An anonymous reader quotes a report from KrebsOnSecurity: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn't reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius' mother -- Minnesota native Alicia Roen -- filled in the gaps.

Roen said that prior to her son's arrest he'd acknowledged being associated with Connor Riley Moucka, a.k.a. "Judische," a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake. In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he'd stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon. On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea.

[...] Immediately after news broke of Moucka's arrest, Kiberphant0m posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] On that same day, Kiberphant0m posted what they claimed was the "data schema" from the U.S. National Security Agency. On Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders. On Nov. 9, Kiberphant0m posted a sales thread on BreachForums offering a "SIM-swapping" service targeting Verizon PTT customers. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target's phone calls and text messages to a device they control.

Researchers have uncovered widespread manipulation of GitHub's star-rating system, with over 3.1 million fraudulent stars identified across 15,835 repositories, according to a new study by Socket, Carnegie Mellon University, and North Carolina State University.

The research team analyzed 20TB of data from GHArchive, spanning 6 billion GitHub events from 2019 to 2024, using their "StarScout" detection tool. The tool identified 278,000 accounts engaging in coordinated inauthentic behavior to artificially boost repository rankings.

GitHub uses stars, similar to social media likes, to rank projects and recommend content to users. The platform has previously encountered malicious exploitation of this system, including the "Stargazers Ghost Network" malware operation discovered last summer. Approximately 91% of flagged repositories and 62% of suspicious accounts were removed by October 2024.

President-elect Donald Trump has asked the Supreme Court to delay the upcoming TikTok ban while he works on a "political resolution." In a legal brief (PDF) on Friday, his lawyer said Trump "opposes banning TikTok" and "seeks the ability to resolve the issues at hand through political means once he takes office." The BBC reports: Trump had met with TikTok's CEO, Shou Zi Chew, at his Mar-a-Lago estate in Florida last week. In his court filing on Friday, Trump said the case represents "an unprecedented, novel, and difficult tension between free-speech rights on one side, and foreign policy and national security concerns on the other." While the filing said that Trump "takes no position on the underlying merits of this dispute", it added that pushing back the 19 January deadline would grant Trump "the opportunity to pursue a political resolution" to the matter without having to resort to the court. [...]

Trump has publicly said he opposes the ban, despite supporting one in his first term as president. "I have a warm spot in my heart for TikTok, because I won youth by 34 points," he claimed at a press conference earlier in December, although a majority of young voters backed his opponent, Kamala Harris. "There are those that say that TikTok has something to do with that," he added. Earlier this month, TikTok asked the Supreme Court to block the ban, saying that the law violates both its First Amendment rights and those of its 170 million American users.

An anonymous reader quotes a report from Reuters: Chinese state-sponsored hackers broke into the U.S. Treasury Department earlier this month and stole documents from its workstations, according to a letter to lawmakers that was provided to Reuters on Monday. The hackers compromised a third-party cybersecurity service provider and were able to access unclassified documents, the letter said, calling it a "major incident."

According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users." After being alerted by cybersecurity provider BeyondTrust, the Treasury Department said it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack's impact. Developing...

Valerie Warner is 71 years old — and owes $268,000 in student loans.

Roughly 40 years ago she went to law school, but was only able to find work as a legal aid and later work in the public school system, which the Washington Post calls "a rewarding job but one that didn't pay enough to wipe out her loans." Later she earned a masters of education degree: All told, Warner borrowed a total of about $60,000 for her two advanced degrees. The amount seemed reasonable given the career trajectory that both credentials promised, but that path never materialized. Working a series of low-wage jobs, she went in and out of forbearance before ultimately defaulting. The balance ballooned to the current $268,000 total over the years due to collection fees and interest capitalization.
And she's not the only one in debt. "On a dreary December afternoon, a group of senior citizens stood in the rain outside the Education Department pleading for relief from a debt that many fear will burden them for the rest of their lives..." Some sat in rocking chairs, cross-stitching their debt number in a pattern. Others held signs that read, "Time is running out, sunset our debt." Or wore T-shirts saying, "Debt relief before we die...."

[A]ctivists are urging the U.S. Education Department to discharge the student debt of older borrowers who they say are in no position to repay. They say the department could use a little-known federal statute that considers a person's ability to pay within a reasonable time and the inability of the government to collect the debt in full. There are 2.8 million federal student loan borrowers aged 62 and older with a total of $121.5 billion in debt, more than 726,300 of them over the age of 71, according to the Education Department. Older borrowers are one of the fastest-growing segments of the government's student loan portfolio, and their Social Security benefits are subject to garnishment...

The Education Department would only acknowledge receiving a memo from the Debt Collective, the group organizing the campaign, outlining the agency's authority to cancel the debt of older borrowers. The activist organization said it has been meeting with members of Congress, White House committees and Education Department officials about the matter since September. "Many of these folks have been borrowers for 20 or 30 years, with punishingly high interest rates. Their balances and the way they have dragged on for decades is just an indictment of the broken system and the failure of past relief efforts," said Eleni Schirmer, an organizer with the Debt Collective... According to the think tank New America, the number of Americans approaching retirement age with student loan debt has skyrocketed over 500 percent in the last two decades. Some have loans they took out to finance their college educations, while others took out federal Parent Plus loans or co-signed private loans for their children.
The article points out that the U.S. government will garnish up to 15 percent of the Social Security income to recoup student loan debt, even if it means leaving recipients below the poverty line.

But it also includes this quote from Adam Minsky, an attorney who specializes in student debt, about the prospects for federal action that survives challenges in the U.S. court system. "[A]s a practical matter, I don't think that judges and courts that have been hostile to mass debt relief would treat this differently from other programs that have been blocked or struck down."

A new report reveals that the VW Group left sensitive data for 800,000 electric vehicles from Audi, VW, Seat, and Skoda poorly secured on an Amazon cloud, exposing precise GPS locations, battery statuses, and user habits for months. Carscoops reports: It gets worse. A more tech-savvy user could reportedly connect vehicles to their owners' personal credentials, thanks to additional data accessible through VW Group's online services Crucially, in 466,000 of the 800,000 cases, the location data was so precise that anyone with access could create a detailed profile of each owner's daily habits. As reported by Spiegel, the massive list of affected owners isn't just a who's-who of regular folks. It includes German politicians, entrepreneurs, Hamburg police officers (the entire EV fleet, no less), and even suspected intelligence service employees. Yes, even spies may have been caught up in this digital debacle.

This glaring error originated from Cariad, a VW Group company that focuses on software, due to an error that occurred in the summer of 2024. An anonymous whistleblower used freely accessible software to dig up the sensitive information and promptly alerted Chaos Computer Club (CCC), Europe's largest hacker association. CCC wasted no time contacting Lower Saxony's State Data Protection Officer, the Federal Ministry of the Interior, and other security bodies. They also gave VW Group and Cariad 30 days to address the issue before going public. According to CCC, Cariad's technical team "responded quickly, thoroughly and responsibly," blocking unauthorized access to its customers' data.

Accidental missile attacks on commercial airliners have become the leading cause of aviation fatalities in recent years (Warning: source paywalled; alternative source), driven by rising global conflicts and the proliferation of advanced antiaircraft weaponry. Despite improvements in aviation safety overall, inconsistent risk assessments, political complexities, and rapid military escalations make protecting civilian flights in conflict zones increasingly difficult. The Wall Street Journal reports: The crash Wednesday of an Azerbaijan Airlines jetliner in Kazakhstan, if officially confirmed as a midair attack, would be the third major fatal downing of a passenger jet linked to armed conflict since 2014, according to the Flight Safety Foundation's Aviation Safety Network, a global database of accidents and incidents. The tally would bring to more than 500 the number of deaths from such attacks during that period. Preliminary results of Azerbaijan's investigation into the crash indicate the plane was hit by a Russian antiaircraft missile, or shrapnel from it, said people briefed on the probe.

"It adds to the worrying catalog of shootdowns now," said Andy Blackwell, an aviation risk adviser at security specialist ISARR and former head of security at Virgin Atlantic. "You've got the conventional threats, from terrorists and terrorist groups, but now you've got this accidental risk as well." No other cause of aviation fatalities on commercial airliners comes close to shootdowns over those years, according to ASN data. The deadliness of such attacks is a dramatic shift: In the preceding 10 years, there were no fatal shootdowns of scheduled commercial passenger flights, ASN data show. The trend highlights the difficulty -- if not impossibility -- of protecting civilian aviation in war zones, even for rigorous aviation regulators, because of the politics of war. Early last century similar woes plagued sea travel, when belligerents targeted ocean transport.

Increasing civilian aviation deaths from war also reflect both a growing number of armed conflicts internationally and the increasing prevalence of powerful antiaircraft weaponry. If a missile was indeed the cause of this week's disaster, it would mean that the three deadliest shootdowns of the past decade all involved apparently unintended targetings of passenger planes flying near conflict zones, by forces that had been primed to hit enemy military aircraft. Two of those incidents were linked to Russia: Wednesday's crash of an Embraer E190 with 67 people aboard, of whom 38 died, and the midair destruction in 2014 of a Malaysia Airlines Boeing 777 flying over a battle zone in Ukraine, on which all 298 people aboard died. The other major downing was the mistaken shooting in 2020 by Iranian forces of a Ukraine International Airlines Boeing 737 departing Tehran, killing all 176 people onboard. Iran's missile defense systems had been on alert for a potential U.S. strike at the time.

President Biden on Monday signed the SHARE IT Act (H.R. 9566) into law, mandating federal agencies share custom-developed code with each other to prevent duplicative software development contracts and reduce the $12 billion annual government software expenditure. The law requires agencies to publicly list metadata about custom code, establish sharing policies, and align development with best practices while exempting classified, national security, and privacy-sensitive code. FedScoop reports: Under the law, agency chief information officers are required to develop policies within 180 days of enactment that implement the act. Those policies need to ensure that custom-developed code aligns with best practices, establish a process for making the metadata for custom code publicly available, and outline a standardized reporting process. Per the new law, metadata includes information about whether custom code was developed under a contract or shared in a repository, the contract number, and a hyperlink to the repository where the code was shared. The legislation also has industry support. Stan Shepard, Atlassian's general counsel, said that the company shares "the belief that greater collaboration and sharing of custom code will promote openness, efficiency, and innovation across the federal enterprise."

A ninth U.S. telecommunications company has been compromised in a Chinese espionage campaign that targeted private communications, particularly around Washington D.C., White House Deputy National Security Adviser Anne Neuberger said Friday.

The intrusion, part of the "Salt Typhoon" operation that previously hit eight telecom firms, allowed hackers to access customer call records and private messages. While the total number of affected Americans remains unclear, many targets were government officials and political figures in the Washington-Virginia area.

Microsoft is warning that Windows 11 installations using USB or CD media created with October or November 2024 security updates may be unable to receive future security patches.

The bug affects version 24H2 installations made between October 8 and November 12, but does not impact systems updated through Windows Update or the Microsoft Update Catalog. Microsoft advised users to rebuild installation media using December 2024 patches while it works on a permanent fix for the issue, which primarily affects business and education environments.

The annual defense policy bill signed by President Joe Biden Monday evening allocates $3 billion to help telecom firms remove and replace insecure equipment in response to recent incursions by Chinese-linked hackers. From a report: The fiscal 2025 National Defense Authorization Act outlines Pentagon policy and military budget priorities for the year and also includes non-defense measures added as Congress wrapped up its work in December. The $895 billion spending blueprint passed the Senate and House with broad bipartisan support.

The $3 billion would go to a Federal Communications Commission program, commonly called "rip and replace," to get rid of Chinese networking equipment due to national security concerns. The effort was created in 2020 to junk equipment made by telecom giant Huawei. It had an initial investment of $1.9 billion, roughly $3 billion shy of what experts said was needed to cauterize the potential vulnerability.

Calls to replenish the fund have increased recently in the wake of two hacking campaigns by China, dubbed Volt Typhoon and Salt Typhoon, that saw hackers insert malicious code in U.S. infrastructure and break into at least eight telecom firms. The bill also includes a watered down requirement for the Defense Department to tap an independent third-party to study the feasibility of creating a U.S. Cyber Force, along with an "evaluation of alternative organizational models for the cyber forces" of the military branches.

An anonymous reader quotes a report from the Boston Globe: Every weekday morning at 8:30, Preston Thorpe makes himself a cup of instant coffee and opens his laptop to find the coding tasks awaiting his seven-person team at Unlocked Labs. Like many remote workers, Thorpe, the nonprofit's principal engineer, works out in the middle of the day and often stays at his computer late into the night. But outside Thorpe's window, there's a soaring chain-link fence topped with coiled barbed wire. And at noon and 4 p.m. every day, a prison guard peers into his room to make sure he's where he's supposed to be at the Mountain View Correctional Facility in Charleston, Maine, where he's serving his 12th year for two drug-related convictions in New Hampshire, including intent to distribute synthetic opioids.

Remote work has spread far and wide since the pandemic spurred a work-from-home revolution of sorts, but perhaps no place more unexpectedly than behind prison walls. Thorpe is one of more than 40 people incarcerated in Maine's state prison system who have landed internships and jobs with outside companies over the past two years -- some of whom work full time from their cells and earn more than the correctional officers who guard them. A handful of other states have also started allowing remote work in recent years, but none have gone as far as Maine, according to the Alliance for Higher Education in Prison, the nonprofit leading the effort.

Unlike incarcerated residents with jobs in the kitchen or woodshop who earn just a few hundred dollars a month, remote workers make fair-market wages, allowing them to pay victim restitution fees and legal costs, provide child support, and contribute to Social Security and other retirement funds. Like inmates in work-release programs who have jobs out in the community, 10 percent of remote workers' wages go to the state to offset the cost of room and board. All Maine DOC residents get re-entry support for housing and job searches before they're released, and remote workers leave with even more: up-to-date resumes, a nest egg -- and the hope that they're less likely to need food or housing assistance, or resort to crime to get by.

In 2024, North Korean state-sponsored hackers stole $1.34 billion in cryptocurrency across 47 attacks, marking a 102.88% increase from 2023 and accounting for 61% of global crypto theft. BleepingComputer reports: Although the total number of incidents in 2024 reached a record-breaking 303, the total losses figure isn't unprecedented, as 2022 remains the most damaging year with $3.7 billion. Chainalysis says most of the incidents this year occurred between January and July, during which 72% of the total amount for 2024 was stolen. The report highlights the DMM Bitcoin hack from May, where over $305 million was lost, and the WazirX cyberheist from July, which resulted in the loss of $235 million.

As for what types of platforms suffered the most damage, DeFi platforms were followed by centralized services. Regarding the means, the analysts report that private key compromises accounted for 44% of the losses, while exploitation of security flaws corresponded to just 6.3% of stolen cryptocurrency. This is a sign that security audits have a significant effect on reducing exploitable flaws on the platforms. However, stricter security practices in the handling of private keys need to be implemented.

ASUS computer owners have been reporting widespread alarm after a Christmas-themed banner suddenly appeared on their Windows 11 screens, accompanied by a suspicious "Christmas.exe" process in Task Manager.

The promotional campaign, first reported by WindowsLatest, was delivered through ASUS' pre-installed Armoury Crate software. It displays a large wreath banner that covers one-third of users' screens. The unbranded holiday display, which can interrupt gaming sessions and occasionally crashes applications, has triggered security concerns among users who initially mistook it for malware.

An anonymous reader quotes a report from The Verge: The Consumer Financial Protection Bureau (CFPB) is suing Walmart and payroll service provider Branch Messenger for alleged illegal payment practices for gig workers. The bureau says Walmart was opening direct deposit accounts using Spark delivery drivers' social security numbers without their consent. The accounts also can come with intense fees that, according to the complaint, would add either 2 percent or $2.99 per transaction, whichever is higher. It also says Walmart repeatedly promised to provide drivers with same-day payments through the platform starting in July 2021 but never delivered on that.

The Bureau alleges that for approximately two years starting around June 2021, defendants engaged in unfair, abusive, and deceptive practices in violation of the Consumer Financial Protection Act of 2010, including by requiring Spark Drivers to receive their compensation in Branch Accounts, opening Branch Accounts for Spark Drivers without their informed consent or, in many instances, on an unauthorized basis, and making deceptive statements about Branch to Spark Drivers. Spark delivery workers have been complaining about Walmart's Branch Messenger account requirements for years, which forced workers to use these accounts with no option to direct deposit to a preferred credit union or local bank. Walmart allegedly told workers they'd be terminated if they didn't accept the Branch accounts.

Vietnam's Decree 147 mandates social media users on platforms like Facebook and TikTok to verify their identities and requires tech companies to store and share user data with authorities upon request, sparking concerns over increased censorship, self-censorship, and threats to free expression. Furthermore, the decree imposes restrictions on gaming time for minors and limits livestreaming to verified accounts. It becomes effective on Christmas Day. The Guardian reports: Decree 147, as it is known, builds on a 2018 cybersecurity law that was sharply criticized by the US, EU and internet freedom advocates who said it mimics China's repressive internet censorship. [...] Critics say that decree 147 will also expose dissidents who post anonymously to the risk of arrest. "Many people work quietly but effectively in advancing the universal values of human rights," Ho Chi Minh City-based blogger and rights activist Nguyen Hoang Vi told AFP.

She warned that the new decree "may encourage self-censorship, where people avoid expressing dissenting views to protect their safety -- ultimately harming the overall development of democratic values" in the country. Le Quang Tu Do, of the ministry of information and communications (MIC), told state media that decree 147 would "regulate behavior in order to maintain social order, national security, and national sovereignty in cyberspace." [...]

Human Rights Watch is calling on the government to repeal the "draconian" new decree. "Vietnam's new Decree 147 and its other cybersecurity laws neither protect the public from any genuine security concerns nor respect fundamental human rights," said Patricia Gossman, HRW's associate Asia director. "Because the Vietnamese police treat any criticism of the Communist party of Vietnam as a national security matter, this decree will provide them with yet another tool to suppress dissent."

An anonymous reader quotes a report from Ars Technica: Health care company Ascension lost sensitive data for nearly 5.6 million individuals in a cyberattack that was attributed to a notorious ransomware gang, according to documents filed with the attorney general of Maine. Ascension owns 140 hospitals and scores of assisted living facilities. In May, the organization was hit with an attack that caused mass disruptions as staff was forced to move to manual processes that caused errors, delayed or lost lab results, and diversions of ambulances to other hospitals. Ascension managed to restore most services by mid-June. At the time, the company said the attackers had stolen protected health information and personally identifiable information for an undisclosed number of people.

A filing Ascension made earlier in December revealed that nearly 5.6 million people were affected by the breach. Data stolen depended on the particular person but included individuals' names and medical information (e.g., medical record numbers, dates of service, types of lab tests, or procedure codes), payment information (e.g., credit card information or bank account numbers), insurance information (e.g., Medicaid/Medicare ID, policy number, or insurance claim), government identification (e.g., Social Security numbers, tax identification numbers, driver's license numbers, or passport numbers), and other personal information (such as date of birth or address). Ascension is now in the process of notifying affected individuals. The organization is also offering two years of credit and fraud monitoring, a $1 million insurance reimbursement policy, and managed ID theft recovery services. The services became effective last Thursday. Further reading: Black Basta Ransomware Attack Brought Down Ascension IT Systems, Report Finds

Since 2021, Apple has been sending threat notifications to certain users, informing them that they may have been individually targeted by mercenary spyware attacks. When victims of spyware reach out to Apple for help, TechCrunch reports, "Apple doesn't tell the targets to get in touch with its own security engineers." Instead, Apple directs them to the nonprofit security lab Access Now, "which runs a digital helpline for people in civil society who suspect they have been targets of government spyware."

While some view this as Apple sidestepping responsibility, cybersecurity experts agree that Apple's approach -- alerting victims, directing them to specialized support, and recommending tools like Lockdown Mode -- has been a game changer in combating mercenary spyware threats. From the report: For people who investigate spyware, Apple sharing spyware notifications with victims represented a turning point. Before the notifications, "We were just like in the dark, not knowing who to check," according to Access Now's legal counsel Natalia Krapiva. "I think it's one of the greatest things that's happened in the sphere of this kind of forensic investigations and hunting of sophisticated spyware," Krapiva told TechCrunch.

Now, when someone or a group of people get a notification from Apple, they are warned that something potentially anomalous is happening with their device, that someone is targeting them, and that they need to get help. And Apple tells them exactly where to get it, according to Scott-Railton, who said Access Now's helpline is the right place to go because "the helpline is able to do good, systematic triage work and support." Krapiva said that the helpline is staffed by more than 30 people, supported by others who work in other departments of the nonprofit. So far in 2024, Krapiva said Access Now received 4,337 tickets through the helpline.

For anyone alerted by a notification, Apple tells those targets and victims of spyware to update their iOS software and all their apps. Apple also suggests the user switches on Lockdown Mode, an opt-in iOS security feature that has stopped spyware attacks in the past by limiting device features that are often exploited to plant spyware. Apple said last year that it is not aware of any successful spyware infection against someone who used Lockdown Mode.

The Biden administration has launched a Section 301 investigation into China's semiconductor industry, citing concerns over non-market practices, supply chain dependencies, and national security risks. The Hill reports: In a fact sheet, the White House said China "routinely engages in non-market policies and practices, as well as industrial targeting, of the semiconductor industry" that harms competition and creates "dangerous supply chain dependencies."

The Biden administration said the Office of the United States Trade Representative would launch a Section 301 investigation to examine China's targeting of semiconductor chips for dominance, an effort to see whether the practices are unfairly hurting U.S. trade and take potential action. The investigation will broadly probe Chinese nonmarket practices and policies related to semiconductors and look at how the products are incorporated into industries for defense, auto, aerospace, medical, telecommunications and power. It will also examine production of silicon carbide substrates or other wafers used as inputs for semiconductors. The probe launches four weeks before President-elect Donald Trump takes office. "The effort could offer Trump a ready avenue to begin imposing some of the hefty 60% tariffs he has threatened on Chinese imports," notes Reuters.

"Departing President Joe Biden has already imposed a 50% U.S. tariff on Chinese semiconductors that starts on Jan. 1. His administration also has tightened export curbs on advanced artificial intelligence and memory chips and chipmaking equipment."

A series of drone sightings over U.S. military bases "has renewed concerns that the U.S. doesn't have clear government-wide policy for how to deal with unauthorized incursions that could potentially pose a national security threat," reports CNN: "We're one year past Langley drone incursions and almost two years past the PRC spy balloon. Why don't we have a single [point of contact] who is responsible for coordination across all organizations in the government to address this?" the recently retired head of US Northern Command and NORAD, Gen. Glen VanHerck, told CNN. "Instead, everybody's pointing their fingers at each other saying it's not our responsibility...." Over a period of six days earlier this month, there were six instances of unmanned aerial systems, or drones, entering the airspace of the Marine Corps base Camp Pendleton in California, a spokesperson confirmed to CNN, adding that they posed "no threat to installation operations and no impact to air and ground operations." There have also been incidents in the last month at Wright-Patterson Air Force Base, Ohio; Picatinny Arsenal, New Jersey; Naval Weapons Station Earle, New Jersey; and Vandenberg Space Force Base, California. A Chinese citizen, who is a lawful permanent resident of the US, was recently arrested in connection to the California incident.

The drone incidents are "a problem that has been brewing for over a decade and we have basically failed to address it," said retired Air Force Brig. Gen. Rob Spalding, who previously served as the chief China strategist for the Joint Chiefs of Staff and senior director for strategic planning on the National Security Council. It's unclear what specifically the drones could be doing — the intent could be anything from attempting to gather intelligence on the base or testing its defenses and response time, to gaining a better understanding of how the bases work, or they could simply be harmless hobbyists flying drones too close to restricted areas... Despite the incursions and the risk they could pose, officials say there is no coordinated policy to determine what agency leads the response to such activity, or how to determine where the drones originate.

CNN reported this week that government agencies have struggled to keep pace with the development of drones and drone technology, particularly by adversaries like China, though legislation is being discussed and the Pentagon just recently released its strategy for countering unmanned systems... The two heads of the Senate Armed Services Committee, Sens. Jack Reed and Roger Wicker, sounded the alarm in a Washington Post op-ed at the beginning of 2024 that the US "lacks adequate drone detection capability" and that agencies "lack clear lines of authority about which agency is responsible for stopping these incursions."

Military installations have the authority to protect themselves and respond to threats, but a former senior military official said that if the drone enters the airspace and subsequently leaves, determining where the drone originated from and what it was doing can be difficult. Military law enforcement typically coordinates with civilian law enforcement off base in that instance, the former official said, but are often limited in what they can do given laws that restrict intelligence collection within US borders. But sources also said the lack of ability to do more also stems at times from a failure to prioritize defense against this kind of activity within the US. The topic is "such a relatively new phenomenon that the law has not caught up and the agencies have not adapted quickly enough," [said one Senate aide familiar with discussions on drone defense and policy].
"The need for Congressional action was made clear in a joint statement this week from the Department of Defense, Department of Homeland Security, Federal Bureau of Investigations and Federal Aviation Administration," according to the article.

"The agencies said they 'urge Congress to enact counter-UAS legislation when it reconvenes that would extend and expand existing counter-drone authorities to identify and mitigate any threat that may emerge.'"