Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Privacy Breach. Show all posts
Privacy Threats
Australian Data Breach Outabox Privacy Breach Privacy Threats

Privacy Breach Rocks Australian Nightlife as Facial Recognition System Compromised

 

A significant privacy breach has shaken up the club scene in Australia, as a facial recognition system deployed across multiple nightlife venues became the target of a cyberattack. Outabox, the Australian firm responsible for the technology, is facing intense scrutiny in the aftermath of the breach, sparking widespread concerns regarding personal data security in the era of advanced surveillance. 

Reports indicate that sensitive personal information, including facial images and biometric data, has been exposed, raising alarms among patrons and authorities. As regulators rush to assess the situation and ensure accountability, doubts arise about the effectiveness of existing safeguards against such breaches. 

Outabox has promised full cooperation with investigations but is under increasing pressure to address the breach's repercussions promptly and decisively. Initially introduced as a safety measure to monitor visitors' temperatures during the COVID-19 pandemic, Outabox's facial recognition kiosks evolved to include identifying individuals in self-exclusion programs for gambling, showcasing the company's innovative use of technology. 

However, recent developments have revealed a troubling scenario with the emergence of a website called "Have I Been Outaboxed." Claiming to be created by former Outabox employees based in the Philippines, the site alleges mishandling of over a million records, including facial biometrics, driver's licenses, and various personal identifiers. 

This revelation highlights serious concerns regarding Outabox's security and privacy practices, emphasizing the need for robust data protection measures and transparent communication with both employees and the public. Allegations on the "Have I Been Outaboxed" website suggest that the leaked data includes a trove of personal information such as facial recognition biometrics, driver's licenses, club memberships, addresses, and more. 

The severity of this breach is underscored by claims that extensive membership data from IGT, a major supplier of gaming machines, was also compromised, although IGT representatives have denied this assertion. This breach has triggered a robust reaction from privacy advocates and regulators, who are deeply concerned about the significant implications of exposing such extensive personal data. 

Beyond the immediate impact on affected individuals, the incident serves as a stark reminder of the ethical considerations surrounding the deployment of surveillance technologies. It underscores the delicate balance between security imperatives and the protection of individual privacy rights.
Read more »
Privacy Breach
Cyber Security Cyberattacks CyberCrime Cyberhackers Gaming Breach Online attacks Privacy Breach

Security Breach at Mr. Green Gaming: 27,000 User Data Compromises

 


Several internet forums are bombarded with headlines claiming that a “Mr Green Gaming user database has been leaked” as a serious security breach threatens the online gaming community. Significant concerns about online security and privacy have been raised due to the incident, which resulted in the personal details of 27,000 gamers being compromised. 

A well-known hacking forum recently published the data leak executed by unauthorized parties using an inactive admin account. An online gaming community, Mr. Green Gaming, whose community was founded in 2006, has recently announced a data breach has taken place. The Mr. Green Gaming company is known for hosting popular games like Multi Theft Auto: San Andreas and Garry's Mod. 

In addition to serving as a hub for gamers to connect, compete, and collaborate, it has also served as a home for gamers. As a result of circulating reports on the Dark Web, it was reported that Mr Green Gaming had gone through a data breach after their database had been compromised by threat actors, leading to the revelation of the breach. 

Several reports pointed out that sensitive information about over 27,000 users had been compromised, including information such as dates of birth, e-mail addresses, and geographical location. Mr. Green Gaming stated the breach which confirmed the incident and revealed the extent to which the breach was the case. 

As part of the statement, it was emphasized that though the hijacked account did not have access to any login credentials stored on their servers, users were advised to change their passwords as a precaution. In addition to ensuring the security of login information, the platform also utilised salting and hashing techniques for added security, so users were assured their information adhered to best practices. 

There are thousands of individuals impacted by this breach, but it also highlights the evolving threat landscape faced by online communities, which in turn undermines the privacy and security of thousands of them. There have been immediate steps taken by Mr Green Gaming to mitigate the damage as well as enhance their security procedures. 

While these efforts have been made to safeguard user data in the digital age, the incident still serves as a reminder of the need for robust cybersecurity practices and vigilant monitoring. As a result of this incident, we can gain a clearer picture of the increasing threat landscape facing the gaming industry. Cybercriminals are turning their attention to this industry to exploit vulnerabilities to steal valuable information. 

Between July 2022 and July 2023, there were over 4 million cyberattacks reported on gamers, a staggering rise in cybercrime. As a result, there has been a significant increase in cybercrime activity among mobile gaming communities and in particular, mobile games such as Roblox and Minecraft have become prime targets of cybercriminals in recent years. 

Mr. Green Gaming's breach is a disturbing example of the same trend plaguing many online gaming companies across the globe, and one that is not an isolated incident. A cybercriminal known as 'roshtosh' is purported to have sold stolen data from them on the dark web under the alias 'India', and he has allegedly been involved in two prominent online gaming platforms in India, Teenpatti.com and Mobile Premier League (MPL), since January 2024. 

In addition, the Fortnite Game website, which is a platform used to play Fortnite, experienced a momentary outage in December 2023, which left players unable to access the platform. As services have since been restored, there is still no clear answer to the cause of the outage, with speculations covering a variety of possible scenarios that range from a cyberattack to technical difficulties.

The gaming industry is in dire need of enhanced cybersecurity measures when it comes to safeguarding user data and preserving the integrity of online gaming platforms in the wake of the incidents. There is no doubt that cybersecurity is a top priority for gaming companies in the present day. They are expected to invest in proactive measures to thwart cyber threats and ensure their users' data is protected from harm in the future as the threat landscape evolves. 

When this is not done, it not only risks losing the trust of their customers but in the event of a data breach, they are exposed to legal and financial repercussions, not to mention the risk of their reputations being damaged.
Read more »
Privacy Breach
affected individuals CBS parent company Cybersecurity Incident Data Breach Online Security Paramount hack Privacy Breach

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.
Read more »
User Security
Automakers Car manufacturers Data Breach Data Leak Privacy Breach User Security

Automakers can Exploit Your Private Data However They Want

 

It turns out that the answer to the question of which devices have the worst user privacy policies may be waiting for you outside. The Mozilla Foundation said in a report released on Wednesday that cars are "the official worst category of products for privacy" it has ever analysed. 

The global nonprofit discovered that 84% of the reviewed automakers shared user data with third parties, giving users little (if any) control over their personal information. 

The nonprofit organisation's minimum privacy criteria were not met by any of the 25 automakers analysed for the report, including Ford, Toyota, Volkswagen, BMW, and Tesla, which was also discovered to be collecting more personal information from customers than necessary. 

The data that is gathered ranges from personal information, such as medical information, to information about how drivers use the vehicle itself, including how fast they drive, where they travel, and even what music they are listening to.

Both Nissan and Kia are known to permit the gathering of data about a user's sexual life. In comparison, Mozilla claims that 37% of mental health applications (which are also known for having bad data privacy practices) had superior practices for collecting and using private data. 

According to the report, 84 percent of the evaluated car brands share users' personal information with service providers, data brokers, and perhaps dubious companies, with 76 percent claiming the right to sell such information. 56 percent of users are willing to provide information upon request to the government and/or law enforcement. 

With flags in every privacy category, Tesla received the lowest overall brand score in the survey and did so just twice. Following a number of collisions and fatalities, Tesla's AI-powered autopilot was criticised as "untrustworthy."

In addition to the research, Mozilla also released a breakdown outlining how automakers collect and share user data. This can range from basic information like the user's name, address, phone number, and email address to more private information like images, calendar entries, and even specifics like the driver's race, genetic makeup, and immigration status.

Mozilla claims it was unable to confirm whether any of the automakers could adhere to the group's baseline security requirements for data encryption and theft protection. In fact, it claims that compared to autos, dating apps and even sex toys frequently offer more thorough security information about their products. 

“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” stated Mozilla in the report. 

Mozilla claims to have spent more than 600 hours—three times as long per product as it typically does—researching the privacy policies of car manufacturers. The organisation claimed that because of how critical the report was, the recommendations it generally gives to assist clients protect their personal data feel like "tiny drops in a massive bucket." 

Instead, the Mozilla Foundation has launched a petition asking automakers to halt the data collecting initiatives from which they are unfairly profiting, saying that "our hope is that increasing awareness will encourage others to hold car companies accountable for their terrible privacy practises."
Read more »
US Police
AI American Civil Liberties Union Artificial Intelligence BBC Clearview Facial Recognition Privacy Privacy violation Privacy Breach US Police

Clearview: Face Recognition Software Used by US Police


Clearview, a facial recognition company has apparently conducted nearly a million searches, helping US police. Haon Ton, CEO of Clearview has revealed to BBC that the firm now has looked into as much as 30 billion images from various platforms including Facebook, taken without users’ consent. 

Millions of dollars have been fined against the corporation over and over again in Europe and Australia for privacy violations. Critics, however, argue that the police using Clearview to their aid puts everyone into a “perpetual police line-up.” 

"Whenever they have a photo of a suspect, they will compare it to your face[…]It's far too invasive," says Matthew Guariglia from the Electronic Frontier Foundation. 

The figure has not yet been clarified by the police in regard to the million searches conducted by Clearview. But, Miami Police has admitted to using this software for all types of crimes in a rare revelation to the BBC. 

How Does Clearview Works 

Clearview’s system enables a law enforcement customer to upload an image of a face, followed by looking for matches in a database of billions of images it has in store. It then provides links to where the corresponding images appear online. It is regarded as one of the world's most potent and reliable facial recognition companies. 

The firm has now been banned from providing its services to most US companies after the American Civil Liberties Union (ACLU) accused Clearview AI of violating privacy laws. However, there seems to be an exemption for police, with Mr. Ton saying that his software is used by hundreds of police forces across the US. 

Yet, the US police do not routinely reveal if they do use the software, and in fact have banned the software in several US cities like Portland, San Francisco, and Seattle. 

Police frequently portray the use of facial recognition technology to the public as being limited to serious or violent offenses. 

Moreover, in an interview with law enforcement about the efficiency of Clearview, Miami Police admitted to having used the software for all types of crime, from murders to shoplifting. Assistant Chief of Police Armando Aguilar said his team used the software around 450 times a year, and it has helped in solving murder cases. 

Yet, critics claim that there are hardly any rules governing the use of facial recognition by police.

Read more »
TOR
Privacy Privacy Breach TOR

The State Duma supported the blocking of Tor in Russia

Since December 1, Russian users have started reporting problems connecting to the Tor network, which is used to connect anonymously to the Internet.

State Duma deputies believe that restricting access to the Tor browser in Russia will make it possible to resist crime more effectively, the blocking process itself will be lengthy and difficult, but Roskomnadzor is improving technologies.

"All over the world, there is a fight against the negative sides of the Internet: online fraud, the distribution of illegal content (child pornography), the sale of personal and payment data of users, the distribution of drugs and weapons," said Alexander Khinshtein, head of the State Duma Committee on Information Policy, Information Technology and Communications.

The parliamentarian recalled that Russia is working to combat cyber fraud systematically and quite effectively, a number of relevant laws have already come into force. For example, blocking mobile phones on the territory of correctional institutions, as well as blocking calls from fake numbers from abroad under the guise of Russian ones.

He also stressed that blocking the darknet is a necessary step towards creating a secure digital environment. According to him, the darknet is an obvious concentration of all the most negative, illegal things that exist in the real and digital world today.

In turn, Anton Gorelkin, the deputy chairman of the State Duma Committee on Information Policy, Information Technology and Communications, wrote in his Telegram channel that he welcomes the decision of Roskomnadzor to start blocking Tor. He added that 60% of Tor's costs are covered by funding from the US government.

The Tor developers themselves note that Russia is the second country in the world in terms of the number of browser users, it is used by more than 300 thousand Russians. "Blocking Tor will not hurt those who do not sell stolen personal and payment data of people, are not interested in child pornography and the purchase of drugs," Mr. Gorelkin stressed.

Read more »
Russia
Privacy Privacy Breach Russia

Russian users reported blocking Tor

 On December 1, users from Moscow began to report problems with access. It is claimed that Tor was blocked by Rostelecom. "On the night of December 3, several telecom operators, including Rostelecom, MTS, Tele 2 and others, reported network malfunctions," the OONI online censorship tracking project reported.

The expert noted that indirect signs such as meta-information in packets can be used to block traffic in Tor. He added that access to Tor can be blocked by blocking specific servers by IP.

"So far, the use of "bridges" helps <...>, but the lists of bridges are also quite public," Misbakh-Solovyov added. Bridges are anonymous user nodes that do not send information about their IP to the provider's servers. The developers claim that this connection method allows to connect to the network even in countries where Tor is officially blocked.

Anton Gorelkin, deputy chairman of the State Duma Committee on Information Policy, Information Technologies and Communications, said that "the restriction of VPNs and anonymizers will have a positive impact on the Russian segment of the network. It will protect Russians from discursive content, all scammers. The founders of Tor, hiding behind a pseudo-liberal agenda, created a service that became an infrastructure for fraudsters, drug sales. This is the entrance to the darknet, where stolen databases and fraudulent schemes are concentrated. Blocking Tor is not only about protecting citizens from destructive content. Blocking will improve the network climate in general. On one side of the scale are some pseudo-liberal values, and on the other side — drug sales, destructive content, scammers."

In 2017, anonymizers and blocking bypass tools were banned in Russia. Since June 2021, Roskomnadzor began blocking VPN services, arguing that their use retains access to child pornography, illegal information about drugs and extremism.

Read more »
Telegram
Pavel Durov Privacy Privacy Breach surveillance Telegram

Telegram Pavel Durov says that since 2018 he knew about the potential surveillance of his phone

The billionaire said he had known since 2018 that one of his phone numbers was on the NSO Group list, but was not worried about it.

"Since 2011, when I was still living in Russia, I used to think that all my phones were hacked. Anyone who gets access to my personal data will be extremely disappointed, as he will have to view thousands of Telegram feature concepts and millions of messages related to the development process of our product. He will not find any important information there," Durov explained.

At the same time, he recalled that surveillance tools were also used against "much more significant" people, including more than 10 heads of state. "A huge problem for humanity", according to the businessman, is created by "backdoors" that smartphone and software manufacturers deliberately leave in their systems.

"According to Snowden's 2013 revelations, Apple and Google are part of a global surveillance program. These companies should introduce backdoors into their mobile operating systems. These backdoors, usually disguised as security bugs, allow US intelligence agencies to access information on any smartphone in the world," Durov wrote. 

According to Durov, at the same time, access to these vulnerabilities can be obtained not only by the US authorities but also "any other organization that finds them."

"It is not surprising that this is exactly what happened: the Israeli company NSO Group sold access to spy tools that allowed third parties to hack tens of thousands of phones," the billionaire noted.

Recently, The Guardian reported that the Telegram founder's British mobile number was on a list of potential surveillance targets in 2018.

The publication suggested that the authorities of the United Arab Emirates could have shown interest in Durov since the appearance of the entrepreneur's number on the list coincided with his move to this country.

Read more »
Privacy Breach
Cyber Law Digital Concentration Camp Human rights Internet censorship Privacy Privacy Breach

Digital Concentration Camp: Tech giants are playing God

Recent events in the United States have shown that the tech giants do not care about the constitution, this is a cause for concern.

There are situations when half a dozen people who have created their own technological empires do not even want to know what rights they have in their state. They determine their own rights on the basis of so-called "corporate norms" and do not respect the constitution of their states. We have seen this clearly in the United States. This, of course, a matter of serious concern.

In general, we are talking about the fact that several major multinational corporations - IT, media, pharmaceuticals, banks - plan to do what they want with people. As you know, the emergence of giant monopolies is a classic feature of any large-scale crisis of capitalism. Lenin wrote about this fascinatingly.

An excellent example of this was when Twitch, Twitter, Facebook, YouTube and Instagram previously blocked Trump's accounts for various periods of time due to his statements about the riots in Washington on January 6.

According to Vladimir Shapovalov, a member of the board of the Russian Association of Political Science, Trump and his supporters were deprived of the freedom to vote, the right to receive and disseminate information. But such a right is fundamental.

Another example is how the largest American airline Delta blacklisted almost nine hundred passengers for their "Trumpism". In November, the same company denied its services for life to a passenger who shouted slogans in support of Trump.

It's interesting to note that on one decision to ban Trump, Zuckerberg's company lost 5% of its value. However, they don't seem to care at all about profit. Uber, Snapchat, and Tesla record losses year after year. All they are interested in is the most severe control of their consumers.

It is worth noting that on January 17, Naavi, a veteran Cyber Law specialist in India, became a victim of the injustice of the monopolies. He published an interesting article Union Bank and RSA Fiasco, where he shared his experience and expressed his opinion about what is happening. It all started with the fact that his site was groundlessly accused of hosting a phishing script. The article about Union bank, published on January 14, 2021, received a complaint from the RSA security service. This resulted in the Service provider M / S Square brothers has disabled not only the article page but the entire website www.naavi.org.

Readers in the comments advise Naavi to send a legal notice to RSA and UBI for defamation, DoS (disruption of legal rights) and various sections of the IT Act. The consensus among readers is that RSA and UBI consider themselves above the law and that they need to be made aware of their limits.

Moreover, even our E Hacking news portal has faced similar issue. The Cyber Security Company Comodo mistakenly marked the E Hacking news site as phishing. We even sent a false positive request from their website and also tried to contact them on their Twitter account. There was no reaction on their part.

Earlier, E Hacking news reported that a Russian IT company reportedly lost the contract in the USA because of serving sites with content from Trump supporters.

Read more »
Privacy Breach
Information Security News Interviews Privacy Privacy Breach

Naavi: Information collected from WhatsApp would be shared with Facebook and eventually be used for advertising

The WhatsApp messenger, which is owned by Facebook, began to notify its users (which is about 2 billion) about the update of the privacy policy. Do you want to keep using the popular messaging app?

On 18 January we conducted an interview with a veteran Cyber Law specialist in India Vijayashankar Na (Mr. Naavi) and he shared with us his opinion on the new privacy policy of WhatsApp messenger and how it impacts the users.

Please introduce yourself to our readers.

I'm the chairman of a foundation of data protection professionals in India, which is the primary organization in India working on data protection, providing certifications, audit, support and so on. Since 1998 I was working on cyber law issues which was based on our law called the information technology act. Moreover, I'm the founder of Cyber Law College, a virtual Cyber Law Education institution. Now we have extended it to data protection.

On January 4, WhatsApp announced that from February 8, all users of the messenger (except for residents of the EU and the UK) will be forced to share their personal data with Facebook — the social network will have access to phone numbers, transaction information and IP addresses. What has changed?

Actually, compared to what happened before, there may not be significant changes. We know that WhatsApp has been acquired by Facebook, but we are not very sure whether the information from WhatsApp was being shared with Facebook. But I believe it was happening in the background which we do not know. But maybe now, because they don't want to take any chances with particularly the GDPR (General Data Protection Regulation) authorities they wanted to actually be transparent about what they would like to do. I think this was driven more by the GDPR considerations to just polish their current privacy policies so that any problems could be sorted out.

WhatsApp wanted to disclose the fact that some part of the information collected from WhatsApp would be shared with Facebook and eventually be used for advertising.

So we all know that WhatsApp is a free app. In fact, it's popularity or growth in popularity was because it was free. But it cannot continue like that forever because there has to be a revenue model for any company. Now WhatsApp has come out to the open and through the new policy has declared what kind of information they are likely to share.

WhatsApp contains two sets of data. One is the metadata - contact list, location, status, financial information and data such as your unique phone ID. So, it all reflects a certain characteristic of persons. That usage information itself is actually a treasure if properly analyzed for the purpose of profiling the person.

As we know from the news, WhatsApp's innovations have already angered technology experts, privacy advocates, billionaire entrepreneurs and government organizations. But the main thing is that they provoked the flight of users. Why did this happen?

WhatsApp made a big mistake in the sense that they did not clarify properly what do they want to do. They said that this change is only for business applications. But pop up about update actually came for all individuals who are having a personal WhatsApp account. Subsequently, WhatsApp said in the Press release that this is only for business accounts, not for individual accounts. Then the people asked, "why did WhatsApp show this particular pop up to me at all? If it was not meant for me?" It was psychologically, very disturbing for people.

Moreover, the problem with WhatsApp today is PR. Actually, they drafted it in such a manner that it would actually create revulsion amongst the people. In my opinion, it was a bad PR "Get it or Leave it". We know that the privacy policy should be return in clear and precise terms that an ordinary person can understand. Going that WhatsApp should have been a little more careful.

So, it has become easy for people to download Signal, Telegram. And of course in India, there will be a moment to develop our own indigenous apps. So maybe WhatsApp is going to lose more than what, perhaps it could have.

What do you think, why does Facebook need this metadata?

Instagram and Facebook are now going to be able to show even more targeted ads on Facebook and Instagram, having carefully studied the interests and preferences of users in the messenger. In addition, businesses will be able to accept payments in WhatsApp for products that users have selected in Instagram ads.

Whether we like WhatsApp or not, whether we like Facebook or not, they also have the right to say that I cannot do it on free service forever. Now advertising requests profiling, without profiling advertisements cannot be targeting.

If the person wants to give the information by way of consent, let him give it. So this is a fair game between business interests and personal privacy interests. It's how GDPR is building. There has to be a legal basis.

WhatsApp will read our messages. Is it true?

As it is generally stated, they are not supposed to be reading our messages. Our conversations are encrypted using end-to-end encryption, and, the company says, even WhatsApp itself can not access them. So, the content is getting encrypted with some device-related ID. So, at the moment it leaves my device, It should get encrypted.

Now in case people actually go for backups, storage in the cloud, then there is an issue. So people should avoid cloud storage and make the backup only within the mobile.

In your article "WhatsApp needs to change its Jurisdiction clause in the Terms or else, exit from India" you said that "WhatsApp has created two different sets of policies, one offered by WhatsApp Ireland Ltd to the EU region and the other by WhatsApp LLC  to other countries". How does this apply to India?

In India, on 8 February we were expecting the parliament to pass the Indian data protection law. In my opinion, WhatsApp decided to change the privacy policy on 8 February only to preempt the data protection law.

When I said that "we need to look for a change of WhatsApp in India" was not because of the privacy issue, it's a question of analyzing the privacy policy, that is a matter of revising the privacy policy.

My issue was in the terms of use one of the clauses - jurisdictions. Of course, this is not exclusive to WhatsApp. It happens in many other international web services. The jurisdiction clause says that if there is any dispute between the user of WhatsApp and WhatsApp, then the dispute has to be resolved in accordance with the Californian law and in the district court of California automated binding arbitration there. It means that the use of WhatsApp in India is not going to have any grievance mechanism in India, this is not in accordance with our law, our law doesn't permit it. It is almost denying the government's interest. I'm not happy with that. I would like that to be changed.

Will you continue to use WhatsApp, or have you changed Messenger?

In our professional circles, actually, we have made some moves. Many of the professionals prefer Signal. Of course, some people prefer to Telegram a bit more. Earlier Telegram was the most used platform due to the number of people in the groups. In fact, we were thinking of shifting our FDPPI group to Telegram.

What do you can recommend to our readers?

If somebody is going to have serious professional discussions, financial discussions, then obviously they should look at shifting to Signal. If it is purely personal, family discussions, you can keep using WhatsApp. So, you need to make a distinction between personal use, family use and professional use. If you want 500 people to be in your group then no have a choice, but to leave a WhatsApp. If it's a small group that handles confidential information, need to change to Telegram.

We've covered quite a bit in this conversation. Before we wrap up, is there anything else you'd like to to add?

The only thing I want to say is that we need clarity amongst the ordinary people on what is privacy and what is that we are willing to protect in privacy. It is not absolute protection. It is always the protection of the choice. And the fact that there are, even if you shift from WhatsApp to Telegram, we don't know whether Telegram will remain free forever.

I feel there is a need for this harmonious relationship between the users and the organizations that make use of the data. And that is the purpose of the data protection law. And when we interpret data protection law, again, we should not be totally one-sided. That is the beauty of this issue, balancing the whole thing.


Read more »
surveillance
internet privacy Privacy Privacy Breach Privacy News surveillance

Russian expert told how to figure out surveillance via a webcam

 It is becoming more and more difficult to find out whether you are being followed through a webcam. According to Arseny Shcheltsin, General Director of Digital Platforms, earlier it was used by a special indicator, which showed whether the camera is recording, but now it’s easy to bypass this device.

"The most characteristic signs of tracking are the “freezing” of the computer or phone only when there is an Internet connection, or immediately after switching on,” explained the specialist.

As Shcheltsin noted, the appearance of unknown programs on the device that significantly "slow down" its work should also be alerted. One of the most obvious confirmations that a person is being spied on through a webcam is its spontaneous activation, but today, as the expert clarified, the burning icon near the device's camera may not light up, while it will record what is happening around.

The expert noted that it is worth paying attention to where the potential use of the camera can harm its owner. For example, it is better not to use the phone where the person is not fully dressed — in the locker room, bathroom, etc.

It is also important to keep your computer's antivirus software up-to-date. They should be updated as a new version is released.

Previously, Mr. Shcheltsin reported that intelligence services of various countries are using backdoors to spy on people around the world through Smart TVs.
Read more »
Russian Federation
Breach of Security and Privacy Privacy Privacy Breach Russian Russian Cyber Security Russian Federation

The Russian Federation leads in the number of users monitored via smartphones


In the first six months of 2020, the number of gadgets with Stalker software in Russia increased by 28% compared to the same period in 2019.

"This probably happened because as a result of self-isolation, many people began to spend much more time at home,” said Viktor Chebyshev, an expert on mobile threats at Kaspersky Lab.

He explained that such programs are often installed to spy on their loved ones, allowing them to access the contents of a mobile device, as well as to spy on a person through a smartphone camera in real-time. They are often used by initiators of domestic violence. All Stalker software is not free.

"There have always been jealous spouses and those who just want to look into someone else's life, and the development of IT has given such people additional opportunities," said Andrey Arsentiev, head of Analytics and special projects at InfoWatch Group.

According to Kaspersky Lab, the number of users on whose mobile devices Stalkerware is installed is increasing not only in Russia. In Europe, such programs are most often found in German, Italian and British users.

It is interesting to note that the anti-stalker software coalition was formed in November 2019. It was named Coalition Against Stalkerware. In addition to Kaspersky Lab, it includes 20 organizations. One part of them works in the field of information security, the other helps victims of domestic violence. The coalition is working to raise awareness among people about the threat of stalker software, as well as to counter the crimes that are committed using such programs. 

Read more »
Russia
Moscow Privacy Breach Russia

Moscow is turning into a "digital concentration camp", say locals


The Moscow authorities refused to issue 900 thousand digital passes per day due to incorrect information submitted by the applicants. Those who try to get a pass using incorrect information will face punishment, warned the head of the Department of information technology, Eduard Lysenko.
It should be noted that walking, according to the authorities, will still be possible without a QR code from the city hall, but no further than 100 meters from the house. And the police, by the way, has already begun to issue fines to everyone who was caught further than 100 meters from the place of residence.

Experts believe that the coronavirus will pass sooner or later, but the amendment introduced on March 31 to the Moscow Code of Administrative Offenses, which allows to fine with CCTV and geolocation, will remain. This is a fundamentally new norm, which allows to fine residents of Moscow on the basis of only video recording from cameras in almost automatic mode, similar to how fines are now issued to drivers.

In fact, the city authorities began to monitor residents of Moscow a long time ago, but until now they have not dared to use this system openly.

It is worth noting that the Chairman of the Moscow City Court Olga Egorova recently misspoke: "People do not know, but the courts already have a system for recognizing citizens. When the courts heard cases on the rallies last year, six people who were wanted were detained in the courthouse. They came just to listen and support the defendants, and the police detained them."
In other words, the system of electronic tracking of people has already been established and tested.

This system is being introduced into mass use in Moscow right now. And the epidemic is a good reason for such actions.

It is worth adding that in the Russian pharmacies it is still impossible to buy masks and sanitizers, even ordinary paracetamol was not easy to find. Remedies are not enough to even for doctors.
It is interesting to note, according to Russian scientist Olga Chetverikova, the danger of digitalization is that society turns into a totalitarian sect. And the most effective way to manage people is to provoke a sense of fear. In a state of depression, despair and hopelessness, a person is ready to accept any apocalyptic scenario. For example, the "digitization of schools" is designed to create human robots that will be controlled by the world's non-digital elite.

Earlier, E Hacking News reported that on the eve of the city hall website was subject to hacker attacks.

Read more »
Russian Cyber Security
Facebook Privacy Privacy Breach Russia Russian Cyber Security

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.
Read more »
Russia
Facebook Privacy Privacy Breach Russia

CEO of a detective agency and speaker on cyber attacks: users should understand that Facebook is leaking their data


Numerous Facebook leaks in 2013 and 2016 put users in a position where they are not responsible for their security. This opinion was expressed by the General Director of the detective agency and speaker on cyber attacks Vladimir Golovin.

The Cybersecurity team at Check Point Research found out that Internet attacks were most often carried out on Internet users to obtain their personal data via Facebook for the last quarter of 2019. A social network is not able to protect its customers from online fraud.

Experts told about such a fraud scheme as "phishing", which consists of the theft of the username, password and other personal data. Hackers operate through social networks or other platforms where people leave information about themselves. As a result, it turned out that Facebook has become the leader among platforms that are hacked by scammers. The second line is occupied by the Yahoo service, and in third place is Netflix.

According to Golovin, when a user leaves their data somewhere, their security depends on him only by 50%.

"If you want to give your personal data, then use Facebook. If not, you don't need to use it at all," said the speaker.

According to him, today people have the wrong attitude to personal data, so it is worth starting the fight with this. Many people do not understand the danger they face when leaving personal information on unverified sources.

Golovin notes that Facebook continues to do the same, leaking user information.
"Therefore, in the field of information security and data storage, all these are political games," he concluded.

It is worth noting that, in addition to the constant leak of personal information, foreign sites continue to brazenly violate Russian laws by refusing to transfer servers with Russian data to the territory of the Russian Federation. Ruslan Ostashko, editor-in-chief of the online publication Politrussia, said that it is necessary to register the possibility of blocking the activities of Facebook and Twitter at the legislative level.
Read more »
Technology
Amazon Hacking Privacy Breach Technology

Amazon Chief’s Phone Hacked by the Saudi Arab Crown Prince



Referring to anonymous sources, a British daily newspaper came up with reports on details regarding Amazon Chief Jeff Bezos' cell phone being hacked in the wake of accepting a message from the Saudi Arabian crown.

Theft of information from Bezo's cell phone, however, is said to have been started in 2018 with a contaminated video file sent by means of WhatsApp from the personal account of Mohammed bin Salman, according to the previously mentioned British daily.

The report apparently comes about a year after the unexpected announcement that Bezos and his wife, MacKenzie, would separate following 25 years of marriage. The National Enquirer along these lines uncovered an extramarital affair between Bezos and Lauren Sanchez, a former TV anchor, in a progression of reports that depended, to some degree, on some intimate text messages sent by Bezos.

Bezos in this way distributed an extraordinary blog entry blaming the newspaper for taking steps to distribute all the more humiliating text messages and photographs except if he freely attested that there was no political motivation or outside force behind the newspaper's coverage.

Gavin de Becker, a security consultant for Bezos, later said he believed the Saudi Arabian government had gained access to Bezos' phone before the Enquirer uncovered the whole affair. He didn't give any immediate evidence to back up his claims, which he said originated from "our investigators and a few experts." De Becker referred to the Enquirer's business association with the Saudis, just as the intense coverage of the homicide of a critic of the Saudi regime by the Bezos-owned Washington Post, as reasons why bin Salman may look to harm the Amazon founder.

The newspaper reported a year ago that the Central Intelligence Agency connected the crown prince to the 2018 murder of Post Columnist Jamal Khashoggi. De Becker declined to remark past the rather lengthy statement a year ago, which was posted on the news site The Daily Beast.

The Saudi embassy didn't quickly react to a message looking for more inputs. In spite of the fact, it's still extremely unclear whether the supposed hack of Bezos' phone got to any sensitive Amazon corporate information.

While the company is yet to remark on the issue in the nine months since de Becker's allegation, the company representatives haven’t yet returned the messages seeking comment on the 21st of January.
Read more »
Technology
Facebook Privacy Breach Technology

Facebook Code Update Gone Wrong Exposes Anonymous Admins



Recently Facebook encountered quite a bug crisis, as a bad code update going live on the night of 10th January apparently prompted the exposure of the mysterious anonymous of admins and many known personalities for a few hours.

All it took to exploit' the bug was opening a target page and checking specifically the edit history of a post and Facebook erroneously showed the account or accounts that made those edits to each post, as opposed to simply displaying the edits themselves.

In spite of the fact that Facebook immediately pushed a fix for this flaw, yet it wasn't quick than the word that had already got around on message boards like 4chan, where users posted screen captures that 'doxed' the accounts behind prominent and rather well-known pages.

Saying that it was the aftereffect of a code update, the social media giant, exposed the accounts behind the official Facebook Pages of the 'pseudonymous' artist Banksy, Russian President Vladimir Putin, former US secretary of state Hillary Clinton, Canadian Prime Minister Justin Trudeau alongside the Climate activist Greta Thunberg, and rapper Snoop Dogg, among others.

No data past a name and public profile link was accessible; however, for those admins running anti-regime pages under 'a repressive government', even this much public exposure is also extremely alarming.

After a series of privacy and security indiscretions, Facebook has concentrated explicitly on building out its protections and has additionally been relentlessly growing its bug bounty, which has encouraged researchers, just like the person who discovered the edit history bug, to submit security flaw for potential rewards in the future.

As ambitious upgrades like these require some serious effort and time and no absolutely no amount of added security can change the major risks that go with amassing the information of 2.5 billion individuals.

Lukasz Olejnik, an independent privacy adviser and research associate at Oxford University's Center for Technology and Global Affairs says, "For sensitive pages, I would not rule out that some people may be feeling that they are in danger due to what happened today, using fake accounts to run pages would have been a good idea. Some could see it as a paranoid way of hiding, but it's not."

Further adding, "People who run sensitive Pages from their own Facebook should now consider that their identity may be known, while mistakes happen, this one is unexpected."


Read more »
Technology
Dating App Privacy Breach Technology

Dating App Accused of Leaking Users’ Private Information from Their Profiles


Security Researcher discovered a leak within the dating app Plenty of Fish of the data that users had specially set as "private" on their profiles. The leaked information was not straight away obvious to the app users, and the information was scrambled to make it hard to peruse.

In any case, utilizing freely accessible tools intended to dissect network traffic, the researcher discovered that it was possible to uncover the data about the users as their profiles showed up on his phone.

As indicated by The App Analyst, a 'mobile expert' who expounds on his examinations of mainstream applications on his eponymous blog, POF was in every case quietly restoring the users' first names and postal ZIP codes which was the primary indication that something was truly amiss with the application.

In one case, the App Analyst even discovered enough data to identify where a specific user lived.

As of late, law enforcement also has on multiple occasions issued admonitions about the dangers a few people face on dating applications, similar to Plenty of Fish, which has approx. more than 150 million registered users, as indicated by its parent company IAC. Reports propose sex attacks involving these dating applications have ascended dramatically in the previous five years.

Furthermore, those in the LGBTQ+ community on these applications additionally face safety dangers from both people as well as the government, prompting applications like Tinder to proactively caution their LGBTQ+ users when they visit locales and states with prohibitive and harsh laws against same-sex accomplices.

Prior this year, the App Analyst found various outsider third-party tools that were permitting application developers to record the device’s screen while users engaged in with their applications resulting in a crackdown by Apple.

Even though spokespersons for 'Plenty of Fish' refused to comment regarding the matter immediately, a fix is said to have turned out recently for the data leakage bug.
Read more »
Technology
Facebook Privacy Breach Technology

Facebook Might Be Secretly Spying On You via Your Phone's Camera


The social media giant that has been the constant subject of backlash quite a several times in the past, is once more in the limelight, with a bug that covertly opens the iPhone's camera background while casually scrolling through the Facebook feed.

The issue was first hailed by a Twitter user, who goes by the name Joshua Maddux. He shared a video wherein his phone's camera can be seen to be active in the background as he scrolls through his Facebook feed.

He tweeted, "Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet."

Many iPhone users were left stunned to discover their iPhone's camera automatically running in the background when they opened Facebook.

Facebook has acknowledged the existence of the bug and is searching for approaches to fix it. The company's Vice President of Integrity Guy Rosen tweeted that "sounds like a bug" and the social networking platform was investigating.

He later affirmed that there was, in fact, a bug and it appears to just affect iPhone users running the most recent iOS 13 software.

He tweeted, "We recently discovered our iOS app incorrectly launched in the landscape. In fixing that last week in v246 (version246), we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped. We have no evidence of photos/videos uploaded due to this,"

This could be another protection related to 'lapse' from Facebook. The company has consistently been highlighted for its privacy policies and it has additionally been the one that had to even pay around a record USD5 billion fine for neglecting to ensure people's data, the biggest fine forced by the US regulator against a tech company ill date.

Read more »
surveillance
Chinese Hackers internet Security Privacy Privacy Breach surveillance

Hackers Working For the Chinese Government Tracking Movements of Ethnic Uighurs




Hackers working for the Chinese government are said to have been tracking the movements of ethnic Uighurs, a mostly Muslim minority, which is viewed as a security threat by Beijing. The hacks are a part of a rather extensive cyber-espionage campaign focused on “high-value individuals” such as diplomats and foreign military personnel, the sources said.

As a part of the campaign, various groups of Chinese hackers have compromised telecoms operators in nations including Turkey, Kazakhstan, India, Thailand and Malaysia, the four sources said.

China is currently confronting growing international criticism over its treatment of Uighurs in Xinjiang , as the members from the group have been subject to mass confinements in what China calls  “vocational training”  centres as well as 'widespread state surveillance'.

The nation has more than once denied association in any cyber-attacks or any abuse of the Uighur people, whose religious and cultural rights Beijing says are completely ensured, and the Chinese Foreign Ministry said any hacking charges should be upheld by legitimate proof.

“We would again like to stress that China is a resolute safeguarder of internet security. We consistently and resolutely oppose and crack down on any forms of internet attacks,” a ministry statement said.

While government authorities in India and Thailand declined to remark in regards to the specific telecoms operators that were undermined, officials in Malaysia, Kazakhstan and Turkey refused to promptly react to the requests for comments.

Read more »
Subscribe to: Posts (Atom)