Piratebay.org Sold for $50,000 at Auction, ThePiratebay.com Up Next

Several Pirate Bay-related domains become available again this month after their owner failed to renew the registration. Yesterday, Piratebay.org was sold in a Dropcatch auction for $50,000 and ThePiratebay.com will follow soon. Both domains were previously registered to the official Pirate Bay site.

The Pirate Bay is arguably the best known pirate site on the web.

The iconic pirate ship logo is notorious around the world and more than 17 years after it first appeared online, the site still attracts millions of visitors.

During its tumultuous history, The Pirate Bay has weathered many storms. The site was targeted in large scale police raids twice and was the subject of a criminal prosecution in Sweden that landed several of its co-founders in prison.

Pirate Bay’s Backup Domains

The site also faced several domain name issues. In 2012 it switched from its original ThePiratebay.org name to ThePiratebay.se, fearing that the former would be seized by US authorities. Later on, when the .se domain was threatened, it rotated across several other domains in search of a safe haven.

That safe haven turned out to be the original ThePiratebay.org domain from which it still operates today.

👀 👉🏼 https://torrentfreak.com/piratebay-org-sold-for-50000-at-auction-thepiratebay-com-up-next-200916/

#thepiratebay #auction #sold
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Big Tech Extortion Racket

How Google, Amazon, and Facebook control our lives

Popular histories present the Boston Tea Party as a rebellion against taxes. Yet what the colonists objected to more than anything was the idea of an all-powerful corporate middleman regulating commerce. They viewed the 1773 protest in Boston Harbor as a victory for liberty and a blow against the British East India Company’s trade monopoly.

That corporation owed its dominance not to any proprietary advantage but to an exclusive British government charter. The artificial nature of this power was made clear soon after the Congress of the new United States signed a peace treaty with Britain. Six weeks later, the American ship Empress of China sailed from New York, bound for Canton. When the ship returned, its traders sold tea and porcelain on the open market. Without the active backing of the British state, the East India Company could not stop the sale—let alone determine who sold what, or where and how they sold it, in America.

https://harpers.org/archive/2020/09/the-big-tech-extortion-racket/

#BigTech

Privacy-focused search engine DuckDuckGo is growing fast

DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.

While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet.

DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues.

https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-is-growing-fast/

#DuckDuckGo #search #engine

Major German shopping site leaks customer data

A publicly-listed multinational retailer with millions of dollars in annual revenues was discovered to be operating a completely unsecured server, thereby publicly exposing private data belonging to around 700,000 of its customers.

Our Security team, led by Anurag Sen, discovered a vulnerable and unsecured server containing more than 6 terabytes of data operated by German company windeln.de.

Our team detected the breach on 13 June 2020 and estimates that the server vulnerability was exposed on the Internet on 11 June 2020.

The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports. Our team found that the server was completely unsecured and publicly exposed without a password – meaning that anyone in possession of the server’s IP address could access the entire database.

We tried to reach out to Windeln.de, but nobody ever got back to us. We then contacted the German CERT, so they could inform the company about the data leak. A few days later, the server got secured.

👀 👉🏼 https://www.safetydetectives.com/blog/windeln-leak-report/

#windeln #germany #vulnerability #leak #data #dataleak #customers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cyber security alert issued following rising attacks on UK academia

The NCSC has issued an alert to the academic sector following a spate of online attacks against UK schools, colleges and universities.

The National Cyber Security Centre, a part of GCHQ, is supporting establishments to keep criminals out of their networks after a spike in ransomware attacks.

The rise in attacks was recorded in August as cyber criminals turn their attention to a sector focused on the return of students.

Cyber security experts have today (Thursday) stepped up support for UK schools, colleges, and universities following a spate of online attacks with the potential to de-rail their preparations for the new term.

The National Cyber Security Centre (NCSC) issued an alert to the sector containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks.

The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.

Ransomware attacks typically involve the encryption of an organisation’s data by cyber criminals, who then demand money in exchange for its recovery.

With institutions either welcoming pupils and students back for a new term, or preparing to do so, the NCSC’s alert urges them to take immediate steps such as ensuring data is backed up and also stored on copies offline.

They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.

👀 👉🏼 https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academia

#alert #NCSC #cyber #security #uk #academia #ransomware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Toward a Technological Cage for the Masses

For about two decades, beginning roughly in 1995, the average resident of the developed nations was given a gift, an unprecedented opportunity for free speech. This opportunity was made possible by the personal computer and the ability it provided to access an open, relatively unregulated Internet. Never before had the common man or woman had opportunities to express his or her views to large audiences unhindered by gatekeepers--whether they be newspaper editors, book editors, television programming directors, judges, or other government officials. The fact that this situation lasted as long as it did is astounding. But now, the natural order of things is returning. Now, the brief window of free speech is closing, and it is closing quickly.

Not only is the Internet being increasingly regulated and sectioned off into separate Internets for each country, but the personal computer itself is being hobbled. We are told that our computers are being stripped of their functionality because they are just too insecure and too complicated for the average "normal" or "normie" to deal with. After all, the problem could not possibly be that the Windows operating system is an insecure piece of junk, reminiscent of a 40-year-old family minivan held together with chewing gum and bailing wire. It could not be that more money can be made by locking down the personal computer and moving most, or all, of its processing into the cloud, were giant companies, rather than the owner of the computer, will decide what software can run on it. Where a monthly fee can be charged for its use.

The truth is that companies and governments are in a secret war with general-purpose computing. The reason for the war is that companies want to protect their copyrighted intellectual property, and governments want to control their citizens.

👀 👉🏼 https://cheapskatesguide.org/articles/techno-cage.html/

#technological #cage #internet #gatekeepers #doctorow #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

At the age of 22 I was sentenced to a very long prison term for computer fraud

I used the time in prison to reflect on my life and my person.

After my imprisonment I let the deeds speak for themselves. I graduated in business informatics, built up a great social circle, found a great employer and went through a great personal development (for me) - today I am where I always wanted to be in my life. I am a free person.

👀 👉🏼 🇩🇪 Emre Ates - the prison diary:
https://hafttagebuch.de/

#emre #prison #diary #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

China: dystopian digital “civilization code” evaluates citizens’ daily lives to “promote” good behavior

*Edit: Outdated. This project has been taken offline due to outrage of people

The system aims to create a “personal portrait” for each resident in a bid to promote "good habits."

The local government of Suzhou, in East China’s Jiangsu province, has introduced a civil behavior scoring system. The “civilization code” has sparked hot debate, where the public is concerned about formalism and the potential for abuse of power.

The civil behavior scoring system, dubbed civilization code, encompasses indicators such as the volunteer index and civil transport index, which will look at a person’s road manners. The volunteer index will also award points for participating in voluntary work.

The authorities claim the purpose of the civil behavior code, which was introduced on Thursday, is to encourage “social responsibility.” The public security bureau is yet to define other indexes to be included in the scoring system.

https://reclaimthenet.org/china-digital-civilization-code/

The U.S. May Soon Scan New Immigrants’ Faces, Irises, Voices, and DNA

If enacted, the personal information of more than 70% of those applying for immigration will be entered into a DHS database.

The Department of Homeland Security is looking to scan the faces, irises, voices, and DNA of millions more people per year, according to new rules proposed by the agency.

The rules mean that DHS will collect sensitive data like iris scans, palm prints, and voice recordings from a projected 6 million people seeking to immigrate to the U.S. per year, including children under 14. If the rules go into effect as written, the personal information of more than 70% of those applying for immigration will be entered into a DHS database, depending on what kind of immigration status they’re applying for. Many will also have to pay an additional $85 biometrics processing fee.

DHS claims that the collection of data from children, especially their DNA, is meant to help fight human trafficking at the border by verifying that children are related to the adults transporting them across U.S. borders.

https://onezero.medium.com/the-u-s-may-soon-scan-new-immigrants-faces-iris-voices-and-dna-79634a05dfda

#US #DHS #biometrics #surveillance #privacy

Elon Musk warns that ‘advanced AI’ will soon manipulate social media platforms

Musk is often considered a doomsayer when it comes to the topic of artificial intelligence, but his claims aren’t outside of the realm of possibility.

The SpaceX and Tesla CEO has taken to social media to warn that social media will soon be manipulated by advanced AIs—if it hasn’t been already. Musk made the alarming warning in two tweets in the early hours on Thursday.

In the first tweet, Musk warned that anonymous bot swarms deserved closer attention. Bots are autonomous programs that often attempt to game social media, either by retweeting a specific tweet to promote it across the platform, or to sow disinformation across the platform by making it look like thousands of people are tweeting about the same bit of (fake) news.

Musk says that if it’s found that bot swarms are evolving rapidly—it’s a big signal something is up. It’s unclear if Musk has access to research or information that suggests bot swarms are indeed “evolving rapidly.”

https://www.fastcompany.com/90409773/elon-musk-warns-that-advanced-ai-will-soon-manipulate-social-media-platforms

The race to build facial recognition tech for Africa is being led by this award-winning engineer

Facial recognition technology is not widely employed in Africa, partly because the technology available up till now has not been adept at identifying and differentiating the faces of Black people. US government tests of the best Western-developed facial recognition systems have shown them to misidentify Black people at rates up to five to 10 times higher than they do white people.

The racial disparity in the performance of the biometric artificial intelligence technology which forms the backbone of these systems stemmed from an obvious problem: they are trained by using datasets mostly made up of white faces.

In 2018, four software engineers set up a company in Ghana to address this limitation of commonly available facial recognition software. They were spurred by their own research which revealed Ghanaian banks are beset by widespread identity fraud and cybercrime and spend nearly $400 million a year to identify their customers.

Led by Charlette N’Guessan, an engineer originally from neighboring Côte d’Ivoire, the group developed its own facial recognition software, BACE API, using artificial intelligence. In contrast to Western developers, they trained BACE API using a more diverse dataset with a sizable representation of Black African faces to suit the local market.

https://qz.com/africa/1905079/facial-recognition-tech-in-africa-boosted-by-ghana-ai-startup/

#Africa #face #recognition #biometrics

Breaking: USA bans WeChat and TikTok from the Google Play Store and Apple App Store

Starting from September 20, 2020

The US Commerce Department has announced prohibitions banning people in the US from downloading TikTok and WeChat in reponse to a pair of executive orders signed by US President Donald Trump in August.

In a press release on the matter, the US Department of Commerce noted: “The Chinese Communist Party (CCP) has demonstrated the means and motives to use these apps to threaten the national security, foreign policy, and the economy of the U.S. Today’s announced prohibitions, when combined, protect users in the U.S. by eliminating access to these applications and significantly reducing their functionality.”

Speaking on the matter, US Department of Commerce Secretary, Wilbur Ross, was quoted saying, “Today’s actions prove once again that President Trump will do everything in his power to guarantee our national security and protect Americans from the threads of the Chinese Communist Party…At the President’s direction, we have taken significant action to combat China’s malicious collection of American citizens’ personal data, while promoting our national values, democratic rules-based norms, and aggressive enforcement of U.S. laws and regulations.”

The new prohibitions on TikTok and WeChat will go into effect on September 20th, 2020. As part of the new directive, the following transactions are prohibited:

1. Any provision of service to distribute or maintain the WeChat or TikTok mobile applications, constituent code, or application updates through an online mobile application store in the U.S.

2. Any provision of services through the WeChat mobile application for the purpose of transferring funds or processing payments within the U.S.

👀 👉🏼 https://www.xda-developers.com/usa-bans-wechat-tiktok-google-play-store-apple-app-store/

#usa #ban #tiktok #wechat #DeleteTikTok #bytedance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cloudflare and Internet Archive team up to make sure websites never fully go offline

Websites that use Cloudflare Always Online can have their URLs automatically archived with Wayback Machine.

Cloudflare and Internet Archive have joined forces to archive more of the public web, touting it would make the web more reliable.

As part of this joint effort, websites that use Cloudflare's Always Online service will be able to allow the web infrastructure company to share their hostname and URLs with Internet Archive's Wayback Machine so their website can be automatically archived.

When a site is down, Cloudflare will then be able to retrieve the most recently archived version from Internet Archive so that a site's content can be accessed by users.

"The Internet Archive's Wayback Machine has an impressive infrastructure that can archive the web at scale," Cloudflare CEO and co-founder Matthew Prince said.

"By working together, we can take another step toward making the internet more resilient by stopping server issues for our customers and in turn from interrupting businesses and users online."

According to Internet Archive, more than 468 billion web pages are available via the Wayback Machine to date.

"We archive URLs that are identified via a variety of different methods, such as 'crawling' from lists of millions of sites, as submitted by users via the Wayback Machine's 'Save Page Now' feature, added to Wikipedia articles, referenced in Tweets, and based on a number of other 'signals' and sources, such multiple feeds of 'news' stories. An additional source of URLs we will preserve now originates from customers of Cloudflare's Always Online service," Wayback Machine director Mark Graham wrote in a blog post.

👀 👉🏼 https://blog.archive.org/2020/09/17/internet-archive-partners-with-cloudflare-to-help-make-the-web-more-useful-and-reliable/

👀 👉🏼 https://www.zdnet.com/article/cloudflare-and-internet-archive-team-up-to-make-sure-websites-never-fully-go-offline

#cloudflare #internet #archive #wayback
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Facebook Accused of Watching Instagram Users Through Cameras

Facebook Inc. is again being sued for allegedly spying on Instagram users, this time through the unauthorized use of their mobile phone cameras.

The lawsuit springs from media reports in July that the photo-sharing app appeared to be accessing iPhone cameras even when they weren’t actively being used.

Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras.

In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app’s use of the camera is intentional and done for the purpose of collecting “lucrative and valuable data on its users that it would not otherwise have access to.”

By “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” Instagram and Facebook are able to collect “valuable insights and market research,” according to the complaint.

Facebook declined to comment.

👀 👉🏼 https://www.bloomberg.com/news/articles/2020-09-18/facebook-accused-of-watching-instagram-users-through-cameras

#fb #DeleteFacebook #instagram #accused #spy #privacy #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Rampant Kitten – An Iranian Espionage Campaign

Introduction

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.

💡 Among the different attack vectors we found were:

👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information

👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more

👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts

💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:

👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)

👉🏼 Azerbaijan National Resistance Organization

👉🏼 Balochistan people

👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes

#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

‘Zoom and Enhance’ Is Finally Here

And its surveillance implications are scary

We all know the scene. Two detectives on a cop show stand in a dimly lit room filled with monitors, reviewing surveillance images. A tech guy (yes, it’s almost always a guy) queues up image after image as the detectives look on, squinting at the screen in concentration. “There’s nothing here!” one detective insists. They’re about to give up, when the other detective (our hero) shouts, “Wait!”

Everyone stops. “Zoom in there!” the detective says. The tech guy obligingly zooms in on a grainy corner of the image. “Enhance that!” the detective intones. The tech guy taps some keys, mutters something about algorithms, and suddenly the image comes into focus, revealing some tiny, significant detail. The case is cracked wide open!

This scene is a crime drama cliché so pervasive that it has inspired its own meme video with nearly a million views.

Scenes like these drive real tech people bananas, because “zoom and enhance” has always seemed like an impossible fantasy. Until now. Thanks to two recent innovations, zoom and enhance is finally here. It has the potential to radically change police surveillance, often in concerning ways — or at least help you bring back your photos from the early ’00s.

https://onezero.medium.com/zoom-and-enhance-is-finally-here-c727b3258a11

#surveillance

$100,000 in bribes helped fraudulent Amazon sellers earn $100 million, DOJ says

DOJ: Bribes to Amazon workers also helped sellers get rivals' accounts suspended.

Six people were indicted on allegations of paying over $100,000 in bribes to Amazon employees and contractors as part of a scheme to give third-party sellers unfair advantages on the Amazon marketplace.

Among other things, the indictment says that Amazon workers who accepted bribes reinstated sellers whose accounts had been suspended for offering dangerous products, and these workers suspended the seller accounts of fraudulent sellers' competitors.

https://arstechnica.com/tech-policy/2020/09/doj-amazon-workers-took-bribes-to-reinstate-sellers-of-dangerous-products/

#US #Amazon #bribery

Backdoors and other vulnerabilities in HiSilicon based hardware video encoders

Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.

This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.

👀 👉🏼 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

👀 👉🏼 🇩🇪 https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html

#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Get this - there is a Bitcoin wallet with 69,000 Bitcoins ($693,207,618) that is being passed around between hackers/crackers for the past 2 years for the purpose of cracking the password, no success so far.

👀 👉🏼 https://twitter.com/UnderTheBreach/status/1303316723186139136

#wallet #bitcoin #breach #hack #whynot
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

‘Not On Our Watch’: A public campaign against Google’s jump into our health data

Monopolies, mergers and acquisitions, anti-trust laws. These may seem like tangential or irrelevant issues for privacy and digital rights organisations. But having run our first public petition opposing a big tech merger, we wanted to set out why we think this is an important frontier for people's rights across Europe and indeed across the world.

In June, Google notified the European Commission of its intention to acquire Fitbit, the health and fitness tracker company. Google’s stated mission is to “organize the world’s information and make it universally accessible and useful.” ‘Organize’ sounds so benign, just administrative, so tidy. But Google can only organise the world’s information by first aggressively getting its hands on the world’s information, whether we really want to give them that information or not. And nothing is more personal than our health data so this would be a game-changing acquisition. Because of how Google could potentially combine our health data with so much other data it already has about us, we were concerned that Google would use the merger to become an unassailable leader in the health and fitness monitoring market.

The merger triggered reactions among civil society organisations, and Privacy International (PI) was a signatory to a common statement sent to the European Commission, coordinated by BEUC, the European Consumer Organisation.

https://edri.org/our-work/not-on-our-watch-a-public-campaign-against-googles-jump-into-our-health-data/

#Europe #EU #google #fitbit #privacy