FBI Reports Hacker Group After US Law Firms (Again)

The U.S. Federal Bureau of Investigation (FBI) Cyber Division (Internet Crime Complaint Center) has issued a warning that certain malicious cyber actors are targeting law firms.  Law firms are a ripe target for valuable information concerning clients, including intellectual property.  The warning states, in part:

The cyber threat actor Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms using information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims. While SRG has historically victimized companies in many sectors, starting Spring 2023, the group has consistently targeted US-based law firms, likely due to the highly sensitive nature of legal industry data. . . .

As of March 2025, SRG was observed changing their tactics to calling individuals and posing as an employee from their company’s IT department. SRG will then direct the employee to join a remote access session, either through an email sent to them, or navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight. Once in the victim’s device, a typical SRG attack involves minimal privilege escalation and quickly pivots to data exfiltration conducted through “WinSCP” (Windows Secure Copy) or a hidden or renamed version of “Rclone.” If the compromised device does not have administrative privileges, WinSCP portable is used to exfiltrate victim data. Although this tactic has only been observed recently, it has been highly effective and resulted in multiple compromises. Similar to their phishing emails posing as a company with a subscription, once SRG exfiltrates data, they extort the victim by sending them a ransom email threatening to sell or post the data online. SRG will also call employees at a victim company to pressure them into engaging in ransom negotiations. SRG has developed a publicly available site to post victim data, however, they are inconsistent in their use of the site, and do not always follow through on posting victim data.

Governmental Best Practices Report on AI Data Security

U.S., UK, Australian and New Zealand government cybersecurity related agencies have recently released a joint report titled, “AI Data Security Best Practices for Securing Data Used to Train & Operate AI Systems.”  The report provides advice for addressing potential threats to AI data security.  Notably, for the U.S., the report provides minimum security standards that may be applicable in subsequent litigation and important in drafting contracts concerning AI use and adoption.  The report states:

Data security is of paramount importance when developing and operating AI systems. As organizations in various sectors rely more and more on AI-driven outcomes, data security becomes crucial for maintaining accuracy, reliability, and integrity. The guidance provided in this CSI outlines a robust approach to securing AI data and addressing the risks associated with the data supply chain, malicious data, and data drift. Data security is an ever-evolving field, and continuous vigilance and adaptation are key to staying ahead of emerging threats and vulnerabilities. The best practices presented here encourage the highest standards of data security in AI while helping ensure the accuracy and integrity of AI-driven outcomes. By adopting these best practices and risk mitigation strategies, organizations can fortify their AI systems against potential threats and safeguard sensitive, proprietary, and mission critical data used in the development and operation of their AI systems.

U.S. Department of Homeland Security Revokes Harvard's Ability to Enroll Foreign Students

The U.S. Department of Homeland Security press release states:

Harvard University Loses Student and Exchange Visitor Program Certification for Pro-Terrorist Conduct

Harvard is being held accountable for collaboration with the CCP, fostering violence, antisemitism, and pro-terrorist conduct from students on its campus.

WASHINGTON – Today, Homeland Security Secretary Kristi Noem ordered DHS to terminate the Harvard University’s Student and Exchange Visitor Program (SEVP) certification.

This means Harvard can no longer enroll foreign students and existing foreign students must transfer or lose their legal status.

Harvard’s leadership has created an unsafe campus environment by permitting anti-American, pro-terrorist agitators to harass and physically assault individuals, including many Jewish students, and otherwise obstruct its once-venerable learning environment. Many of these agitators are foreign students. Harvard’s leadership further facilitated, and engaged in coordinated activity with the CCP, including hosting and training members of a CCP paramilitary group complicit in the Uyghur genocide.

“This administration is holding Harvard accountable for fostering violence, antisemitism, and coordinating with the Chinese Communist Party on its campus,” said Secretary Noem. “It is a privilege, not a right, for universities to enroll foreign students and benefit from their higher tuition payments to help pad their multibillion-dollar endowments. Harvard had plenty of opportunity to do the right thing. It refused. They have lost their Student and Exchange Visitor Program certification as a result of their failure to adhere to the law. Let this serve as a warning to all universities and academic institutions across the country.”

On April 16, 2025, Secretary Noem demanded Harvard provide information about the criminality and misconduct of foreign students on its campus. Secretary Noem warned refusal to comply with this lawful order would result in SEVP termination.

This action comes after DHS terminated $2.7 million in DHS grants for Harvard last month.

Harvard University brazenly refused to provide the required information requested and ignored a follow up request from the Department’s Office of General Council. Secretary Noem is following through on her promise to protect students and prohibit terrorist sympathizers from receiving benefits from the U.S. government.

Facts about Harvard’s toxic campus climate:

• A joint-government task force found that Harvard has failed to confront pervasive race discrimination and anti-Semitic harassment plaguing its campus.
• Jewish students on campus were subject to pervasive insults, physical assault, and intimidation, with no meaningful response from Harvard’s leadership.
• A protester charged for his role in the assault of a Jewish student on campus was chosen by the Harvard Divinity School to be the Class Marshal for commencement.
• Harvard’s own 2025 internal study on anti-Semitism revealed that almost 60% of Jewish students reported experiencing “discrimination, stereotyping, or negative bias on campus due to [their] views on current events.”
• In one instance, a Jewish student speaker at a conference had planned to tell the story of his Holocaust survivor grandfather finding refuge in Israel. Organizers told the student the story was not “tasteful” and laughed at him when he expressed his confusion. They said the story would have justified oppression.
• Meanwhile, Pro-Hamas student groups that promoted antisemitism after the October 7 attacks remained recognized and funded.

Instead of protecting its students, Harvard has let crime rates skyrocket, enacted racist DEI practices, and accepted boatloads of cash from foreign governments and donors.

• Crime rates at Harvard increased by 55% from 2022 to 2023.

o   From 2022 to 2023 aggravated assaults increased 295% and robberies increased 560%

• Harvard has adopted race-conscious hiring policies, potentially in violation of civil rights law.
• Harvard Received $151 Million From Foreign Governments Since January 2020 — making up more than 13 percent of the total $1.1 billion received from foreign donors over the same period.
• Harvard hosted and trained members of the Xinjiang Production and Construction Corps (XPCC), a CCP paramilitary group complicit in the Uyghur genocide, even after its 2020 designation on the U.S. Treasury’s Specially Designated Nationals List, with engagements continuing as recently as 2024.
• Harvard researchers collaborated with China-based academics on projects funded by an Iranian government agent and partnered with Chinese universities tied to military advancements, including aerospace and optics research, using U.S. Department of Defense funds.
• Harvard partnered with individuals linked to China’s defense-industrial base, including conducting robotics research with military applications.

U.S. Budget: Artificial Intelligence and University Endowments

The U.S. budget reconciliation bill is moving through the U.S. Congress.  One part getting attention concerns artificial intelligence.  First, subsections (a) and (b) provide for funding to upgrade the federal information technology system with artificial intelligence.  Importantly, the funding should provide better cybersecurity protection for federal information technology systems.  Second, subsection (c) seems to provide a ban on enforcement of state or local regulation of artificial intelligence.  A draft of the proposed section is below.

PART 2—ARTIFICIAL INTELLIGENCE AND INFORMATION TECHNOLOGY MODERNIZATION

Section 43201. Artificial intelligence and information technology modernization initiative.

Subsection (a) would appropriate $500,000,000 to the Department of Commerce for fiscal year 2025, to remain available through September 30, 2035, for the purpose of modernizing and securing federal information technology systems through the deployment of commercial artificial intelligence, automation technologies, and the replacement of antiquated business systems.

Subsection (b) states that the Secretary of Commerce shall use these funds to support the replacement and modernization of legacy business systems with state-of-the-art commercial artificial intelligence systems and automated decision systems, the adoption of artificial intelligence models that increase operational efficiency and service delivery, and improve the cybersecurity posture of Federal information technology systems through modernized architecture, automated threat detection, and integrated artificial intelligence solutions.

Subsection (c) states that no state or political subdivision may enforce any law or regulation regulating artificial intelligence models, artificial intelligence systems, or automated decision systems during the 10-year period beginning on the date of the enactment of this Act.

Subsection (d) provides definitions for key terms used in the Act, including “artificial intelligence”, “artificial intelligence model”, “artificial intelligence system”, and “automated decision system”.

The House Ways and Means Committee has a list of other parts of the proposed budget bill of interest, including taxation of university endowments:

• Holds woke, elite universities that operate more like major corporations and other tax-exempt entities accountable, ensuring they can no longer abuse generous benefits provided through the tax code.
• Increases the university endowment tax and subjects the largest endowments to the corporate tax rate.
• Increases tax on massive non-profits that resemble hedge funds and pay their employees huge salaries.

The National Conference of State Legislatures states: “[This a]dds to the current 1.4% excise tax on net investment income from private universities endowments that are greater than $500,000 per student. The new tax rate is based on a tiered, student-adjusted system. Universities with per-student endowments above $2,000,000 are taxed at a 21% rate, between $1,250,000 and $1,999,999 at 14%, and between $750,000 and $1,249,999 at 7%.” 

Reducing Anticompetitive U.S. Regulations Process Continues

The U.S. Federal Trade Commission (FTC) and the U.S. Department of Justice Antitrust are continuing their work to address anticompetitive regulations across the U.S. government.  The FTC press release states:

Today, the Federal Trade Commission and the Department of Justice Antitrust Division issued a joint letter directing the heads of agencies across the federal government to create a list of anticompetitive regulations that reduce competition, entrepreneurship, and innovation.

FTC Chairman Andrew N. Ferguson and Assistant Attorney General Abigail Slater of the DOJ’s Antitrust Division issued the letter, which advances President Trump’s Executive Order on Reducing Anticompetitive Regulatory Barriers.

The Executive Order directs all agency heads to provide a list identifying anticompetitive regulations within their agency’s rulemaking authority to the FTC and DOJ. Along with each regulation identified, the agency must include a recommendation for deletion; a recommendation for specific modifications; or a justification for the potential anticompetitive effects.

The joint letter follows a recent Request for Information launched by the FTC inviting members of the public to comment on how federal regulations can harm competition in the American economy.

Following public feedback and the lists of anticompetitive regulations from agency heads, the FTC and DOJ will provide the Director of the Office of Management and Budget a consolidated list of regulations that should be rescinded or modified, along with recommended modifications.

Steve Blank Sounds Warning for U.S. Academic Research Decline

The very talented Steve Blank has laid out a case for why U.S. academic research is in serious trouble based on recent U.S. policy changes.  As he states, once you lose your advantage it's unlikely to be regained.  My guess is that there's a certain point at which the lead is lost and is too difficult to regain.  A March 2025 Nature article reports on a poll which indicates that of 1,600 scientists surveyed around 75% are contemplating moving with Canada or Europe as top destinations. I wonder what unintended consequences--particularly those that are beneficial for the United States--may exist in distributing U.S. researchers around the world. Could they be lured back in three years and seven months?  And, what could be some unintended negative consequences?  Do we really want to lose our best researchers during a military build-up around the world?  Gee whiz, it seems like almost everything is a national security issue and all technology is dual use.  Steve Blank's blog post is available, here.