syndication – Page 9

Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying

Biz & IT, botnet, russian hacking, Security, syndication / Mike M. / May 24, 2025

The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments.

The US Department of Justice today announced criminal charges today against 16 individuals law enforcement authorities have linked to a malware operation known as DanaBot, which according to a complaint infected at least 300,000 machines around the world. The DOJ’s announcement of the charges describes the group as “Russia-based,” and names two of the suspects, Aleksandr Stepanov and Artem Aleksandrovich Kalinkin, as living in Novosibirsk, Russia. Five other suspects are named in the indictment, while another nine are identified only by their pseudonyms. In addition to those charges, the Justice Department says the Defense Criminal Investigative Service (DCIS)—a criminal investigation arm of the Department of Defense—carried out seizures of DanaBot infrastructure around the world, including in the US.

Aside from alleging how DanaBot was used in for-profit criminal hacking, the indictment also makes a rarer claim—it describes how a second variant of the malware it says was used in espionage against military, government, and NGO targets. “Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses,” US attorney Bill Essayli wrote in a statement.

Since 2018, DanaBot—described in the criminal complaint as “incredibly invasive malware”—has infected millions of computers around the world, initially as a banking trojan designed to steal directly from those PCs’ owners with modular features designed for credit card and cryptocurrency theft. Because its creators allegedly sold it in an “affiliate” model that made it available to other hacker groups for $3,000 to $4,000 a month, however, it was soon used as a tool to install different forms of malware in a broad array of operations, including ransomware. Its targets, too, quickly spread from initial victims in Ukraine, Poland, Italy, Germany, Austria, and Australia to US and Canadian financial institutions, according to an analysis of the operation by cybersecurity firm Crowdstrike.

Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying Read More »

Authorities carry out global takedown of infostealer used by cybercriminals

Biz & IT, CISA, infostealer, infostealers, Security, syndication / 9u50fv / May 22, 2025

Authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma.

A consortium of global law enforcement agencies and tech companies announced on Wednesday that they have disrupted the infostealer malware known as Lumma. One of the most popular infostealers worldwide, Lumma has been used by hundreds of what Microsoft calls “cyber threat actors” to steal passwords, credit card and banking information, and cryptocurrency wallet details. The tool, which officials say is developed in Russia, has provided cybercriminals with the information and credentials they needed to drain bank accounts, disrupt services, and carry out data extortion attacks against schools, among other things.

Microsoft’s Digital Crimes Unit (DCU) obtained an order from a United States district court last week to seize and take down about 2,300 domains underpinning Lumma’s infrastructure. At the same time, the US Department of Justice seized Lumma’s command and control infrastructure and disrupted cybercriminal marketplaces that sold the Lumma malware. All of this was coordinated, too, with the disruption of regional Lumma infrastructure by Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center.

Microsoft lawyers wrote on Wednesday that Lumma, which is also known as LummaC2, has spread so broadly because it is “easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses.” Steven Masada, assistant general counsel at Microsoft’s DCU, says in a blog post that Lumma is a “go-to tool,” including for the notorious Scattered Spider cybercriminal gang. Attackers distribute the malware using targeted phishing attacks that typically impersonate established companies and services, like Microsoft itself, to trick victims.

“In 2025, probably following Redline’s disruption and Lumma’s own development, it has ranked as the most active module, indicating its growing popularity and widespread adoption among cybercriminals,” says Victoria Kivilevich, director of threat research at security firm Kela.

Microsoft says that more than 394,000 Windows computers were infected with the Lumma malware between March 16 and May 16 this year. And Lumma was mentioned in more than 21,000 listings on cybercrime forums in the spring of 2024, according to figures cited in a notice published today by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). The malware has been spotted bundled in fake AI video generators, fake “deepfake” generation websites, and distributed by fake CAPTCHA pages.

Law enforcement’s collaboration with Microsoft’s DCU and other tech companies like Cloudflare focused on disrupting Lumma’s infrastructure in multiple ways, so its developers could not simply hire new providers or create parallel systems to rebuild.

“Cloudflare’s role in the disruption included blocking the command and control server domains, Lumma’s Marketplace domains, and banning the accounts that were used to configure the domains,” the company wrote in a blog post on Wednesday. “Microsoft coordinated the takedown of Lumma’s domains with multiple relevant registries in order to ensure that the criminals could not simply change the name servers and recover their control.”

While infostealing malware has been around for years, its use by cybercriminals and nation-state hackers has surged since 2020. Typically, infostealers find their way onto people’s computers through downloads of pirated software or through targeted phishing attacks that impersonate established companies and services, like Microsoft itself, to trick victims. Once on a computer it is able to grab sensitive information—such as usernames and passwords, financial information, browser extensions, multifactor authentication details and more—and send it back to the malware’s operators.

Some infostealer operators bundle and sell this stolen data. But increasingly the compromised details have acted as a gateway for hackers to launch further attacks, providing them with the details needed to access online accounts and the networks of multi-billion dollar corporations.

“It’s clear that infostealers have become more than just grab-and-go malware,” says Patrick Wardle, CEO of the Apple device-focused security firm DoubleYou. “In many campaigns they really act as the first stage, collecting credentials, access tokens, and other foothold-enabling data, which is then used to launch more traditional, high-impact attacks such as lateral movement, espionage, or ransomware.”

The Lumma infostealer first emerged on Russian-language cybercrime forums in 2022, according to the FBI and CISA. Since then its developers have upgraded its capabilities and released multiple different versions of the software.

Since 2023, for example, they have been working to integrate AI into the malware platform, according to findings from the security firm Trellix. Attackers want to add these capabilities to automate some of the work involved in cleaning up the massive amounts of raw data collected by infostealers, including identifying and separating “bot” accounts that are less valuable for most attackers.

One administrator of Lumma told 404Media and WIRED last year that they encouraged both seasoned hackers and new cybercriminals to use their software. “This brings us good income,” the administrator said, referring to the resale of stolen login data.

Microsoft says that the main developer behind Lumma goes by the online handle “Shamel” and is based in Russia.

“Shamel markets different tiers of service for Lumma via Telegram and other Russian-language chat forums,” Microsoft’s Masada wrote on Wednesday. “Depending on what service a cybercriminal purchases, they can create their own versions of the malware, add tools to conceal and distribute it, and track stolen information through an online portal.”

Kela’s Kivilevich says that in the days leading up to the takedown, some cybercriminals started to complain on forums that there had been problems with Lumma. They even speculated that the malware platform had been targeted in a law enforcement operation.

“Based on what we see, there is a wide range of cybercriminals admitting they are using Lumma, such as actors involved in credit card fraud, initial access sales, cryptocurrency theft, and more,” Kivilevich says.

Among other tools, the Scattered Spider hacking group—which has attacked Caesars Entertainment, MGM Resorts International, and other victims—has been spotted using the Lumma stealer. Meanwhile, according to a report from TechCrunch, the Lumma malware was allegedly used in the build-up to the December 2024 hack of education tech firm PowerSchool, in which more than 70 million records were stolen.

“We’re now seeing infostealers not just evolve technically, but also play a more central role operationally,” says DoubleYou’s Wardle. “Even nation-state actors are developing and deploying them.”

Ian Gray, director of analysis and research at the security firm Flashpoint, says that while infostealers are only one tool that cybercriminals will use, their prevalence may make it easier for cybercriminals to hide their tracks. “Even advanced threat actor groups are leveraging infostealer logs, or they risk burning sophisticated tactics, techniques, and procedures (TTPs),” Gray says.

Lumma isn’t the first infostealer to be targeted by law enforcement. In October last year, the Dutch National Police, along with international partners, took down the infrastructure linked to the RedLine and MetaStealer malware, and the US Department of Justice unsealed charges against Maxim Rudometov, one of the alleged developers and administrators of the RedLine infostealer.

Despite the international crackdown, infostealers have proven too useful and effective for attackers to abandon. As Flashpoint’s Gray puts it, “Even if the landscape ultimately shifts due to the evolution of defenses, the growing prominence of infostealers over the past few years suggests they are likely here to stay for the foreseeable future. Usage of them has exploded.”

This story originally appeared at wired.com.

Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture.

Authorities carry out global takedown of infostealer used by cybercriminals Read More »

Paris Agreement target won’t protect polar ice sheets, scientists warn

paris agreement, Science, syndication / 9u50fv / May 21, 2025

“I think we’ve known for a long time that we’re interfering with the climate system in a very dangerous way,” he said. “And one of the points of our paper is to demonstrate that one part of the climate system, the ice sheets, are showing some very disturbing signals right now.”

Some of the most vulnerable places are far from any melting ice sheets, including Belize City, home to about 65,000 people, where just 3 feet of sea level rise would swamp 500 square miles of land.

In some low-lying tropical regions around the equator, sea level is rising three times as fast as the global average. That’s because the water is expanding as it warms, and as the ice sheets melt, their gravitational pull is reduced, allowing more water to flow away from the poles toward the equator.

“At low latitudes, it goes up more than the average,” Bamber said. “It’s bad news for places like Bangladesh, India, Vietnam, and the Nile Delta.”

Global policymakers need to be more aware of the effects of a 1.5° C temperature increase, Ambassador Carlos Fuller, long-time climate negotiator for Belize, said of the new study.

Belize already moved its capital inland, but its largest city will be inundated at just 1 meter of sea-level rise, he said.

“Findings such as these only sharpen the need to remain within the 1.5° Paris Agreement limit, or as close as possible, so we can return to lower temperatures and protect our coastal cities,” Fuller said.

While the new study is focused on ice sheets, Durham University’s Stokes notes that recent research shows other parts of the Earth system are already at, or very near, tipping points that are irreversible on a timescale relevant to human civilizations. That includes changes to freshwater systems and ocean acidification.

“I think somebody used the analogy that it’s like you’re wandering around in a dark room,” he said. “You know there’s a monster there, but you don’t know when you’re going to encounter it. It’s a little bit like that with these tipping points. We don’t know exactly where they are. We may have even crossed them, and we do know that we will hit them if we keep warming.”

Paris Agreement target won’t protect polar ice sheets, scientists warn Read More »

How 3D printing is personalizing health care

3D printing, prosthetics, Science, syndication / Kelly Newman / May 21, 2025

Prosthetics are becoming increasing affordable and accessible thanks to 3D printers.

Three-dimensional printing is transforming medical care, letting the health care field shift from mass-produced solutions to customized treatments tailored to each patient’s needs. For instance, researchers are developing 3D-printed prosthetic hands specifically designed for children, made with lightweight materials and adaptable control systems.

These continuing advancements in 3D-printed prosthetics demonstrate their increasing affordability and accessibility. Success stories like this one in personalized prosthetics highlight the benefits of 3D printing, in which a model of an object produced with computer-aided design software is transferred to a 3D printer and constructed layer by layer.

We are a biomedical engineer and a chemist who work with 3D printing. We study how this rapidly evolving technology provides new options not just for prosthetics but for implants, surgical planning, drug manufacturing, and other health care needs. The ability of 3D printing to make precisely shaped objects in a wide range of materials has led to, for example, custom replacement joints and custom-dosage, multidrug pills.

Better body parts

Three-dimensional printing in health care started in the 1980s with scientists using technologies such as stereolithography to create prototypes layer by layer. Stereolithography uses a computer-controlled laser beam to solidify a liquid material into specific 3D shapes. The medical field quickly saw the potential of this technology to create implants and prosthetics designed specifically for each patient.

One of the first applications was creating tissue scaffolds, which are structures that support cell growth. Researchers at Boston Children’s Hospital combined these scaffolds with patients’ own cells to build replacement bladders. The patients remained healthy for years after receiving their implants, demonstrating that 3D-printed structures could become durable body parts.

As technology progressed, the focus shifted to bioprinting, which uses living cells to create working anatomical structures. In 2013, Organovo created the world’s first 3D-bioprinted liver tissue, opening up exciting possibilities for creating organs and tissues for transplantation. But while significant advances have been made in bioprinting, creating full, functional organs such as livers for transplantation remains experimental. Current research focuses on developing smaller, simpler tissues and refining bioprinting techniques to improve cell viability and functionality. These efforts aim to bridge the gap between laboratory success and clinical application, with the ultimate goal of providing viable organ replacements for patients in need.

Three-dimensional printing already has revolutionized the creation of prosthetics. It allows prosthetics makers to produce affordable custom-made devices that fit the patient perfectly. They can tailor prosthetic hands and limbs to each individual and easily replace them as a child grows.

Three-dimensionally printed implants, such as hip replacements and spine implants, offer a more precise fit, which can improve how well they integrate with the body. Traditional implants often come only in standard shapes and sizes.

Some patients have received custom titanium facial implants after accidents. Others had portions of their skulls replaced with 3D-printed implants.

Additionally, 3D printing is making significant strides in dentistry. Companies such as Invisalign use 3D printing to create custom-fit aligners for teeth straightening, demonstrating the ability to personalize dental care.

Scientists are also exploring new materials for 3D printing, such as self-healing bioglass that might replace damaged cartilage. Moreover, researchers are developing 4D printing, which creates objects that can change shape over time, potentially leading to medical devices that can adapt to the body’s needs.

For example, researchers are working on 3D-printed stents that can respond to changes in blood flow. These stents are designed to expand or contract as needed, reducing the risk of blockage and improving long-term patient outcomes.

Simulating surgeries

Three-dimensionally printed anatomical models often help surgeons understand complex cases and improve surgical outcomes. These models, created from medical images such as X-rays and CT scans, allow surgeons to practice procedures before operating.

For instance, a 3D-printed model of a child’s heart enables surgeons to simulate complex surgeries. This approach can lead to shorter operating times, fewer complications, and lower costs.

Personalized pharmaceuticals

In the pharmaceutical industry, drugmakers can three-dimensionally print personalized drug dosages and delivery systems. The ability to precisely layer each component of a drug means that they can make medicines with the exact dose needed for each patient. The 3D-printed anti-epileptic drug Spritam was approved by the Food and Drug Administration in 2015 to deliver very high dosages of its active ingredient.

Drug production systems that use 3D printing are finding homes outside pharmaceutical factories. The drugs potentially can be made and delivered by community pharmacies. Hospitals are starting to use 3D printing to make medicine on-site, allowing for personalized treatment plans based on factors such as the patient’s age and health.

However, it’s important to note that regulations for 3D-printed drugs are still being developed. One concern is that postprinting processing may affect the stability of drug ingredients. It’s also important to establish clear guidelines and decide where 3D printing should take place – whether in pharmacies, hospitals or even at home. Additionally, pharmacists will need rigorous training in these new systems.

Printing for the future

Despite the extraordinarily rapid progress overall in 3D printing for health care, major challenges and opportunities remain. Among them is the need to develop better ways to ensure the quality and safety of 3D-printed medical products. Affordability and accessibility also remain significant concerns. Long-term safety concerns regarding implant materials, such as potential biocompatibility issues and the release of nanoparticles, require rigorous testing and validation.

While 3D printing has the potential to reduce manufacturing costs, the initial investment in equipment and materials can be a barrier for many health care providers and patients, especially in underserved communities. Furthermore, the lack of standardized workflows and trained personnel can limit the widespread adoption of 3D printing in clinical settings, hindering access for those who could benefit most.

On the bright side, artificial intelligence techniques that can effectively leverage vast amounts of highly detailed medical data are likely to prove critical in developing improved 3D-printed medical products. Specifically, AI algorithms can analyze patient-specific data to optimize the design and fabrication of 3D-printed implants and prosthetics. For instance, implant makers can use AI-driven image analysis to create highly accurate 3D models from CT scans and MRIs that they can use to design customized implants.

Furthermore, machine learning algorithms can predict the long-term performance and potential failure points of 3D-printed prosthetics, allowing prosthetics designers to optimize for improved durability and patient safety.

Three-dimensional printing continues to break boundaries, including the boundary of the body itself. Researchers at the California Institute of Technology have developed a technique that uses ultrasound to turn a liquid injected into the body into a gel in 3D shapes. The method could be used one day for delivering drugs or replacing tissue.

Overall, the field is moving quickly toward personalized treatment plans that are closely adapted to each patient’s unique needs and preferences, made possible by the precision and flexibility of 3D printing.

Anne Schmitz, Associate Professor of Engineering, University of Wisconsin-Stout and Daniel Freedman, Dean of the College of Science, Technology, Engineering, Mathematics & Management, University of Wisconsin-Stout. This article is republished from The Conversation under a Creative Commons license. Read the original article.

The Conversation is an independent source of news and views, sourced from the academic and research community. Our team of editors work with these experts to share their knowledge with the wider public. Our aim is to allow for better understanding of current affairs and complex issues, and hopefully improve the quality of public discourse on them.

How 3D printing is personalizing health care Read More »

Trump has “a little problem” with Apple’s plan to ship iPhones from India

Apple, india, IPhone, Policy, syndication, tariffs, Trump / Kelly Newman / May 15, 2025

Analysts estimate it would cost tens of billions of dollars and take years for Apple to increase iPhone manufacturing in the US, where it at present makes only a very limited number of products.

US Commerce Secretary Howard Lutnick said last month that Cook had told him the US would need “robotic arms” to replicate the “scale and precision” of iPhone manufacturing in China.

“He’s going to build it here,” Lutnick told CNBC. “And Americans are going to be the technicians who drive those factories. They’re not going to be the ones screwing it in.”

Lutnick added that his previous comments that an “army of millions and millions of human beings screwing in little screws to make iPhones—that kind of thing is going to come to America” had been taken out of context.

“Americans are going to work in factories just like this on great, high-paying jobs,” he added.

For Narendra Modi’s government, the shift by some Apple suppliers into India is the highest-profile success of a drive to boost local manufacturing and attract companies seeking to diversify away from China.

Mobile phones are now one of India’s top exports, with the country selling more than $7 billion worth of them to the US in the 2024-25 financial year, up from $4.7 billion the previous year. The majority of these were iPhones, which Apple’s suppliers Foxconn and Tata Electronics make at plants in southern India’s Tamil Nadu and Karnataka states.

Modi and Trump are ideologically aligned and personally friendly, but India’s high tariffs are a point of friction and Washington has threatened to hit it with a 26 percent tariff.

India and the US—its biggest trading partner—are negotiating a bilateral trade agreement, the first tranche of which they say they will be agreed by autumn.

“India’s one of the highest-tariff nations in the world, it’s very hard to sell into India,” Trump also said in Qatar on Thursday. “They’ve offered us a deal where basically they’re willing to literally charge us no tariff… they’re the highest and now they’re saying no tariff.”

Trump has “a little problem” with Apple’s plan to ship iPhones from India Read More »

Incorporated in US: $8.4B money launderer for Chinese-speaking crypto scammers

crypto scams, Cryptocurrency, investment scams, Security, syndication, Xinbi Guarantee / Beth Washington / May 14, 2025

Before crackdown, this was one of the ‘Net’s biggest markets for Chinese-speaking scammers.

As the underground industry of crypto investment scams has grown into one of the world’s most lucrative forms of cybercrime, the secondary market of money launderers for those scammers has grown to match it. Amid that black market, one such Chinese-language service on the messaging platform Telegram blossomed into an all-purpose underground bazaar: It has offered not only cash-out services to scammers but also money laundering for North Korean hackers, stolen data, targeted harassment-for-hire, and even what appears to be sex trafficking. And somehow, it’s all overseen by a company legally registered in the United States.

According to new research released today by crypto-tracing firm Elliptic, a company called Xinbi Guarantee has since 2022 facilitated no less than $8.4 billion in transactions via its Telegram-based marketplace prior to Telegram’s actions in recent days to remove its accounts from the platform. Money stolen from scam victims likely represents the “vast majority” of that sum, according to Elliptic’s cofounder Tom Robinson. Yet even as the market serves Chinese-speaking scammers, it also boasts on the top of its website—in Mandarin—that it’s registered in Colorado.

“Xinbi Guarantee has served as a giant, purportedly US-incorporated illicit online marketplace for online scams that primarily offers money laundering services,” says Robinson. He adds, though, that Elliptic has also found a remarkable variety of other criminal offerings on the market: child-bearing surrogacy and egg donors, harassment services that offer to threaten or throw feces at any chosen victim, and even sex workers in their teens who are likely trafficking victims.

Xinbi Guarantee is the second such crime-friendly Chinese-language market that Robinson and his team of researchers have uncovered over the past year. Last July, they published a report on Huione Guarantee, a similar Cambodia-based service that Elliptic said in January had facilitated $24 billion in transactions—largely from crypto scammers—making it the biggest illicit online marketplace in history by Elliptic’s accounting. That market’s parent company, Huione Group, was added to a list of known money laundering operations by the US Treasury’s Financial Crimes Enforcement Network earlier this month in an attempt to limit its access to US financial institutions.

Telegram bans

After WIRED reached out to Telegram last week about the illicit activity taking place on Xinbi Guarantee’s and Huione Guarantee’s channels on its messaging platform, Telegram appears to have responded Monday by banning many of the central channels and administrator accounts used by both Xinbi Guarantee and Huione Guarantee. “Criminal activities like scamming or money laundering are forbidden by Telegram’s terms of service and are always removed whenever discovered,” Telegram spokesperson Remi Vaughn wrote to WIRED in a statement. “Communities previously reported to us by WIRED or included in reports published by Elliptic have all been taken down.”

Telegram had banned several of Huione Guarantee’s channels in February following an earlier Elliptic report on the marketplace, but Huione Guarantee quickly re-created them, and it’s not clear whether the new removals will prevent the two companies from rebuilding their presence on Telegram again, perhaps with new accounts or even new branding. “These are very lucrative businesses, and they’ll attempt to rebuild in some way,” Robinson said of the two marketplaces following Telegram’s latest purge.

Elliptic’s accounting of the total lifetime revenue of the biggest online black markets.Courtesy of Elliptic

Xinbi Guarantee didn’t respond to multiple requests for comment on Elliptic’s findings that WIRED sent to the market’s administrators on Telegram.

Like Huione Guarantee, Xinbi Guarantee has offered a similar “guarantee” model of enabling third-party vendors to offer services by requiring a deposit from them to prevent fraud. Yet it’s flown under the radar, even as it grew into one of the biggest hubs for crypto crime on the Internet. In terms of scale of transactions prior to Telegram’s crackdown, it was second only to Huione’s market, according to Elliptic.

Both services “offer a window into the China-based underground banking network,” Robinson says. “It’s another example of these huge Chinese-language ‘guaranteed’ marketplaces that have thrived for years.”

On Xinbi Guarantee, Elliptic found numerous posts from vendors offering to accept funds related to “quick kills,” “slow kills,” and “pig butchering” transactions, all different terms for crypto investment scams and other forms of fraud. In some cases, Robinson explains, these Xinbi Guarantee vendors offer bank accounts in the same country as the victim so that they can receive whatever payment they’re tricked into making, then pay the scammer in the cryptocurrency Tether. In other cases, the Xinbi Guarantee merchants offer to receive cryptocurrency payments and cash them out in the scammer’s local currency, such as Chinese renminbi.

Not just money laundering

Aside from Xinbi Guarantee’s central use as a cash-out point for crypto scammers, Elliptic also found that the market’s vendors offered other wares for scammers such as stolen data that could be used for finding victims, as well as services for registering SIM cards and Starlink Internet subscriptions through proxies.

North Korean state-sponsored cybercriminals also appear to have used the platform for money laundering. Elliptic found through blockchain analysis, for instance, that about $220,000 stolen from the Indian cryptocurrency exchange WazirX—the victim of a $235 million theft in July 2024, widely attributed to North Korean hackers—had flowed into Xinbi Guarantee in a series of transactions in November.

Those money-laundering and scam-enabling services, however, are far from the only shady offerings found on Xinbi Guarantee’s market. Elliptic also found listings for surrogate mothers and egg donors, with one post showing faceless pictures of the donor’s body. Other accounts have offered services that will, for a payment in Tether, place a funeral wreath at a target’s door, deface their home with graffiti, post damaging statements around their home, have someone verbally threaten them, throw feces at them, or even, most bizarrely, surround their home with AIDS patients. One posting suggested these AIDS patients would carry “case reports and needles for intimidation.”

Other listings have offered sex workers as young as 18 years old, noting the specific sex acts that are allowed and forbidden. Elliptic says that one of its researchers was even offered a 14-year-old by a Xinbi Guarantee merchant. (The account holder noted, however, that no transaction for sex with someone below the age of 18 would be guaranteed by Xinbi. The legal age of consent in China is 14.)

Exactly why Xinbi Guarantee is legally registered in the US remains a mystery. Its incorporation record on the Colorado Secretary of State’s website shows an address at an office park in the city of Aurora that has no external Xinbi branding. The company appears to have been registered there in August of 2022 by someone named “Mohd Shahrulnizam Bin Abd Manap.” (WIRED connected that name with several people in Malaysia but couldn’t determine which one might be Xinbi Guarantee’s registrant.) The listing is currently marked as “delinquent,” perhaps due to failure to file more recent paperwork to renew it.

For fledgling Chinese companies—legitimate and illegitimate—incorporating in the US is an increasingly common tactic for “projecting legitimacy,” says Jacob Sims, a visiting fellow at Harvard’s Asia Center who focuses on transnational Chinese crime. “If you have a US presence, you can also open US bank accounts,” Sims says. “You could potentially hire staff in the US. You could in theory have more formalized connections to US entities.” But he notes that the registration’s delinquent status may mean Xinbi Guarantee tried to make some sort of inroads in the US in the past but gave up.

While Telegram has served as the chief means of communication for the two markets, the stablecoin cryptocurrency Tether has served as their primary means of payment, Elliptic found. And despite Telegram’s new round of removals of their channels and accounts, Xinbi Guarantee and Huione Guarantee are far from the only companies to use Tether and Telegram to create essentially a new, largely Chinese-language darknet: Elliptic is tracking close to 30 similar marketplaces, Robinson says, though he declined to name others in the midst of the company’s investigations.

Just as Telegram shows new signs of cracking down on that sprawling black market, Tether, too, has the ability to disrupt criminal use of its services. Unlike other more decentralized cryptocurrencies such as Bitcoin, Tether can freeze payments when it identifies bad actors. Yet it’s not clear to what degree Tether has taken measures to stop Chinese-language crypto scammers and others on Xinbi Guarantee and Huione Guarantee from using its currency.

When WIRED wrote to Tether to ask about its role in those black markets, the company responded in a statement that it encourages “firms like Elliptic and other blockchain intelligence providers to share critical data with law enforcement so we can act swiftly and in coordination.”

“We are not passive observers—we are active players in the global fight against financial crime,” the Tether statement continued. “If you’re considering using Tether for illicit purposes, think again: it is the most traceable asset in existence. We will identify you, and we will work to ensure you are brought to justice.”

Despite that promise—and Telegram’s new effort to remove Huione Guarantee and Xinbi Guarantee from its platform—both tools have already been used to facilitate tens of billions of dollars in theft and other black market deals, much of it occurring in plain sight. The two largely illegal and very public markets have been “remarkable for both the scale at which they’re operating and also the brazenness,” says Harvard’s Jacob Sims.

Given that brazenness and the massive criminal fortunes at stake, expect both markets to attempt a revival in some form—and plenty of competitors to try to take their place atop the Chinese-language crypto crime economy.

This story originally appeared on wired.com.

Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture.

Incorporated in US: $8.4B money launderer for Chinese-speaking crypto scammers Read More »

US warns companies around the world to stay away from Huawei chips

Huawei, NVIDIA, syndication, Tech / DJ Henderson / May 14, 2025

President Donald Trump’s administration has taken a tougher stance on Chinese technology advances, warning companies around the world that using artificial intelligence chips made by Huawei could trigger criminal penalties for violating US export controls.

The commerce department issued guidance to clarify that Huawei’s Ascend processors were subject to export controls because they almost certainly contained, or were made with, US technology.

Its Bureau of Industry and Security, which oversees export controls, said on Tuesday it was taking a more stringent approach to foreign AI chips, including “issuing guidance that using Huawei Ascend chips anywhere in the world violates US export controls.”

But people familiar with the matter stressed that the bureau had not issued a new rule, but was making it clear to companies that Huawei chips are likely to have violated a measure that requires hard-to-get licenses to export US technology to the Chinese company.

“The guidance is not a new control, but rather a public confirmation of an interpretation that even the mere use anywhere by anyone of a Huawei-designed advanced computing [integrated circuit] would violate export control rules,” said Kevin Wolf, a veteran export control lawyer at Akin Gump.

The bureau said three Huawei Ascend chips—the 910B, 910C, and 910D—were subject to the regulations, noting that such chips are likely to have been “designed with certain US software or technology or produced with semiconductor manufacturing equipment that is the direct produce of certain US-origin software or technology, or both.”

The guidance comes as the US has become increasingly concerned at the speed at which Huawei has developed advanced chips and other AI hardware.

Huawei has begun delivering AI chip “clusters” to clients in China that it claims outperform leading US AI chipmaker Nvidia’s comparable product on key metrics such as total compute and memory. The system relies on a large number of 910C chips, which individually fall short of Nvidia’s most advanced offering but collectively deliver superior performance to a rival Nvidia cluster product.

US warns companies around the world to stay away from Huawei chips Read More »

Welcome to the age of paranoia as deepfakes and scams abound

AI, Deepfakes, Scams, syndication / Beth Washington / May 13, 2025

AI-driven fraud is leading people to verify every online interaction they have.

These days, when Nicole Yelland receives a meeting request from someone she doesn’t already know, she conducts a multistep background check before deciding whether to accept. Yelland, who works in public relations for a Detroit-based nonprofit, says she’ll run the person’s information through Spokeo, a personal data aggregator that she pays a monthly subscription fee to use. If the contact claims to speak Spanish, Yelland says, she will casually test their ability to understand and translate trickier phrases. If something doesn’t quite seem right, she’ll ask the person to join a Microsoft Teams call—with their camera on.

If Yelland sounds paranoid, that’s because she is. In January, before she started her current nonprofit role, Yelland says, she got roped into an elaborate scam targeting job seekers. “Now, I do the whole verification rigamarole any time someone reaches out to me,” she tells WIRED.

Digital imposter scams aren’t new; messaging platforms, social media sites, and dating apps have long been rife with fakery. In a time when remote work and distributed teams have become commonplace, professional communications channels are no longer safe, either. The same artificial intelligence tools that tech companies promise will boost worker productivity are also making it easier for criminals and fraudsters to construct fake personas in seconds.

On LinkedIn, it can be hard to distinguish a slightly touched-up headshot of a real person from a too-polished, AI-generated facsimile. Deepfake videos are getting so good that longtime email scammers are pivoting to impersonating people on live video calls. According to the US Federal Trade Commission, reports of job and employment related scams nearly tripled from 2020 to 2024, and actual losses from those scams have increased from $90 million to $500 million.

Yelland says the scammers that approached her back in January were impersonating a real company, one with a legitimate product. The “hiring manager” she corresponded with over email also seemed legit, even sharing a slide deck outlining the responsibilities of the role they were advertising. But during the first video interview, Yelland says, the scammers refused to turn their cameras on during a Microsoft Teams meeting and made unusual requests for detailed personal information, including her driver’s license number. Realizing she’d been duped, Yelland slammed her laptop shut.

These kinds of schemes have become so widespread that AI startups have emerged promising to detect other AI-enabled deepfakes, including GetReal Labs and Reality Defender. OpenAI CEO Sam Altman also runs an identity-verification startup called Tools for Humanity, which makes eye-scanning devices that capture a person’s biometric data, create a unique identifier for their identity, and store that information on the blockchain. The whole idea behind it is proving “personhood,” or that someone is a real human. (Lots of people working on blockchain technology say that blockchain is the solution for identity verification.)

But some corporate professionals are turning instead to old-fashioned social engineering techniques to verify every fishy-seeming interaction they have. Welcome to the Age of Paranoia, when someone might ask you to send them an email while you’re mid-conversation on the phone, slide into your Instagram DMs to ensure the LinkedIn message you sent was really from you, or request you text a selfie with a time stamp, proving you are who you claim to be. Some colleagues say they even share code words with each other, so they have a way to ensure they’re not being misled if an encounter feels off.

“What’s funny is, the lo-fi approach works,” says Daniel Goldman, a blockchain software engineer and former startup founder. Goldman says he began changing his own behavior after he heard a prominent figure in the crypto world had been convincingly deepfaked on a video call. “It put the fear of god in me,” he says. Afterward, he warned his family and friends that even if they hear what they believe is his voice or see him on a video call asking for something concrete—like money or an Internet password—they should hang up and email him first before doing anything.

Ken Schumacher, founder of the recruitment verification service Ropes, says he’s worked with hiring managers who ask job candidates rapid-fire questions about the city where they claim to live on their résumé, such as their favorite coffee shops and places to hang out. If the applicant is actually based in that geographic region, Schumacher says, they should be able to respond quickly with accurate details.

Another verification tactic some people use, Schumacher says, is what he calls the “phone camera trick.” If someone suspects the person they’re talking to over video chat is being deceitful, they can ask them to hold up their phone camera to show their laptop. The idea is to verify whether the individual may be running deepfake technology on their computer, obscuring their true identity or surroundings. But it’s safe to say this approach can also be off-putting: Honest job candidates may be hesitant to show off the inside of their homes or offices, or worry a hiring manager is trying to learn details about their personal lives.

“Everyone is on edge and wary of each other now,” Schumacher says.

While turning yourself into a human captcha may be a fairly effective approach to operational security, even the most paranoid admit these checks create an atmosphere of distrust before two parties have even had the chance to really connect. They can also be a huge time suck. “I feel like something’s gotta give,” Yelland says. “I’m wasting so much time at work just trying to figure out if people are real.”

Jessica Eise, an assistant professor studying climate change and social behavior at Indiana University Bloomington, says her research team has been forced to essentially become digital forensics experts due to the amount of fraudsters who respond to ads for paid virtual surveys. (Scammers aren’t as interested in the unpaid surveys, unsurprisingly.) For one of her research projects, which is federally funded, all of the online participants have to be over the age of 18 and living in the US.

“My team would check time stamps for when participants answered emails, and if the timing was suspicious, we could guess they might be in a different time zone,” Eise says. “Then we’d look for other clues we came to recognize, like certain formats of email address or incoherent demographic data.”

Eise says the amount of time her team spent screening people was “exorbitant” and that they’ve now shrunk the size of the cohort for each study and have turned to “snowball sampling,” or recruiting people they know personally to join their studies. The researchers are also handing out more physical flyers to solicit participants in person. “We care a lot about making sure that our data has integrity, that we’re studying who we say we’re trying to study,” she says. “I don’t think there’s an easy solution to this.”

Barring any widespread technical solution, a little common sense can go a long way in spotting bad actors. Yelland shared with me the slide deck that she received as part of the fake job pitch. At first glance, it seemed legit, but when she looked at it again, a few details stood out. The job promised to pay substantially more than the average salary for a similar role in her location and offered unlimited vacation time, generous paid parental leave, and fully covered health care benefits. In today’s job environment, that might have been the biggest tipoff of all that it was a scam.

This story originally appeared on wired.com.

Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture.

Welcome to the age of paranoia as deepfakes and scams abound Read More »

A new era in cancer therapies is at hand

cancer, health, immunotherapy, syndication / DJ Henderson / May 12, 2025

New therapeutic strategies build on the success of immunotherapy.

In 2012, clinicians at the Children’s Hospital of Philadelphia treated Emily Whitehead, a 6-year-old with leukemia, with altered immune cells from her own body. At the time, the treatment was experimental, but it worked: The cells targeted the cancer and eradicated it. Thirteen years later, Whitehead is still cancer-free.

The modified cells, called CAR-T cells, are a form of immunotherapy, where doctors change parts of the immune system into cancer-attacking instruments. About five years after Whitehead’s treatment, the first CAR-T drugs were approved by the FDA and were heralded, along with immunotherapy more broadly, as one of the most promising modern cancer treatments. Today, there are seven FDA-approved CAR-T therapies, including the one used to treat Whitehead.

Since then, however, studies have linked CAR-T to fatal complications due to treatment toxicity, and the treatment has had a harder time addressing certain types of cancers, particularly solid tumors affecting the breast and pancreas, although some small clinical trials have been starting to show positive results for solid cancers. “After a decade, a decade and a half, we arrive at the point that there are patients who answer, most of the patients still do not answer,” said George Calin, a researcher at University of Texas MD Anderson Cancer Center.

Now experts say that new therapies are beginning to surpass challenges that previous treatments couldn’t, providing safer, more targeted delivery directly to tumors. These include drugs that contain radioactive substances, called radiopharmaceuticals, which are used to diagnose or treat cancer; medications that can influence the genes that spur or suppress tumor growth; and therapeutic cancer vaccines.

These approaches have shown promise in the lab, and researchers and companies are now conducting various stages of human clinical trials to explore their effectiveness. And some promising treatments have even gained approval by the Food and Drug Administration. The hope is that improving on these strategies will ultimately help treat even the most resistant types of cancer.

Despite researchers’ excitement for innovative treatments, there is rampant online misinformation and there are occasions in which companies have been found to tout and sell fake cures, said Kathrin Dvir, an oncologist and researcher at Moffitt Cancer Center.

But other scientists remain optimistic about the future of cancer research, Calin said: “All the time in science, you have to open the door with something new.”

Targeting is tough

Historically, one of the biggest challenges in cancer treatments has been the lack of specific targets. The typical standards of care — chemotherapy and radiation — kill off not only cancer cells, but also healthy ones. (This is one reason why cancer patients on these treatments experience hair loss, nausea, and other symptoms.) In recent years, scientists have thus aimed to develop therapies that only attack cancer cells, leaving the rest of the body unharmed.

One way to achieve this is through more precise targeting of the tumor. In one of these approaches, drugs act as a ferry, delivering radioactive molecules directly to the cancer. They do this by targeting proteins that are only present on the surface of specific tumors.

Take, for example, prostate cancer. Here, the cancerous cells are sensitive to radiation, so some researchers are working on drugs containing unstable chemical elements that emit radiation — radioactive isotopes, or radiopharmaceuticals — to facilitate imaging of the tumors and provide enough radiation to treat them.

Already, the field of radiopharmaceuticals has seen growth following successes like the brand name drugs Pluvicto for prostate cancer and Lutathera for neuroendocrine tumors, which reportedly offer improved quality of life compared to traditional treatments. Additionally, using radioisotopes for imaging could also allow researchers to diagnose and classify patients much better to provide personalized care, said Jason Lewis, a radiochemist at Memorial Sloan Kettering Cancer Center. And while radiopharmaceutical therapy can have side effects, he added, it’s “designed to minimize radiation to healthy tissues.”

Other therapies, called antibody-drug conjugates, act similarly: They shuttle molecules that can kill the cancer cells via antibodies that can dock on tumors. About a dozen of such drugs have been approved by the FDA for various types of cancer.

There are also new vaccines to help the immune system ward off cancer, using the key approach behind a type of COVID-19 vaccine — mRNA technology. For example, one of the companies that developed one of the COVID-19 shots, BioNTech, is working on a vaccine called BNT116 designed to elicit immune reactions to treat a type of lung cancer, which is currently recruiting about 150 participants across the world to undergo safety testing.

mRNA therapeutic vaccines for cancer, which use messenger RNA as blueprint material so the body can create proteins that are unique to the tumor to help elicit an immune response, may offer several advantages. The shots can be personalized, for instance, to the patients’ own tumors, said Siow Ming Lee, an oncologist at University College London Hospitals and one of the lead researchers of the trial. Other vaccines are also in the works. “We are in this sort of new era now,” he said.

Another type of genetic molecule could also be a target to help treat cancer. Some RNAs, called microRNAs, can act on genes that are responsible for tumor growth. Researchers like Calin are developing small molecules that bind to cancer-related microRNAs, to turn them off and try to halt the disease’s spread.

With FDA approvals, human clinical trials underway and, with promising preclinical data for many of these therapies, the researchers who spoke to Undark said that the future appears bright. “We’re not just seeing these dramatic improvements in outcomes and survival for patients with some indications, but the quality of life,” Lewis said.

New approaches, new problems

As more of these latest cancer technologies do get approved for treatment, new approaches can bring new problems, experts say. For example, with radiotherapeutics, one big challenge is to source enough radioisotopes for the drugs, and have a specialized workforce to handle radioactivity, said Lewis. For microRNAS, it’s tricky to identify exactly which type to target for a particular cancer, Calin emphasized.

And there are also companies that are trying to capitalize on new, unproven technologies and drugs prematurely. The company ExThera Medical, for instance, has been charging patients tens of thousands of dollars for unproven therapies, according to a recent report by The New York Times.

“All over the world, there are many so-called new therapeutics that are not well-tested and not well-developed,” said Calin. Dvir encounters misinformation at her clinic almost daily, she said. “Maybe some of those have some data in the preclinical, in animal studies — it doesn’t mean that it works on the human because we need data before you expose people to those therapies.”

Although the FDA faces budget cuts, some of the researchers and clinicians that Undark spoke to insist that the agency will weed out bad science. If not, the clinicians that Undark spoke with said that they can also help guide patients toward evidence-based treatments.

Ultimately, researchers want to continue to improve these treatments to see if they might work in tandem. “I think the name of the game in the next five to 10 years is combinations,” said Dvir. Already, there are trials looking at precisely how using different approaches together might boost their ability to treat cancer, she adds. “We know that these drugs work in synergy. It’s just finding the right combination that is effective but not too toxic.”

This article was originally published on Undark. Read the original article.

A new era in cancer therapies is at hand Read More »

Industry groups are not happy about the imminent demise of Energy Star

Energy Star, EPA, Policy, syndication / Mike M. / May 10, 2025

One of Bush’s “points of light”

Energy Star was first established under President George H.W. Bush’s administration in 1992, the year of the Earth Summit in Rio, where nations around the world first joined in a framework convention to address climate change.

That international treaty, at Bush’s urging, relied on voluntary action rather than targets and timetables for reducing greenhouse gas emissions. Back at home, the Energy Star program, too, was a way to encourage, but not force, energy savings.

“It was kind of one of his thousand points of light,” Nadel said. “He didn’t want to do serious things about climate change, but a voluntary program to provide information and let consumers decide fit very nicely into his mindset.”

At first focused just on personal computers, monitors and printers, Energy Star expanded over the years to cover more than 50 home appliances, from heating and air conditioning systems to refrigerators, washers and dryers and lighting. Beginning in 1995, Energy Star certification expanded to include homes and commercial buildings.

A Republican-controlled Congress wrote Energy Star into law in a sprawling 2005 energy bill that President George W. Bush signed. It is not clear that the Trump administration can eliminate the Energy Star program, which is administered by both EPA and the Department of Energy, without a new act of Congress.

In a report to mark the 30th anniversary of Energy Star in 2022, the Biden administration estimated the program had achieved 4 billion metric tons of greenhouse gas reductions by helping consumers make energy-efficient choices. Nadel said the impact in the marketplace is visible, as companies increase the number of product choices that meet Energy Star standards whenever a new standard is adopted by EPA through a public notice and comment process.

The nonprofit Alliance to Save Energy has estimated that the Energy Star program costs the government about $32 million per year, while saving families more than $40 billion in annual energy costs.

Eliminating the program, Nadel said, “is million-wise and billion foolish.”

“It will not serve the American people”

Word of Energy Star’s potential demise began to circulate weeks ago. On March 20, a wide array of manufacturers and industry associations signed on to a letter to Zeldin, urging him to maintain the Energy Star program.

Industry groups are not happy about the imminent demise of Energy Star Read More »

Europe launches program to lure scientists away from the US

European Union, Science, science cuts, syndication, Trump / DJ Henderson / May 9, 2025

At the same time, international interest in working in the United States has declined significantly. During the first quarter of the year, applications from scientists from Canada, China, and Europe to US research centers fell by 13 percent, 39 percent, and 41 percent, respectively.

Against this backdrop, European institutions have intensified their efforts to attract US talent. Aix-Marseille University, in France, recently launched A Safe Place for Science, a program aimed at hosting US researchers dismissed, censored, or limited by Trump’s policies. This project is backed with an investment of approximately €15 million.

Along the same lines, the Max Planck Society in Germany has announced the creation of the Max Planck Transatlantic Program, whose purpose is to establish joint research centers with US institutions. “Outstanding investigators who have to leave the US, we will consider for director positions,” the society’s director Patrick Cramer said in a speech discussing the program.

Spain seeks a leading role

Juan Cruz Cigudosa, Spain’s secretary of state for science, innovation, and universities, has stressed that Spain is also actively involved in attracting global scientific talent, and is prioritizing areas such as quantum biotechnology, artificial intelligence, advanced materials, and semiconductors, as well as anything that strengthens the country’s technological sovereignty.

To achieve this, the government of Pedro Sánchez has strengthened existing programs. The ATRAE program—which aims to entice established researchers into bringing their work to Spain—has been reinforced with €45 million to recruit scientists who are leaders in strategic fields, with a special focus on US experts who feel “looked down upon.” This program is offering additional funding of €200,000 euros per project to those selected from the United States.

Similarly, the Ramón y Cajal program—created 25 years ago to further the careers of young scientists—has increased its funding by 150 percent since 2018, allowing for 500 researchers to be funded per year, of which 30 percent are foreigners.

“We are going to intensify efforts to attract talent from the United States. We want them to come to do the best science possible, free of ideological restrictions. Scientific and technological knowledge make us a better country, because it generates shared prosperity and a vision of the future,” said Cigudosa in a statement to the Spanish international news agency EFE after the announcement of the Choose Europe for Science program.

This story originally appeared on WIRED en Español and has been translated from Spanish.

Europe launches program to lure scientists away from the US Read More »

Trump’s NIH ignored court order, cut research grants anyway

doge, health, NIH, syndication, Trump, whistleblower / DJ Henderson / May 8, 2025

Officials testified that DOGE was directly involved in hundreds of grant terminations.

For more than two months, the Trump administration has been subject to a federal court order stopping it from cutting funding related to gender identity and the provision of gender-affirming care in response to President Donald Trump’s executive orders.

Lawyers for the federal government have repeatedly claimed in court filings that the administration has been complying with the order.

But new whistleblower records submitted in a lawsuit led by the Washington state attorney general appear to contradict the claim.

Nearly two weeks after the court’s preliminary injunction was issued, the National Institutes of Health’s then-acting head, Dr. Matthew J. Memoli, drafted a memo that details how the agency, in response to Trump’s executive orders, cut funding for research grants that “promote or inculcate gender ideology.” An internal spreadsheet of terminated NIH grants also references “gender ideology” and lists the number associated with Trump’s executive order as the reason for the termination of more than a half dozen research grants.

The Washington attorney general’s allegation that the Trump administration violated a court order comes as the country lurches toward a constitutional crisis amid accusations that the executive branch has defied or ignored court orders in several other cases. In the most high-profile case so far, the administration has yet to comply with a federal judge’s order, upheld unanimously by the Supreme Court, requiring it to “facilitate” the return of Kilmar Armando Abrego Garcia, who was mistakenly deported to El Salvador in March.

The records filed in the NIH-related lawsuit last week also reveal for the first time the enormous scope of the administration’s changes to the agency, which has been subject to massive layoffs and research cuts to align it with the president’s political priorities.

Other documents filed in the case raise questions concerning a key claim the administration has made about how it is restructuring federal agencies—that the Department of Government Efficiency has limited authority, acting mostly as an advisory body that consults on what to cut. However, in depositions filed in the case last week, two NIH officials testified that DOGE itself gave directions in hundreds of grant terminations.

The lawsuit offers an unprecedented view into the termination of more than 600 grants at the NIH over the past two months. Many of the canceled grants appear to have focused on subjects that the administration claims are unscientific or that the agency should no longer focus on under new priorities, such as gender identity, vaccine hesitancy, and diversity, equity, and inclusion. Grants related to research in China have also been cut, and climate change projects are under scrutiny.

Andrew G. Nixon, the director of communications for the Department of Health and Human Services, the NIH’s parent agency, told ProPublica in an email that the grant terminations directly followed the president’s executive orders and that the NIH’s actions were based on policy and scientific priorities, not political interference.

“The cuts are essential to refocus NIH on key public health priorities, like the chronic disease epidemic,” he said. Nixon also told ProPublica that its questions related to the lawsuit “solely fit a partisan narrative”; he did not respond to specific questions about the preliminary injunction, the administration’s compliance with the order or the involvement of DOGE in the grant termination process. The White House did not respond to ProPublica’s questions.

Mike Faulk, the deputy communications director for the Washington state attorney general’s office, told ProPublica in an email that the administration “appears to have used DOGE in this instance to keep career NIH officials in the dark about what was happening and why.”

“While claiming to be transparent, DOGE has actively hidden its activities and its true motivations,” he said. “Our office will use every tool we have to uncover the truth about why these grants were terminated.”

Since Trump took office in January, the administration has provided limited insight into why it chose to terminate scientific and medical grants.

That decision-making process has been largely opaque, until now.

Washington fights to overturn grant termination

In February, Washington state—joined by Minnesota, Oregon, Colorado, and three physicians—sued the administration after it threatened to enforce its executive orders by withholding federal research grants from institutions that provided gender-affirming services or promoted “gender ideology.” Within weeks, a federal judge issued an injunction limiting the administration from fully enforcing the orders in the four states that are party to the suit.

The same day as the injunction, however, the NIH terminated a research grant to Seattle Children’s Hospital to develop and study an online education tool designed to reduce the risk of violence, mental health disorders and sexually transmitted infections among transgender youth, according to records filed in the court case. The NIH stated that it was the agency’s policy not to “prioritize” such studies on gender identity.

“Research programs based on gender identity are often unscientific, have little identifiable return on investment, and do nothing to enhance the health of many Americans,” the notice stated, without citing any scientific evidence for its claims. The NIH sent another notice reiterating the termination four days later.

The Washington attorney general’s office requested the termination be withdrawn, citing the injunction. But the administration refused, claiming that it was in compliance as the termination was based on NIH’s own authority and grant policy and was not enforcing any executive order.

The Washington attorney general asked the judge to hold the administration in contempt for violating the injunction. While the request was denied, the court granted an expedited discovery process to better assess whether the administration had breached the injunction. That process would have required the administration to quickly turn over internal documents relating to the termination. In response, the administration reinstated the grant for Seattle Children’s Hospital and declared the discovery process moot, or no longer relevant. However, US District Judge Lauren J. King, who was appointed by former President Joseph Biden, permitted it to continue.

Whistleblower documents reveal sweeping changes at NIH

In recent months, whistleblowers have made the plaintiffs in the lawsuit aware of internal records that more closely connect the grant terminations to the administration’s executive orders.

In an internal spreadsheet of dozens of grants marked for cancellation at an NIH institute, the stated reason for termination for several was “gender ideology (EA 14168),” including the grant to Seattle Children’s Hospital.

The rationale appears to reference Executive Order 14168, which banned using federal funds to “promote gender ideology,” again seeming to conflict with the administration’s stance that the termination was not based on the executive orders. The termination dates of the grants, according to the spreadsheet, were after the injunction went into effect.

Another internal document, which provides extraordinary insight into the administration’s efforts to reshape the NIH, also states the executive order was the impetus for grant terminations.

In the March 11 memo from Memoli, the NIH cataloged all actions that the agency had taken thus far to align with the president’s executive orders. In a section detailing the steps taken to implement the “gender ideology” executive order, one of the 44 actions listed was the termination of active grants.

“NIH is currently reviewing all active grants and supplements to determine if they promote gender ideology and will take action as appropriate,” the memo stated, noting that the process was in progress.

While the administration has said in court filings that it is following the judge’s injunction order, the Washington state attorney general’s office told ProPublica that it disagreed.

“Their claim to have complied with the preliminary injunction is almost laughable,” said Faulk, the office’s deputy communications director. “The Trump administration is playing games with no apparent respect for the rule of law.”

Depositions reveal DOGE links

In depositions conducted last month as part of the lawsuit, the testimony of two NIH officials also raised questions about why the research grants were terminated and how DOGE was involved.

Liza Bundesen, who was the deputy director of the agency’s extramural research office, testified that she first learned of the grant terminations on February 28 from a DOGE team member, Rachel Riley. Bundesen said she was invited into a Microsoft Teams video call, where Riley introduced herself as being part of DOGE and working with the Department of Health and Human Services.

Riley, a former consultant for McKinsey & Co., joined HHS on January 27, according to court filings in a separate lawsuit, and has reportedly served as the DOGE point person at the NIH.

The executive order detailing DOGE’s responsibilities describes the cost-cutting team as advisers that consult agency heads on the termination of contracts and grants. No language in the orders gives the DOGE team members the authority to direct the cancellation of grants or contracts. However, the depositions portray Riley as giving directions on how to conduct the terminations.

“She informed me that a number of grants will need to be terminated,” Bundesen testified, adding that she was told that they needed to be terminated by the end of the day. “I did not ask what, you know, what grants because I just literally was a little bit confused and caught off guard.”

Bundesen said she then received an email from Memoli, the NIH acting director, with a spreadsheet listing the grants that needed to be canceled and a template letter for notifying researchers of the terminations.

“The template had boilerplate language that could then be modified for the different circumstances, the different buckets of grants that were to be terminated,” she said. “The categories were DEI, research in China and transgender or gender ideology.”

Bundesen forwarded the email with the spreadsheet to Michelle Bulls, who directs the agency’s Office of Policy for Extramural Research Administration. Bundesen resigned from the NIH a week later, on March 7, citing “untenable” working conditions.

“I was given directives to implement with very short turnaround times, often close of business or maybe within the next hour,” she testified. “I was not offered the opportunity to provide feedback or really ask for clarification.”

Bulls confirmed in her own deposition that the termination list and letter template originally came from Riley. When Bulls started receiving the lists, she said she did what she was told. “I just followed the directive,” she said. “The language in the letters were provided so I didn’t question.”

Bulls said she didn’t write any of the letters herself and just signed her name to them. She also said she was not aware whether anyone had assessed the grants’ scientific merit or whether they met agency criteria. The grant terminations related to gender identity did not stem from an independent agency policy, she testified, appearing to contradict the administration’s assertion that they were based on the agency’s own authority and grant policy.

As of April 3, Bulls said she had received more than five lists of grants that needed to be terminated, amounting to “somewhere between five hundred and a thousand” grants.

Most grant recipients endure a rigorous vetting process, which can involve multiple stages of peer review before approval, and before this year, Bulls testified that grant terminations at the NIH have historically been rare. There are generally two main types of terminations, she said, for noncompliance or based on mutual agreement. Bulls said that she has been “generally involved in noncompliance discussions” and since she became the director of the office in 2012, there had been fewer than five such terminations.

In addition to the termination letters, Bulls said she relied on the template language provided by Riley to draft guidance to inform the 27 centers and institutes at the NIH what the agency’s new priorities were to help them scrutinize their own research portfolios.

Following the depositions, the Washington state attorney general’s office said that the federal government has refused to respond to its discovery requests. It has filed a motion to compel the government to respond, which is pending.

Riley, Bundesen, Bulls, and Memoli did not reply to ProPublica’s requests for comment.

While the administration did not answer ProPublica’s questions about DOGE and its involvement in the grant terminations, last week in its budget blueprint, it generally justified its proposed cuts at the NIH with claims that the agency had “wasteful spending,” conducted “risky research” and promoted “dangerous ideologies that undermine public health.”

“NIH has grown too big and unfocused,” the White House claimed in its fiscal plan, adding that the agency’s research should “align with the President’s priorities to address chronic disease and other epidemics, implementing all executive orders and eliminating research on climate change, radical gender ideology, and divisive racialism.”

Jeremy Berg, who led the National Institute of General Medical Sciences at the NIH from 2003 to 2011, told ProPublica that the administration’s assessment of the institution was “not fair and not based on any substantial analysis or evidence,” and the proposed cuts “would be absolutely devastating to NIH and to biomedical research in the United States.”

“It is profoundly distressing to see this great institution being reduced to a lawless, politicized organization without much focus on its actual mission,” he said.

Trump’s NIH ignored court order, cut research grants anyway Read More »