Facebook Is Failing in Global Disinformation Fight, Says Former Worker

The employee, who worked in a group dedicated to rooting out fake accounts, said executives ignored or were slow to react to her warnings.

OAKLAND, Calif. — While Facebook has heralded improvements to its fight against disinformation in the United States, it has been slow to deal with fake accounts that have affected elections around the world, according to a post published by a former employee.

The employee, who worked on a Facebook team dedicated to rooting out so-called inauthentic activity on the service, said executives ignored or were slow to react to her repeated warnings about the problem.

“In the three years I’ve spent at Facebook, I’ve found multiple blatant attempts by foreign national governments to abuse our platform on vast scales to mislead their own citizenry,” Sophie Zhang, the employee

https://www.nytimes.com/2020/09/14/technology/facebook-manipulation-whistleblower-sophie-zhang.html

#Facebook #disinformation

Vietnam is importing the worst of Chinese-style online censorship

Vietnam is monitoring online speech.

One of the problems with China’s extensive and invasive internet control and censorship is just how efficient it is, thus “inspiring” many other countries around the world to either try to copy, or implement it in one way or another, to serve their particular situation and goals.

This appears to have manifested in Vietnam, whose authorities are said to be invested in fostering nationalism online, but also carefully monitoring social media in the hope of controlling content and narratives.

In 2016, Vietnam put to work 10,000 people making up the Force 47 cyber unit that is supposed to maintain a “healthy” online environment and, since late 2018, the country has had a unit whose task is to monitor the internet, sifting through up to 100 million news items every day in search of “misinformation”.

https://reclaimthenet.org/vietnam-is-importing-the-worst-of-chinese-style-online-censorship/

#Asia #Vietnam #censorship

Revealed: Israeli Firm Provided Phone-hacking Services to Saudi Arabia

A representative of Cellebrite, which states that it has complied with the rules, flew to Riyadh from London last November, and at the request of the Saudi prosecutor’s office hacked into a Samsung cellphone

In November of last year, a representative of the Israeli firm Cellebrite landed at King Khaled International Airport in the Saudi capital, Riyadh. The man, a foreign national whose identity is known to TheMarker, Haaretz’s sister publication, arrived on a commercial flight from London to hack into a phone in the possession of the Saudi Justice Ministry. The details of the visit were agreed upon before the hacker landed.

The staff at Cellebrite demanded of the Saudis that their employee be met at the Riyadh airport by a government representative. They insisted that he pass through passport control without his passport being stamped and without an inspection of the electronic equipment that he would have with him, which they demanded would not leave his possession and only which he would use.

From there, it was agreed in advance that the hacker would be immediately taken to an isolated hotel room, where the Saudis committed not to install cameras – and where the job of hacking and copying information from a mobile cellphone was carried out. When the work was completed, Cellebrite’s representative returned to the airport and flew back to London.

Cellebrite is not the only Israeli company to provide hacking or other cybersecurity services to the Saudi kingdom, but it is apparently the only one that does so without any oversight from the Israeli Defense Ministry.

👀 👉🏼 https://www.haaretz.com/israel-news/tech-news/.premium-revealed-israeli-firm-provided-phone-hacking-services-to-saudi-arabia-1.9161374

👀 👉🏼 https://twitter.com/haaretzcom/status/1306233686761889798

#israel #hacking #samsung #cellebrite #saudiarabia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire

As FBI officers were investigating a Seattle man suspected of setting police cars on fire, they turned to Apple for help.

In response, Apple granted access to the man's iCloud account, giving the FBI access to screenshots, photos, and videos that are now central to their case against the suspect, court documents show.

It's routine for Apple to comply with court-issued search warrants by handing over suspects' data to investigators. But the episode, detailed in court documents and previously reported by Forbes, shows just how valuable a suspect's smartphone data can be to an investigation, and contrasts with previous public clashes between the FBI and Apple.

https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9

#US #Apple #iCloud #FBI

Machine Bias

There’s software used across the country to predict future criminals. And it’s biased against blacks.

On a spring afternoon in 2014, Brisha Borden was running late to pick up her god-sister from school when she spotted an unlocked kid’s blue Huffy bicycle and a silver Razor scooter. Borden and a friend grabbed the bike and scooter and tried to ride them down the street in the Fort Lauderdale suburb of Coral Springs.

Just as the 18-year-old girls were realizing they were too big for the tiny conveyances — which belonged to a 6-year-old boy — a woman came running after them saying, “That’s my kid’s stuff.” Borden and her friend immediately dropped the bike and scooter and walked away.

But it was too late — a neighbor who witnessed the heist had already called the police. Borden and her friend were arrested and charged with burglary and petty theft for the items, which were valued at a total of $80.

https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing

#US #AI

My stolen credit card details were used 4,500 miles away. I tried to find out how it happened

When cybersecurity reporter Danny Palmer found his card was apparently used on another continent, he set out to discover more.

On a Thursday back in February I was relaxing and watching TV when my evening was interrupted by the ping of a text message from my bank.

"You will shortly receive an SMS to confirm recent activity on your card."

I was puzzled. I certainly hadn't made any strange or unexpected purchases that day, so what was this about? About 30 seconds later, I received my answer in a second text message.

It said my credit card details had been used less than a minute before to try to make a payment of £108 at a store with an unfamiliar name.

A quick search online revealed it to be a supermarket in the city of Paramaribo, Suriname – a small country on the north-eastern coast of South America, bordered by Brazil, Guyana and French Guiana. That's quite a long way from my home in London, so I was pretty sure I hadn't popped into that store to pick anything up in the last 60 seconds.

The alert asked me to confirm the transaction by replying with 'Yes' or 'No'. It did cross my mind that perhaps this was a double- or triple-bluff scam and that by responding to an unexpected text message, I would be making a big mistake. Just in case, I chose to phone the bank instead.

They confirmed that yes, someone had attempted to use my card details over 4,500 miles away from London – but the attempted payment was blocked as suspicious, so no money was stolen.

I cancelled my card and ordered a new one as the recommended safety precaution, given someone else had my details. But as a reporter I was left wondering how did this happen?

How was it that my bank details were somehow stolen, passed onto someone on the other side of the world and almost successfully used at what looked to be a small retailer in Suriname?
Credit cards are a solution - and part of the problem

Debit and credit cards are a part of everyday life that we don't think about, but not so long ago they would have felt like a strange concept to those using physical currency to buy things. The first UK credit card was issued in 1966, while the first debit card didn't arrive in the UK until 1987.

Now, there are over 51 million debit cardholders in the UK, accounting for 96% of adults, while over 32 million UK adults have a credit card. According to the trade association UK Finance, total spending on credit and debit cards accounted for over £800 billion during 2018, with over 20 billion transactions over the course of the year.

Such is the increased popularity of using card payments – helped by online shopping and the ability to make contactless payments in stores – that it's overtaken cash as the most common form of payment in the UK, and the number of card payments is still growing.

👀 👉🏼 https://www.zdnet.com/article/my-stolen-credit-card-details-were-used-4500-miles-away-i-tried-to-find-out-how-it-happened

#stolen #creditcard #details #story
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

In China, smart locks are being used to track citizens and enforce lockdowns

Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.

👀 👉🏼 See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf

On a really basic level think about the information someone can infer just by looking at data from devices like this:

Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....

👀 👉🏼 https://www.reddit.com/r/privacytoolsIO/comments/its9h7

#smart #locks #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Why You Should Stop Sending Photos On Apple iMessage

Our smartphones leak our personal information—we all know this. There’s a multi-multi-billion-dollar marketing industry tracking where we go, who we visit and what we buy. Facebook’s warning that a change in Apple’s iOS 14 would slash advertising revenue tells you just how welcome a change this will be for iPhone users when it eventually comes.

Location data is at the heart of this—our sneaky little smartphones know exactly where we are and, given a chance, they’ll happily share with the world.

Apple and (to a lesser extent) Google are now taking steps to provide more protection on what is shared and with who. Again, location sharing is at the heart of this.

https://www.forbes.com/sites/zakdoffman/2020/09/06/apple-iphone-12-ios14-ipad-upgrade-update-imessage-security/

#Apple #iOS #RCS

Podcast: COVID-19 is helping turn Brazil into a surveillance state

Latin America's largest democracy was a leader on data governance for years. Now, it’s reversing course.

Leading discussions about the global rules to regulate digital privacy and surveillance is a somewhat unusual role for a developing country to play. But Brazil had been doing just that for over a decade.

Edward Snowden’s bombshell in 2014 detailing the US National Security Agency’s digital surveillance activities changed all that. It included revelations that the agency had been spying on Brazil’s state-controlled oil company Petrobras, and even on then-president Dilma Rousseff´s communications. The leaks prompted the Brazilian government to adopt a kind of digital “Bill of Rights” for its citizens, and lawmakers would go on to pass a data protection measure closely modeled on Europe’s GDPR.

But the country has now shifted toward a more authoritarian path. Last October, President Jair Bolsonaro signed a decree compelling all federal bodies to share the vast troves of data they hold on Brazilian citizens and consolidate it in a centralized database, the Cadastro Base do Cidadão (Citizen’s Basic Register).

https://www.technologyreview.com/2020/09/16/1008495/podcast-covid-19-brazil-surveillance-state/

#South #America #Brazil #surveillance #state

Dr. Li-Meng Yan: Twitter suspends virologist after paper alleging that COVID-19 was created in Wuhan lab

Dr. Yan escaped danger and censorship in China, only to end up censored on Twitter when she arrived in America.

Twitter has suspended the account of the Chinese virologist and whistleblower Dr. Li-Meng Yan after she published a paper claiming that COVID-19 was created in the Wuhan Institute of Virology.

The paper, which she co-authored with three other Chinese scientists, claims that the COVID-19 was created in a laboratory by using bat coronaviruses as a template.

Before the paper was published, Dr. Yan had fled for the US in April. She was based at a prestigious Hong Kong university and claims to have discovered evidence of human transmission of the coronavirus during the early stages of the outbreak and before Chinese authorities admitted human transmission.

https://reclaimthenet.org/twitter-suspends-dr-li-meng-yan/

#US #twitter

European Police Malware Could Harvest GPS, Messages, Passwords, More

A document obtained by Motherboard provides more detail on the malware law enforcement deployed against Encrochat devices.

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard.

The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages.

https://www.vice.com/en_us/article/k7qjkn/encrochat-hack-gps-messages-passwords-data

#Europe #police #malware #surveillance #intelligence

US charges two Russians for stealing $16.8m via cryptocurrency phishing sites

The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.

The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.

The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.

US officials said the Russian duo — made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively — used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.

In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.

Losses were estimated at $16,876,000.

👀 👉🏼 (pdf)
https://assets.documentcloud.org/documents/7211805/Potekhin-Superseding-Indictment.pdf

👀 👉🏼 https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites

#Potekhin #cryptocurrency #phishing #russia #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Piratebay.org Sold for $50,000 at Auction, ThePiratebay.com Up Next

Several Pirate Bay-related domains become available again this month after their owner failed to renew the registration. Yesterday, Piratebay.org was sold in a Dropcatch auction for $50,000 and ThePiratebay.com will follow soon. Both domains were previously registered to the official Pirate Bay site.

The Pirate Bay is arguably the best known pirate site on the web.

The iconic pirate ship logo is notorious around the world and more than 17 years after it first appeared online, the site still attracts millions of visitors.

During its tumultuous history, The Pirate Bay has weathered many storms. The site was targeted in large scale police raids twice and was the subject of a criminal prosecution in Sweden that landed several of its co-founders in prison.

Pirate Bay’s Backup Domains

The site also faced several domain name issues. In 2012 it switched from its original ThePiratebay.org name to ThePiratebay.se, fearing that the former would be seized by US authorities. Later on, when the .se domain was threatened, it rotated across several other domains in search of a safe haven.

That safe haven turned out to be the original ThePiratebay.org domain from which it still operates today.

👀 👉🏼 https://torrentfreak.com/piratebay-org-sold-for-50000-at-auction-thepiratebay-com-up-next-200916/

#thepiratebay #auction #sold
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Big Tech Extortion Racket

How Google, Amazon, and Facebook control our lives

Popular histories present the Boston Tea Party as a rebellion against taxes. Yet what the colonists objected to more than anything was the idea of an all-powerful corporate middleman regulating commerce. They viewed the 1773 protest in Boston Harbor as a victory for liberty and a blow against the British East India Company’s trade monopoly.

That corporation owed its dominance not to any proprietary advantage but to an exclusive British government charter. The artificial nature of this power was made clear soon after the Congress of the new United States signed a peace treaty with Britain. Six weeks later, the American ship Empress of China sailed from New York, bound for Canton. When the ship returned, its traders sold tea and porcelain on the open market. Without the active backing of the British state, the East India Company could not stop the sale—let alone determine who sold what, or where and how they sold it, in America.

https://harpers.org/archive/2020/09/the-big-tech-extortion-racket/

#BigTech

Privacy-focused search engine DuckDuckGo is growing fast

DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.

While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet.

DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues.

https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-is-growing-fast/

#DuckDuckGo #search #engine

Major German shopping site leaks customer data

A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publicly exposing private data belonging to around 700,000 of its customers.

Our Security team, led by Anurag Sen, discovered a vulnerable and unsecured server containing more than 6 terabytes of data operated by German company windeln.de.

Our team detected the breach on 13 June 2020 and estimates that the server vulnerability was exposed on the Internet on 11 June 2020.

The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports. Our team found that the server was completely unsecured and publicly exposed without a password – meaning that anyone in possession of the server’s IP address could access the entire database.

We tried to reach out to Windeln.de, but nobody ever got back to us. We then contacted the German CERT, so they could inform the company about the data leak. A few days later, the server got secured.

👀 👉🏼 https://www.safetydetectives.com/blog/windeln-leak-report/

#windeln #germany #vulnerability #leak #data #dataleak #customers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cyber security alert issued following rising attacks on UK academia

The NCSC has issued an alert to the academic sector following a spate of online attacks against UK schools, colleges and universities.

The National Cyber Security Centre, a part of GCHQ, is supporting establishments to keep criminals out of their networks after a spike in ransomware attacks.

The rise in attacks was recorded in August as cyber criminals turn their attention to a sector focused on the return of students.

Cyber security experts have today (Thursday) stepped up support for UK schools, colleges, and universities following a spate of online attacks with the potential to de-rail their preparations for the new term.

The National Cyber Security Centre (NCSC) issued an alert to the sector containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks.

The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.

Ransomware attacks typically involve the encryption of an organisation’s data by cyber criminals, who then demand money in exchange for its recovery.

With institutions either welcoming pupils and students back for a new term, or preparing to do so, the NCSC’s alert urges them to take immediate steps such as ensuring data is backed up and also stored on copies offline.

They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.

👀 👉🏼 https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academia

#alert #NCSC #cyber #security #uk #academia #ransomware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Toward a Technological Cage for the Masses

For about two decades, beginning roughly in 1995, the average resident of the developed nations was given a gift, an unprecedented opportunity for free speech. This opportunity was made possible by the personal computer and the ability it provided to access an open, relatively unregulated Internet. Never before had the common man or woman had opportunities to express his or her views to large audiences unhindered by gatekeepers--whether they be newspaper editors, book editors, television programming directors, judges, or other government officials. The fact that this situation lasted as long as it did is astounding. But now, the natural order of things is returning. Now, the brief window of free speech is closing, and it is closing quickly.

Not only is the Internet being increasingly regulated and sectioned off into separate Internets for each country, but the personal computer itself is being hobbled. We are told that our computers are being stripped of their functionality because they are just too insecure and too complicated for the average "normal" or "normie" to deal with. After all, the problem could not possibly be that the Windows operating system is an insecure piece of junk, reminiscent of a 40-year-old family minivan held together with chewing gum and bailing wire. It could not be that more money can be made by locking down the personal computer and moving most, or all, of its processing into the cloud, were giant companies, rather than the owner of the computer, will decide what software can run on it. Where a monthly fee can be charged for its use.

The truth is that companies and governments are in a secret war with general-purpose computing. The reason for the war is that companies want to protect their copyrighted intellectual property, and governments want to control their citizens.

👀 👉🏼 https://cheapskatesguide.org/articles/techno-cage.html/

#technological #cage #internet #gatekeepers #doctorow #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

At the age of 22 I was sentenced to a very long prison term for computer fraud

I used the time in prison to reflect on my life and my person.

After my imprisonment I let the deeds speak for themselves. I graduated in business informatics, built up a great social circle, found a great employer and went through a great personal development (for me) - today I am where I always wanted to be in my life. I am a free person.

👀 👉🏼 🇩🇪 Emre Ates - the prison diary:
https://hafttagebuch.de/

#emre #prison #diary #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

China: dystopian digital “civilization code” evaluates citizens’ daily lives to “promote” good behavior

*Edit: Outdated. This project has been taken offline due to outrage of people

The system aims to create a “personal portrait” for each resident in a bid to promote "good habits."

The local government of Suzhou, in East China’s Jiangsu province, has introduced a civil behavior scoring system. The “civilization code” has sparked hot debate, where the public is concerned about formalism and the potential for abuse of power.

The civil behavior scoring system, dubbed civilization code, encompasses indicators such as the volunteer index and civil transport index, which will look at a person’s road manners. The volunteer index will also award points for participating in voluntary work.

The authorities claim the purpose of the civil behavior code, which was introduced on Thursday, is to encourage “social responsibility.” The public security bureau is yet to define other indexes to be included in the scoring system.

https://reclaimthenet.org/china-digital-civilization-code/

The U.S. May Soon Scan New Immigrants’ Faces, Irises, Voices, and DNA

If enacted, the personal information of more than 70% of those applying for immigration will be entered into a DHS database.

The Department of Homeland Security is looking to scan the faces, irises, voices, and DNA of millions more people per year, according to new rules proposed by the agency.

The rules mean that DHS will collect sensitive data like iris scans, palm prints, and voice recordings from a projected 6 million people seeking to immigrate to the U.S. per year, including children under 14. If the rules go into effect as written, the personal information of more than 70% of those applying for immigration will be entered into a DHS database, depending on what kind of immigration status they’re applying for. Many will also have to pay an additional $85 biometrics processing fee.

DHS claims that the collection of data from children, especially their DNA, is meant to help fight human trafficking at the border by verifying that children are related to the adults transporting them across U.S. borders.

https://onezero.medium.com/the-u-s-may-soon-scan-new-immigrants-faces-iris-voices-and-dna-79634a05dfda

#US #DHS #biometrics #surveillance #privacy