Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label National Security. Show all posts
National Security
Cyber Attacks CyberCrime Cybersecurity CyberThreat Global Attacks Google Mandiant Incident Response Groud National Security

National Security Faces Risks from Cybercrime Expansion

 


The incidence of cyberattacks globally increased by 125% in 2021 compared to 2020, posing a serious threat to businesses and individuals alike. Phishing continues to be the most prevalent form of cybercrime worldwide and is expected to continue this upward trend into 2022, showing that cybercrime is becoming more prevalent worldwide. 

 There was a report in 2021 that around 323,972 internet users were victims of phishing attacks, covering nearly half of all the individuals who were affected by data breaches. During the peak COVID-19 pandemic, around 220% of complaints of phishing were reported, further escalating cybersecurity risks. 

Nearly one billion emails were exposed as well in 2021, which has affected approximately one in five users of the internet, with approximately 60 million emails being exposed. The constant exposure of sensitive information may have contributed to the prevalence of phishing attacks, which reinforces the importance of enacting stronger cybersecurity measures to reduce the risk of such attacks. There have been numerous instances where criminal groups have deployed ransomware to disrupt business operations for extortion. 

They have recently included threats concerning the exposure of their stolen data in their extortion strategies. Now that this method is regarded as a standard practice, it has resulted in a significant increase in the amount of sensitive information that is publicized, which has resulted in such data becoming increasingly accessible, which presents opportunities for state intelligence agencies to obtain and utilize such data to their advantage.

The Mandiant Incident Response Group of Google recently released a report that indicated that in 2024, the organization worked to mitigate nearly four times as many cyber intrusions related to financially motivated groups as those related to nation-states. This report may help shed further light on the issue. Despite the differences in motivation, cybersecurity experts have observed that the tactics, techniques, and procedures used by financially motivated cybercriminals and state-sponsored threat actors appear to be merging, potentially by design, together as they pursue their objectives. 

In the opinion of Ben Read, Senior Manager at Google's Threat Intelligence Group, an expansive cybercriminal ecosystem has increased the number of state-sponsored hacking attacks, most likely because the ecosystem provides malware, exploits weaknesses, and, in some cases, facilitates broad-based cyber operations. In the course of his speech, he pointed out that when outsourcing capabilities to third parties, they are frequently more cost-effective and offer greater functionality than when developed directly by governments. 

According to a geopolitical perspective, a market-driven cyber attack can be just as damaging and disruptive as one orchestrated by a nation-state, underscoring the need for a comprehensive cybersecurity strategy that attracts as many resources as possible. Cybercrime played a significant role in the COVID-19 pandemic. Businesses were compelled to change over to remote working environments rapidly as a result of the virus spreading, which created vulnerabilities in security protocols and network misconfigurations that were exploited by cybercriminals. 

Consequently, malware attacks increased by 358% in 2020 and were 100 times greater than in the previous year as a result of the pandemic. Cybercrime victims per hour were also at an all-time high as a result of the epidemic. Cybercrime victims have been reported to have fallen victim to cybercrime on an average of 53 persons every hour for the entire year of 2019. However, the number is projected to be 90 per hour for 2020, which reflects a surge of 69%. 

It has been demonstrated that cybersecurity risks are increasing as a result of the rapid digital transformation resulting from the global health crisis in Pakistan. Cybercrime has become increasingly common in recent years in Pakistan, with financial fraud being the most common reported crime. The number of financial fraud-related cybercrimes reported in 2020, out of 84,764 total complaints received, surpassed incidents of hacking (7,966), cyber harassment (6,023), and cyber defamation (6,004) by a margin of 20,218 victims. 

Social media has further aggravated the problem as well, with the number of complaints submitted about financial fraud on these platforms increasing by 83% between 2018 and 2021. In 2021 alone, 102,356 complaints were filed, with 23% of the cases being linked to Facebook and one other social network. As a consequence, cybercrime has also seen a sharp increase in India, with reported cases of cybercrime increasing significantly over the last few years. 

In 2018, there were 208,456 reported incidents, and in the first two months of 2022, this number had already exceeded 212,485, which is significantly higher than the number of cases in 2018. There is no doubt the pandemic triggered a steady rise in cybercrime incidents, which increased from 394,499 in 2019 to 1,158,208 in 2020 and to 1,402,809 in 2021 due to the pandemic. In 2022, cybercrime in India is projected to increase by 15.3% from the first quarter to the second quarter, in addition to the number of websites that have been hacked in India, increasing from 17,560 in 2018 to 26,121 in 2020. 

As Ransomware attacks have risen over the years, it has also become a major concern for Indian organizations, with 78% affected by these attacks in 2021, which resulted in 80% of them encrypting data, a number that is higher than the global average of 66% for attacks and 65% for encryption. According to the Home Ministry, financial fraud continues to account for the largest percentage of reported incidents among cybercriminals in India, accounting for 75% of them between 2020 and 2023, reaching a peak at over 77% in that period. 

As a result of joint sanctions imposed on Tuesday by the United States, the United Kingdom, and the Australian governments, security experts and experts are concerned about a Russian bulletproof hosting provider, Zservers. Zservers is suspected of facilitating ransomware attacks, including those orchestrated under LockBit. There are certain applications that, according to the UK government, form part of an illicit cyberinfrastructure that facilitates cybercriminal activities, such as ransomware attacks, extortion, and storage of stolen data, and sustains the operations of cybercriminal businesses, which are responsible for such operations.

The British Foreign Secretary, David Lammy, has described Russia as a corrupt and implacable country characterized by its ruthlessness and corruption, stating that it is not at all surprising that some of the world's most notorious cybercriminals operate within its borders. Russian intelligence agencies themselves have been reported to use these cybercriminal tools and services. Google's Threat Intelligence Group has highlighted that Russian military operations in Ukraine are being supported by criminal cyber capabilities as part of Russia's strategy for bolstering military operations.

There are several specific examples, including the Russian military intelligence unit Sandworm, also known as APT44, that utilizes commercial hacking tools for cyber espionage and disruption, and Moscow also uses the RomCom group to conduct espionage activities against Ukraine, a group normally associated with cybercrime. It should also be noted that Russia is not the only country accused of blurring the line between state-sponsored hacking and crime. 

The Iranian threat actors have been reported to use ransomware to generate financial resources. They are also known to engage in cyber espionage, while Chinese cyber espionage groups are known to also get involved in cybercrime as a means to complement their activities. It is suspected that North Korea is a nation that actively exploits cyber operations for financial gain, and it heavily targets cryptocurrency exchanges and individual crypto wallets to generate revenue for its regime to support its nuclear programs. 

The threat of cybercrime is on the rise, and the government is being urged to take stronger measures to combat it. In a recent report, the Google Threat Intelligence Group emphasized the critical importance of disrupting cybercriminal operations, emphasizing that cyber threats are becoming a major national security threat. Google Threat Intelligence head Sandra Joyce recently issued a warning that cybercrime no longer needs to be seen as a minor issue and that considerable efforts are required to mitigate its impacts on international security going forward.
Read more »
US
China Cyber Security National Security Security States US

US Imposes Ban on Chinese and Russian Tech in Passenger Cars Over Security Risks

 

The United States has introduced a new regulation barring the use of Chinese and Russian technology in passenger vehicles sold domestically, citing national security risks. According to AFP, the ban covers both hardware and software from these countries, forming part of a broader effort to reduce China's influence in critical industries.

Outgoing President Joe Biden initiated the rule after a prolonged regulatory process aimed at tightening controls on foreign-linked technologies. This follows recent debates over restricting drones and other equipment from adversarial nations. Commerce Secretary Gina Raimondo highlighted the growing reliance of modern cars on advanced technology like cameras, microphones, GPS systems, and internet connectivity, which could pose risks if developed using foreign components.

"This is a targeted approach to keep Chinese and Russian-manufactured tech off American roads," said Raimondo.

The rule initially applies to passenger vehicles under 10,001 pounds, with plans to extend it to commercial vehicles, such as buses and trucks, in the future. It prohibits manufacturers with significant ties to China or Russia from selling cars equipped with foreign-made hardware or software for internet connectivity or autonomous driving.

Implementation will occur in two stages:

  • Software ban: Effective from the 2027 model year.
  • Hardware ban: Beginning with the 2030 model year.Imports of such technology from China and Russia will also face restrictions.

The regulation could affect companies like BYD, a Chinese electric vehicle manufacturer operating a facility in California that produces buses and other vehicles. US officials have raised concerns that connected vehicles equipped with foreign technology could be exploited to misuse sensitive data or interfere with critical systems.

National Economic Advisor Lael Brainard warned, "China is attempting to dominate the future of the auto industry," underscoring the need to shield American vehicles from foreign influence.

The new rule aligns with a broader strategy to bolster domestic industries and reduce dependence on foreign technologies. On the same day, President Biden signed an executive order to fast-track the development of AI infrastructure in the US.

"We will not let America fall behind in building the technology that will define the future," Biden stated.

As Biden prepares to leave office, these measures will transition to the administration of President-elect Donald Trump, who takes office next Monday. While it remains uncertain how Trump will handle these policies, significant shifts in strategy are anticipated.
Read more »
telecoms
Cyber Security Elon Musk Internet Service Providers National Security regulatory measures Satellite Starlink telecoms

Concerns Over Starlink in India: Potential Risks to National Security


As Starlink, Elon Musk’s satellite internet service, prepares to enter India’s broadband market, think tank Kutniti Foundation has raised significant concerns about its potential risks to India’s national security. A report cited by PTI claims Starlink’s close ties with U.S. intelligence and military agencies could make it a threat to India’s interests. The foundation described Starlink as “a wolf in sheep’s clothing,” alleging that its dual-use technology serves American governmental agendas. Unlike traditional telecom networks operating under Indian jurisdiction, Starlink’s global satellite system bypasses local control, granting operational authority to U.S.-based entities. 

Kutniti suggests this could allow for activities such as surveillance or other strategic operations without oversight from India. The report also highlights that Starlink’s key clients include U.S. intelligence and military organizations, positioning it within what the foundation calls the U.S. “intel-military-industrial complex.” India’s Communications Minister Jyotiraditya Scindia recently addressed these concerns, stating that Starlink must meet all regulatory and security requirements before its services can be approved. He confirmed that the government will only consider granting a license once the platform fully complies with the country’s safety standards for satellite broadband.  

Kutniti’s report also examines the broader implications of Starlink’s operations, emphasizing how its ownership and infrastructure could support U.S. strategic objectives. The foundation referenced U.S. laws that prioritize national interests in partnerships with private enterprises, suggesting this could undermine the sovereignty of nations relying on Starlink’s technology. The think tank further criticized the role of Musk’s ventures in geopolitical scenarios, pointing to Starlink’s refusal to assist a Ukrainian military operation against Russia as an example of its influence. 

Additionally, Kutniti noted Musk’s association with Palantir Technologies, a firm known for intelligence collaborations, as evidence of the platform’s involvement in sensitive political matters. Highlighting incidents in countries like Brazil, Ukraine, and Iran, Kutniti argued that Starlink’s operations have, at times, bypassed local governance and democratic norms. The report warns that the satellite network could serve as a tool for U.S. geopolitical leverage, further cementing American dominance in space and global communications. 

India’s careful consideration of Starlink reflects a broader need to balance the benefits of cutting-edge technology with national security concerns. Kutniti’s findings underscore the risks of integrating foreign-controlled networks, especially those with potential geopolitical implications, in an increasingly complex global landscape.
Read more »
Vulnerability
AI developers CISA Cyber Security data security Encryption Executive Order 14117 government data National Security U.S. personal data Vulnerability

CISA Proposes New Security Measures to Protect U.S. Personal and Government Data

 

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has proposed a series of stringent security requirements to safeguard American personal data and sensitive government information from potential adversarial states. The initiative aims to prevent foreign entities from exploiting data vulnerabilities and potentially compromising national security.

These new security protocols target organizations involved in restricted transactions that handle large volumes of U.S. sensitive personal data or government-related data, especially when such information could be exposed to "countries of concern" or "covered persons." This proposal is part of the broader implementation of Executive Order 14117, signed by President Biden earlier this year, which seeks to address critical data security risks that could pose threats to national security.

The scope of affected organizations is wide, including technology companies such as AI developers, cloud service providers, telecommunications firms, health and biotech organizations, financial institutions, and defense contractors. These businesses are expected to comply with the new security measures to prevent unauthorized access to sensitive information.

"CISA’s security requirements are split into two main categories: organizational/system-level requirements and data-level requirements," stated the agency. Below is a breakdown of some of the proposed measures:

  • Monthly Asset Inventory: Organizations must maintain and update a comprehensive asset inventory that includes IP addresses and hardware MAC addresses.
  • Vulnerability Remediation: Known exploited vulnerabilities should be addressed within 14 days, while critical vulnerabilities, regardless of known exploitation, must be remediated within 15 days. High-severity vulnerabilities should be resolved within 30 days.
  • Accurate Network Topology: Companies must maintain a precise network topology, which is crucial for identifying and responding to security incidents swiftly.
  • Multi-Factor Authentication (MFA): All critical systems must enforce MFA, and passwords must be at least 16 characters long. Immediate access revocation is required upon employee termination or a change in roles.
  • Unauthorized Hardware Control: Organizations must ensure that unauthorized hardware, such as USB devices, cannot be connected to systems handling sensitive data.
  • Log Collection: Logs of access and security-related events, including intrusion detection/prevention, firewall activity, data loss prevention, VPN usage, and login events, must be systematically collected.
  • Data Reduction and Masking: To prevent unauthorized access, organizations should reduce the volume of data collected or mask it, and encrypt data during restricted transactions.
  • Encryption Key Security: Encryption keys must not be stored alongside the encrypted data, nor in any country of concern.
  • Advanced Privacy Techniques: The use of techniques like homomorphic encryption or differential privacy is encouraged to ensure sensitive data cannot be reconstructed from processed data.
CISA has called for public feedback on the proposed security measures before they are finalized. Interested parties can submit their comments by visiting regulations.gov, entering CISA-2024-0029 in the search bar, and submitting feedback through the available form.
Read more »
Vulnerabilities
CPS critical Cyber Security Cyberattack Cybersecurity Digital Infrastructure National Security public safety Supply Chain Vulnerabilities

Cyberattacks on Critical Infrastructure: A Growing Threat to Global Security

 

During World War II, the U.S. Army Air Forces launched two attacks on ball bearing factories in Schweinfurt, aiming to disrupt Germany’s ability to produce machinery for war. The belief was that halting production would significantly affect Germany’s capacity to manufacture various war machines.

This approach has a modern parallel in the cybersecurity world. A cyberattack on a single industry can ripple across multiple sectors. For instance, the Colonial Pipeline attack affected American Airlines operations at Charlotte Douglas Airport. Similarly, the Russian NotPetya attack against Ukraine spilled onto the internet, impacting supply chains globally.

At the 2023 S4 Conference, Josh Corman discussed the potential for cascading failures due to cyberattacks. The creation of the Cybersecurity and Infrastructure Security Agency’s National Critical Functions was driven by the need to coordinate cybersecurity efforts across various critical sectors. Corman highlighted how the healthcare sector depends on several infrastructure sectors, such as water, energy, and transportation, to provide patient care.

The question arises: what if a cyber incident affected multiple segments of the economy at once? The consequences could be devastating.

What makes this more concerning is that it's not a new issue. The SQL Slammer virus, which appeared over two decades ago, compromised an estimated one in every 1,000 computers globally. Unlike the recent CrowdStrike bug, Slammer was an intentional exploit that remained unpatched for over six months. Despite differences between the events, both show that software vulnerabilities can be exploited, regardless of intent.

Digital technology now underpins everything from cars to medical devices. However, as technology becomes more integrated into daily life, it brings new risks. Research from Claroty’s Team82 reveals that insecure code and misconfigurations exist in software that controls physical systems, posing potential threats to national security, public safety, and economic stability.

Although the CrowdStrike incident was disruptive, businesses and governments must reflect on the event to prevent larger, more severe cyber incidents in the future.

Cyber-Physical Systems: A Shifting Threat Landscape

Nearly every facility, from water treatment plants to hospitals, relies on digital systems known as cyber-physical systems (CPS) to function. These systems manage critical tasks, but they also introduce vulnerabilities. Today, billions of tiny computers are embedded in systems across all industries, offering great benefits but also exposing the soft underbelly of society to cyber threats.

The Stuxnet malware attack in 2014, which disrupted Iran's nuclear program, was the first major cyber assault on CPS. Since then, there have been several incidents, including the 2016 Russian Industroyer malware attack that disrupted part of Ukraine’s power grid, and the 2020 Iranian attempt to attack Israeli water utilities. Most recently, Chinese hackers have targeted U.S. critical infrastructure.

These incidents highlight how cybercriminals and nation states exploit vulnerabilities in critical infrastructure to understand weaknesses and the potential impact on security. China, for example, has expanded its objectives from espionage to compromising U.S. infrastructure to weaken its defense capabilities in case of a conflict.

The CrowdStrike Bug and Broader Implications

The CrowdStrike bug wasn’t a malicious attack but rather a mistake tied to a gap in quality assurance. Still, the incident serves as a reminder that our dependence on digital systems has grown significantly. Failures in cyber-physical systems—whether in oil pipelines, manufacturing plants, or hospitals—can have dangerous physical consequences.

Although attacks on CPS are relatively rare, many of these systems still rely on outdated technology, including Windows operating systems, which account for over 25% of vulnerabilities in the CISA Known Exploited Vulnerabilities Catalog. Coupled with long periods of technological obsolescence, these vulnerabilities pose significant risks.

What would happen if a nation-state deliberately targeted CPS in critical infrastructure? The potential consequences could be far worse than the CrowdStrike bug.

Addressing the vulnerabilities in CPS will take time, but there are several steps that can be taken immediately:

  • Operationalize compensating controls: Organizations must inventory assets and implement network segmentation and secure access to protect vulnerable systems.
  • Expand secure-by-design principles: CISA has emphasized the need to focus on secure-by-design in CPS, particularly for medical devices and automation systems.
  • Adopt secure-by-demand programs: Organizations should ask the right questions of software vendors during procurement to ensure higher security standards.
Although CPS drive innovation, they also introduce new risks. A failure in one link of the global supply chain could cascade across industries, disrupting critical services. The CrowdStrike bug wasn’t a malicious attack, but it underscores the fragility of modern infrastructure and the need for vigilance to prevent future incidents
Read more »
threat mitigation
AI collaboration connected mindset Cybersecurity defense strategy Machine learning National Security public-private partnerships Technology threat mitigation

Adopting a Connected Mindset: A Strategic Imperative for National Security

 

In today's rapidly advancing technological landscape, connectivity goes beyond being just a buzzword—it has become a strategic necessity for both businesses and national defense. As security threats grow more sophisticated, an integrated approach that combines technology, strategic planning, and human expertise is essential. Embracing a connected mindset is crucial for national security, and here's how it can be effectively implemented.What is a Connected Mindset?A connected mindset involves understanding that security is not an isolated function but a comprehensive effort that spans multiple domains and disciplines. It requires seamless collaboration between government, private industry, and academia to address security challenges. This approach recognizes that modern threats are interconnected and complex, necessitating a comprehensive response.Over the past few decades, security threats have evolved significantly. While traditional threats like military aggression still exist, newer challenges such as cyber threats, economic espionage, and misinformation have emerged. Cybersecurity has become a major concern as both state and non-state actors develop new methods to exploit vulnerabilities in digital infrastructure. Attacks on critical systems can disrupt essential services, leading to widespread chaos and posing risks to public safety. The recent rise in ransomware attacks on healthcare, financial sectors, and government entities underscores the need for a comprehensive approach to these challenges.The Central Role of TechnologyAt the core of the connected mindset is technology. Advances in artificial intelligence (AI), machine learning, and big data analytics provide valuable tools for detecting and countering threats. However, these technologies need to be part of a broader strategy that includes human insight and collaborative efforts. AI can process large datasets to identify patterns and anomalies indicating potential threats, while machine learning algorithms can predict vulnerabilities and suggest proactive measures. Big data analytics enable real-time insights into emerging risks, facilitating faster and more effective responses.Despite the critical role of technology, human expertise remains indispensable. Cybersecurity professionals, intelligence analysts, and policymakers must collaborate to interpret data, evaluate risks, and devise strategies. Public-private partnerships are vital for fostering this cooperation, as the private sector often possesses cutting-edge technology and expertise, while the government has access to critical intelligence and regulatory frameworks. Together, they can build a more resilient security framework.To implement a connected mindset effectively, consider the following steps:
  • Promote Continuous Education and Training: Regular training programs are essential to keep professionals up-to-date with the latest threats and technologies. Cybersecurity certifications, workshops, and simulations can help enhance skills and preparedness.
  • Encourage Information Sharing: Establishing robust platforms and protocols for information sharing between public and private sectors can enhance threat detection and response times. Shared information must be timely, accurate, and actionable.
  • Invest in Advanced Technology: Governments and organizations should invest in AI, machine learning, and advanced cybersecurity tools to stay ahead of evolving threats, ensuring real-time threat analysis capabilities.
  • Foster Cross-Sector Collaboration: Cultivating a culture of collaboration is crucial. Regular meetings, joint exercises, and shared initiatives can build stronger partnerships and trust.
  • Develop Supportive Policies: Policies and regulations should encourage a connected mindset by promoting collaboration and innovation while protecting data privacy and supporting effective threat detection.
A connected mindset is not just a strategic advantage—it is essential for national security. As threats evolve, adopting a holistic approach that integrates technology, human insight, and cross-sector collaboration is crucial. By fostering this mindset, we can create a more resilient and secure future capable of addressing the complexities of modern security challenges. In a world where physical and digital threats increasingly overlap, a connected mindset paves the way for enhanced national security and a safer global community.

Read more »
Ukraine
Cyber Attacks National Security Phishing Campaign Targeted Attacks Ukraine

Ukraine Faces New Phishing Campaign Targeting Government Computers, Warns CERT

Ukraine Faces New Phishing Campaign Targeting Government Computers

The  CERT-UA (Computer Emergency Response Team of Ukraine) has issued a warning about a sophisticated phishing campaign targeting Ukrainian government computers. This campaign, which began in July 2024, has already compromised over 100 government systems, posing a significant threat to national security and data integrity.

The attackers behind this campaign are impersonating the Security Service of Ukraine (SSU), a tactic designed to exploit the trust and authority associated with this organization. By doing so, they aim to deceive recipients into believing that the phishing emails are legitimate and urgent. This method of social engineering is particularly effective in high-stakes environments where quick responses are often required.

The phishing emails contain a ZIP file attachment, which, when opened, reveals an MSI installer. This installer is loaded with a malware strain known as ANONVNC. Once installed, ANONVNC provides the attackers with remote desktop access to the infected computers. This level of access allows them to monitor activities, steal sensitive information, and potentially disrupt operations.

The Mechanics of the Attack

The phishing emails are crafted to appear as official communications from the SSU. They often contain subject lines and content that create a sense of urgency, prompting the recipient to open the attachment without due diligence. Once the ZIP file is opened and the MSI installer is executed, the ANONVNC malware is deployed.

ANONVNC is a remote access tool (RAT) that enables the attackers to take control of the infected computer. This includes the ability to view the screen, access files, and execute commands. The malware operates stealthily, making it difficult for users to detect its presence. This allows the attackers to maintain prolonged access to the compromised systems, increasing the potential for data theft and other malicious activities.

Broader Implications

By targeting government computers, the attackers are not only seeking to steal sensitive information but also to undermine the operational integrity of Ukrainian governmental functions. This can have a cascading effect, potentially disrupting public services and eroding trust in governmental institutions.

Moreover, the use of ANONVNC as the malware of choice highlights the evolving nature of cyber threats. Remote access tools are becoming increasingly sophisticated, enabling attackers to carry out complex operations with relative ease. This underscores the need for robust cybersecurity measures and continuous vigilance.

Read more »
Privacy
CFPB Regulations Data Brokers Micro-Targeting National Security Privacy

National Security at Risk: The CFPB’s Battle Against Data Brokers

The CFPB’s Battle Against Data Brokers

Data brokers work in secrecy, collecting personal details about our lives. These entities collect, and misuse our personal information without our explicit consent. 

The Rise of Data Brokers

The Consumer Financial Protection Bureau (CFPB) has taken notice, and their proposed regulations seek to hold data brokers accountable by subjecting them to the Fair Credit Reporting Act (FCRA). This move transcends mere privacy concerns—it is a matter of national security.

For instance, data brokers can facilitate targeting individuals by allowing entities to purchase lists that match multiple categories, such as “Intelligence and Counterterrorism” combined with descriptors like “substance abuse,” “heavy drinker,” or even “behind on bills.” 

In other contexts, entities can buy records for pennies per person, leveraging relatively small investments into mass data collection. The concern is that adversaries, including countries like China, can use this data to identify targets for surveillance and other purposes. The government is increasingly worried about foreign governments’ access to Americans’ data.

The CFPB’s Call to Action

The Consumer Financial Protection Bureau intends to propose new regulations that will compel data brokers to follow the Fair Credit Reporting Act. Earlier this month, CFPB Director Rohit Chopra stated that the agency is looking into rules to "ensure greater accountability" for companies that buy and sell consumer data, in line with an executive order signed by President Joe Biden in late February.

Chopra added that the agency is examining suggestions that would classify data brokers who sell specific categories of data as "consumer reporting agencies," requiring them to comply with the Fair Credit Reporting Act (FCRA). The statute prohibits the sharing of certain types of data with companies unless they have a legally defined purpose.

The CFBP considers the purchase and sale of consumer data to be a national security issue rather than a privacy concern. Chopra cited three large data breaches—the 2015 Anthem leak, the 2017 Equifax hack, and the 2018 Marriott breach—as instances of foreign enemies illegally collecting Americans' personal information.  

The National Security Angle

He said, "When Americans' health information, financial information, and even their travel whereabouts can be assembled into detailed dossiers, it's no surprise that this raises risks when it comes to safety and security,". However, the attention on high-profile intrusions hides a more widespread, entirely legal phenomenon: data brokers' capacity to sell precise personal information to anyone willing to pay for it. 

The government is increasingly concerned about foreign governments gaining access to Americans' data. In March, the House passed legislation that would bar data brokers from selling Americans' personally identifiable information to "any entity controlled by a foreign adversary." 

Why Data Brokers Matter

According to the Protecting Americans' Data from Foreign Adversaries Act, data brokers would be facing fines from the Federal Trade Commission if they sold sensitive information — such as location or health data — to any person or business situated in a few countries. The Senate has yet to vote on the legislation.

US government agencies also depend on data brokers to keep surveillance on Americans. In 2022, the American Civil Liberties Union released a series of files exposing how the DHS (Department of Homeland Security) exploited location data to track the movement of millions of cell phones — and the users who own them — across the United States.

Read more »
Subscribe to: Posts (Atom)