Advanced Search
Content Type: Examples
In July 2018, researchers at the London-based security and mobile commerce firm Upstream Systems found that millions of cheap smartphones sold in developing countries lacking privacy protections come with pre-installed apps that harvest users' data for the purpose of targeting advertising and that can only be removed with difficulty. One such app, which Singtech includes on the thousands of smartphones it sells in Myanmar and Cambodia, as well as others sold in Brazil or made by Indian and…
Content Type: Examples
In November 2016, the security contractor Krytowire discovered that cheap Chinese Android phones often include pre-installed software that monitors users' locations, messaging, and contacts, and sends the gathered information to China every 72 hours. Shanghai Adups Technology Company, the Chinese firm responsible for the software, said its code had been installed on more than 700 million phones, cars, and other devices without informing users, but that it was not intended for American phones.…
Content Type: Examples
By July 2018, ten-year-old Twitter had become such a frequent data resource for social scientists that estimates were that anyone who tweeted publicly on the service was part of a dataset somewhere. The ease and low cost of using Twitter have enabled studies such as analysing bot behaviour during the 2016 US presidential election; studying how people around the globe cope with crises; and tracking geographic health differences. Between 2007 and 2012, scientists collected and analysed at least…
Content Type: Examples
In July 2018, a group of researchers at Northwestern University published the results of two years of studying the collaboration behaviour of tens of thousands of scientists. A controversy rapidly sprang up about the method they used: they had been given access to project folder-related data by the cloud storage company Dropbox. The data was aggregated and anonymised before being handed to researchers. However, customers' consent was not asked; instead, Dropbox relied on their acceptance of its…
Content Type: Examples
In September 2018, the GuardianApp group of security researchers discovered that dozens of popular news, weather, and fitness iPhone apps that require access to location data sell the data they collect to companies engaged in businesses such as ad targeting. The group found apps such as ASKfm, NOAA Weather Radar, and Photobucket collecting location information and that the data is being sent to companies such as Reveal, Sense360, Cuebiq, Teemo, Mobiquity, and Fysical, who said customers can opt…
Content Type: Examples
In its May 2018 quarterly filing with the Securities and Exchange Commission, Equifax provided its most detailed analysis to date of the company's 2017 data breach. In the US, nearly 147 million people had their names, dates of birth, and/or Social Security numbers stolen; address information was taken for 99 million. In addition, 209,000 payment cards and expiration dates and 97,500 tax IDs were stolen. Besides the information stored in its databases, the attackers access thousands of images…
Content Type: Examples
In March 2018, Trever Feden, the CEO of a property management startup, exposed a flaw in the gay-dating app Grindr that opened access to the location data and other information about its more than 3 million daily users. A website Faden set up allowed Grindr users to see who was blocking them after entering their Grindr name and password. Providing that information, however, also gave Faden access to user data that is not accessible via user profiles, including unread messages, email addresses,…
Content Type: Examples
In April 2018, a researcher at Norway's SINTEF found that the gay-daring app Grindr was sending its 3.6 million users' HIV status and last tested date along with their GPS data, phone ID, and email to two app-optimising companies, Apptimize and Localytics. SINTEF also found that the company was sharing precise GPS position and other information such as "tribe", sexuality, relationship status, and ethnicity with third-party advertising companies, sometimes unencrypted. Grindr said it pays…
Content Type: Examples
In September 2018, security researcher Patrick Wardle found that Adware Doctor, the top-selling paid utilities app in the US Mac App Store, was exfiltrating the browser history of anyone who downloaded it and sending it to a developer. Adware Doctor is intended to protect browsers against adware. A month after Wardle notified Apple, the app remained in the store; it and the same developer's AdBlock Master were removed shortly after TechCrunch published his findings.
https://www.macrumors.com/…
Content Type: Examples
In announcing a data breach in 2018, at first Facebook said 50 million people's data had been accessed, then 30 million - but the data accessed was more sensitive than they thought at first. After investigation, the company explained that it had identified four stages of attack with a different group of victims affected in each one. The attackers used an automated technique to move from the first small group of accounts they controlled to others, stealing access tokens of friends and friends of…
Content Type: Examples
In July 2018 the UK's Information Commissioner's Office announced it would fine Facebook £500,000, the maximum under the 1998 data protection law, for failing to safeguard its users' information and lacking transparency about how the data was harvested and used by others, specifically Cambridge Analytica. Under the new General Data Protection Regulation, Information Commissioner Elizabeth Denham said the fine would have been much higher. The inquiry that led to the fine also led the ICO to send…
Content Type: Examples
In August 2018, Facebook announced it would remove more than 5,000 ad targeting options in order to prevent discrimination. Options specifying the exclusion of people interested in "Passover", "Native American culture", or "Islam" could be used as proxies to allow advertisers to exclude ethnic and religious groups in contravention of the law. The announcement came shortly after the US Department of Housing and Urban Development filed a complaint alleging that the company had enabled…
Content Type: Examples
In July 2018, members of the Internal Security Organisation, Uganda's counterintelligence agency, raided South African telecommunications provider MTN's Uganda data centre in Mutundwe. In a letter to the police, MTN said the ISO kidnapped a data manager who worked for the contractor that ran the data centre on MTN's behalf, Huawei Technologies. Moses Keefah Musasizi was taken to the ISO head office in Nakasero and held for four hours before being forced to grant access to the data centre and…
Content Type: Examples
The internet provides employers with the opportunity to learn an unprecedented amount about prospective employees by searching social media feeds and other postings. By 2018, DeepSense was taking this a step further by analysing individual's Twitter feeds to predict their personality and employment viability. A journalist trying the service learned that he was "47% anxious", with a "low" potential for stability, and will "run out of patience with lack of achievement or direction". While the…
Content Type: Examples
In 2018 industry insiders revealed that the gambling industry was increasingly turning to data analytics and AI to personalise their services and predict and manipulate consumer response in order to keep gamblers hooked. Based on profiles assembled by examining every click, page view, and transaction and incorporating data purchased from third-party sources, gambling operators push customised ads through Google, Facebook, and other platforms. There are also plans to geolocate customers arriving…
Content Type: Examples
Although the US rejected a "National Data Center" approach in 1966, eventually instead passing the 1974 Privacy Act, in 2018 the House of Representatives proposed a national database of all 40 million recipients of benefits under the Supplemental Nutrition Assistance Program (SNAP, formerly known as "food stamps"). The proposed legislation assigned the creation of the database to the Department of Agriculture, with help from private vendors and would collect Social Security numbers, birthdates…
Content Type: Examples
Three months after the 2018 discovery that Google was working on Project Maven, a military pilot program intended to speed up analysis of drone footage by automating classification of images of people and objects, dozens of Google employees resigned in protest. Among their complaints: Google executives' decreasing transparency and attention to workers' objections; that Google's move could damage user trust; and ethical concerns over using algorithms in this potentially lethal work and Google's…
Content Type: Examples
Rising suspicion of benefits claimants in the UK led by 2018 to the Department of Work and Pensions' adoption of numerous surveillance tactics, including using social media postings, gym memberships, airport footage, and surveillance video from public buildings including supermarkets, to build cases against claimants. Rates of attempted suicide doubles for disabled claimants between 2007 and 2014, and TV programmes promoting the idea of "lazy skivers" have led to an increase in hate crimes…
Content Type: Examples
During 2018, when US president Donald Trump operated a policy under which immigration officers separated families arriving at the border without documentation, there were a number of suggestions for using genetic testing to verify family relationships in the interests of reuniting them. After congresswoman Jackie Speier (D-CA) suggested that companies like the genetic testing service 23andMe could help, the US Department of Health and Humna Services announced it would conduct its own tests. In…
Content Type: Examples
In July 2018 Walmart filed a patent on a system of sensors that would gather conversations between cashiers and customers, the rattle of bags, and other audio data to monitor employee performance. Earlier in 2018, Amazon was awarded a patent on a wristaband that would monitor and guide workers in processing items. UPS uses sensors to monitor whether its drivers are wearing seatbelts and when they open and close truck doors. All these examples, along with others such as technology that allows…
Content Type: Examples
The 2017 hack of the shipping company A.P. Møller-Maersk, which manages 800 seafaring vessels and 76 ports that handle nearly a fifth of the world's shipping capacity, required an emergency shutdown of the company's entire IT system, including its phones. Maersk was a victim of NotPetya, the most vicious cyberweapon released to date, created by a group of Russian military hackers and intended to hit the Ukraine, where it hit hospitals, power companies, airports, government agencies, banks, and…
Content Type: Examples
In 2018, the Paris prosecutor's office opened a preliminary inquiry after the lawyer Pierre Farge accused a Bercy specialist intelligence branch of the tax authorities of hacking his firm's database to access information covered by professional confidentiality. The case serves to illustrate the difficulties of launching such a challenge in France, and also the functioning of the tax administration even after the passage of a 2017 law protecting whistleblowers.
https://www.lelanceur.fr/…
Content Type: Examples
In late 2018, after apps like Strava and Polar Flow exposed the movements of staff around military bases, the US Department of Defense banned military troops and other workers at sensitive sites from using fitness trackers and other apps that could reveal their users' location. Military leaders will have discretion over whether local staff can use GPS, and the devices themselves - smartwatches, tablets, phones, and fitness trackers - are not banned.
https://www.forbes.com/sites/emmawoollacott/…
Content Type: Examples
At the 2018 DefCon security conference, a researcher from the security firm Nuix presented the discovery that body cameras from five different manufacturers shoe cameras are in use by US law enforcement are vulnerable to remote digital attacks, some of which could manipulate footage so it could not be trusted as an accurate record of events. Vulnerabilities in devices from Vievu, Patrol Eyes, Fire Cam, and CeeSc allowed Josh Mitchell to delete footage from a camera or download it, edit or…
Content Type: Examples
In 2018, documents filed in a court case showed that a few days before the 2017 inauguration of US president Donald Trump - timing that may have been a coincidence - two Romanian hackers took over 123 of the police department's 187 surveillance cameras in Washington, DC with the intention of using police computers to email ransomware to more than 179,000 accounts. The prosecution also said the alleged hackers had stolen banking credentials and passwords and could have used police computers to…
Content Type: Examples
As the use of non-cash payment mechanisms continued to increase over the course of 2018, Europe's central banks began warning that phasing out cash poses a serious threat to the financial system, as too-heavy reliance on digital payments exposes countries to the potential for catastrophic failure due to IT failures, energy blackouts, and hacker attacks. In addition, regulators warned that a cashless world alienates vulnerable members of society such as elderly and disabled people. The level of…
Content Type: Examples
A 2016 Privacy International report on Syrian state surveillance found that between 2007 and 2012 the Assad regime spent millions of dollars on building a nationwide communications monitoring system. By 2012, this surveillance capability helped the Syrian government target and murder journalists, including American Sunday Times reporter Marie Colvin and French photographer Rémi Ochlik in 2012, both covering the war. In 2018, the Colvin family filed a video of the journalists' final moments…
Content Type: Examples
Police and blackmailers in Egypt are using gay dating apps like Grindr, Hornet, and Growlr to find targets tor arrest and imprisonment while the developers who can make changes are thousands of miles away and struggle to know what to change to protect their users. In a typical story, a target finds a friendly stranger on a gay dating site, and only find out when they eventually meet that the contact has been building a debauchery case. Homosexuality is not illegal in Egypt, but the el-Sisi…
Content Type: Examples
In December 2014 researchers at Malwarebytes discovered that for two months an Adobe Flash player zero-day exploit with a ransomware payload was embedded in online ads placed by a leading advertising network. The attack ended when Adobe patched Flash to close the vulnerability on February 2, 2015. The attackers injected the malware-carrying ads onto the websites of Dailymotion, Huffington Post, Answers.com, New York Daily News, HowtoGeek.com, and others for an average of two days each. The…
Content Type: Examples
In a talk at the 2018 Wall Street Journal CEO Council Conference, Darktrace CEO Nicole Eagan gave as an example of the new opportunities afforded by the Internet of Things a case in which attackers used a thermometer in a lobby aquarium to gain a foothold in a casino's network and exfiltrate the high-roller database. Regulation will be required to set minimum security standards.
https://www.businessinsider.de/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4…