberto Cortese

Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees.
The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants).
Shopify estimated the number of stores that might be affected by the employees’ actions at less than 200. The company boasted more than one million registered merchants in its latest quarterly filings.
The e-commerce giant said the incident is not the result of a vulnerability in its platform but the actions of rogue employees.
“We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement,” the company said in a prepared statement. “We are currently working with the FBI and other international agencies in their investigation of these criminal acts.”
An investigation into the security breach is still in its early phases. Shopify promised to notify impacted merchants and customers as relevant.
The transaction data that the rogue employees might have gained access to includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased.
Shopify said payment card numbers or other sensitive personal or financial information was not included in the data the staffers could have accessed.
Another incident caused by malicious insiders
The incident disclosed by Shopify is the third incident of a “malicious insider” in the past month. Instacart and Tesla acknowledged similar incidents last month.
Instacart said two employees working for a company providing tech support services for Instacart shoppers “may have reviewed more shopper profiles than was necessary in their roles as support agents.” The company had to notify 2,180 shoppers as a result of this breach.
A week after the Instacart incident, Tesla CEO Elon Musk also admitted that his company was targeted by a Russian cybercrime gang, which tried to recruit one of its US employees and have them install malware on the internal network of its super-factory located in Sparks, Nevada.
While the Instacart incident resulted in a breach for the company, the Tesla employee resisted recruitment efforts and reported the incident to Tesla and authorities. More