Originally reported by Schneier on Security, WIRED Security
TL;DR
Iran's latest internet shutdown reveals a strategic shift toward permanent digital apartheid with "white SIM" privileges for loyalists, while North Korean actors exploit job seekers with malware-laden coding challenges. Meanwhile, congressional Democrats link data broker breaches to nearly $21 billion in identity theft losses.
Iran's implementation of a two-tiered internet system represents a significant escalation in digital repression with global implications, while North Korean job scam campaigns and $21B in data broker-linked losses demonstrate active, high-impact threats.
Iran's latest internet shutdown marks a dangerous evolution in digital repression, moving beyond temporary censorship to implement what researchers call "Internet-e-Tabaqati" - a permanent two-tiered internet system. According to analysis by Bruce Schneier, the regime's January 2026 communications blackout represented the most severe shutdown in the country's history, disabling not just social media but mobile networks, messaging services, and even domestic infrastructure.
The technical architecture reveals the regime's true objective: social control through systematic isolation. Unlike previous shutdowns that preserved Iran's National Information Network (NIN) for essential services, the 2026 blackout targeted local infrastructure to prevent any form of citizen coordination. The state surgically removed social features from remaining services, including comment sections and chat functions in non-political apps.
Central to this system are "white SIM cards" - special mobile lines issued to government officials, security forces, and approved journalists that bypass all filtering restrictions. While ordinary citizens navigate unstable VPNs and blocked ports, white SIM holders enjoy unrestricted access to Instagram, Telegram, and WhatsApp. This digital apartheid is enforced through whitelisting at the data center level, making connectivity a reward for compliance.
Schneier warns that Iran's overlay model is highly exportable compared to China's ground-up Great Firewall approach. The technical sophistication of recent shutdowns in Afghanistan suggests "authoritarian learning" is already occurring, with other regimes studying Tehran's methods.
North Korean threat actors have developed a novel attack vector targeting software developers through fake recruitment campaigns. According to Schneier's analysis, attackers pose as company recruiters and entice job candidates to participate in coding challenges that contain malicious code.
The attack methodology exploits the natural workflow of technical interviews, where candidates are expected to download, review, and execute code samples. When victims run the provided code, it installs malware on their systems, giving attackers persistent access to developer environments that often contain valuable intellectual property and access credentials.
This technique represents a significant evolution in social engineering, leveraging the legitimate expectations of technical hiring processes to bypass traditional security awareness training that focuses on more obvious phishing attempts.
Congressional Democrats have released findings linking data broker breaches to nearly $21 billion in identity theft losses, following a WIRED investigation that exposed hidden opt-out pages used by the industry. The report highlights how the data broker ecosystem's poor security practices have created cascading financial damage for consumers.
The investigation initially focused on deliberately obscured opt-out mechanisms that make it difficult for consumers to remove their personal information from broker databases. However, the subsequent congressional probe revealed that breaches within this largely unregulated industry have resulted in massive downstream financial losses as criminals exploit leaked personal data for identity theft schemes.
The $21 billion figure represents direct financial losses to consumers and does not account for broader economic impacts including credit monitoring costs, legal fees, and lost productivity from remediation efforts.
The new open source project IronCurtain introduces security constraints for AI assistant agents designed to prevent unauthorized actions that could compromise user systems. According to WIRED's coverage, the project uses novel methods to sandbox AI agents before they gain the ability to execute potentially harmful operations.
As AI agents become more autonomous and capable of performing complex tasks on behalf of users, the security implications of compromised or misbehaving agents increase significantly. IronCurtain addresses this gap by implementing containment mechanisms that limit agent capabilities while preserving functionality for legitimate use cases.
The project's open source nature allows security researchers to audit and improve the constraint mechanisms, potentially establishing security standards for the broader AI agent ecosystem.
Originally reported by Schneier on Security, WIRED Security