Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Department of Justice. Show all posts

Google and Apple Admit Government Spies On Users Via Push Notifications

Apple and Google admit governments spy on users through push notifications

Government spying through push notifications

Government authorities have been snooping on smartphone users via push notifications sent out by applications, wrote a US senator in a letter to the Department of Justice on December 6. 

Senator Ron Wyden of Oregon has requested that the Department of Justice relax any existing limits on concerns about push notification surveillance.

In the letter, Wyden wrote “I write to urge the Department of Justice (DOJ) to permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records”

More about push alerts

Push alerts, he continues, are routed through a digital post office maintained by the phone's operating system suppliers. "Because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information," according to the letter. This might provide governments with information about how users engage with specific apps, give them a peek at the whole text of a notice, and reveal some exposed data.

Wyden petitioned the Justice Department to allow Apple and Google to be honest about government demands for push notification surveillance.

Google and Apple admit spying and praise the letter

Additionally, the two companies praised Wyden's letter and admitted that push notification spying has been going on for quite some time. Apple also stated that it was not permitted to publish government demands for push notification data, but that it would begin telling people about it immediately.

"In this case, the federal government prohibited us from sharing any information," Apple stated, according to a Reuters report. "Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests."

Even Google admitted the problem and stated that it supported Wyden's "commitment to keeping users informed about these requests." Google's transparency report already includes documentation of government demands for push notification data from users.

The rising concerns about government surveillance

Raising his concern in the letter, Wyden said “As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information. Importantly, app developers don't have many options; if they want their apps to reliably deliver push notifications on these platforms, they must use the service provided by Apple or Google, respectively.”

Many users ignore push notifications, but they have sometimes caught the interest of technologists due to the difficulties of delivering them without passing data to Google or Apple.

Earlier in 2023, French developer David Libeau said that users and developers often remained oblivious to how their apps sent data to U.S. web giants via push notifications, labelling them "a privacy nightmare."


FBI Operation: Quakbot Botnet Dismantled, Preventing Severe Ransomware Attacks


A global law enforcement operation executed by US investigators reportedly took down and dismantled the Qakbot botnet, preventing the severe blow of a ransomware scourge. 

On August 29, the Justice Department and FBI confirmed to had taken down Qakbot by issuing a search warrant to essentially take over the servers that ran the botnet. The critical malware Qakbot was then forcibly removed from hundreds of computers by the botnet after being distributed to them by federal agents.

In the investigations, the agencies found that Quakbot had access to over 700,000 infected computers, 200,000 of which were based in the US. 

Qakbot Botnet

Qakbot, aka Qbot, initially commenced its operations in the year 2008, as a Windows-based Trojan designed to acquire access to targeted users’ bank account credentials. It was conventionally spread as malware attachments in phishing emails. 

The malware was also designed to develop a botnet, that would follow the commands of a hacker-controlled server. As a result, the Qakbot developers were able to charge other cybercriminal organizations for access to their hacked systems.

The cybercrime organizations might then unleash ransomware on the affected systems or steal data from them. Qakbot has been connected to a number of ransomware gangs, including Conti, Black Basta, Royal, Revil, and Lockbit, among others, by US authorities and security researchers. The unidentified Qakbot operators received fees related to victim ransom payments totalling around $58 million in return. The botnet's operations are anticipated to have caused hundreds of millions of dollars in total victim losses. 

The Operation 

The application for the operation’s seizure warrant describes that the FBI gained access to the servers operating the Qakbot botnet infrastructure, which was hosted by an anonymous web hosting company, which also included systems used by the Qakbot operators. 

The application further noted that, “Through its investigation, the FBI has gained a comprehensive understanding of the structure and function of the Qakbot botnet[…]Based on that knowledge, the FBI has developed a means to identify infected computers, collect information from them about the infection, disconnect them from the Qakbot botnet and prevent the Qakbot administrators from further communicating with those infected computers.”

Reportedly, Qakbots uses a network in three Tiers in order to control the malware installed on the infected computers.

According to the FBI, Tier 1 systems are regular home or business computers that are infected with Qakbot and also include an additional "supernode" module, making them a part of the botnet's global command and control network. Many of these machines are situated in the United States. In order to hide the primary Tier 3 command and control server, which the administrators use to send encrypted commands to its hundreds of thousands of infected workstations, Tier 1 computers communicate with Tier 2 systems, which act as a proxy for network traffic.

By gaining access to these systems and Qackbot’s encryption keys, the FBI could decode and get a better understanding of the encrypted commands. Moreover, with access to the encryption keys, the FBI can command the Tier 1 “supermode” computers to swap and replace the supernode module with those developed by the FBI, which contains new encryption keys, snatching access to Qakbot from their own administrators. 

“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” US Attorney Martin Estrada said in the announcement. 

The US is yet to provide further details on the issue. However, the Justice Department noted that “The FBI was able to redirect Qakbot botnet traffic to and through servers controlled by the FBI, which in turn instructed infected computers in the United States and elsewhere to download a file created by law enforcement that would uninstall the Qakbot malware.”  

FBI Admits to Have Gained US Citizens’ Location Data, Unwarranted


According to a Wired report, FBI Director Christopher Wray revealed for the first time at a Senate Intelligence Committee hearing yesterday that the organization has previously acquired the location data of US citizens without obtaining a warrant. 

Despite the practice becoming more frequent and widespread since the US Supreme Court restricted the government’s ability to track Americans’ phones warrantlessly, around five years ago, the FBI did not previously acknowledge ever making purchases of such kind. 

The revelation comes after Sen. Ron Wyden [D-Ore] questioned Wray “Does the FBI purchase US phone-geolocation information?” The response to which alarmed privacy experts. 

“To my knowledge, we do not currently purchase commercial database information that includes location data derived from Internet advertising[…]I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time,” said Wray. 

The response, while being vague and revolving around the question asked, gave a clear insight into the way the FBI made use of location data to monitor US individuals with no court oversight. 

It is not immediately clear whether Wray was talking to a warrant—a court order that states that a crime has been committed—or another legal device. Wray also did not explain why the FBI decided to stop the practice. 

The Supreme Court ruled in the infamous Carpenter v. United States decision, that when government organizations accessed historical location data without a warrant, they were in violation of the Fourth Amendment's prohibition on unjustified searches. But the decision was interpreted very strictly. Privacy groups claim that the judgment left an obvious gap that enables the government to just buy anything it is unable to legally obtain. The Military Intelligence Agency and US Customs and Border Protection (CBP) are two federal organizations that are known to have exploited this loophole. 

On being asked during the Senate hearing whether the FBI is planning to adhere to the practice of buying location data again, Wray said “We have no plans to change that, at the current time.” 

According to Seam Vitka, a policy lawyer at Demand Progress, a nonprofit firm based on national security and private reforms, the FBI needs to be more forthcoming about the purchase, dubbing Wray’s revelation as “horrifying” in its implications. “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” says Vitka. 

US lawmakers have historically failed to enact a comprehensive privacy law, and the majority of the proposed bills have purposely ignored the government's own acquisition of US citizens' private data. For example, all law enforcement organizations and any business "gathering, processing, or transferring" data on their behalf are excluded from the provisions of the American Data Privacy and Protection Act (ADPPA), which was presented last year. Wyden and other senators have attempted to tackle the problem head-on with a number of proposals. For instance, the Geolocation Privacy and Surveillance Act has been reintroduced multiple times in Congress since 2011, but it has never been put to a vote.  

U.S. Targets Google's Online Ad Business in Latest Lawsuit



The US Department of Justice (DOJ), along with eight other US states have filed a lawsuit against tech-giant Google. DOJ, on Tuesday, accused Google of abusing its dominance in the digital ad market. 

It has threatened to dismantle a significant business at the heart of one of Silicon Valley’s most successful online organizations. 

According to US Attorney General Merrick Garland, its anti-competitive practices have "weakened, if not destroyed, competition in the ad tech industry." 

The government campaigned for forcing Google to sell its ad manager suite, a business that not only contributed significantly to the search engine and cloud company's overall sales but also contributed around 12% of Google's revenue in 2021. 

"Google has used anticompetitive, exclusionary, and unlawful means to eliminate or severely diminish any threat to its dominance over digital advertising technologies," the antitrust complaint read. Google charged that the DOJ was "doubling down on a flawed argument that would slow innovation, raise advertising fees, and make it harder for thousands of small businesses and publishers to grow." 

The federal government says that it's Big Tech investigations and lawsuits that are aiming at leveling the playing field for smaller rivals to a group of powerful companies, including Amazon, Facebook owner Meta and Apple Inc. 

"By suing Google for monopolizing advertising technology, the DOJ today aims at the heart of the internet giant’s power[…]The complaint lays out the many anticompetitive strategies from Google that have held our internet ecosystem back," says Charlotte Slaiman, competition policy director at Public Knowledge. 

The Current Lawsuit Follows an Antitrust Lawsuit from 2020 

Tuesday’s lawsuit, under the administration of President Joe Biden, follows a 2020 antitrust case filed against Google during the presidency of Donald Trump. 

The 2020 lawsuit alleged antitrust violations in the company's acquisition or maintenance of its monopoly in internet search and is scheduled to go to trial in September. 

Eight States in Lawsuit 

The nearly 15-page lawsuit accuses Google of breaches of US antitrust law and attempts to "halt Google's anti-competitive scheme, unwind Google's monopolistic grip on the market, and restore competition to digital advertising". 

If the courts proceed to side with the US government, this might lead to the dissolution of the firm’s advertising business. 

The states joining Tuesday’s lawsuit include Connecticut, Colorado, New Jersey, New York, Rhode Island, Tennessee, and Virginia, along with Google’s home state California.  

“Staggering Increase” in Sexploitation Cases Among Minors, Warns FBI and DOJ


On Monday, a number of federal agencies issued a warning about the significant rise in the instances of “financial sexploitation,” of children and teenagers, a type of cybercrime in which the victims are forced into posting obscene photographs on online platforms, followed by them being blackmailed for money. 

A national public alert has since been released by the FBI on Monday, in collaboration with the Justice Department and the National Center for Missing and Exploited Children, and several other agencies in response to what an FBI official called a “staggering increase” in cases – 7,000 reports last year alone, according to the agencies. According to a Justice Department official, such reports led to at least 3,000 victims and more than a dozen suicides that were apparently connected to them. 

A majority of offenders are based in West Africa, mainly from Nigeria and the Ivory Coast. The victims are mostly male, as per the alert. 

The modus operandi of offenders included engaging with their victims via social media platforms such as Instagram and Facebook, meanwhile also luring them onto gaming platforms. 

Moreover, in a peculiar action taken by agencies, it was not announced how the individuals connected with the reports will be prosecuted. 

In regards to this, a Justice Department official stated, “when it comes to these types of prosecutions, they can be quite difficult, first and foremost with identification of offenders.” Online identities are challenging to validate. They could be easily fabricated, making it more difficult and time-consuming to link them back to the original owner, he furthermore added. 

The advisory was carefully scheduled to coincide with students and families getting ready for Christmas break, since "a lot of youngsters are going to be out of school at home, spending a lot of time online," the Justice Department official added.  

South Africa’s Department of Justice hit by a Ransomware Attack

 

South Africa's Justice Department was attacked earlier this month by a major ransomware attack and has been struggling since then to get back to normal. The attack was carried out on the 6th of September 2021, after ransomware compromised the department's entire information systems. 

It restricted the internal staff and the public from accessing any technological services, including email and websites. The judicial department handled the attack by instantaneously implementing an emergency plan, as per a Bleeping Computer report. The objective was to address such circumstances and to make sure that not every activity in the country was interrupted. 

The Justice and Constitutional Development Department declared that child support payments are now suspended until systems return online. 

The paper mentioned the statement of the Justice and Constitutional Development Speaker, Steve Mahlangu, who said, “[The attack] has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail, and the departmental website”.

Mahlangu noted that although it is not possible to anticipate the exact day when systems will be restored, the department will “ensure all child maintenance money is kept secure for payment to the rightful beneficiaries when the systems are back online.” 

He further stated that some departmental functions remained working despite the attack. For example, just after a change to manual mode for the recording of hearings, court sittings continued. The manual steps for issuing different legal documents were also performed. 

The Department of Justice has likewise changed to a new email system. Some employees have moved to the new email system. The department also couldn't identify the cybercriminals behind the attack. However, as the recovery of the network takes a while, the hackers were not reimbursed for the attack. 

Hackers and ransomware organizations frequently take data before an information system is encrypted. This compels victims to pay an enormous ransom fee for fear of public information leakage. However, till recently "no indication of data compromise" has been identified by departmental added IT experts.