内容来源：https://www.wired.com/story/security-news-this-week-jeffrey-epstein-had-a-personal-hacker-informant-claims/

内容总结：

本周，美国联邦政府与明尼苏达州在移民执法行动上的对峙持续发酵。联邦法官推迟了相关裁决，并要求国土安全部就“是否通过武装突袭向该州施压、迫使其放弃移民庇护政策”提交新的简报。对峙期间，一名联邦移民官员在明尼阿波利斯击毙37岁的亚历克斯·普雷蒂后，右翼势力迅速将其污名化为“恐怖分子”与“疯子”。

在监控技术层面，最新文件显示，美国移民与海关执法局自去年春季起使用Palantir人工智能系统处理举报信息，并广泛应用面部识别软件Mobile Fortify扫描美国境内大量人员（包括众多公民）的面部信息。另有文件披露，商用广告技术与大数据分析工具正越来越多地被政府考虑用于执法与监控。一位现役军官向《连线》杂志分析指出，移民与海关执法局的行动模仿军事风格，但实际战术粗糙，若在真实战场上将导致士兵伤亡。

《连线》杂志本周还详细揭露了老挝金三角地区一诈骗园区的内部运作。一名自称“红牛”的人口贩卖受害者与记者持续数月沟通，泄露了大量内部文件，并讲述了其被迫劳动及试图逃亡的经历。

深度伪造技术风险引发关注。可制作色情内容的“脱衣”深度伪造工具日益精密且易于获取，使数百万人面临侵害风险。此外，研究显示一款AI毛绒玩具的网页控制台几乎无保护措施，导致数万条儿童聊天记录对任何拥有Gmail账户者公开。

其他安全隐私要闻包括：司法部文件显示爱泼斯坦被指雇有“私人黑客”，该黑客涉嫌向多国及组织出售漏洞工具；AI助手OpenClaw爆红的同时暴露严重安全隐患，用户因配置不当将系统权限暴露于外；中国当局对在缅甸运营诈骗园区、犯有诈骗及谋杀等罪的明氏家族11名成员执行死刑，该家族非法获利约14亿美元；一联邦承包商总裁之子被指控盗取政府扣押的4000万美元加密货币；波兰政府将近期针对其能源系统的网络攻击归咎于俄罗斯黑客组织“狂暴熊”，此举可能标志着该组织长期克制状态的终结。

中文翻译：

本周，美国政府与明尼苏达州在移民执法行动上的对峙仍在持续，相关行动已实质占据双城及该州其他区域。一名联邦法官推迟了本周的裁决，并要求国土安全部就"是否使用武装突击手段胁迫明尼苏达州放弃移民庇护政策"提交新的简报。

与此同时，上周六联邦移民官员在明尼阿波利斯击毙37岁的亚历克斯·普雷蒂仅数分钟后，特朗普政府官员与右翼意见领袖便迅速发起污名化行动，称普雷蒂为"恐怖分子"与"疯子"。

根据最新披露的国土安全部文件，移民与海关执法局自去年春季起启用帕兰提尔人工智能系统，对举报热线信息进行自动化汇总分析。该局探员同时使用备受争议的面部识别应用"移动堡垒"，对数以万计的美国境内人员（包括众多公民）实施人脸扫描。最新法庭文件显示，政府正日益考虑将广告技术及大数据分析等商业工具用于执法监控领域。一名现役军官向《连线》杂志剖析了全美及明尼苏达州的联邦移民执法行动，指出移民与海关执法局虽伪装成军事力量，实则采用极不成熟的战术——若在真实战场使用此类战术将导致士兵丧命。

《连线》本周详尽揭露了老挝金三角地区诈骗园区的内部运作。自称"红牛"的人口贩卖受害者与记者持续数月联络，泄露了其被囚禁园区的大量内部文件。报道关键性地记录了他遭受强迫劳动的亲身经历以及多次逃亡尝试。

深度伪造"裸体化"技术与色情换脸工具正变得日益精密、强大且易于获取，对数百万可能遭受技术滥用侵害的群体构成越来越大的威胁。此外，本周研究发现邦杜公司生产的智能毛绒玩具存在严重安全漏洞，其网络控制台几乎毫无防护，导致五万条儿童对话记录对任何拥有Gmail账户者公开。

更多安全隐私领域动态如下（点击标题阅读全文）：

爱泼斯坦被指豢养"私人黑客"

司法部周五解密的文件显示，2017年有线人向联邦调查局举报杰弗里·爱泼斯坦雇佣"私人黑客"。这份由TechCrunch率先披露的文件属于司法部依法必须公开的性犯罪调查档案。文件虽未指明黑客身份，但透露其出生于意大利南部卡拉布里亚地区，专攻苹果iOS系统、黑莓设备及火狐浏览器的漏洞挖掘。线人称该黑客"极擅长发现漏洞"。

据称该黑客开发了针对未知或未修补漏洞的攻击工具，并曾出售给包括某中非政府、英国和美国在内的多国实体。线人甚至向联邦调查局举报该黑客曾向黎巴嫩真主党出售漏洞利用程序并获"整箱现金"报酬。目前尚无法核实线人陈述的真实性。

爆红AI助手OpenClaw引发安全忧虑

更名自Clawdbot（曾短暂称Moltbot）的OpenClaw人工智能助手本周席卷硅谷。技术人员授权其接管数字生活：连接各类在线账户并代为执行任务。《连线》报道指出，这款在个人电脑上运行的程序可联动其他AI模型，经授权后能访问用户的Gmail、亚马逊等数十个账户。一位企业家坦言："它几乎能自动化一切，堪称魔法。"

其强大能力吸引了超200万用户访问。然而这种智能代理需获取在线账户权限的特性，带来了显著的安全隐私隐患。《注册商报》报道称，安全研究人员已发现数百例用户因配置不当将系统暴露于网络的情况，部分案例甚至完全未设认证机制。

尽管相关配置错误已修复，但日益自主的AI系统正演变为安全噩梦。安全研究员贾米森·奥莱利指出："它们需要读取文件、调用凭证、执行命令并连接外部服务，这种运作模式必然要突破我们数十年建立的安全边界。"

中国处决11名诈骗园区头目

遍布缅甸、柬埔寨、老挝等东南亚国家的诈骗园区通过强迫劳动实施犯罪，数十亿美元非法所得常流向中国有组织犯罪集团。本周中国当局宣布对明氏犯罪家族11名成员执行死刑，该团伙此前因在缅甸运营诈骗园区被判诈骗、杀人等多项罪名。据英国广播公司报道，该家族另有20名成员已于去年9月获刑，其在2015至2023年间通过非法诈骗赌博获利14亿美元。另一白氏犯罪集团亦有5名成员因运营诈骗网络被判处死刑。

联邦承包商之子被控盗取4000万美元扣押加密货币

一名年轻黑客在网上炫耀2300万美元加密货币资产后，独立调查员扎克XBT溯源发现其涉及2024至2025年间从美国政府及其他受害者处盗取的9000万美元资产。其中4000万美元竟来自政府扣押的数字钱包——这些钱包由CMDSS公司托管，该公司专为美国法警局管理扣押加密货币。扎克XBT通过链上追踪指控，作案者正是CMDSS总裁迪恩·达吉塔之子约翰·达吉塔。虽然具体作案手法尚未明确，但美国法警局已就此展开调查。

波兰将电网网络攻击归咎俄罗斯"狂暴熊"组织

五年前《连线》曾以"契诃夫之枪"比喻代号"蜻蜓"或"狂暴熊"的俄罗斯黑客组织——他们虽屡次侵入全球电网等关键基础设施（包括美国目标），却始终未扣动扳机引发停电。时隔五年多，这把悬置的枪或许终于击发。

波兰政府本周发布技术报告，披露其能源系统遭受系列网络攻击，目标涵盖热电联产厂及多个风光发电场。攻击者使用旨在删除数据的"擦除器"恶意软件，并试图侵入工控系统破坏设施运行（未造成实际停电）。尽管网络安全公司ESET与德拉戈斯均指认俄罗斯"沙虫"黑客组织为元凶，波兰政府却将攻击溯源至据信受俄联邦安全局指挥的"狂暴熊"组织。若该指认属实，可能意味着俄联邦安全局麾下电网黑客的克制时期已告终结。

英文来源：

As the standoff between the United States government and Minnesota continues this week over immigration enforcement operations that have essentially occupied the Twin Cities and other parts of the state, a federal judge delayed a decision this week and ordered a new briefing on whether the Department of Homeland Security is using armed raids to pressure Minnesota into abandoning its sanctuary policies for immigrants.
Meanwhile, minutes after a federal immigration officer shot and killed 37-year-old Alex Pretti in Minneapolis last Saturday, Trump administration officials and right-wing influencers had already mounted a smear campaign, calling Pretti a “terrorist” and a “lunatic.”
As part of its surveillance dragnet, Immigration and Customs Enforcement has been using an AI-powered Palantir system since last spring to summarize tips sent to its tip line, according to a newly released Homeland Security document. DHS immigration agents have also been using the now notorious face recognition app Mobile Fortify to scan the faces of countless people in the US—including many citizens. And a new ICE filing provides insights on how commercial tools, including for ad tech and big data analysis, are increasingly being considered by the government for law enforcement and surveillance. And an active military officer broke down federal immigration enforcement actions in Minneapolis and around the US for WIRED, concluding that ICE is masquerading as a military force, but actually uses immature tactics that would get real soldiers killed.
WIRED published extensive inside details this week of the inner workings of a scam compound in the Golden Triangle region of Laos after a human trafficking victim calling himself Red Bull communicated with a WIRED reporter for months and leaked a massive trove of internal documents from the compound where he was being held. Crucially, WIRED also chronicled his own experiences as a forced laborer in the compound and his attempts to escape.
Deepfake “nudify” technology and tools that produce sexual deepfakes are getting increasingly sophisticated, capable, and easy to access, posing more and more risk for millions of people who are abused with the technology. Plus, research this week found that an AI stuffed animal toy from Bondu had its web console almost entirely unprotected, exposing 50,000 logs of chats with kids to anyone with a Gmail account.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Epstein Had a “Personal Hacker,” Informant Claims
According to a document released by the Department of Justice on Friday, an informant told the FBI in 2017 that Jeffrey Epstein had a “personal hacker.” The document, first reported by TechCrunch, was released as part of a large trove of material the DOJ is legally required to release related to the investigation into the late sex offender. The document does not provide an identity for the alleged hacker, but it includes some details: They were allegedly born in Italy in the southern region of Calabria, and their hacking focused on discovering vulnerabilities in Apple's iOS mobile operating system, BlackBerry devices, and the Firefox browser. The informant told the FBI that the hacker “was very good at finding vulnerabilities.”
The hacker allegedly developed offensive hacking tools including exploits for unknown and/or unpatched vulnerabilities and allegedly sold them to several countries, including an unnamed central African government, the UK, and the US. The informant even reported to the FBI that the hacker sold an exploit to Hezbollah and received “a trunk of cash” in payment. It is unclear whether the informant's account is accurate or whether the FBI verified the report.
Viral AI Agent OpenClaw Makes Security Experts Sweat
The viral AI assistant OpenClaw—which was previously called Clawdbot and then, briefly, Moltbot—has taken Silicon Valley by storm this week. Technologists are letting the assistant control their digital lives: connecting it to online accounts and letting it complete tasks for them. The assistant, as WIRED reported, runs on a personal computer, connects to other AI models, and can be given permission to access your Gmail, Amazon, and scores of other accounts. “I could basically automate anything. It was magical,” one entrepreneur told WIRED.
They haven’t been the only ones intrigued by the capable AI assistant. OpenClaw’s creators say more than 2 million people have visited the project over the last week. However, its agentic abilities come with potential security and privacy trade-offs—starting with the need to provide access to online accounts—that likely make it impractical for many people to operate securely. As OpenClaw has grown in popularity, security researchers have identified “hundreds” of instances where users have exposed their systems to the web, the Register reported. Several included no authentication and exposed full access to the users’ system.
While the misconfigurations leading to those exposures have now reportedly been fixed, various other security concerns exist and demonstrate how increasingly autonomous AI systems can become a security nightmare. To complete tasks for you, these types of agents often require access to online accounts, data, and your login credentials. That could involve breaking down traditional security measures. “They need to read your files, access your credentials, execute commands, and interact with external services,” security researcher Jamieson O'Reilly told the Register. “The value proposition requires punching holes through every boundary we spent decades building.”
China Executes 11 Scam Compound Bosses
Scam compounds across Southeast Asia, including in Myanmar, Cambodia, and Laos, have stolen billions from people around the world. They operate using a forced-labor workforce with fraud profits often going back to Chinese organized crime groups. This week, Chinese authorities said they executed 11 members of the Ming crime family who were previously found guilty of running scam compounds in Myanmar and had been sentenced for a range of crimes including fraud and homicide. Another 20 members of the Ming family were handed jail sentences in September last year, the BBC reported. In the eight years between 2015 and 2023, the family reportedly made $1.4 billion from its illegal scam and gambling operations. Five members of another Chinese mafia group, the Bai family, have also been sentenced to death over their role in running scamming operations.
Federal Contractor’s Son Accused of Stealing $40 Million in Seized Crypto
Cryptocurrency offers many ways for young people to disappoint their parents. But one crypto crime story that emerged this week likely led to a particularly awkward father-son talk. When a young hacker online began flaunting $23 million in crypto holdings, independent crypto investigator ZachXBT traced the funds to a collection of $90 million in thefts from the US government and other victims in 2024 and 2025. According to ZachXBT, $40 million of those crypto holdings were taken from wallets storing funds seized by the government, and held by a contractor called CMDSS that acts as a custodian of seized crypto on behalf of the US Marshals Service. ZachXBT alleges, based on his crypto tracing investigation, that the culprit behind the theft was none other than John Daghita, the son of CMDSS’s president Dean Daghita. Just how the younger Daghita would have exploited his father’s access to the funds to steal them remains unclear, but Coindesk reports that the US Marshal’s Service is now investigating ZachXBT’s claims.
Poland Attributes Cyberattack on Its Grid to Russia’s Berserk Bear Group
Five years ago, WIRED described a group of Russian hackers known as Dragonfly or Berserk Bear with an analogy to “Chekhov’s gun,” the metaphorical rifle hanging over the fireplace in act one that has to go off sometime before the play is over. The Russian hacker group had repeatedly gained access to power grids and other critical infrastructure systems around the world—including in the US—but never actually pulled the trigger to cause a blackout. More than half a decade later, Chekhov’s gun may have finally gone off.
The Polish government this week released a technical report about a series of cyberattacks targeting its energy systems, including one combined heat and power plant and multiple solar and wind farms. The attackers used “wiper” malware designed to delete data on the target networks and also attempted to reach into industrial control systems to disrupt the facilities' operations, though their attacks didn’t actually cause any power outages. Despite the cybersecurity firms ESET and Dragos blaming Russia’s Sandworm hacker group—the usual suspect—for these attacks, the Polish government instead pinned the attacks on Berserk Bear, which is believed to work on behalf of Russia’s FSB domestic intelligence and security agency. If that attribution is correct, it may signal a new era where the restraint of FSB’s grid hackers has come to an end.