Advanced Search
Content Type: Examples
"Buzzer teams" - teams employed to amplify messages and create a buzz on social media - were used by all candidates in the 2017 Indonesian general elections. Coordinated via WhatsApp groups, many of the teams opened fake accounts to spread both positive and negative messages, as well as hate speech. The operators of the most influential accounts could command $1,400 for a single tweet.
https://www.theguardian.com/world/2018/jul/23/indonesias-fake-twitter-account-factories-jakarta-politic…
Content Type: Examples
On the night of June 23, 2016, as the polls closed Britain's Sky News broadcast what sounded like a concession statement from Nigel Farage, the leader of the campaign to leave the EU, plus a YouGov exit poll indicating that the country had voted to remain; over an hour later, Farage reiterated his concession to the Press Association. The combination pushed up the pound on the world's foreign exchanges. A few hours later, when the true result was announced, the pound crashed - but in between a…
Content Type: Examples
Facebook ads purchased in May 2016 by the Internet Research Agency, a notorious Russian troll farm, urged users to install the FaceMusic app. When installed, this Chrome extension gained wide access to the users' Facebook accounts and web browsing behaviour; in some cases it messaged all the user's Facebook Friends. The most successful of these ads specifically targeted American girls aged 14 to 17 and said the app would let them play their favourite music on Facebook for free and share it…
Content Type: Examples
In July 2018, Robert Mueller, the special prosecutor appointed to look into Russian interference in the 2016 US presidential election, charged 12 Russian intelligence officers with hacking Hillary Clinton's campaign and the Democratic National Committee by spearphishing staffers. The charges include conspiracy to commit an offence against the US, aggravated identity theft, conspiracy to launder money, and conspiracy to access computers without authorisation. The hack led to the release of…
Content Type: Examples
In May 2018, a report form Strathmore University's Centre for Intellectual Property and Information Technology (CIPIT) found that some staff at Kenya's Independent Electoral and Boundaries Commission who were mandated to protect voter data made millions of Kenyan shillings by illegally selling private voter data to politicians during the 2017 general election. CIPIT collected campaign messages sent by candidates for MP, Member of County Assembly, the Senate, and representative of women. Any…
Content Type: Examples
In March 2018, Indian Congress president Rahul Gandhi tweeted that the Naramendra Modi app issued by India's ruling Bharatiya Janata Party was leaking user data. The app is intended to spearhead BJP's social media strategy in the run-up to the 2019 general elections; the party hopes to use it to mobilise 100 million BJP members and has set a target of 100,000 downloads for each district. Both privacy activists and political rivals complained that the app asks for too many permissions, is…
Content Type: Examples
In November 2018, the UK government announced it would pilot voter ID for in 11 local authorities during thte 2019 local elections in order to gain insight into ensuring voting security and lowering the risk of voter fraud. The Cabinet Office deemed the pilots conducted in five local authorities during the 2018 local elections to be a success. Four models of checking are under consideration: photo ID (Pendle, East Staffordshire, Woking); one photo or up to two non-photo IDs (Ribble Valley,…
Content Type: Examples
Shortly before the 2018 US midterm elections, Georgia secretary of state and gubernatorial candidate Brian Kemp accused Georgia's Democratic Party of hacking into the state's voter registration database, though without providing any evidence to support the claim. The motives behind the claim were unclear, but a report published by WhoWhatWhy suggested that the claim may have referred to a cybersecurity investigation conducted by the Democrats that uncovered significant flaws in the state's…
Content Type: Examples
In August 2018, the US Democratic National Committee notified the FBI that the San Francisco-based security company Lookout and the cloud service provider DigitalOcean had detected an attempted hack targeted at the DNC voter database. The attack took the form of a fake DNC login page intended to trick people into disclosing their usernames and passwords thinking they were accessing the DNC's VoteBuilder platrform. Lookout believes it found the site within 30 minutes of its going up online, but…
Content Type: Examples
With only days to go before the 2018 US midterm elections, a federal judge ruled that the state of Georgia must change its "exact match" law that required voter registrations with even the tiniest variation from other official identifications to be flagged as potential non-citizens unless they could produce proof of identity. A group of civil rights groups sued Republican secretary of state Brian Kemp, in charge of the elections despite also running for governor, to change the procedure, which…
Content Type: Examples
A 2018 study of the use of biometric technology for voter identification and verification in Ghana in 2012 called the effort a failure. It's not enough, the researchers argue, for biometrics to be technically sound; for the technology to function as intended registration centres must have real-time connectivity to an electronic national register, electoral officials need to be trained intensively both to operate the machines and to handle outliers and breakdowns. The biometrics themselves are…
Content Type: Examples
In 2018, the UK Information Commissioner's Office fined Emma's Diary, a site offering pregnancy and childcare advice owned by Lifecycle Marketing (Mother and Baby) Ltd, £140,000 for collecting and selling personal information belonging to more than 1 million people without disclosing in the site's privacy policy how it would be used. Although Lifecycle denied the allegations, the ICO found that the company sold the data to Experian Marketing Services to build into profiles for use by the…
Content Type: Examples
A database compiled through investigations conducted in 2018 by the Guardian and the Undercover Research Group network of activists shows that undercover police officers spied on 124 left-wing activist groups between 1970 and 2007. The police infiltrated 24 officers over that time within the Socialist Workers Party, which, with a membership of a few thousand, advocates revolution to ablish capitalism. Four of these undercover officers began sexual relationships with deceived female members, and…
Content Type: Examples
Under a clause in the country's computer crime act that criminalises uploading content that is false or causes "panic", in 2018, Thailand's ruling military junta pursued a criminal investigation into a live feed on the Facebook page belonging to the rising Future Forward Party. The postings claimed that the governing party, the National Council for Peace and Order, which seized power in 2014 was using the threat of lawsuits to recruit former MPs from rival parties. The NCPO has promised to hold…
Content Type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content Type: Examples
In September 2018, when Massachusetts state police tweeted a map of responses to fires and explosions during a gas emergency, they inadvertently revealed that they were closely monitoring several activist groups, including a Facebook group for Mass Action Against Police Brutality, the Coalition to Organize and Mobilize Boston Against Trump, Facebook 413, Facebook MA Activism, and Resistance Calendar. The image was taken down and cropped after half an hour, but it spurred journalists to ask…
Content Type: Examples
A combination of entrenched and litigious voting machine manufacturers with immense control over their proprietary software and a highly complex and fragmented voting infrastructure mean that even though concerns were raised as early as 2004 about the security of US voting machines, the 2018 midterm election saw little improvement. The machines in use in the more than 10,000 US election jurisdictions are all either optical-scan or direct-recording electronic (DRE). Optical-scan, which scans…
Content Type: Examples
In the run-up to the November 2018 US midterm elections, Vice tested Facebook's new system of mandatory "Paid for" disclosure intended to bring greater transparency to the sources of ads relating to "issues of national importance". Placing political ads requires a valid ID and proof of residence. Vice found that Facebook quickly approved ads the site attempted to place that named Islamic State, US vice president Mike Pence, and Democratic National Committee chair Tom Perez in the "Paid for"…
Content Type: Examples
In July 2018, Election Systems and Software (ES&S), long the top US manufacturer of voter machines, admitted in a letter to Senator Ron Wyden (D-OR) that it had installed pcAnywhere remote access software and modems on a number of the election management systems it had sold between 2000 and 2006. The admission was in direct contradiction to the company's response for a New York Times article earlier in the year on US voting machines' vulnerability to hacking. ES&S says it stopped…
Content Type: Examples
In the run-up to the 2018 US mid-term elections, researchers found that the dissemination of fake news on Facebook was increasingly a domestic American phenomenon rather than, as in the 2016 presidential election, an effort driven by state-backed Russian operatives. Removing such accounts (Twitter) and pages (Facebook) is tricky in the US, where the boundary between free speech and disinformation is particularly sensitive. In addition, domestic disinformation is harder to distinguish. One of…
Content Type: Examples
A few months before the US 2018 midterm elections, the Trump campaign team signed a contract with the newly-formed Virginia-based company Excelsior Strategies to exploit the first-party data the campaign had collected. The contract was set up by Trump's campaign manager, Brad Parscale, who built the list as the digital director of Trump's 2016 campaign and began renting it out soon after the November 2016 elections.
Subject to the Trump's campaign veto authority, Excelsior rents out this…
Content Type: Examples
In 2018, after the UK Cabinet Office said a trial of compulsory voter ID was necessary because reports of voter fraud had more than doubled between the 2014 and 2016 elections - a claim immediately disputed by a voter and upheld by the UK Statistics Authority. While it was true that there were 21 reports in 2014 and 44 in 2016, the number fell to 28 in 2017, small numbers to begin with. Crucially, more than twice as many people voted in 2016, the year of the EU referendum. None of the five…
Content Type: Examples
In the months leading up to the US 2018 midterm elections, Republican officials in Georgia, Texas, and North Carolina made moves they described as ensuring voting integrity but which critics saw as blocking voter access. In Georgia, where Secretary of State Brian Kemp is charged with enforcing election law and was simultaneously running for governor, election officials blocked 53,000 applications to register, 70% of which are those of African-Americans, under a law requiring personal…
Content Type: Examples
The proposed extension to the Trans Mountain pipeline, which would connect Alberta and British Columbia in parallel to the existing pipeline and triple its capacity, was controversial for years before Canada approved the project in 2016. In 2014, the British Columbia Civil Liberties Association complained to the Security Intelligence Review Committee that the Canadian Security Intelligence Service was spying on anti-pipeline activists and sharing the information it collected about "radicalised…
Content Type: Examples
A little over a month before the US 2018 midterm elections, Twitter updated its rules to reduce manipulation of its platform. Among the changes, the company outlined the factors it would use to determine whether an account is fake and should be removed, provided an update on its automated detection and enforcement actions, and announced some changes to its user interface, which included reminding candidates to turn on two-factor authentication and encouraging US voters to register and vote.…
Content Type: Examples
In July 2018, members of the Internal Security Organisation, Uganda's counterintelligence agency, raided South African telecommunications provider MTN's Uganda data centre in Mutundwe. In a letter to the police, MTN said the ISO kidnapped a data manager who worked for the contractor that ran the data centre on MTN's behalf, Huawei Technologies. Moses Keefah Musasizi was taken to the ISO head office in Nakasero and held for four hours before being forced to grant access to the data centre and…
Content Type: Examples
In 2018, British immigration officers demanded that the mothers of two children provide DNA samples in order to provide proof of paternity. The children both had British fathers and had previously been issued British passports, but their mothers were not UK citizens. In one case, the father had remarried and was refusing to supply a sample; in the other, a year's gap between birth and registration apparently led to the request, even though the child concerned was nine years old. Home Office…
Content Type: Examples
In May 2018, the ACLU of Northern California obtained documents under a FOIA request showing that Amazon was essentially giving away its two-year-old Rekognition facial recognition tools to law enforcement agencies in Oregon and Orlando, Florida. Amazon defended the move by saying the technology has many useful purposes, including finding abducted children and identify attendees at the 2018 wedding of Britain's Prince Harry and Meghan Markle. The company markets Rekognition as useful for…
Content Type: Examples
At the 2017 Champions League Final, South Wales Police deployed an automated facial recognition system that wrongly identified more than 2,000 people in Cardiff as potential criminals. The system's cameras watched 170,000 people arrive in Cardiff for the football match between Real Madrid and Juventus, and identified 2,470 potential matches. According to the force's own figures, 92% (2,297) of these matches were false positives. SWP has also deployed the technology at the annual Elvis festival…
Content Type: Examples
In August 2018, two lawsuits, were filed against NSO Group, one brought in Israel by a Qatari citizen and the other in Cyprus by Mexican journalists and activists. All the plaintiffs had been targeted by the company's Pegasus spyware, which takes control of targets' phones when they click on links sent via carefully crafted phishing messages. The company claims that it sells the technology to governments on condition that they use it exclusively against criminals and it is not responsible for…