Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"

Date: February 2, 2026
Host: Claire Aird (for the Risky Business team: Catalyn Kim Panu)
Format: Cybersecurity news roundup

Episode Overview

This episode of Risky Bulletin delivers a packed roundup of recent cybersecurity incidents and policy shifts: StopICE’s hack traced to a Customs agent, Microsoft’s move to disable NTLM, significant attacks on infrastructure and cryptocurrency, global policy reactions, legal cases, and new zero-day vulnerabilities. The tone remains brisk, informative, and impartial, anchored by Claire's clear delivery.

Main Stories & Key Discussion Points

1. StopICE Hack Traced to a CBP Agent (00:10)

• Incident: Users of the StopICE app received alarming SMS alerts, claiming their personal data had been compromised and shared with law enforcement.
• Admin Response: StopICE denies ever holding such personal data.
• Attribution: The breach was reportedly traced to a U.S. Customs and Border Protection agent in Southern California.
• Quote:

  "A recent breach of the Stop Ice app has been tracked to a U.S. customs and Border Protection agent, according to the app's administrator." (A, 00:10)

2. Microsoft to Disable NTLM by Default (00:39)

• Action: Microsoft will deprecate NTLM in the next Windows release; no further updates to the protocol.
• Replacement: Improvements to Kerberos slated for release, targeting network topology compatibility where NTLM was required.
• Quote:

  "Microsoft will disable NTLM by default in the next version of Windows. The company deprecated the protocol last week and has stopped updating it." (A, 00:39)

3. Poland Bans Chinese Cars on Military Bases (01:09)

• Reason: National security concerns.
• Context: China previously banned Tesla cars from its military bases.
• Chinese Response: Accused Poland of “abusing the concept of national security.”
• Quote:

  "Warsaw cited national security concerns. Chinese officials have allegedly called on Poland to stop abusing the concept of national security." (A, 01:15)

4. France Boosts Cyber Talent (01:29)

• Plan: France aims to build the largest cybersecurity workforce in Europe.
• Goal: Compete with the U.S. and support European digital sovereignty.
• Quote:

  "The French government wants the country to have the largest pool of cyber talent in Europe." (A, 01:29)

5. Nobel Peace Prize Leak and Crypto Gambling (01:50)

• Allegation: Hackers accessed the name of Nobel laureate Maria Corinna Machado before the official announcement.
• Consequence: Surge in crypto gambling bets on the winner ahead of time.
• Investigation: Norwegian intelligence examining source of possible breach.
• Quote:

  "The Nobel Committee believes hackers obtained the name of the Nobel Peace Prize winner Maria Corinna Machado ahead of time." (A, 01:50)

6. US Commerce Department Investigates WhatsApp (02:19)

• Whistleblower Complaint: Claims Meta staff have “unfettered access” to WhatsApp messages.
• Action: Investigation underway, led by the US Commerce Department.
• Quote:

  "Former contractors have filed whistleblower complaints against the company, claiming that some Meta staff have unfettered access to WhatsApp messages." (A, 02:23)

7. Russian Hackers Attack Polish Power Grid (02:40)

• Attribution: Attack linked to Dragonfly (FSB-associated) and possibly Sandworm (GRU).
• Failures: Polish CERT notes inadequate network security at targeted energy providers.
• Quote:

  "Polish officials have attributed the data wiping attack on its national power grid to a Russian hacking group known as Dragonfly." (A, 02:40)

8. Chat and Ask AI Database Exposure (03:25)

• Impact: 300 million messages leaked due to Google Firebase misconfiguration.
• User Base: Over 50 million users affected.
• Quote:

  "The Chat and Ask AI app has leaked more than 300 million messages due to a misconfiguration of its Google Firebase backend." (A, 03:25)

9. Seoul Public Bike Share Breach (03:43)

• Victims: Data from 4.5 million users affected.
• Distraction: DDoS attack possibly used as a cover.
• Quote:

  "Hackers are believed to have stolen the personal data of 4.5 million...users." (A, 03:43)

10. Comcast Settles for $117.5M After Security Breach (04:06)

• Breach: 31 million customer records stolen via the Citrix Bleed vulnerability.
• Terms: Customers can claim up to $10,000 for proven losses or up to $50 without proof.
• Quote:

  "Hackers stole the personal details of more than 31 million customers after exploiting the Citrix Bleed vulnerability." (A, 04:11)

11. Cryptocurrency Thefts from Aperture Finance & Swapnet (04:39)

• Amount: $17 million stolen via smart contract vulnerabilities.
• Breakdown: $3.6M (Aperture), $13.4M (Swapnet).
• Quote:

  "Hackers have stolen more than $17 million worth of assets from cryptocurrency platforms Aperture Finance and Swapnet." (A, 04:39)

12. Cambodia Raids A7 Cyberscam Compound (05:03)

• Action: Over 100 suspects detained; compound housed 2,000 workers.

13. Jeffrey Epstein Allegedly Hired Hacker (05:21)

• Details: Italian hacker developed zero-day exploits for foreign governments, including Hezbollah, per newly released files.

14. Italian IPTV Piracy Ring Busted (05:40)

• Impact: Millions of users.
• Action: 31 suspects arrested; coalition with anti-piracy group tracked sites and Telegram channels.

15. Ex-Google Engineer Convicted of AI Trade Secret Theft (06:00)

• Individual: Lin Wei Ding arrested for taking >500 confidential files.
• Intent: Planned to share with two Chinese startups.

16. Cloudflare Thwarts Record-Breaking DDoS Attack (06:22)

• Magnitude: 31.4 Tbps, from “Isuru” or “Kimwoof” botnet (up to 4 million devices infected).
• Targets: Gaming and hosting sectors.

17. Dallas County Pen Testers Vindicated (06:42)

• Background: Two pen testers arrested during a state-sanctioned security evaluation.
• Outcome: Charges dropped; awarded $600,000.

18. Avanti Patches Two New Zero Days (07:00)

• Nature: Allow unauthenticated code execution.
• Recon Origins: Romania and Moldova networks.

19. Tails Operating System Issues Security Update (07:24)

• Patch: Incorporates OpenSSL fixes for remote code execution.
• Quote:

  "The Tails operating system has released an emergency security update. The patch incorporates fixes from the OpenSSL project." (A, 07:24)

20. ComfyUI Vulnerability Discovered (07:44)

• Bug: Unauthenticated file upload in core extension manager enables remote code execution.
• Attribution: Tencent security researchers.
• Threat: Previous use of ComfyUI zero-days to deploy sophisticated backdoors.

Notable Quotes & Moments

• On the StopICE breach:

  "StopICE has denied having such data in the first place." (A, 00:19)

• On digital sovereignty:

  "...part of a larger goal of increasing European digital sovereignty." (A, 01:36)

• On Polish grid attack:

  "A report published by Poland's Certified found that the affected energy providers failed to adequately secure their networks, which aided the attack." (A, 02:54)

• On US pen tester arrests:

  "...two pen testers that were unjustly arrested...They were charged despite being hired by the state...The charges were later dropped." (A, 06:44-06:54)

• On the record DDoS:

  "Cloudflare has mitigated a new record DDoS attack of 31.4 terabits per second." (A, 06:22)

Episode Flow & Tone

The episode is tightly structured, each story delivered in a concise, factual, and neutral tone. Claire maintains brisk pacing, covering global developments without editorializing. The language is direct, aiming for clarity for infosec professionals and interested lay listeners alike.

Useful Timestamps

| Segment | Timestamp | |-------------------------------------------------------|-----------| | StopICE app hack traced to CBP agent | 00:10 | | Microsoft disables NTLM | 00:39 | | Poland bans Chinese cars from military sites | 01:09 | | France's cybersecurity workforce plan | 01:29 | | Nobel Peace Prize breach investigation | 01:50 | | WhatsApp whistleblower-led investigation | 02:19 | | Russian groups attack Polish power grid | 02:40 | | Chat and Ask AI database leak | 03:25 | | Seoul bike share service breach | 03:43 | | Comcast data breach settlement | 04:06 | | Crypto platforms hacked | 04:39 | | Cambodia A7 Cyberscam compound raid | 05:03 | | Jeffrey Epstein's hacker connection | 05:21 | | Italy’s IPTV piracy ring busted | 05:40 | | Ex-Google engineer convicted | 06:00 | | Cloudflare mitigates record DDoS attack | 06:22 | | Dallas County pen testers compensated | 06:42 | | Avanti zero-days patched | 07:00 | | Tails OS emergency security update | 07:24 | | ComfyUI vulnerability (GenAI model manager app) | 07:44 |

Conclusion

This episode offers a rapid, information-rich rundown of recent cybersecurity events, mixing regulatory, technical, and criminal cases with global impact. Notable is the breadth, from app hacks and protocol deprecation to geopolitical policy changes and the continued challenge of software vulnerabilities.