Forwarded from BlackBox (Security) Archiv
Massive Hack Strikes Offshore Cayman National Bank and Trust
Isle of Man, UK – A blast of sunshine has hit a secretive banking network used by global ultra-wealthy figures following a massive hack by “Phineas Fisher“, a notorious self-described “hacktivist”, of Cayman National Bank and Trust, which serves nearly 1,500 accounts in Isle of Man. Transparency collective Distributed Denial of Secrets has began publishing copies of the bank’s servers, a cache of documents as well as communications among bankers and others. Journalists around the world are investigating and have begun releasing stories.
Following the hack, a manifesto was uploaded to the Internet addressing the motivation for hacking financial services companies. Unicorn Riot has embedded the manifesto below which includes previously unpublished code which the author claims was used to break into “Hacking Team” an Italian surveillance company. Hacking Team was an elite corporation that specialized in developing malware until Phineas Fisher hacked them and published their code online. The malware developed by Hacking Team was often used to attack journalists and activists on behalf of repressive governments .
Unicorn Riot has obtained the small HackBack announcement text released exclusively in Spanish, described as “Desde las montañas del Sureste Cibernético” (‘From the mountains of the Cyber Southeast’). It bills itself as a “HackBack” DIY guide for “Una guía DIY para robar bancos” (‘A DIY guide for robbing banks.’) The announcement begins with a tongue-in-cheek dedication to “Subcowmandante Marcos” with an ASCII text-styled pipe-smoking cow referring to former Zapatista spokesperson Subcomandante Marcos.
Also included in the announcement were introductions to common information security tools such as Metasploit and observations about previous major bank hacks, suspicious activities on SWIFT (an international financial network), and art such as a skeleton saying “Be Gay, Do Crimes” in Spanish.
👉🏼 Read more:
https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/
https://unicornriot.ninja/wp-content/uploads/2019/11/hackback-announce-text.txt
#hacker #PhineasFisher #hacked #hackback #offshore #bank
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Isle of Man, UK – A blast of sunshine has hit a secretive banking network used by global ultra-wealthy figures following a massive hack by “Phineas Fisher“, a notorious self-described “hacktivist”, of Cayman National Bank and Trust, which serves nearly 1,500 accounts in Isle of Man. Transparency collective Distributed Denial of Secrets has began publishing copies of the bank’s servers, a cache of documents as well as communications among bankers and others. Journalists around the world are investigating and have begun releasing stories.
Following the hack, a manifesto was uploaded to the Internet addressing the motivation for hacking financial services companies. Unicorn Riot has embedded the manifesto below which includes previously unpublished code which the author claims was used to break into “Hacking Team” an Italian surveillance company. Hacking Team was an elite corporation that specialized in developing malware until Phineas Fisher hacked them and published their code online. The malware developed by Hacking Team was often used to attack journalists and activists on behalf of repressive governments .
Unicorn Riot has obtained the small HackBack announcement text released exclusively in Spanish, described as “Desde las montañas del Sureste Cibernético” (‘From the mountains of the Cyber Southeast’). It bills itself as a “HackBack” DIY guide for “Una guía DIY para robar bancos” (‘A DIY guide for robbing banks.’) The announcement begins with a tongue-in-cheek dedication to “Subcowmandante Marcos” with an ASCII text-styled pipe-smoking cow referring to former Zapatista spokesperson Subcomandante Marcos.
Also included in the announcement were introductions to common information security tools such as Metasploit and observations about previous major bank hacks, suspicious activities on SWIFT (an international financial network), and art such as a skeleton saying “Be Gay, Do Crimes” in Spanish.
👉🏼 Read more:
https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/
https://unicornriot.ninja/wp-content/uploads/2019/11/hackback-announce-text.txt
#hacker #PhineasFisher #hacked #hackback #offshore #bank
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
How Google Interferes With Its Search Algorithms and Changes Your Results
The internet giant uses blacklists, algorithm tweaks and an army of contractors to shape what you see
👀 More than 100 interviews and the Journal’s own testing of Google’s search results reveal:
‼️ Google made algorithmic changes to its search results that favor big businesses over smaller ones, and in at least one case made changes on behalf of a major advertiser, eBay Inc., contrary to its public position that it never takes that type of action. The company also boosts some major websites, such as Amazon.com Inc. and Facebook Inc., according to people familiar with the matter.
‼️ Google engineers regularly make behind-the-scenes adjustments to other information the company is increasingly layering on top of its basic search results. These features include auto-complete suggestions, boxes called “knowledge panels” and “featured snippets,” and news results, which aren’t subject to the same company policies limiting what engineers can remove or change.
‼️ Despite publicly denying doing so, Google keeps blacklists to remove certain sites or prevent others from surfacing in certain types of results. These moves are separate from those that block sites as required by U.S. or foreign law, such as those featuring child abuse or with copyright infringement, and from changes designed to demote spam sites, which attempt to game the system to appear higher in results.
‼️ In auto-complete, the feature that predicts search terms as the user types a query, Google’s engineers have created algorithms and blacklists to weed out more-incendiary suggestions for controversial subjects, such as abortion or immigration, in effect filtering out inflammatory results on high-profile topics.
‼️ Google employees and executives, including co-founders Larry Page and Sergey Brin, have disagreed on how much to intervene on search results and to what extent. Employees can push for revisions in specific search results, including on topics such as vaccinations and autism.
‼️ To evaluate its search results, Google employs thousands of low-paid contractors whose purpose the company says is to assess the quality of the algorithms’ rankings. Even so, contractors said Google gave feedback to these workers to convey what it considered to be the correct ranking of results, and they revised their assessments accordingly, according to contractors interviewed by the Journal. The contractors’ collective evaluations are then used to adjust algorithms.
👉🏼 Read more (paywall):
https://www.wsj.com/articles/how-google-interferes-with-its-search-algorithms-and-changes-your-results-11573823753
👉🏼 Read more (german/no paywall):
https://netzpolitik.org/2019/der-selbstgebaute-algorithmus/
#DeleteGoogle #manipulation #search #algorithms #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The internet giant uses blacklists, algorithm tweaks and an army of contractors to shape what you see
👀 More than 100 interviews and the Journal’s own testing of Google’s search results reveal:
‼️ Google made algorithmic changes to its search results that favor big businesses over smaller ones, and in at least one case made changes on behalf of a major advertiser, eBay Inc., contrary to its public position that it never takes that type of action. The company also boosts some major websites, such as Amazon.com Inc. and Facebook Inc., according to people familiar with the matter.
‼️ Google engineers regularly make behind-the-scenes adjustments to other information the company is increasingly layering on top of its basic search results. These features include auto-complete suggestions, boxes called “knowledge panels” and “featured snippets,” and news results, which aren’t subject to the same company policies limiting what engineers can remove or change.
‼️ Despite publicly denying doing so, Google keeps blacklists to remove certain sites or prevent others from surfacing in certain types of results. These moves are separate from those that block sites as required by U.S. or foreign law, such as those featuring child abuse or with copyright infringement, and from changes designed to demote spam sites, which attempt to game the system to appear higher in results.
‼️ In auto-complete, the feature that predicts search terms as the user types a query, Google’s engineers have created algorithms and blacklists to weed out more-incendiary suggestions for controversial subjects, such as abortion or immigration, in effect filtering out inflammatory results on high-profile topics.
‼️ Google employees and executives, including co-founders Larry Page and Sergey Brin, have disagreed on how much to intervene on search results and to what extent. Employees can push for revisions in specific search results, including on topics such as vaccinations and autism.
‼️ To evaluate its search results, Google employs thousands of low-paid contractors whose purpose the company says is to assess the quality of the algorithms’ rankings. Even so, contractors said Google gave feedback to these workers to convey what it considered to be the correct ranking of results, and they revised their assessments accordingly, according to contractors interviewed by the Journal. The contractors’ collective evaluations are then used to adjust algorithms.
👉🏼 Read more (paywall):
https://www.wsj.com/articles/how-google-interferes-with-its-search-algorithms-and-changes-your-results-11573823753
👉🏼 Read more (german/no paywall):
https://netzpolitik.org/2019/der-selbstgebaute-algorithmus/
#DeleteGoogle #manipulation #search #algorithms #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from Wasted Opossum
For those of you who don't know, Iran's Regime has banned the internet for all of its citizens since people started protesting for the rise of Gas/Petrol prices up to thrice. Some have been shot and killed during these protests. They don't have access to anything online so if you guys from other countries share the message with your people and media it would be a big help to Iranians since they have no media to share what's going on. I am also one of them and getting access to the net to share this message was really hard for me, but i wont be able to post for you guys untill things go back to normal so please share our situation on your Twitter, Facebook, Instagram etc.
NoGoolag
For those of you who don't know, Iran's Regime has banned the internet for all of its citizens since people started protesting for the rise of Gas/Petrol prices up to thrice. Some have been shot and killed during these protests. They don't have access to anything…
😳 Nerds and Hackers, the people of Iran needs you right now!
Anger over sharp hike in petrol price and rationing scheme sparks demonstrations in oil-rich Iran. At least two people have been killed in sporadic violence surrounding the protests so far
info source 👉🏻 t.me/s/indygram?q=iran && t.me/MetaAnarchoMemes/122805
Join @NoGoolag's chat group, if you can help: t.me/joinchat/FyFlS0X2D7f6YNvdxhEsfw
Anger over sharp hike in petrol price and rationing scheme sparks demonstrations in oil-rich Iran. At least two people have been killed in sporadic violence surrounding the protests so far
info source 👉🏻 t.me/s/indygram?q=iran && t.me/MetaAnarchoMemes/122805
Join @NoGoolag's chat group, if you can help: t.me/joinchat/FyFlS0X2D7f6YNvdxhEsfw
Telegram
Wasted Opossum in 💬 Meta AnarchoMemes🔥
A NEW WAVE OF PROTESTS HAS BEGUN IN IRAN
موج تازه ای از اعتراضات در ایران آغاز شده است
After the capitalist Islamic regime's deepening socio-economic-political crisis in Iran and as a result of the sudden tripling of gasoline prices, a new wave of discontent…
موج تازه ای از اعتراضات در ایران آغاز شده است
After the capitalist Islamic regime's deepening socio-economic-political crisis in Iran and as a result of the sudden tripling of gasoline prices, a new wave of discontent…
Forwarded from BlackBox (Security) Archiv
HackBack! - Talking with Phineas Fisher
Hacking as Direct Action against the Surveillance State
We spoke with the world-famous hacker persona and self-proclaimed anarchist revolutionary Phineas Fisher about the politics behind their attacks on the surveillance industry, the ruling party in Turkey, and the Catalan police. Here follows a retrospective on the exploits of Phineas Fisher, followed by their remarks to us.
Hacking is often depicted as something technical, a simple matter of attack and defense. Yet motivations are everything. The same technique that builds oppressive tools can be used as a weapon for emancipation. Hacking, in its purest form, is not about engineering: it is about leveraging power dynamics by short-circuiting technology. It is direct action for the new digital world we all live in.
In the shadows of the techno-empire, the hacking scene became a target for cooptation and infiltration. But the underground cannot be eradicated: from time to time, a new action breaks through the surface. Some of the hackers we admire are coders who produce tools for online privacy and anonymity. Other crews create and distribute alternative media. And then there are those who hack back.
The Lost Hacker Circles
It is no secret, for anyone paying attention, that for a long time the hacker underground was also taking sides in the ongoing war. Yet the effervescence that characterized the underground DIY scene of the past few decades has died down, or at least receded to less visible places.
Pessimists mourned the death of hacker communities in a proliferation of individual desertions. It is true that the techno-military complex succeeded in swelling the ranks of the mercenaries: there is a price at which a particular mindset can be bought, whether with money, success, the feeling of power, or the excitement of playing with fancy toys while chasing what state propaganda labels “the enemy.”
👉🏼 Read more:
https://crimethinc.com/2018/06/05/hackback-talking-with-phineas-fisher-hacking-as-direct-action-against-the-surveillance-state
👉🏼 Regarding: Massive Hack Strikes Offshore Cayman National Bank and Trust
https://t.me/NoGoolag/1843
#PhineasFisher #hacker #HackBack #Interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Hacking as Direct Action against the Surveillance State
We spoke with the world-famous hacker persona and self-proclaimed anarchist revolutionary Phineas Fisher about the politics behind their attacks on the surveillance industry, the ruling party in Turkey, and the Catalan police. Here follows a retrospective on the exploits of Phineas Fisher, followed by their remarks to us.
Hacking is often depicted as something technical, a simple matter of attack and defense. Yet motivations are everything. The same technique that builds oppressive tools can be used as a weapon for emancipation. Hacking, in its purest form, is not about engineering: it is about leveraging power dynamics by short-circuiting technology. It is direct action for the new digital world we all live in.
In the shadows of the techno-empire, the hacking scene became a target for cooptation and infiltration. But the underground cannot be eradicated: from time to time, a new action breaks through the surface. Some of the hackers we admire are coders who produce tools for online privacy and anonymity. Other crews create and distribute alternative media. And then there are those who hack back.
The Lost Hacker Circles
It is no secret, for anyone paying attention, that for a long time the hacker underground was also taking sides in the ongoing war. Yet the effervescence that characterized the underground DIY scene of the past few decades has died down, or at least receded to less visible places.
Pessimists mourned the death of hacker communities in a proliferation of individual desertions. It is true that the techno-military complex succeeded in swelling the ranks of the mercenaries: there is a price at which a particular mindset can be bought, whether with money, success, the feeling of power, or the excitement of playing with fancy toys while chasing what state propaganda labels “the enemy.”
👉🏼 Read more:
https://crimethinc.com/2018/06/05/hackback-talking-with-phineas-fisher-hacking-as-direct-action-against-the-surveillance-state
👉🏼 Regarding: Massive Hack Strikes Offshore Cayman National Bank and Trust
https://t.me/NoGoolag/1843
#PhineasFisher #hacker #HackBack #Interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Cutting the Wire
It has recently come to the attention of the PrivacyTools team that Wire, the popular end-to-end encryption messaging platform had been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.
Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?
Earlier this year, Wire announced they had entered a partnership with FedResults, in a move that would bring Wire's secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland's strict privacy laws. Today however, while much of Wire's business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.
This is alarming because it is well known that Wire stores unencrypted metadata for every user.
👉🏼 Read more:
https://blog.privacytools.io/delisting-wire/
#privacytools #delisting #wire #FedResults #messenger #swiss #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
It has recently come to the attention of the PrivacyTools team that Wire, the popular end-to-end encryption messaging platform had been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.
Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?
Earlier this year, Wire announced they had entered a partnership with FedResults, in a move that would bring Wire's secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland's strict privacy laws. Today however, while much of Wire's business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.
This is alarming because it is well known that Wire stores unencrypted metadata for every user.
👉🏼 Read more:
https://blog.privacytools.io/delisting-wire/
#privacytools #delisting #wire #FedResults #messenger #swiss #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Telegram bots [updated to remove thonkbot and Yana (deprecated)]
🤖 Marie unreliable : @BanhammerMarie_bot
Support: @MarieSupport @MarieNews
https://github.com/PaulSonOfLars/tgbot
🤖 Sophie: @rSophieBot
Support: @SophieSupport
News: @SophieNEWS
https://github.com/MrYacha/SophieBot
🤖 GroupButler: @GBReborn_bot
Support: @gbgroups @GB_tutorials
🤖 More OpenSource tg bots:
https://danyspin97.github.io/TelegramBotsList
Others:
🤖 @botlist
Use @BotListBot in inline mode to send individual categories and more...
Send your bot's in: @BotListChat
📡 @Libreware
#bots #telegram #tg
🤖 Marie unreliable : @BanhammerMarie_bot
Support: @MarieSupport @MarieNews
https://github.com/PaulSonOfLars/tgbot
🤖 Sophie: @rSophieBot
Support: @SophieSupport
News: @SophieNEWS
https://github.com/MrYacha/SophieBot
🤖 GroupButler: @GBReborn_bot
Support: @gbgroups @GB_tutorials
🤖 More OpenSource tg bots:
https://danyspin97.github.io/TelegramBotsList
Others:
🤖 @botlist
Use @BotListBot in inline mode to send individual categories and more...
Send your bot's in: @BotListChat
📡 @Libreware
#bots #telegram #tg
Forwarded from BlackBox (Security) Archiv
GitHub Archive Program
Preserving open source software for future generations
It is a hidden cornerstone of modern civilization, and the shared heritage of all humanity. The mission of the GitHub Archive Program is to preserve open source software for future generations.
GitHub is partnering with the Long Now Foundation, the Internet Archive, the Software Heritage Foundation, Arctic World Archive, Microsoft Research, the Bodleian Library, and Stanford Libraries to ensure the long-term preservation of the world's open source software. We will protect this priceless knowledge by storing multiple copies, on an ongoing basis, across various data formats and locations, including a very-long-term archive designed to last at least 1,000 years.
👉🏼 Read more:
https://archiveprogram.github.com/
#GitHub #archiveprogram #repo #arctic #norway
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Preserving open source software for future generations
It is a hidden cornerstone of modern civilization, and the shared heritage of all humanity. The mission of the GitHub Archive Program is to preserve open source software for future generations.
GitHub is partnering with the Long Now Foundation, the Internet Archive, the Software Heritage Foundation, Arctic World Archive, Microsoft Research, the Bodleian Library, and Stanford Libraries to ensure the long-term preservation of the world's open source software. We will protect this priceless knowledge by storing multiple copies, on an ongoing basis, across various data formats and locations, including a very-long-term archive designed to last at least 1,000 years.
👉🏼 Read more:
https://archiveprogram.github.com/
#GitHub #archiveprogram #repo #arctic #norway
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from /r/privacy
How a trivial cell phone hack is ruining lives
https://www.engadget.com/2019/06/28/cell-phone-hack-is-ruining-lives-identity-theft/
https://redd.it/c829zc
@r_privacy
https://www.engadget.com/2019/06/28/cell-phone-hack-is-ruining-lives-identity-theft/
https://redd.it/c829zc
@r_privacy
Engadget
How a trivial cell phone hack is ruining lives
A SIM-swap hack will ruin your life. Why are they so easy?
Forwarded from Pavel Durov
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
Forwarded from BlackBox (Security) Archiv
Amnesty: Facebook and Google violate fundamental human rights
In a report on the "surveillance giants", the human rights organisation sounds the alarm: users would be forced into a "devil's pact".
Facebook and Google have created a private surveillance regime that is largely beyond independent public control: Amnesty International concludes in a report on the "Surveillance Giants" of the Internet published on Thursday. The two US corporations would have gained unprecedented power over the most personal data of millions of people, the human rights organization criticizes, stressing that "privacy abuse is at the heart" of Facebook's and Google's surveillance-based business models.
PDF:
https://cloud.amnesty.de/s/z9koZ4rHZ8NPB5c#pdfviewer
#amnesty #report #surveillance #DeleteFacebook #DeleteGoogle #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
In a report on the "surveillance giants", the human rights organisation sounds the alarm: users would be forced into a "devil's pact".
Facebook and Google have created a private surveillance regime that is largely beyond independent public control: Amnesty International concludes in a report on the "Surveillance Giants" of the Internet published on Thursday. The two US corporations would have gained unprecedented power over the most personal data of millions of people, the human rights organization criticizes, stressing that "privacy abuse is at the heart" of Facebook's and Google's surveillance-based business models.
PDF:
https://cloud.amnesty.de/s/z9koZ4rHZ8NPB5c#pdfviewer
#amnesty #report #surveillance #DeleteFacebook #DeleteGoogle #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
I'm the Google whistleblower. The medical data of millions of Americans is at risk.
When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent
Source: https://www.theguardian.com/commentisfree/2019/nov/14/im-the-google-whistleblower-the-medical-data-of-millions-of-americans-is-at-risk
I didn’t decide to blow the whistle on Google’s deal, known internally as the Nightingale Project, glibly. The decision came to me slowly, creeping on me through my day-to-day work as one of about 250 people in Google and Ascension working on the project.
When I first joined Nightingale I was excited to be at the forefront of medical innovation. Google has staked its claim to be a major player in the healthcare sector, using its phenomenal artificial intelligence (AI) and machine learning tools to predict patterns of illness in ways that might some day lead to new treatments and, who knows, even cures.
Here I was working with senior management teams on both sides, Google and Ascension, creating the future. That chimed with my overall conviction that technology really does have the potential to change healthcare for the better.
But over time I grew increasingly concerned about the security and privacy aspects of the deal. It became obvious that many around me in the Nightingale team also shared those anxieties.
After a while I reached a point that I suspect is familiar to most whistleblowers, where what I was witnessing was too important for me to remain silent. Two simple questions kept hounding me: did patients know about the transfer of their data to the tech giant? Should they be informed and given a chance to opt in or out?
The answer to the first question quickly became apparent: no. The answer to the second I became increasingly convinced about: yes. Put the two together, and how could I say nothing?
So much is at stake. Data security is important in any field, but when that data relates to the personal details of an individual’s health, it is of the utmost importance as this is the last frontier of data privacy.
With a deal as sensitive as the transfer of the personal data of more than 50 million Americans to Google the oversight should be extensive. Every aspect needed to be pored over to ensure that it complied with federal rules controlling the confidential handling of protected health information under the 1996 HIPAA legislation.
Working with a team of 150 Google employees and 100 or so Ascension staff was eye-opening. But I kept being struck by how little context and information we were operating within.
What AI algorithms were at work in real time as the data was being transferred across from hospital groups to the search giant? What was Google planning to do with the data they were being given access to? No-one seemed to know.
Above all: why was the information being handed over in a form that had not been “de-identified” – the term the industry uses for removing all personal details so that a patient’s medical record could not be directly linked back to them? And why had no patients and doctors been told what was happening?
I was worried too about the security aspect of placing vast amounts of medical data in the digital cloud. Think about the recent hacks on banks or the 2013 data breach suffered by the retail giant Target – now imagine a similar event was inflicted on the healthcare data of millions.
I am proud that I brought this story to public attention. Since it broke on Monday several Congress members have expressed concerns including the Democratic presidential candidate Senator Amy Klobuchar of Minnesota who said the deal raised “serious privacy concerns”.
A federal inquiry has been launched into whether HIPAA protections have been fully followed.
I can see the advantages of unleashing Google’s huge computing power on medical data. Applications will be faster; data more accessible to doctors; new channels will be opened that might in time find cures to certain conditions.
When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent
Source: https://www.theguardian.com/commentisfree/2019/nov/14/im-the-google-whistleblower-the-medical-data-of-millions-of-americans-is-at-risk
I didn’t decide to blow the whistle on Google’s deal, known internally as the Nightingale Project, glibly. The decision came to me slowly, creeping on me through my day-to-day work as one of about 250 people in Google and Ascension working on the project.
When I first joined Nightingale I was excited to be at the forefront of medical innovation. Google has staked its claim to be a major player in the healthcare sector, using its phenomenal artificial intelligence (AI) and machine learning tools to predict patterns of illness in ways that might some day lead to new treatments and, who knows, even cures.
Here I was working with senior management teams on both sides, Google and Ascension, creating the future. That chimed with my overall conviction that technology really does have the potential to change healthcare for the better.
But over time I grew increasingly concerned about the security and privacy aspects of the deal. It became obvious that many around me in the Nightingale team also shared those anxieties.
After a while I reached a point that I suspect is familiar to most whistleblowers, where what I was witnessing was too important for me to remain silent. Two simple questions kept hounding me: did patients know about the transfer of their data to the tech giant? Should they be informed and given a chance to opt in or out?
The answer to the first question quickly became apparent: no. The answer to the second I became increasingly convinced about: yes. Put the two together, and how could I say nothing?
So much is at stake. Data security is important in any field, but when that data relates to the personal details of an individual’s health, it is of the utmost importance as this is the last frontier of data privacy.
With a deal as sensitive as the transfer of the personal data of more than 50 million Americans to Google the oversight should be extensive. Every aspect needed to be pored over to ensure that it complied with federal rules controlling the confidential handling of protected health information under the 1996 HIPAA legislation.
Working with a team of 150 Google employees and 100 or so Ascension staff was eye-opening. But I kept being struck by how little context and information we were operating within.
What AI algorithms were at work in real time as the data was being transferred across from hospital groups to the search giant? What was Google planning to do with the data they were being given access to? No-one seemed to know.
Above all: why was the information being handed over in a form that had not been “de-identified” – the term the industry uses for removing all personal details so that a patient’s medical record could not be directly linked back to them? And why had no patients and doctors been told what was happening?
I was worried too about the security aspect of placing vast amounts of medical data in the digital cloud. Think about the recent hacks on banks or the 2013 data breach suffered by the retail giant Target – now imagine a similar event was inflicted on the healthcare data of millions.
I am proud that I brought this story to public attention. Since it broke on Monday several Congress members have expressed concerns including the Democratic presidential candidate Senator Amy Klobuchar of Minnesota who said the deal raised “serious privacy concerns”.
A federal inquiry has been launched into whether HIPAA protections have been fully followed.
I can see the advantages of unleashing Google’s huge computing power on medical data. Applications will be faster; data more accessible to doctors; new channels will be opened that might in time find cures to certain conditions.
the Guardian
I'm the Google whistleblower. The medical data of millions of Americans is at risk | Anonymous
When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent
But the disadvantages prey on my mind. Employees at big tech companies having access to personal information; data potentially being handed on to third parties; adverts one day being targeted at patients according to their medical histories.
I’d like to hope that the result of my raising the lid on this issue will be open debate leading to concrete change. Transfers of healthcare data to big tech companies need to be shared with the public and made fully transparent, with monitoring by an independent watchdog.
Patients must have the right to opt in or out. The uses of the data must be clearly defined for all to see, not just for now but for 10 or 20 years into the future.
Full HIPAA compliance must be enforced, and boundaries must be put in place to prevent third parties gaining access to the data without public consent.
In short, patients and the public have a right to know what’s happening to their personal health information at every step along the way.
Source: https://www.theguardian.com/commentisfree/2019/nov/14/im-the-google-whistleblower-the-medical-data-of-millions-of-americans-is-at-risk
#deletegoogle #medicaldata #why #thinkabout #hmmm #privacy
I’d like to hope that the result of my raising the lid on this issue will be open debate leading to concrete change. Transfers of healthcare data to big tech companies need to be shared with the public and made fully transparent, with monitoring by an independent watchdog.
Patients must have the right to opt in or out. The uses of the data must be clearly defined for all to see, not just for now but for 10 or 20 years into the future.
Full HIPAA compliance must be enforced, and boundaries must be put in place to prevent third parties gaining access to the data without public consent.
In short, patients and the public have a right to know what’s happening to their personal health information at every step along the way.
Source: https://www.theguardian.com/commentisfree/2019/nov/14/im-the-google-whistleblower-the-medical-data-of-millions-of-americans-is-at-risk
#deletegoogle #medicaldata #why #thinkabout #hmmm #privacy
the Guardian
I'm the Google whistleblower. The medical data of millions of Americans is at risk | Anonymous
When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent
Forwarded from BlackBox (Security) Archiv
Servers of Cock.li searched again
The authorities have again searched the servers of the e-mail and hosting provider Cock.li. Since a few minutes everything is running again. The service was already once before one and before four years in the focus of the authorities. The cause of the latest seizure has not yet been clarified.
https://status.cock.li/
#Cockli #email #authorities #raid #police
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The authorities have again searched the servers of the e-mail and hosting provider Cock.li. Since a few minutes everything is running again. The service was already once before one and before four years in the focus of the authorities. The cause of the latest seizure has not yet been clarified.
https://status.cock.li/
#Cockli #email #authorities #raid #police
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Facebook would have let Hitler buy ads for 'final solution'
In wide-ranging speech, actor accuses tech giants of running the ‘greatest propaganda machine in history’
Sacha Baron Cohen has denounced tech giants Facebook, Twitter, YouTube and Google as “the greatest propaganda machine in history” and culpable for a surge in “murderous attacks on religious and ethnic minorities”.
Baron Cohen was speaking on Thursday at Never Is Now, the Anti-Defamation League’s summit on antisemitism and hate in New York, where he was presented with the organisation’s international leadership award. He said that “hate crimes are surging, as are murderous attacks on religious and ethnic minorities” and that “all this hate and violence is being facilitated by a handful of internet companies that amount to the greatest propaganda machine in history”.
He added: “The algorithms these platforms depend on deliberately amplify the type of content that keeps users engaged – stories that appeal to our baser instincts and that trigger outrage and fear. It’s why YouTube recommended videos by the conspiracist Alex Jones billions of times. It’s why fake news outperforms real news, because studies show that lies spread faster than truth … As one headline put it, just think what Goebbels could have done with Facebook.”
“If you pay them, Facebook will run any ‘political’ ad you want, even if it’s a lie,” he said. “And they’ll even help you micro-target those lies to their users for maximum effect. Under this twisted logic, if Facebook were around in the 1930s, it would have allowed Hitler to post 30-second ads on his ‘solution’ to the ‘Jewish problem’.”
👉🏼 Read more:
https://www.theguardian.com/film/2019/nov/22/sacha-baron-cohen-facebook-would-have-sold-final-solution-ads-to-hitler
#DeleteFacebook #propaganda
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
In wide-ranging speech, actor accuses tech giants of running the ‘greatest propaganda machine in history’
Sacha Baron Cohen has denounced tech giants Facebook, Twitter, YouTube and Google as “the greatest propaganda machine in history” and culpable for a surge in “murderous attacks on religious and ethnic minorities”.
Baron Cohen was speaking on Thursday at Never Is Now, the Anti-Defamation League’s summit on antisemitism and hate in New York, where he was presented with the organisation’s international leadership award. He said that “hate crimes are surging, as are murderous attacks on religious and ethnic minorities” and that “all this hate and violence is being facilitated by a handful of internet companies that amount to the greatest propaganda machine in history”.
He added: “The algorithms these platforms depend on deliberately amplify the type of content that keeps users engaged – stories that appeal to our baser instincts and that trigger outrage and fear. It’s why YouTube recommended videos by the conspiracist Alex Jones billions of times. It’s why fake news outperforms real news, because studies show that lies spread faster than truth … As one headline put it, just think what Goebbels could have done with Facebook.”
“If you pay them, Facebook will run any ‘political’ ad you want, even if it’s a lie,” he said. “And they’ll even help you micro-target those lies to their users for maximum effect. Under this twisted logic, if Facebook were around in the 1930s, it would have allowed Hitler to post 30-second ads on his ‘solution’ to the ‘Jewish problem’.”
👉🏼 Read more:
https://www.theguardian.com/film/2019/nov/22/sacha-baron-cohen-facebook-would-have-sold-final-solution-ads-to-hitler
#DeleteFacebook #propaganda
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
TikTok: Cheerfulness and censorship
Never before has a #platform grown as fast as TikTok. We have gained exclusive insight into its content moderation and are publishing excerpts from its moderation rules: TikTok operates a sophisticated system to identify, #control, #suppress and direct content. The platform can throttle videos of #protests and #demonstrations according to its rules.
No #app has been downloaded as often as TikTok in the past year. The video sharing platform is growing rapidly. In November 2019, TikTok broke the 1 billion-user barrier – faster than any other social network ever before. The video app and its culture are currently so popular with children and young people that even the Tagesschau (the major German public TV News programme) now has its own account there.
However, #research by netzpolitik.org shows that TikTok is currently able to #suppress videos of political protests and demonstrations and additionally determine which content is visible, through a variety of means.
☣️ Exclusive insight into content moderation
For this research, netzpolitik.org spoke to a source at #TikTok, looked at moderation criteria and communications, and experimented with specially created accounts to see how well videos with China-critical content are visible on the platform.
TikToks moderation rules, of which netzpolitik.org was able to see different versions, are remarkably thin and widely interpretable – even for the moderators themselves. The strategy, however, is clear: certain content is given the widest possible reach, while others are systematically suppressed.
The successful platform belongs to the #Chinese #technology company #ByteDance. Already in September, the Guardian reported on leaked documents that detailed how TikTok censored political statements on the #Tiananmen #massacre or the independence of #Tibet. The protests in Hong Kong, which are currently attracting worldwide media attention, are virtually invisible on TikTok between selfies and singalongs, even though the app is available in Hong Kong.
Read more:
https://netzpolitik.org/2019/cheerfulness-and-censorship/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Never before has a #platform grown as fast as TikTok. We have gained exclusive insight into its content moderation and are publishing excerpts from its moderation rules: TikTok operates a sophisticated system to identify, #control, #suppress and direct content. The platform can throttle videos of #protests and #demonstrations according to its rules.
No #app has been downloaded as often as TikTok in the past year. The video sharing platform is growing rapidly. In November 2019, TikTok broke the 1 billion-user barrier – faster than any other social network ever before. The video app and its culture are currently so popular with children and young people that even the Tagesschau (the major German public TV News programme) now has its own account there.
However, #research by netzpolitik.org shows that TikTok is currently able to #suppress videos of political protests and demonstrations and additionally determine which content is visible, through a variety of means.
☣️ Exclusive insight into content moderation
For this research, netzpolitik.org spoke to a source at #TikTok, looked at moderation criteria and communications, and experimented with specially created accounts to see how well videos with China-critical content are visible on the platform.
TikToks moderation rules, of which netzpolitik.org was able to see different versions, are remarkably thin and widely interpretable – even for the moderators themselves. The strategy, however, is clear: certain content is given the widest possible reach, while others are systematically suppressed.
The successful platform belongs to the #Chinese #technology company #ByteDance. Already in September, the Guardian reported on leaked documents that detailed how TikTok censored political statements on the #Tiananmen #massacre or the independence of #Tibet. The protests in Hong Kong, which are currently attracting worldwide media attention, are virtually invisible on TikTok between selfies and singalongs, even though the app is available in Hong Kong.
Read more:
https://netzpolitik.org/2019/cheerfulness-and-censorship/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES