Search This Blog

Showing posts with label Facebook. Show all posts

Crypto at Risk After Facebook Leak: Here’s how Hackers Can Exploit Data

 

The tech giant Facebook has been hit with a new wave of data leaks, yet again but this time, the number of users whose records were exposed was not 50 million but a massive 500 million. 

According to a security analyst, sensitive personal information for over half a billion Facebook users was leaked on a well-trafficked hacking forum on April 3, posing a danger to millions of cryptocurrency traders who may now be susceptible to sim swapping and other identity-based attacks.

What should be done? 

In response to the question that how exactly does this most recent breach place at risk the crypto assets of individuals, Dave Jevans, CEO of blockchain security firm CipherTrace, told Cointelegraph that people who have had their phone numbers leaked need to be extra careful because a lot of fraud involving digital assets hinges on such details. 

He further added, “We’ve seen an increase in SIM swaps, phishing attacks, and other types of fraud involving cryptocurrencies that rely on acquiring the phone numbers of victims to execute. Leaked info about the identity of high-profile crypto users gave bad actors the ability to target them.” 

Ben Diggles, co-founder, and chief revenue officer at Constellation, told Cointelegraph that Facebook's latest security lapse is unsurprising, especially given that most Facebook users have a different approach, in which they prefer their world to be managed and structured for them. 

“Those that are crypto holders that were on the list have little to worry about unless they were storing descriptive details of their holdings and access on their Facebook account. However, these hackers have gotten really sophisticated, so I have no idea what tricks they may have [up] their sleeves with regards to scraping info specific to crypto wallets and exchanges.”, he added. 

However, he suggests that most users should update their passwords for all of their social media profiles, as well as all other sites that share their data with Facebook, as a precaution. 

Does decentralization matter? 

As more data leaks occur, a large majority of people around the world are understanding the value proposition that decentralized systems offer in terms of protection, particularly, since they do not feature a single point of failure. 

On the matter, Eli Arkush, a cloud solutions engineer at cybersecurity firm GlobalDots, suggests that having a platform's backend system distributed using blockchain technology could make it more difficult for hackers to obtain user information; however, once credentials fall into the wrong hands, password reuse may become a concern. 

However, Stephen Wilson, the CEO of Lockstep Group and a member of the Australian government's National Blockchain Roadmap Cybersecurity Working Group, believes that, contrary to popular belief, storing personal information on any blockchain ecosystem is never a good idea. He pointed out that the type of personal data breached by Facebook should never be stored in a blockchain, and even if it is, such data can never be completely protected by blockchain in the long run.

“Blockchain and DLTs usually only decentralize some aspects of data management. They don’t usually decentralize data storage in any relevant sense because they tend to duplicate ledger entries across multiple systems. The storage is distributed, but identical copies of information are available in multiple locations and can be vulnerable to attackers or thieves.”, he further added. 

Most hacking schemes in the past have primarily focused on stealing funds from cryptocurrency exchanges. For example, in 2014 and 2018, the total amount of money compromised as a result of exchanges being hacked was $483 million and $875 million, respectively. 

However, an increasing number of offenders are focusing their attention on stealing user data because it provides them with unique opportunities to obtain funds quickly. As a result, cryptocurrency owners must protect their assets.

Data Breach at Facebook Leaks Information of 533 Million Users

 

A major privacy violation by hackers allegedly took the data of almost 533 million users of Facebook from 106 countries to be posted online for free. More than 533 million private details that were posted online include records of over 32 million users in the US, 11 million users in the UK, and 6 million users in India. This breach is perhaps the largest in the social media giant’s history of breaches. Details such as phone numbers, Facebook IDs, full names, sites, birthdates, bios, and even e-mail addresses of several people are included in the breach. 

A spokesman for Facebook stated that the data had been scrapped on the social website due to a security vulnerability that had already been patched in 2019. The vulnerability was identified in 2019, enabling millions of Facebook servers to remove telephone numbers. In August 2019, the social media outlet was kicked off by the vulnerability. 

On Saturday 3rd of April, Alon Gal, who is the CTO of Hudson Rock, the CIC, detected the leaks and confirmed the same via Twitter. Gal is the very same researcher who had blown the whistle of an initially accessible Telegram bot in January, which seems to be the same, leaking database. While the individual behind the bot sold the leaked figures to the people willing to pay for it, this time the disparity is that all these figures are now freely accessible on a low-level hacking forum. After the vulnerability that Facebook fixed in 2019, the database was reported to have been leaked, this is because not many people frequently alter their telephone numbers so that the data can be very accurate. In the past, this information was sold by a person who sold a telegraph bot to sell a telephone number or a Facebook ID for $20,000, or in bulk for $5,000. It is now widely available to anyone with certain technical know-how. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” added Gal. 

This is not the first time Facebook is spotted with a data leak. Data from 419,000,000 Facebook and 49,000 Instagram users were displayed in online databases in 2019. In that meme year, data of 267 million users had been exposed to an additional violation. In the meantime, there was the infamous Cambridge Analytica scandal that, for its data collection practices, was perhaps the first time the Zuckerberg company had come under the radar. 

533 Million Facebook Users' Phone Numbers And Personal Data Leaked Online

 

On Saturday, a user turned to a low-level hacking forum to leak the personal information of hundreds of millions of Facebook users, free of cost. The sensitive credentials that have been exploited included personal data of over 533 million Facebook users from 106 countries – around 32 million users from the US, 11 million from the UK, and around 6 million from India. Leaked data includes users’ full names, their date of birth, address location, phone numbers, Facebook IDs, bios, and in certain instances email addresses also. 

Alon Gal, a CTO of cybercrime intelligence firm Hudson Rock, analyzed the breach on Saturday and informed about this event on Twitter. Alon Gal is also known for his last research finding that was appeared as the same leaked database previously became accessible via a Telegram bot in January. 

While back then, the situation was different. The hacker who was behind the Telegram bot leaked database was selling the hacked credentials to those clients who were ready to pay for the information, but this time the difference is that that all this leaked data of more than 533 million people is available for everyone for free in a low-level hacking forum. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Alon Gal stated. 

The incident is not foreign to Facebook, which is indeed a popular platform in the arena of cyberattacks. Before this cyberattack, the platform had already experienced data breaches multiple times, notably so. 

The vulnerability that had been spotted in 2019 exposed sensitive information of millions of Facebook users including their phone numbers to be scraped from Facebook's servers in contravention of its terms of service. Back then, Facebook officially stated that the vulnerability was patched in August 2019. Additionally, Facebook vowed to eliminate mass data-scraping after Cambridge Analytica scraped over 80 million users’ data in violation of Facebook's terms of service to target voters with political ads in the 2016 election.

CopperStealer Malware Steals Social Media Credentials

 

Researchers discovered a certain malware that was so far unidentified which silently hijacked Facebook, Apple, Amazon, Google, and other web giants' online accounts and then used them for nefarious activities. 

Cybercriminals have launched a new campaign to rob Facebook login credentials from Chrome, Edge, Yandex, Opera, and Firefox using malware 'CopperStealer.' 

The threat actors have used unauthorized access to Facebook and Instagram business accounts to run nefarious commercials and provide further malware in subsequent malware advertising campaigns as per the blog post published by the researchers at cyber safety company Proofpoint. In late January, researchers were first notified of the malware sample. The first samples found dated back from July 2019. 

Furthermore, CopperStealer versions targeting other major service providers such as Apple, Amazon, Bing, Google, PayPal, Tumblr, and Twitter have been discovered in the proven analytic evaluation. The malware aims to steal login credentials for some of the most famous internet services from large technological platforms and service providers. 

Researchers suspect that CopperStealer is a family that has originally been undocumented in the same malware class as SilentFade and StressPaint. Facebook attributed the invention of SilentFade to ILikeAD Media International Ltd, a Hong Kong-based company, and reported over $4 million in damages during the 2020 virus bulletin conference. 

Researchers found dubious websites, which include keygenninja[.]com, piratewares[.]com, startcrack[.]com and crackheap[.]net, that was advertised as 'KeyGen' or 'Crack' sites, which included samples from several families of malware, including CopperStealer. 

“These sites advertise themselves to offer “cracks”, “keygen” and “serials” to circumvent licensing restrictions of legitimate software. However, we observed these sites ultimately provide Potentially Unwanted Programs/Applications (PUP/PUA) or run other malicious executables capable of installing and downloading additional payloads,” said Proofpoint researchers. 

Malware also helps to find and send the saved passwords on one’s browser and uses stored cookies in order to extract a Facebook User Access Token. Once the User Access token has been collected, the malware will request multiple Facebook and Instagram API endpoints to gain additional contexts including the list of friends, any user's pay-out, and research listing the user's pages. "CopperStealer is going after big service provider logins like social media and search engine accounts to spread additional malware or other attacks," says Sherrod DeGrippo, senior director of threat research at Proofpoint. "These are commodities that can be sold or leveraged. Users should turn on two-factor authentication for their service providers."

CBI Booked Firms for Harvesting Data of 5.62 Lakh Indian Facebook Users

 

The Central Bureau of Investigation (CBI) has lodged a case regarding an unlawful collection of personal information of nearly 5.62 lakh Indian Facebook users and the use of information to manipulate elections in India. In regards, CBI has booked Cambridge Analytica, the UK's political consultancy company, and another UK- based firm Global Science Research Ltd. 

In a preliminary CBI inquiry in July 2018 following a complaint from the Electronics and Information Technology Ministry, investigative officials discovered that Aleksandr Kogan, the Founder-Director of the Global Research Limited (GSRL), created an app called ‘This Is Your Digital Life’, which was used to collect data of Facebook users under the tag "academic and research purposes", as stated in the policy of the digital platform. Further in a probe, it was revealed that approximately 335 Indians had downloaded this app, whereby data of their Facebook friends- nearly 5.62 lakh, had been allegedly harvested without their knowledge. 

During the early investigation, Cambridge Analytica and GSRL reported criminal offenses, and the department later booked all companies for criminal conspiracy and cyber-crime. The organization Cambridge Analytica was initially accused of harvesting details of Facebook users and then manipulating it to obtain success in America, more precisely, the elections for 2016, as well as the Donald Trump campaign. Cambridge Analytica first became the subject of scrutiny three years ago.

In response, Facebook replied, “Data of 5.62 lakh Indians users might have been illegally harvested." Cambridge Analytica on the other hand responded that ”they only received data of UK users from the Global Science Private Limited.” 

According to CBI, these two companies had approached Facebook. Facebook later in conversation with CBI, told that they did allow Global Science Research ltd with their application, but they illegally collected the data of 5.62 lakhs users and later shared it with Cambridge Analytica. The data stolen contains information of the users, page likes, their private data, personal messages, and chats. Reportedly, the stolen information was later used to influence elections in India. 

Out of the 335 app users contacted by the CBI, six replied and were subsequently investigated. They all claimed that the software fooled them and that they were not aware that their personal and friends' data had been improperly gathered, the FIR suggested, adding that all six said they would not have used the app if they had the slightest indication that their privacy would be violated. 

Both UK-based companies have been booked by CBI for criminal conspiracy and violation of the IT Acts.

WhatsApp Clients Resort to Other Messaging Platforms

 

WhatsApp has told its two billion clients they should permit it to share information with its parent organization Facebook if they wish to keep utilizing it. All WhatsApp clients would not be able to proceed with the service except if they accept the new terms by 8 February. The stage said the update will empower it to offer features, for example, shopping and payments. 

Message platforms Signal and Telegram have both seen a gigantic surge in downloads around the world over after a questionable update to WhatsApp's terms and conditions. 

As per information from analytics firm Sensor Tower, Signal was downloaded all around the world multiple times the week before WhatsApp declared the change on 4 January and 8.8 million times the week after. This included big surges in India, where downloads went from 12,000 to 2.7 million, the UK from 7,400 to 191,000, and the US from 63,000 to 1.1 million. In a progression of tweets, Signal said a few people were detailing issues with creating groups and postponements to verification codes showing up in light of the fast development but that it was addressing the issues. 

Telegram has proved to be even more popular, with downloads booming all around the world from 6.5 million for the week starting 28 December to 11 million over the next week. In the UK, downloads went from 47,000 to 101,000. Furthermore, in the US they went from 272,000 to 671,000. During the same period, WhatsApp's worldwide downloads shrank from 11.3 million to 9.2 million. 

One industry watcher said he didn't think this fundamentally spoke to a major issue for WhatsApp, which has been downloaded 5.6 billion times since its launch in 2014. 

"It will be hard for opponents to break user habits, and WhatsApp will keep on being one of the world's most popular and broadly utilized messaging platforms," said Craig Chapple, mobile insights strategist at Sensor Tower. 

WhatsApp reassured its clients that it doesn't keep logs of every individual who is messaging, it can't see your shared location, it doesn't share your contacts to Facebook, and that groups can stay private. It likewise exhorts clients that they actually have the choice to set messages to disappear and that they can't download their information. WhatsApp's clarification may figure out how to reassure a few clients that the privacy changes aren't as troubling as first dreaded, yet for other people, it might have come past the point of no return.

Facebook Shuts Down Fake Accounts Associated With Russia and French Military

Earlier this week, in a press conference, Facebook closed two misinformation networks related to Russia, one of which was associated with the French military. Facebook has accused these accounts of orchestrating interference campaigns in African regions. Two networks using multiple FB accounts were given to users associated with the Russian Internet Research Agency. In contrast, the third account had links to persons related to the French military, says Facebook. 

Facebook has closed all three accounts for violating the policy of foreign or government interference. These networks, according to Facebook, attacked targets in North Africa and Middle East countries. As of now, the French military has offered no comments on Facebook's allegations. The campaigns battled with each other, said Nathaniel Gleicher, Facebook's head of security policy, and David Agranovich, head of global threat disruption in a blog. 

It is the first time that Facebook found two campaigns (from France and Russia) fighting with each other, commenting on each other's accounts, claiming it is fake. These accounts used fake accounts as a central part of their operations to mislead people about who they are and what they are doing, and that was the basis for our action, says Facebook. One sample post read, "The Russian imperialists are a gangrene on Mali!" The French network accounts mainly targeted Mali and the Central African Republic. Other targets include Cote d'Ivoire, Chad, Algeria, Niger, and Burkina Faso. It involved 84 FB accounts, six pages, nine groups, and fourteen Instagram accounts that infringed a policy facing "coordinated inauthentic practice." 

In French and Arabic, some of the posts were about France's Francophone Africa systems, allegations of Russian meddling in CAR elections, supportive comments about the French military, and Russia's criticism. According to Gleicher and Agranovich, "we shared information about our findings with law enforcement and industry partners. We are making progress rooting out this abuse, but as we've said before, it's an ongoing effort, and we're committed to continually improving to stay ahead." As of now, the investigation is ongoing, and no further detail has been offered.

U.S Files Lawsuit Against Facebook For Discriminatory Recruitment Process Against U.S Workers

 On Thursday, the U.S. Department of Justice (DOJ) sued F.B., asserting that the company held positions for temporary visa holders but discriminated against the U.S. workers. According to DOJ, F.B. didn't consider U.S. workers suited or "qualified and available U.S. workers" for the 2600 job openings with an average salary of $1,56,000. Facebook deliberately built a contracting arrangement that denies fair and equal job opportunities to U.S. workers who have applied. Instead, the company offered jobs to temporary visa holders to sponsor for their green cards. 

A Facebook spokesperson said that the company provided full cooperation with the DOJ regarding the review but disagrees with the charges, not offering any more comments on the ongoing litigation. The lawsuit claims that F.B. favored the temporary visa workers while discriminating against U.S. workers. The incident began in January 2018 and lasted till September 2019. F.B. didn't openly advertise about the job vacancies on its career website and denied job roles to U.S. workers; these, DOJ believes, were the tactics used by F.B. 

Eric S. Dreiband, head of the DOJ's Civil Rights Division, in a statement, said, "our message to workers is clear: if companies deny employment opportunities by illegally preferring temporary visa holders, the Department of Justice will hold them accountable." "Our message to all employers — including those in the technology sector — is clear: you cannot illegally prefer to recruit, consider or hire temporary visa holders over U.S. workers," he further says. The lawsuit claims that Facebook's employing practices also negatively affect temporary visa holders by creating unequal employment status. The workers will rely on F.B's job to retain their immigration status. 

"Facebook knowingly and intentionally deterred U.S. workers from applying to and failed to meaningfully recruit U.S. workers for its PERM-related positions, when it subjected such applicants to more burdensome recruitment procedures because it preferred to employ temporary visa holders in those positions, because of their citizenship or immigration status," says the lawsuit. In a press release, DOJ noted that it was a two years investigation. In other cases, DOJ has been reviewing the tech industry since 2019 and has also filed an anti-trust lawsuit against Google recently in October.

South Korea Fines Facebook For Sharing Data Without User Consent


South Korea fines social networking giant Facebook for 6.7 billion Won (around $6 million) for sharing user data without their consent. According to PIPC (Personal Information Protection Commission), Facebook has a total userbase of around 18 million users in South Korea. It says FB shared user data of 3.3 million users to third-party companies without user consent. The incident happened from May 2012 to June 2018. Also, PIPC says that it will charge a criminal complaint against the company for violating "personal information laws." 

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.

Twitter and Facebook CEOs asked to testify on election and content moderation before the US Senate

 

The US Senate Judiciary Committee has asked the CEO of Twitter and Facebook to evaluate their role in “platforms’ censorship and suppression of New York Post articles” and their role in the election.
After voting to move forward with a pair of subpoenas, the Senate Judiciary Committee agreed that the two CEO Twitter's Jack Dorsey and Facebook’s Mark Zuckerberg will be answerable to the Senate set on November 17, two weeks after the US elections. The committee lead by Republican South Carolina Senator Lindsey Graham set the agenda of the day as “platforms’ censorship and suppression of New York Post articles.”

 The aforementioned New York Post article was labeled false as it published a story about Hunter Biden, the son of Democratic presidential nominee and former Vice President Joe Biden. The article claimed that Hunter Biden organized a meeting between Joe Biden and an executive at a Ukrainian energy company Burisma in April 2015. Many are calling it a typical "Right-Wing Agenda" with hacked materials and personal mails. 

Twitter prevented its users from posting links to the article. 

As said in a press release, the senators will also dig the two CEO'S on their performance on the elections. Republicans are looking up to questioning the CEOs on their handling of the New York Post regarding the hacked material and messages fished from Hunter Biden. 

The Republicans also intend to enquire about the recent claims of anti-conservative political bias in the two social media platform's policy decisions. Not only the Republicans but the Democrats are also eager to question content moderation on the platform, "While Republicans on the Senate committee led the decision to pressure Zuckerberg and Dorsey into testifying, the committee’s Democrats, who sat out the vote on the subpoenas, will likely bring to the table their questions about content moderation, as well" reports TechCrunch on the matter.

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

WhatsApp Reveals Six Bugs On Its Security Advisory Website


The Social Messaging app WhatsApp has been open about its bugs and vulnerabilities recently. To be vocal about the issue, the company has set up a dedicated website that will work as a security advisory and inform users about the latest developments on issues and bugs in WhatsApp. Owned by social media giant Facebook, WhatsApp, with a current user base of around 2 million, has set up the website as an initiative to keep the community informed about security and be more transparent with its users.


The dedicated website is not limited to WhatsApp users but open to the entire cybersecurity community. The move comes as a response to the criticisms that WhatsApp faced over its handling of security issues. The dedicated platform will give users detailed reports of security updates related to WhatsApp, along with CVEs (Common Vulnerabilities and Exposures) details. The updates will help cybersecurity experts to know the effect of these bugs and vulnerabilities.

WhatsApp reported six security bugs that it had recently discovered. The company had released security patches for these six bugs before the hackers could exploit them. Few of the bugs could be remotely launched. CVE-2020-1890, an android based WhatsApp bug, sent the recipients sticker, which contained malicious codes. The bug could be deployed without user interaction. Few bugs, however, required user interaction and couldn't be launched remotely. CVE-2019-11928 bug became active when a desktop WhatsApp user clicked any location link, allowing cross-site scripting. WhatsApp says that it will keep the community updated about the latest developments through its advisory platform, trying to release security patches as soon as possible.

According to reports, five of the six bugs were patched on the same day; however, the last bug took quite some time. "We are very committed to transparency, and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts. We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available," says WhatsApp.

The new iOS 14 to drop Facebook's Audience Network Advertising to 50%


Facebook on Wednesday posted a response to the new iOS 14 on their official blog stating that the new iOS could lead to a 50% drop in their Audience Network advertising business.



Though the company had previously raised issues with iOS 14 and that it could impact their advertising, this Wednesday blog detailed exactly how. 

Facebook Audience Network collects data from the user ( Facebook's data) and provides targeted in-app advertisements. Advertisers use a unique device ID number known as the IDFA in order to make advertisements personalized. 

In iOS 14, these tracking IDFA would be made optional and the user can opt if they want their app to track or not. Facebook said they won't collect IDFA information in iOS 14 at all even though it will make a significant dent in their audience network advertising. 

"We know this may severely impact publishers' ability to monetize through Audience Network on iOS 14, and, despite our best efforts, may render Audience Network so ineffective on iOS 14 that it may not make sense to offer it on iOS14 in the future," Facebook said in the blog.

"While it's difficult to quantify the impact to publishers and developers at this point with so many unknowns, in testing we've seen more than a 50% drop in Audience Network publisher revenue when personalization was removed from mobile ad install campaigns," Facebook said. "In reality, the impact to Audience Network on iOS 14 may be much more, so we are working on short-and long-term strategies to support publishers through these changes." 

Facebook said that their advertising policies will be in compliance with iOS 14's and Apple's preconditions but the social network's whole revenue is derived from advertising and around a billion people view at least one Audience Network ad in a month, so the decision is bound to affect Facebook grandly. 

The blog further cleared some changes Facebook would do for iOS 14 and operations for their partners. The new iOS is expected to launch this year.

Facebook Struggles Against Hate Speech and Misinformation, Fails to Take Actions


In the last month, FB CEO Mark Zuckerberg and others met with civil rights activists to discuss FB's way of dealing with the rising hate speeches on the platform. The activists were not too happy about Facebook's failure to deal with hate speeches and misinformation. As it seems, the civil rights group took an 'advertising boycott' action against the social media giant and expressed their stark criticism. According to these civil groups, they have had enough with Mark Zuckerberg's incompetency to deal with white supremacy, propaganda, and voters suppression on FB.


This move to boycott Facebook came as a response to Donald Trump's recent statement on FB. Trump said that anti-racism protesters should be treated with physical violence, and he also spread misinformation about mail-in voting. FB, however, denies these allegations, saying these posts didn't violate community policies. Even after such incidents, the company ensures that everything's alright, and it just needs to toughen up its enforcement actions.

"Facebook stands firmly against hate. Being a platform where everyone can make their voice heard is core to our mission, but that doesn't mean it's acceptable for people to spread hate. It's not. We have clear policies against hatred – and we constantly strive to get better and faster at enforcing them. We have made real progress over the years, but this work is never finished, and we know what a big responsibility Facebook has to get better at finding and removing hateful content." "Later this morning, Mark and I, alongside our team, are meeting with the organizers of the Stop Hate for Profit campaign followed by a meeting with other civil rights leaders who have worked closely with us on our efforts to address civil rights," said COO Sheryl Sandberg in her FB post.

In another incident, FB refused to take action against T. Raja Singh, an Indian politician from BJP. According to the Wall Street Journal, the company didn't apply its hate speech policies on Raja's Islamophobic remarks. FB employees admitted that the politicians' statements were enough to terminate his FB account. The company refused to, as according to the FB executive in India, could hurt FB's business in India.

Facebook is testing Instagrams' new messaging app, Threads with Automated Data Sharing


Facebook's team is working on a companion app for Instagram, called "Threads", which will automatically share your location, battery, a movement to a close group of friends.


It is much like a messenger application and the company plans to rival snapchat, an app that also caters to close friends and sharing updates. Though Snapchat has been standing as a good alternative for Facebook and Instagram with much more engagement with young people, Threads could be a game-changer.

The Instagram team was itself working on Direct, a messaging app since 2017 but they closed the project in May. But after the acquisition by Facebook, the team was transferred to the Facebook Messenger team and Threads could be the prized outcome.

 The Verge reported, "Threads will regularly update your status, giving your friends a real-time view of information about your location, speed, and more. At the moment, Threads does not display your real-time location — instead, it might say something like a friend is 'on the move'." 

Though the core of the messaging app will be that "messaging", where friends can text, and even see status updates made on Instagram and can manually update the status on Threads but it does not dispute the privacy concerns over the automated data sharing. 

Concerns over privacy and data 

Facebook is testing Automated data sharing on Instagrams' companion app Threads and if successful we could see it applied to other Facebook apps too. Privacy, of course, is a big concern with automatic updates and does need to be concerned over but what's more interesting is how Facebook could use this data. After Mark Zuckerberg's pivot over privacy and data, Facebook has become more private and a loss but with this new automated data sharing, users can become layman and habitual of sharing their updates.

“You change your behavior if you’re constantly being looked at,” said Siân Brooke, a researcher at Oxford Internet Institute "If you know people see where you are, what you’re consuming, you’ll change what you’re doing, change what is normal in a group.”

And thus the data mining cycle will resume where data could be tracked by the app and sold.

Facebook using AI to track hate speech

 


Facebook's hate speech and malicious content identifying AI seem to be working as the company said that their AI identified and removed 134% more hate speech in the second quarter than in the first. The company stated in the Community Standards Enforcement Report that it acted upon 9.9 million hateful posts in the first quarter of the year and 22.5 million in the second. But the figures also reveal how much of hate content was there and is still on the site, to begin with.

Facebook's VP of Integrity Guy Rosen blames the high number to “the increase in proactive technology” in detecting a said form of content. The company has more and more been relying on machine learning and AI to drive out this type of content by losing bots on the network. 

There has been a similar rise on Instagram as well. They detected 84% of hate speeches in this quarter and 45% in the last and removed 3.3 million of these posts from April to June- a sweeping amount when compared to just 808,900 in January till March. 

The social media site also has plans to use similar technology to monitor Spanish, Arabic, and Indonesian posts. 

These increasing number in hate content does show the platform's improvement in the AI technology used to fish out hate post but it also raises concerns over the hostile environment the network presents. Though the company blames these numbers to an increase in coverage of content.

 “These increases were driven by expanding our proactive detection technologies in English and Spanish,” as the company states.

Some critiques also say that the company has no way of knowing how much percent they are actually capturing and how much there is as they measure it according to 'Prevalence' that is how often a Facebook user sees a hateful post as opposed to how many there actually are. The social media giant also updated as to what they include as hate speech - excluding misinformation that remains a big problem for Facebook.

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

Google Playstore Removes 25 Android Apps that Stole User Login Credentials


In a recent cybersecurity incident, Google cleared 25 applications from its google play store as they were alleged to steal the users' FB credentials. According to Google, these applications were downloaded for around 2..35 million before the play store decided to shut them down. All these 25 applications were created by the same developer, even though they seemed to work differently and offer different features, they were all peas in a pod.


These apps showed themselves as a video editor, photo editor, wallpaper apps, file managing apps, mobile gaming apps, and flashlight apps., says Evina, a France based cybersecurity organization. When the firm came to know about the incident, it reported to Google, and precautionary measures were taken immediately to protect the end-users. The malware was also reverse-engineered so that no damage could take place. The 25 apps had malware embedded in them, which stole FB login credentials whenever the user launched the FB application.

Although the apps worked legally, they, however, had hidden malicious codes. The code could tell about the recently launched app in the user's device. If it were FB, these apps would create a fake login page that looked the same as the original to steal the user's login credentials. If the user entered his login credentials, the app would capture the data and transfer it to a remote server domain. When Google came to know about the issue after Evina's claims in May, it verified it before taking down these apps. Playstore removed these 25 apps earlier this month, some of which had been in use for more than a year.

"When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground, which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server," said Evina in a blog post.

Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents


While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same perhaps it wasn't a plan well thought off as the country attempted to come up with an inventive and a profoundly technological solution to battle the everyday rising cases of the virus.

Their arrangement included developing a wearable device that would be issued to each resident as an approach to facilitate contact tracing in the midst of the COVID-19 pandemic, however, the move, unfortunately, wasn't well-received by the citizens as it started an open objection with respect to their worries about their privacy.

An online petition titled “Singapore says 'No' to wearable devices for COVID-19 contact tracing", has thus to date, garnered in excess of 17,500 signatures.

The online petition describes the usage of such devices as "conspicuous encroachments upon our privileges to protection, individual space, and opportunity of development".

In words of Wilson Low, who started the petition on June 5, "All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state.”

Singapore's Minister-in-Charge of the Smart Nation Initiative and Minister for Foreign Affairs, Vivian Balakrishnan, said during a parliament session Friday that while the government had introduced a contact tracing app earlier, TraceTogether, a wearable device was essential as it would not rely upon somebody possessing a smartphone.

His team however is developing and would “soon roll out a portable wearable device" keeping in mind the existing issues with the application, which didn't function well on Apple devices as the iOS operating system would suspend Bluetooth scanning when the app was running in the background.

He said that if the devices are proved to work viably, then they may be issued to each resident in Singapore, yet didn't expressly say that the government would make it obligatory for everybody to utilize it.

Wilson, however, was very determined upon proving his point as he wrote, “Even if we're not, we recognize the potential creation of a two-tiered society -- those who wear the devices versus [those] do who do not -- therein, and an open pass to engage in yet another form of prejudice and societal stratification.”

Later including, "The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range.”

Numerous different residents also came to his support as they very openly expressed their concerns with respect to the potential execution of wearable devices, further taking to Balakrishnan's Facebook page to ask the legislature against taking this course.

One user Ian Chionh went so far as to accusing the government of utilizing the coronavirus as "an excuse" to put a tracking device on all residents on Facebook.

Wilson had likewise referenced something similar to these worries adding that "The government looks to the COVID-19 pandemic as the perfect excuse to realize what it has always envisioned for us, this country's populace: to surveil us with impunity, to track us without any technological inhibitions, and maintain a form of movement monitoring on each of us at all times and places. And to do so by decreeing it compulsory for all law-abiding persons to become 'recipients'."

Aside from TraceTogether, the Singapore government utilizes an advanced digital check-in tool, SafeEntry, to facilitate its contact tracing efforts.

The system gathers visitors' very own data, either through QR codes or barcode scans whenever they enter a venue, like supermarkets and workplaces. Information gathered through SafeEntry is retained for 25 days, just like TraceTogether's data retention policy.

The TraceTogether app was updated just the previous week to incorporate the registration of passports numbers for travelers visiting Singapore and barcode scans to support SafeEntry.

The nation however has begun with easing the restrictions, initially set up to check the spread of the virus - in phases as more and more businesses wish to resume with their operations over the following month.

Israeli Security Company NSO Pretends to Be Facebook


As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”.

Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.

The Pegasus, as mentioned in reports, if installed once, can have access to text messages, device microphone, and camera as well as other user data on a device along with the GPS location tracking.

NSO has denied this but it still happens to be in a legal standoff with Facebook, which contends that NSO on purpose distributed its software on WhatsApp that led to the exploitation of countless devices. Another allegation on NSO is about having delivered the software to spy on journalist Jamal Khashoggi before his killing, to the government of Saudi Arabia, citing sources.

Facebook also claimed that NSO was also behind the operation of the spyware to which NSO appealed to the court to dismiss the case insisting that sovereign governments are the ones who use the spyware.

Per sources, NSO’s ex-employee, allegedly, furnished details of a sever which was fabricated to spread the spyware by deceiving targets into clicking on links. The server was connected with numerous internet addresses which happened to include the one that pretended to be Facebook’s. And Facebook had to buy it to stop the abuse of it.

As per reports, package tracking links from FedEx and other links for unsubscribing from emails were also employed on other such domains.

NSO still stand their ground about never using the software, themselves. In fact they are pretty proud of their contribution to fighting crime and terrorism, mention sources.

Security researchers say that it’s almost impossible for one of the servers to have helped in the distribution of the software to be within the borders of the USA. Additionally, reports mention, NSO maintains that its products could not be employed to conduct cyber-surveillance within the United States of America.

Facebook still holds that NSO is to blame for cyber-attacks. And NSO maintains that they don’t use their own software.