Wandering Adventure Party

@osm_tech Hey. Sorry to hear about that. Drop me a line on Signal? username: briankrebs.07. Thanks!

@fl0und3r So...pass on #fashpass? I like yours better.

Just say no to #fashpass

@farbel Did you try to send to cbp_pra@cbp.dhs.gov? Did you get a bounce?

I feel for anyone in the travel, tourism and hospitality industries, which make up ~ 10M jobs and ~ 3 percent of the nation's GDP. From the U.S. International Trade Administration (trade.gov)

"Inbound international travel to the United States plays a vital role in the Nation’s economy and promotes cultural exchange and understanding. Travel and tourism is the largest single services export for the United States, accounting for 22 percent of the country’s services exports and 7 percent of all exports in 2023. The travel and tourism industry contributed $2.3 trillion to the U.S. economy in 2022 (2.97 percent of the country’s GDP), supporting 9.5 million jobs."

We knew this was coming, but now the clock is running. From Privacy International:

"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."

"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."

PI linked to and summarized a Federal Register entry describing the proposed requirements:

-All visitors must submit ‘their social media from the last 5 years’

-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.

The Trump Administration wants your DNA and social media

Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP).

Privacy International (www.privacyinternational.org)

The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.

Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf

In other depressing IoT news, iRobot, the maker of the popular Roomba vacuums, files for bankruptcy and sells itself to Chinese company. Hello cameras and mics in bajillions of homes.

iRobot, the maker of Roomba vacuums, files for bankruptcy and sells itself to Chinese company

iRobot, which introduced the Roomba vacuum cleaner in 2002, vows to continue supporting its products despite Chapter 11 filing.

(www.cbsnews.com)

It's my fediversary! Three years ago today I said goodbye to several hundred thousand followers at the nazi bar and joined this community. No regrets! Thanks for making me want to stick around

Guess we're down to two streaming services now, which is more than fine. But we're counting on you Apple TV and Netflix. #cancelabc #cancelhulu

I might be interested in commissioning a painting. Is there a follow pack for painters here so I can browse some of their work? Thanks!

The Great Firewall of China has apparently experienced a great data spill. > 500gb of source code, work logs and internal communication records were leaked. Some light reading for the weekend /s

Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak

The Great Firewall of China (GFW) experienced the largest leak of internal documents in its history on Thursday September 11, 2025. Over 500 GB of source code, work logs, and internal communication records were leaked, revealing details of the GFW's research, development, and operations.

GFW Report (gfw.report)

Do you know what are the most common targets of DDoS-for-hire services (apart from other DDoS-for-hire services)? Unregulated online industries that move a lot of money, and that stop moving much money at all when they get attacked (and are thus particularly vulnerable to financial extortion):.

-Gambling
-Gaming (think Minecraft)
-Crypto

I can think of one industry in particular that fits this description and is highly dependent on uptime: AI. All of these companies have to have a giant target on their backs.

So I've been looking at this guy Sergio Gor, who's been described as one of the most powerful figures in the Trump administration: Director of the White House Office of Presidential Personnel.

Per The Times of Malta:

"While not the most glamourous sounding position, Gor’s role will see him wield considerable influence in the Trump government, responsible for vetting the appointment of thousands of employees.

Meet Sergio Gor: The Maltese man at the heart of Trump’s administration

Originally from Cospicua, 38-year-old is ‘fun, incredibly agreeable and ruthlessly efficient’

Times of Malta (timesofmalta.com)

Meanwhile, The New York Post wrote on June 17 that Gor still hasn't been vetted himself:

"...three administration insiders told The Post that the vetter-in-chief has not turned in his Standard Form 86, or SF-86 — a more than 100-page set of questions required for officials who need security clearances."

"Among the questions applicants must answer under threat of criminal penalties is where they were born and whether they have any foreign connections."

"Gor claims to be from the island country of Malta, though an official there could not confirm his birthplace when provided his exact birthday, saying: “No acts are registered with the provided details.”

"Gor declined to divulge his birthplace to The Post, other than to say it was not Russia."

His Wikipedia page says he was born in 1986 in Malta, and later moved w/ family to Los Angeles. But there indications he was born in Russia in 1980.

https://en.m.wikipedia.org/wiki/Sergio_Gor

Sergio Gor is known to have worked on the campaign of the conservative former Rep. Steve King, and a search in Domaintools finds Sergio Gor registered Steveking.com way back when. Domaintools says Gor used the email address sergio.gor@gmail.com, which was also used to register the vanity domain sergiogor.com.

Constella Intelligence, a threat hunting platform that indexes breached data, finds this email address used the rather unique and long password: 961649507273. Constella further finds that this password is almost exclusively tied to a bunch of email accounts for the same name, including sgoryachev999@rambler.ru, goryachev-sergey@yandex.ru, sergio-gor@yandex.ru
sergio-gor@qip.ru, goryachev-sergey@ya.ru, goryachev-sergey@list.ru and goryachev-sergey@gmail.com.

Constella also says goryachev-sergey@yandex.ru has multiple entries in Russian government databases for a Sergey Anatolyevich Goryachev, DOB, Nov. 20, 1980, phone +79689210000. This person appears to have lived in Saratov, RU, has a tax ID number, etc.

Here's a mind map I put together on these findings. The password thing is very hard to get past.

The telemedicine/wellness part of Trump Wireless -- the newly announced Trump family grift -- is truly the most baffling and probably will be the biggest part the grift. Maybe not, though, considering how many people in or around this administration have ties to the "wellness" industry.

Getting your healthcare plan through your wireless provider might seem like innovation, but for the fact that you are then piling on one unaccountable, highly insecure provider on top of another. And good luck complaining about any of this to the FCC.

Joseph Cox (@josephcox.bsky.social)

This author has chosen to make their posts visible only to people who are signed in.

Bluesky Social (bsky.app)

Really enjoyed David Gerard's amusing take on how programming with AI becomes like a gambling addiction for many.

"Large language models work the same way as a carnival psychic. Chatbots look smart by the Barnum Effect — which is where you read what’s actually a generic statement about people and you take it as being personally about you. The only intelligence there is yours."

"With ChatGPT, Sam Altman hit upon a way to use the Hook Model with a text generator. The unreliability and hallucinations themselves are the hook — the intermittent reward, to keep the user running prompts and hoping they’ll get a win this time."

"This is why you see previously normal techies start evangelising AI coding on LinkedIn or Hacker News like they saw a glimpse of God and they’ll keep paying for the chatbot tokens until they can just see a glimpse of Him again. And you have to as well. This is why they act like they joined a cult. Send ’em a copy of this post."

Generative AI runs on gambling addiction — just one more prompt, bro!

You’ll have noticed how previously normal people start acting like addicts to their favourite generative AI and shout at you like you’re trying to take their cocaine away. Matthias Döpm…

Pivot to AI (pivot-to-ai.com)

@stux @crichardson I'm talking about people meaning to call a certain company by calling the first number that shows up in Google search results.

@stux @crichardson True. Not unless you initiate the call, and you happen to be calling the actual number that you wanted.

@crichardson @stux You are 100% correct. Having listened to hours of phonecalls made by these scammers against many victims, they are extremely smooth, calm, confident and convincing.

@stux It's so true. Half the victims I've interviewed over the last year who've lost >$1M said they had advanced degrees, some were even IT people.

On May 15, the DOJ indicted a dozen people in a racketeering (RICO) investigation into a cybercrime conspiracy that used social engineering to steal more than $263 million from victims.

 

(www.justice.gov)

Today, I confirmed that "Victim #2" in the govt's case is "Tony," a victim I wrote about in January who was scammed out of nearly $5 million. Tony was scammed after being targeted in a social engineering attack over the phone that spoofed Google by calling him from the default number for Google Assistant and sending account security warnings via a Google.com email address.

A Day in the Life of a Prolific Voice Phishing Crew – Krebs on Security

(krebsonsecurity.com)

I'm super psyched because this time last year Tony was seriously contemplating suicide after being robbed of his life's savings and his kids' college money. Now, it seems likely he might see some of those funds remunerated thanks to the government's seizure of crypto assets controlled by the defendants.

As for the defendants, I wrote about several of them last year in a scoop about how a $230M cyberheist prompted a botched kidnapping and carjacking of the accused thief's parents, who were out house-hunting in their brand new Lamborghini.

Lamborghini Carjackers Lured by $243M Cyberheist – Krebs on Security

(krebsonsecurity.com)