In China, smart locks are being used to track citizens and enforce lockdowns

Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.

👀 👉🏼 See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf

On a really basic level think about the information someone can infer just by looking at data from devices like this:

Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....

👀 👉🏼 https://www.reddit.com/r/privacytoolsIO/comments/its9h7

#smart #locks #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Why You Should Stop Sending Photos On Apple iMessage

Our smartphones leak our personal information—we all know this. There’s a multi-multi-billion-dollar marketing industry tracking where we go, who we visit and what we buy. Facebook’s warning that a change in Apple’s iOS 14 would slash advertising revenue tells you just how welcome a change this will be for iPhone users when it eventually comes.

Location data is at the heart of this—our sneaky little smartphones know exactly where we are and, given a chance, they’ll happily share with the world.

Apple and (to a lesser extent) Google are now taking steps to provide more protection on what is shared and with who. Again, location sharing is at the heart of this.

https://www.forbes.com/sites/zakdoffman/2020/09/06/apple-iphone-12-ios14-ipad-upgrade-update-imessage-security/

#Apple #iOS #RCS

Podcast: COVID-19 is helping turn Brazil into a surveillance state

Latin America's largest democracy was a leader on data governance for years. Now, it’s reversing course.

Leading discussions about the global rules to regulate digital privacy and surveillance is a somewhat unusual role for a developing country to play. But Brazil had been doing just that for over a decade.

Edward Snowden’s bombshell in 2014 detailing the US National Security Agency’s digital surveillance activities changed all that. It included revelations that the agency had been spying on Brazil’s state-controlled oil company Petrobras, and even on then-president Dilma Rousseff´s communications. The leaks prompted the Brazilian government to adopt a kind of digital “Bill of Rights” for its citizens, and lawmakers would go on to pass a data protection measure closely modeled on Europe’s GDPR.

But the country has now shifted toward a more authoritarian path. Last October, President Jair Bolsonaro signed a decree compelling all federal bodies to share the vast troves of data they hold on Brazilian citizens and consolidate it in a centralized database, the Cadastro Base do Cidadão (Citizen’s Basic Register).

https://www.technologyreview.com/2020/09/16/1008495/podcast-covid-19-brazil-surveillance-state/

#South #America #Brazil #surveillance #state

Dr. Li-Meng Yan: Twitter suspends virologist after paper alleging that COVID-19 was created in Wuhan lab

Dr. Yan escaped danger and censorship in China, only to end up censored on Twitter when she arrived in America.

Twitter has suspended the account of the Chinese virologist and whistleblower Dr. Li-Meng Yan after she published a paper claiming that COVID-19 was created in the Wuhan Institute of Virology.

The paper, which she co-authored with three other Chinese scientists, claims that the COVID-19 was created in a laboratory by using bat coronaviruses as a template.

Before the paper was published, Dr. Yan had fled for the US in April. She was based at a prestigious Hong Kong university and claims to have discovered evidence of human transmission of the coronavirus during the early stages of the outbreak and before Chinese authorities admitted human transmission.

https://reclaimthenet.org/twitter-suspends-dr-li-meng-yan/

#US #twitter

European Police Malware Could Harvest GPS, Messages, Passwords, More

A document obtained by Motherboard provides more detail on the malware law enforcement deployed against Encrochat devices.

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard.

The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages.

https://www.vice.com/en_us/article/k7qjkn/encrochat-hack-gps-messages-passwords-data

#Europe #police #malware #surveillance #intelligence

US charges two Russians for stealing $16.8m via cryptocurrency phishing sites

The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.

The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.

The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.

US officials said the Russian duo — made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively — used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.

In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.

Losses were estimated at $16,876,000.

👀 👉🏼 (pdf)
https://assets.documentcloud.org/documents/7211805/Potekhin-Superseding-Indictment.pdf

👀 👉🏼 https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites

#Potekhin #cryptocurrency #phishing #russia #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Piratebay.org Sold for $50,000 at Auction, ThePiratebay.com Up Next

Several Pirate Bay-related domains become available again this month after their owner failed to renew the registration. Yesterday, Piratebay.org was sold in a Dropcatch auction for $50,000 and ThePiratebay.com will follow soon. Both domains were previously registered to the official Pirate Bay site.

The Pirate Bay is arguably the best known pirate site on the web.

The iconic pirate ship logo is notorious around the world and more than 17 years after it first appeared online, the site still attracts millions of visitors.

During its tumultuous history, The Pirate Bay has weathered many storms. The site was targeted in large scale police raids twice and was the subject of a criminal prosecution in Sweden that landed several of its co-founders in prison.

Pirate Bay’s Backup Domains

The site also faced several domain name issues. In 2012 it switched from its original ThePiratebay.org name to ThePiratebay.se, fearing that the former would be seized by US authorities. Later on, when the .se domain was threatened, it rotated across several other domains in search of a safe haven.

That safe haven turned out to be the original ThePiratebay.org domain from which it still operates today.

👀 👉🏼 https://torrentfreak.com/piratebay-org-sold-for-50000-at-auction-thepiratebay-com-up-next-200916/

#thepiratebay #auction #sold
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Big Tech Extortion Racket

How Google, Amazon, and Facebook control our lives

Popular histories present the Boston Tea Party as a rebellion against taxes. Yet what the colonists objected to more than anything was the idea of an all-powerful corporate middleman regulating commerce. They viewed the 1773 protest in Boston Harbor as a victory for liberty and a blow against the British East India Company’s trade monopoly.

That corporation owed its dominance not to any proprietary advantage but to an exclusive British government charter. The artificial nature of this power was made clear soon after the Congress of the new United States signed a peace treaty with Britain. Six weeks later, the American ship Empress of China sailed from New York, bound for Canton. When the ship returned, its traders sold tea and porcelain on the open market. Without the active backing of the British state, the East India Company could not stop the sale—let alone determine who sold what, or where and how they sold it, in America.

https://harpers.org/archive/2020/09/the-big-tech-extortion-racket/

#BigTech

Privacy-focused search engine DuckDuckGo is growing fast

DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.

While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet.

DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues.

https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-is-growing-fast/

#DuckDuckGo #search #engine

Major German shopping site leaks customer data

A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publicly exposing private data belonging to around 700,000 of its customers.

Our Security team, led by Anurag Sen, discovered a vulnerable and unsecured server containing more than 6 terabytes of data operated by German company windeln.de.

Our team detected the breach on 13 June 2020 and estimates that the server vulnerability was exposed on the Internet on 11 June 2020.

The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports. Our team found that the server was completely unsecured and publicly exposed without a password – meaning that anyone in possession of the server’s IP address could access the entire database.

We tried to reach out to Windeln.de, but nobody ever got back to us. We then contacted the German CERT, so they could inform the company about the data leak. A few days later, the server got secured.

👀 👉🏼 https://www.safetydetectives.com/blog/windeln-leak-report/

#windeln #germany #vulnerability #leak #data #dataleak #customers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cyber security alert issued following rising attacks on UK academia

The NCSC has issued an alert to the academic sector following a spate of online attacks against UK schools, colleges and universities.

The National Cyber Security Centre, a part of GCHQ, is supporting establishments to keep criminals out of their networks after a spike in ransomware attacks.

The rise in attacks was recorded in August as cyber criminals turn their attention to a sector focused on the return of students.

Cyber security experts have today (Thursday) stepped up support for UK schools, colleges, and universities following a spate of online attacks with the potential to de-rail their preparations for the new term.

The National Cyber Security Centre (NCSC) issued an alert to the sector containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks.

The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.

Ransomware attacks typically involve the encryption of an organisation’s data by cyber criminals, who then demand money in exchange for its recovery.

With institutions either welcoming pupils and students back for a new term, or preparing to do so, the NCSC’s alert urges them to take immediate steps such as ensuring data is backed up and also stored on copies offline.

They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.

👀 👉🏼 https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academia

#alert #NCSC #cyber #security #uk #academia #ransomware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Toward a Technological Cage for the Masses

For about two decades, beginning roughly in 1995, the average resident of the developed nations was given a gift, an unprecedented opportunity for free speech. This opportunity was made possible by the personal computer and the ability it provided to access an open, relatively unregulated Internet. Never before had the common man or woman had opportunities to express his or her views to large audiences unhindered by gatekeepers--whether they be newspaper editors, book editors, television programming directors, judges, or other government officials. The fact that this situation lasted as long as it did is astounding. But now, the natural order of things is returning. Now, the brief window of free speech is closing, and it is closing quickly.

Not only is the Internet being increasingly regulated and sectioned off into separate Internets for each country, but the personal computer itself is being hobbled. We are told that our computers are being stripped of their functionality because they are just too insecure and too complicated for the average "normal" or "normie" to deal with. After all, the problem could not possibly be that the Windows operating system is an insecure piece of junk, reminiscent of a 40-year-old family minivan held together with chewing gum and bailing wire. It could not be that more money can be made by locking down the personal computer and moving most, or all, of its processing into the cloud, were giant companies, rather than the owner of the computer, will decide what software can run on it. Where a monthly fee can be charged for its use.

The truth is that companies and governments are in a secret war with general-purpose computing. The reason for the war is that companies want to protect their copyrighted intellectual property, and governments want to control their citizens.

👀 👉🏼 https://cheapskatesguide.org/articles/techno-cage.html/

#technological #cage #internet #gatekeepers #doctorow #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

At the age of 22 I was sentenced to a very long prison term for computer fraud

I used the time in prison to reflect on my life and my person.

After my imprisonment I let the deeds speak for themselves. I graduated in business informatics, built up a great social circle, found a great employer and went through a great personal development (for me) - today I am where I always wanted to be in my life. I am a free person.

👀 👉🏼 🇩🇪 Emre Ates - the prison diary:
https://hafttagebuch.de/

#emre #prison #diary #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

China: dystopian digital “civilization code” evaluates citizens’ daily lives to “promote” good behavior

*Edit: Outdated. This project has been taken offline due to outrage of people

The system aims to create a “personal portrait” for each resident in a bid to promote "good habits."

The local government of Suzhou, in East China’s Jiangsu province, has introduced a civil behavior scoring system. The “civilization code” has sparked hot debate, where the public is concerned about formalism and the potential for abuse of power.

The civil behavior scoring system, dubbed civilization code, encompasses indicators such as the volunteer index and civil transport index, which will look at a person’s road manners. The volunteer index will also award points for participating in voluntary work.

The authorities claim the purpose of the civil behavior code, which was introduced on Thursday, is to encourage “social responsibility.” The public security bureau is yet to define other indexes to be included in the scoring system.

https://reclaimthenet.org/china-digital-civilization-code/

The U.S. May Soon Scan New Immigrants’ Faces, Irises, Voices, and DNA

If enacted, the personal information of more than 70% of those applying for immigration will be entered into a DHS database.

The Department of Homeland Security is looking to scan the faces, irises, voices, and DNA of millions more people per year, according to new rules proposed by the agency.

The rules mean that DHS will collect sensitive data like iris scans, palm prints, and voice recordings from a projected 6 million people seeking to immigrate to the U.S. per year, including children under 14. If the rules go into effect as written, the personal information of more than 70% of those applying for immigration will be entered into a DHS database, depending on what kind of immigration status they’re applying for. Many will also have to pay an additional $85 biometrics processing fee.

DHS claims that the collection of data from children, especially their DNA, is meant to help fight human trafficking at the border by verifying that children are related to the adults transporting them across U.S. borders.

https://onezero.medium.com/the-u-s-may-soon-scan-new-immigrants-faces-iris-voices-and-dna-79634a05dfda

#US #DHS #biometrics #surveillance #privacy

Elon Musk warns that ‘advanced AI’ will soon manipulate social media platforms

Musk is often considered a doomsayer when it comes to the topic of artificial intelligence, but his claims aren’t outside of the realm of possibility.

The SpaceX and Tesla CEO has taken to social media to warn that social media will soon be manipulated by advanced AIs—if it hasn’t been already. Musk made the alarming warning in two tweets in the early hours on Thursday.

In the first tweet, Musk warned that anonymous bot swarms deserved closer attention. Bots are autonomous programs that often attempt to game social media, either by retweeting a specific tweet to promote it across the platform, or to sow disinformation across the platform by making it look like thousands of people are tweeting about the same bit of (fake) news.

Musk says that if it’s found that bot swarms are evolving rapidly—it’s a big signal something is up. It’s unclear if Musk has access to research or information that suggests bot swarms are indeed “evolving rapidly.”

https://www.fastcompany.com/90409773/elon-musk-warns-that-advanced-ai-will-soon-manipulate-social-media-platforms

The race to build facial recognition tech for Africa is being led by this award-winning engineer

Facial recognition technology is not widely employed in Africa, partly because the technology available up till now has not been adept at identifying and differentiating the faces of Black people. US government tests of the best Western-developed facial recognition systems have shown them to misidentify Black people at rates up to five to 10 times higher than they do white people.

The racial disparity in the performance of the biometric artificial intelligence technology which forms the backbone of these systems stemmed from an obvious problem: they are trained by using datasets mostly made up of white faces.

In 2018, four software engineers set up a company in Ghana to address this limitation of commonly available facial recognition software. They were spurred by their own research which revealed Ghanaian banks are beset by widespread identity fraud and cybercrime and spend nearly $400 million a year to identify their customers.

Led by Charlette N’Guessan, an engineer originally from neighboring Côte d’Ivoire, the group developed its own facial recognition software, BACE API, using artificial intelligence. In contrast to Western developers, they trained BACE API using a more diverse dataset with a sizable representation of Black African faces to suit the local market.

https://qz.com/africa/1905079/facial-recognition-tech-in-africa-boosted-by-ghana-ai-startup/

#Africa #face #recognition #biometrics

Breaking: USA bans WeChat and TikTok from the Google Play Store and Apple App Store

Starting from September 20, 2020

The US Commerce Department has announced prohibitions banning people in the US from downloading TikTok and WeChat in reponse to a pair of executive orders signed by US President Donald Trump in August.

In a press release on the matter, the US Department of Commerce noted: “The Chinese Communist Party (CCP) has demonstrated the means and motives to use these apps to threaten the national security, foreign policy, and the economy of the U.S. Today’s announced prohibitions, when combined, protect users in the U.S. by eliminating access to these applications and significantly reducing their functionality.”

Speaking on the matter, US Department of Commerce Secretary, Wilbur Ross, was quoted saying, “Today’s actions prove once again that President Trump will do everything in his power to guarantee our national security and protect Americans from the threads of the Chinese Communist Party…At the President’s direction, we have taken significant action to combat China’s malicious collection of American citizens’ personal data, while promoting our national values, democratic rules-based norms, and aggressive enforcement of U.S. laws and regulations.”

The new prohibitions on TikTok and WeChat will go into effect on September 20th, 2020. As part of the new directive, the following transactions are prohibited:

1. Any provision of service to distribute or maintain the WeChat or TikTok mobile applications, constituent code, or application updates through an online mobile application store in the U.S.

2. Any provision of services through the WeChat mobile application for the purpose of transferring funds or processing payments within the U.S.

👀 👉🏼 https://www.xda-developers.com/usa-bans-wechat-tiktok-google-play-store-apple-app-store/

#usa #ban #tiktok #wechat #DeleteTikTok #bytedance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cloudflare and Internet Archive team up to make sure websites never fully go offline

Websites that use Cloudflare Always Online can have their URLs automatically archived with Wayback Machine.

Cloudflare and Internet Archive have joined forces to archive more of the public web, touting it would make the web more reliable.

As part of this joint effort, websites that use Cloudflare's Always Online service will be able to allow the web infrastructure company to share their hostname and URLs with Internet Archive's Wayback Machine so their website can be automatically archived.

When a site is down, Cloudflare will then be able to retrieve the most recently archived version from Internet Archive so that a site's content can be accessed by users.

"The Internet Archive's Wayback Machine has an impressive infrastructure that can archive the web at scale," Cloudflare CEO and co-founder Matthew Prince said.

"By working together, we can take another step toward making the internet more resilient by stopping server issues for our customers and in turn from interrupting businesses and users online."

According to Internet Archive, more than 468 billion web pages are available via the Wayback Machine to date.

"We archive URLs that are identified via a variety of different methods, such as 'crawling' from lists of millions of sites, as submitted by users via the Wayback Machine's 'Save Page Now' feature, added to Wikipedia articles, referenced in Tweets, and based on a number of other 'signals' and sources, such multiple feeds of 'news' stories. An additional source of URLs we will preserve now originates from customers of Cloudflare's Always Online service," Wayback Machine director Mark Graham wrote in a blog post.

👀 👉🏼 https://blog.archive.org/2020/09/17/internet-archive-partners-with-cloudflare-to-help-make-the-web-more-useful-and-reliable/

👀 👉🏼 https://www.zdnet.com/article/cloudflare-and-internet-archive-team-up-to-make-sure-websites-never-fully-go-offline

#cloudflare #internet #archive #wayback
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Facebook Accused of Watching Instagram Users Through Cameras

Facebook Inc. is again being sued for allegedly spying on Instagram users, this time through the unauthorized use of their mobile phone cameras.

The lawsuit springs from media reports in July that the photo-sharing app appeared to be accessing iPhone cameras even when they weren’t actively being used.

Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras.

In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app’s use of the camera is intentional and done for the purpose of collecting “lucrative and valuable data on its users that it would not otherwise have access to.”

By “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” Instagram and Facebook are able to collect “valuable insights and market research,” according to the complaint.

Facebook declined to comment.

👀 👉🏼 https://www.bloomberg.com/news/articles/2020-09-18/facebook-accused-of-watching-instagram-users-through-cameras

#fb #DeleteFacebook #instagram #accused #spy #privacy #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Rampant Kitten – An Iranian Espionage Campaign

Introduction

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.

💡 Among the different attack vectors we found were:

👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information

👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more

👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts

💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:

👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)

👉🏼 Azerbaijan National Resistance Organization

👉🏼 Balochistan people

👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes

#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag