Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Greece. Show all posts

Leak of Greek Diaspora Emails Shakes Government: A Closer Look


The recent leak of Greek diaspora emails has sent shockwaves through the conservative government of Prime Minister Kyriakos Mitsotakis. The scandal, which unfolded in March 2024, has raised questions about privacy, data protection, and political accountability. Let’s delve into the details.

The Email Barrage and Its Fallout

What Happened? A New Democracy Member of the European Parliament (MEP) bombarded voters abroad with emails minutes after they were informed about voting by mail.

Resignation: Interior Ministry General Secretary Michalis Stavrianoudakis stepped down.

Dismissal: Nikos Theodoropoulos, New Democracy’s Secretary for Diaspora Affairs, faced dismissal.

Withdrawal: MEP Anna-Michelle Asimakopoulou announced she would not contest in the upcoming June election.

The Investigation

An internal probe revealed that in May 2023, a list of email addresses was allegedly acquired by an associate of Stavrianoudakis and forwarded to Theodoropoulos. The list eventually reached Asimakopoulou.

Asimakopoulou had previously denied any wrongdoing, claiming she collected contact information during her tenure as an MEP and sought consent from Greeks abroad to communicate with them regularly.

Legal Action: Grigoris Dimitriadis, Prime Minister Mitsotakis’ nephew, initiated legal proceedings related to the scandal.

Further Actions: The Athens Prosecutor’s Office and the country’s Data Protection Authority (DPA) are actively involved in addressing the case.

European Parliament Elections: The upcoming European Parliament elections in June serve as a barometer of party strength in various countries.

Privacy, Accountability, and Political Fallout

The leak has ignited a fierce debate on several fronts

Privacy Concerns: The unauthorized use of email addresses underscores the need for robust data protection measures. Citizens rightly expect their personal information to be handled responsibly.

Political Accountability: Asimakopoulou’s withdrawal from the European ballot reflects the gravity of the situation. The scandal has implications beyond party lines, affecting public trust in politicians.

Mitsotakis’ Leadership: The Prime Minister’s handling of the crisis is under scrutiny. How he navigates this scandal will shape his political legacy.

What can we learn from this?

The leak of Greek diaspora emails serves as a stark reminder that even in the digital age, privacy breaches can have far-reaching consequences. As investigations continue, the fallout from this scandal will reverberate through Greek politics, leaving citizens questioning the integrity of their elected representatives.

New attack lets hackers run bad code despite users leaving web page

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected.

This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (crypto jacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said.
The MarioNet attack is an upgrade to a similar concept of creating a browser-based botnet that was described in the Puppetnets research paper 12 years ago, in 2007.

The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code.
This is possible because modern web browsers now support a new API called Service Workers. This mechanism allows a website to isolate operations that rendering a page's user interface from operations that handle intense computational tasks so that the web page UI doesn't freeze when processing large quantities of data.

Technically, Service Workers are an update to an older API called Web Workers. However, unlike web workers, a service worker, once registered and activated, can live and run in the page's background, without requiring the user to continue browsing through the site that loaded the service worker.

MarioNet (a clever spelling of "marionette") takes advantage of the powers provided by service workers in modern browsers.

The attack routine consists of registering a service worker when the user lands on an attacker-controlled website and then abusing the Service Worker SyncManager interface to keep the service worker alive after the user navigates away.

The attack is silent and doesn't require any type of user interaction because browsers don't alert users or ask for permission before registering a service worker. Everything happens under the browser's hood as the user waits for the website to load, and users have no clue that websites have registered service workers as there's no visible indicator in any web browser.