Search This Blog

Showing posts with label Privacy. Show all posts

15,000 Clients Data Leaked Accidently by a Turkish Firm

 

Accidentally, a law firm has disclosed client data of 15,000 incidents in which individuals have been killed and wounded after a cloud misconfiguration. Through a misconfigured Amazon S3 bucket, the WizCase team unearthed a huge data leak with private details regarding Turkish residents. The server includes 55,000 judicial records concerning more than 15,000 court proceedings, affecting hundreds of thousands of individuals. The firm affirmed that it does not require any permission to browse the 20GB trove that anyone with the URL may have viewed the very confidential information.

WizCase is one of the leading multinational websites offering cybersecurity resources, tricks, and best practices for online safety. Also incorporates VPN ratings and tutorials. The data was traced by WizCase, back to the Turkish actuarial consulting company, Inova Yönetim, which analyses details for risk and premium estimation.

The online security team has revealed a major abuse of the data from an Amazon Bucket misconfigured by INOVA YÖNETIM & AKTÜERYAL DANIŞMANLIK, a Turkish legal attorney. Inova is an actuarial consulting firm that gathers mathematical data and measures the probability and premiums of insurers. Since 2012, Inova has been in operation and has dealt with thousands of cases. 

The researchers have found that, along with insurance and accident data, the personally identifiable information (PII) about the survivor in each of the 15,000 court cases including name, national ID and marital status, and day of birth is also available. Some records have revealed much more specific details about claimants, witnesses, and others, including detailed accident information, car registration numbers, breathalyzer test reports, incident descriptions, and many more. In certain cases, the data has more details about the victims or other persons involved in it. It involved information of parties such as victims, event participants, police officers, lawyers. 

The data appeared to relate to the circumstances between the beginning of 2018 and the end of summer 2020. Many who are vulnerable to the snafu could be at risk from scammers following extremely persuasive phishing emails or telephone calls to get more financial and personal details. 

“With some social engineering, bad actors or criminals could contact an [mobile] operator, masquerading as the victim, and verify all kinds of verification questions operators would ask to clone a SIM card,” WizCase stated. “After having access to victims’ phone calls and SMS messages, bad actors could then try to do the same operation with clients’ insurance and bank.” 

According to WizCase, for situations like this, preserving the internal data is unusually challenging since it is always in the hands of the organization one deals for. One must be sure that they just send the correct details and ask them what security steps they are undertaking to keep their private data private. If one gets a call relating to the crash, please notify their Inova contact and ensure that an application comes from them, and never trust someone asking for personal details over a phone.

Russian expert predicts end of WhatsApp - Users switching to Telegram

Over the past weeks, WhatsApp messenger has started losing millions of users. They migrate to Telegram. In mid-January, almost 25 million people came running to Telegram in just three days. Some WhatsApp fans went to another social network - Signal. It gained 7.5 million users in two days.

The reasons for the outflow from WhatsApp are related to the privacy policy, which allows the developer to share user data with Facebook, explained the coordinator of the Center for Secure Internet, Urvan Parfentiev. In particular, according to him, the location and phone numbers will become transparent.

Information and computer security specialist, programmer, blogger Sergey Vakulin said that in addition to the privacy policy, there are other reasons.

"First reason is the privacy policy. The second is functionality. The third reason is anonymization. People who care about their security and privacy of correspondence are less likely to trust WhatsApp," said he.

According to Mr. Vakulin, the advantage of Telegram relative to many social networks is the lack of censorship.

There are those who like to watch something cruel, a murder. But on the social network VKontakte and Odnoklassniki, it is forbidden to do this. And on Telegram, you can create a channel that will not be censored", explained the blogger.

After the outflow of users, WhatsApp launched a powerful awareness-raising campaign and abandoned the previously announced measures. Therefore, "we cannot talk about the death of WhatsApp", stressed Parfentiev.

However, Vakulin believes otherwise.

"Most likely, we will see the death of WhatsApp. The old social networks and apps don't have enough functionality. A person needs to learn something new in the social network. Therefore, we are replacing it with a new one," commented he.

At the moment, dozens of messengers are known. The most popular in Russia are the following: in the first place is WhatsApp, which in 2020 increased by five percent compared to 2019; in second place is Viber, followed by Skype. The fourth place is taken by Telegram, which grew by 10 percent. Facebook closes the top five (plus 6 percent).

Earlier, E Hacking News conducted an interview with a veteran Cyber Law specialist in India Vijayashankar Na (Mr. Naavi) and he shared with us his opinion on the new privacy policy of WhatsApp messenger and how it impacts the users.

Digital Concentration Camp: Tech giants are playing God

Recent events in the United States have shown that the tech giants do not care about the constitution, this is a cause for concern.

There are situations when half a dozen people who have created their own technological empires do not even want to know what rights they have in their state. They determine their own rights on the basis of so-called "corporate norms" and do not respect the constitution of their states. We have seen this clearly in the United States. This, of course, a matter of serious concern.

In general, we are talking about the fact that several major multinational corporations - IT, media, pharmaceuticals, banks - plan to do what they want with people. As you know, the emergence of giant monopolies is a classic feature of any large-scale crisis of capitalism. Lenin wrote about this fascinatingly.

An excellent example of this was when Twitch, Twitter, Facebook, YouTube and Instagram previously blocked Trump's accounts for various periods of time due to his statements about the riots in Washington on January 6.

According to Vladimir Shapovalov, a member of the board of the Russian Association of Political Science, Trump and his supporters were deprived of the freedom to vote, the right to receive and disseminate information. But such a right is fundamental.

Another example is how the largest American airline Delta blacklisted almost nine hundred passengers for their "Trumpism". In November, the same company denied its services for life to a passenger who shouted slogans in support of Trump.

It's interesting to note that on one decision to ban Trump, Zuckerberg's company lost 5% of its value. However, they don't seem to care at all about profit. Uber, Snapchat, and Tesla record losses year after year. All they are interested in is the most severe control of their consumers.

It is worth noting that on January 17, Naavi, a veteran Cyber Law specialist in India, became a victim of the injustice of the monopolies. He published an interesting article Union Bank and RSA Fiasco, where he shared his experience and expressed his opinion about what is happening. It all started with the fact that his site was groundlessly accused of hosting a phishing script. The article about Union bank, published on January 14, 2021, received a complaint from the RSA security service. This resulted in the Service provider M / S Square brothers has disabled not only the article page but the entire website www.naavi.org.

Readers in the comments advise Naavi to send a legal notice to RSA and UBI for defamation, DoS (disruption of legal rights) and various sections of the IT Act. The consensus among readers is that RSA and UBI consider themselves above the law and that they need to be made aware of their limits.

Moreover, even our E Hacking news portal has faced similar issue. The Cyber Security Company Comodo mistakenly marked the E Hacking news site as phishing. We even sent a false positive request from their website and also tried to contact them on their Twitter account. There was no reaction on their part.

Earlier, E Hacking news reported that a Russian IT company reportedly lost the contract in the USA because of serving sites with content from Trump supporters.

Naavi: Information collected from WhatsApp would be shared with Facebook and eventually be used for advertising

The WhatsApp messenger, which is owned by Facebook, began to notify its users (which is about 2 billion) about the update of the privacy policy. Do you want to keep using the popular messaging app?

On 18 January we conducted an interview with a veteran Cyber Law specialist in India Vijayashankar Na (Mr. Naavi) and he shared with us his opinion on the new privacy policy of WhatsApp messenger and how it impacts the users.

Please introduce yourself to our readers.

I'm the chairman of a foundation of data protection professionals in India, which is the primary organization in India working on data protection, providing certifications, audit, support and so on. Since 1998 I was working on cyber law issues which was based on our law called the information technology act. Moreover, I'm the founder of Cyber Law College, a virtual Cyber Law Education institution. Now we have extended it to data protection.

On January 4, WhatsApp announced that from February 8, all users of the messenger (except for residents of the EU and the UK) will be forced to share their personal data with Facebook — the social network will have access to phone numbers, transaction information and IP addresses. What has changed?

Actually, compared to what happened before, there may not be significant changes. We know that WhatsApp has been acquired by Facebook, but we are not very sure whether the information from WhatsApp was being shared with Facebook. But I believe it was happening in the background which we do not know. But maybe now, because they don't want to take any chances with particularly the GDPR (General Data Protection Regulation) authorities they wanted to actually be transparent about what they would like to do. I think this was driven more by the GDPR considerations to just polish their current privacy policies so that any problems could be sorted out.

WhatsApp wanted to disclose the fact that some part of the information collected from WhatsApp would be shared with Facebook and eventually be used for advertising.

So we all know that WhatsApp is a free app. In fact, it's popularity or growth in popularity was because it was free. But it cannot continue like that forever because there has to be a revenue model for any company. Now WhatsApp has come out to the open and through the new policy has declared what kind of information they are likely to share.

WhatsApp contains two sets of data. One is the metadata - contact list, location, status, financial information and data such as your unique phone ID. So, it all reflects a certain characteristic of persons. That usage information itself is actually a treasure if properly analyzed for the purpose of profiling the person.

As we know from the news, WhatsApp's innovations have already angered technology experts, privacy advocates, billionaire entrepreneurs and government organizations. But the main thing is that they provoked the flight of users. Why did this happen?

WhatsApp made a big mistake in the sense that they did not clarify properly what do they want to do. They said that this change is only for business applications. But pop up about update actually came for all individuals who are having a personal WhatsApp account. Subsequently, WhatsApp said in the Press release that this is only for business accounts, not for individual accounts. Then the people asked, "why did WhatsApp show this particular pop up to me at all? If it was not meant for me?" It was psychologically, very disturbing for people.

Moreover, the problem with WhatsApp today is PR. Actually, they drafted it in such a manner that it would actually create revulsion amongst the people. In my opinion, it was a bad PR "Get it or Leave it". We know that the privacy policy should be return in clear and precise terms that an ordinary person can understand. Going that WhatsApp should have been a little more careful.

So, it has become easy for people to download Signal, Telegram. And of course in India, there will be a moment to develop our own indigenous apps. So maybe WhatsApp is going to lose more than what, perhaps it could have.

What do you think, why does Facebook need this metadata?

Instagram and Facebook are now going to be able to show even more targeted ads on Facebook and Instagram, having carefully studied the interests and preferences of users in the messenger. In addition, businesses will be able to accept payments in WhatsApp for products that users have selected in Instagram ads.

Whether we like WhatsApp or not, whether we like Facebook or not, they also have the right to say that I cannot do it on free service forever. Now advertising requests profiling, without profiling advertisements cannot be targeting.

If the person wants to give the information by way of consent, let him give it. So this is a fair game between business interests and personal privacy interests. It's how GDPR is building. There has to be a legal basis.

WhatsApp will read our messages. Is it true?

As it is generally stated, they are not supposed to be reading our messages. Our conversations are encrypted using end-to-end encryption, and, the company says, even WhatsApp itself can not access them. So, the content is getting encrypted with some device-related ID. So, at the moment it leaves my device, It should get encrypted.

Now in case people actually go for backups, storage in the cloud, then there is an issue. So people should avoid cloud storage and make the backup only within the mobile.

In your article "WhatsApp needs to change its Jurisdiction clause in the Terms or else, exit from India" you said that "WhatsApp has created two different sets of policies, one offered by WhatsApp Ireland Ltd to the EU region and the other by WhatsApp LLC  to other countries". How does this apply to India?

In India, on 8 February we were expecting the parliament to pass the Indian data protection law. In my opinion, WhatsApp decided to change the privacy policy on 8 February only to preempt the data protection law.

When I said that "we need to look for a change of WhatsApp in India" was not because of the privacy issue, it's a question of analyzing the privacy policy, that is a matter of revising the privacy policy.

My issue was in the terms of use one of the clauses - jurisdictions. Of course, this is not exclusive to WhatsApp. It happens in many other international web services. The jurisdiction clause says that if there is any dispute between the user of WhatsApp and WhatsApp, then the dispute has to be resolved in accordance with the Californian law and in the district court of California automated binding arbitration there. It means that the use of WhatsApp in India is not going to have any grievance mechanism in India, this is not in accordance with our law, our law doesn't permit it. It is almost denying the government's interest. I'm not happy with that. I would like that to be changed.

Will you continue to use WhatsApp, or have you changed Messenger?

In our professional circles, actually, we have made some moves. Many of the professionals prefer Signal. Of course, some people prefer to Telegram a bit more. Earlier Telegram was the most used platform due to the number of people in the groups. In fact, we were thinking of shifting our FDPPI group to Telegram.

What do you can recommend to our readers?

If somebody is going to have serious professional discussions, financial discussions, then obviously they should look at shifting to Signal. If it is purely personal, family discussions, you can keep using WhatsApp. So, you need to make a distinction between personal use, family use and professional use. If you want 500 people to be in your group then no have a choice, but to leave a WhatsApp. If it's a small group that handles confidential information, need to change to Telegram.

We've covered quite a bit in this conversation. Before we wrap up, is there anything else you'd like to to add?

The only thing I want to say is that we need clarity amongst the ordinary people on what is privacy and what is that we are willing to protect in privacy. It is not absolute protection. It is always the protection of the choice. And the fact that there are, even if you shift from WhatsApp to Telegram, we don't know whether Telegram will remain free forever.

I feel there is a need for this harmonious relationship between the users and the organizations that make use of the data. And that is the purpose of the data protection law. And when we interpret data protection law, again, we should not be totally one-sided. That is the beauty of this issue, balancing the whole thing.


Researcher Exposes Telegram's Location Bug, Company Say It's a Feature

An expert who observed that messaging platform Telegram's "People Nearby" feature revealed risk of accurate user location, is now informed that the feature is "working as expected." Users who use the "People Nearby" feature can view a list of other telegraph users within a short mile radius. Users can also find local group chats.  

Ahmad Hassan used a software that allowed him to fake the location of his Android phone, using it, he found locations of individuals from three different points. He used trilateration to pinpoint exact user location. Using this method, Ahmed could get accurate location of the users, including their home addresses, which is quite easy.  Hasan had found the issue hoping to get Bug Bounty as a reward, instead, he was told that the Telegram users share their locations intentionally i the "People Nearby" section. To determine the exact location of the users, one can expect sometimes to find it under certain conditions.  

But Hasan says that when a user allows "People Nearby" location, he is indirectly posting his residential address online. Many of the users are unaware of this information while they are using the feature. He also believes a widespread problem exists where hackers or users with malicious intent can use fake locations to join local group chats, and attack users with spams or phishing attacks using malicious links. It includes fraud links and fake Bitcoin investments, which is a proof to the poor app security.  Telegram claims that their platform is "more secure than mass market messengers like WhatsApp and Line." 

However, Telegram fails to mention the risks that can arise from malicious users. Others apps in recent times have also experienced the location issue.  The Register reports, "obtaining the location of nearby users is not an issue exclusive to digital devices. A stranger may follow someone home, for example. It is also not so long ago that a huge printed directory of local names, addresses, and telephone numbers used to be delivered to almost every home in many countries – and in the UK BT's online Phone Book service still offers a person search, including address details for those who have not opted out."

Russian experts give tips on how to prevent personal data leakage

In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton Kukanov, head of the Russian Quality System (Roskachestvo) for Digital Expertise, citing Positive Technologies data.

The expert also clarified that about 13% of fraudulent links were related to the topic of the coronavirus pandemic. He drew attention to the fact that almost half of all stolen information in the first quarter of 2020 were usernames and passwords.

According to Anton Kukanov, the main purpose of scammers is not the personal data of users, but payment information.

"They use phishing campaigns, social engineering techniques, and a wide range of malicious programs for this purpose, such as keyloggers that record and transmit passwords, remote access programs that allow a hacker to control the device," said Mr. Kukanov.

The expert advises not to click on suspicious links and not to use sites with illegal content in order to prevent fraudsters from stealing logins and passwords. In particular, resources with free movies, including new products, or games that users love so much, can actually be "monetized" by viral software.

"It is also not recommended downloading applications on third-party sites. You need to do it exclusively in official stores, otherwise, you can quickly "catch" the virus. However, there is a risk of "infecting" the gadget through the official store, although less", noted Anton Kukanov.

Moreover, a specialist from Roskachestvo advises looking at the rating of the application before installing it and read reviews without fail in order not to download an application with a virus.

He also recommended paying attention to the permissions that are requested by installed applications. For security reasons, according to Kukanov, it is better to reject those that contradict the meaning of the application.

Learn how to Hide your WhatsApp Profile Picture and Why ?

 

The latest statistics of the messaging app usage have shown that WhatsApp has 2.0 billion users worldwide, which doesn't come as a surprise given the tremendous popularity and wide-acceptance of the messaging platform. 

Moreover, it is interesting to note that now businesses around the world have also integrated WhatsApp communication for purely work-related purposes, wherein people connect with one another because they are working in the same organization. 

However, it doesn’t necessarily mean that they can trust every person in their organization or that they do. Sometimes what happens is that one never wishes to show his or her display picture to the people whom they rarely know but are required to communicate with them through WhatsApp because of their professional work. 

Now, everyone doesn’t know how to hide their profile picture from unknown users, hence everyone who has their number or with whom they had a little dialogue on WhatsApp is able to see their profile picture and can also potentially take a screenshot of the same. Have you been in one such situation? If yes, we are here to educate you regarding the same. Do you know WhatsApp provides its users with very neat privacy features which allow us to save our privacy from non-friendly contacts, while letting your friends see your profile picture, at the same time? 

How to do it? 


To access the privacy features of WhatsApp in its entirety, follow the steps given below. 

First Open WhatsApp and go to ‘Settings’. 

Now click on ‘Account’ and then click on ‘Privacy’. 

Then, tap on Profile Photo.  

Now you must be able to see that the default setting here allows 3 options to choose first, “Everyone”, second, “My Contact’’ and third, “No One’’. 

So now what you have to do just select the second option “My Contact’’, this privacy feature will only allow your saved contact number to see your profile picture, while others will be seeing a grey avatar on your profile, instead of the picture you had put on display. And, if you wish to not reveal your profile picture to anyone then you can select the third option “Nobody”. This will hide your picture from everyone on the messaging app. 

To your dismay, unfortunately, currently, there is no option that will allow you to hide your profile picture from a particular bunch of users like it does for story privacy settings.

Virtual Website Neopets Exposes Sensitive Data

Neopets is an online platform where kids can take care of "virtual pets." The website has revealed many sensitive user data online, including login credentials used for gaining access to company databases, email ids of employees, and repositories that contain proprietary code for the website. 

The exposed data comprises the IP address of Neopets users, data that can be used by hackers to target Neopets visitors. John Jackson, an independent cybersecurity researcher, found the issue while he was searching Neopet's website with his security software. The Security Ledger reports, "this is the second serious security incident involving the Neopets site. In 2016, the company acknowledged a breach that spilled usernames, passwords, IP addresses, and other personal information for some 27 million users. That breach may have occurred as early as 2013." 

Neopet, an online pet platform, was launched in the year 1999. It allows users, mostly kids, and children to take care of virtual pets/animals and buy virtual accessories for these pets using the "Neopoint" or "Neocash," virtual points earned in-game. Users can buy Neocash with real money or with the help of the awards. Viacom purchased Neopets for $160 million in 2005, but in 2017 it was purchased by NetDragon, a Chinese company. 

"The issue appears to be related to a misconfigured Apache web server, Jackson said. Though many web-based applications are hosted on infrastructure owned by cloud providers such as Amazon, Google, or Microsoft's Azure, leaked documents indicate that the 20-year-old Neopets website continues to operate from the infrastructure it owns and operates," reports The Security Ledger. 

Hacked accounts on sellout 

According to researcher Jackson, he found that Neopets accounts were "on-sale" on a website. It led him to scan Neopet's website using a security tool, which reported Neopets' subdomain exposed the website data. Upon research, Jackson found the employees' database, emails, login credentials, and complete code-base. The screenshots of the Neopets repository shared by Jackson show that the credentials were either embedded in the website's underlying code or "hard-coded." With the help of cybersecurity expert Nick Sahler, Jackson downloaded Neopet's full code-base, it revealed a database, private code repositories, user IP addresses, and employee emails.

UK Finance Body: Beware of Parcel Delivery Scam, Especially During Christmas Season

 


After months of lockdown, this Christmas season has become even more special to people but fraudsters are also beginning to capitalize on the much-delayed excitement of the users. The banking trade body UK Finance has warned the public against parcel delivery scams getting popular during the Christmas shopping season. 

The banking trade body said that this Christmas, more people across the nation are expected to shop online than ever before and there are high chances that con men will take advantage of this.
 
According to Intelligences from UK Finance Trade body, malicious actors’ are sending purportedly phishing emails from genuine delivery companies, claiming that companies have been unable to deliver parcels, large letters or packages and later requesting recipients to send their personal and financial information such as their date of birth, address, bank details, and mobile numbers along with a fee in order to rearrange the delivery. 

It also has been observed that in certain cases, bank customers are also receiving a phone call from the fraudsters as their bank’s fraud team, suggesting them to move their money to a safe account or reveal their passcodes. 

Katy Worobec, managing director of economic crime at UK Finance said, "We are urging people not to give gift to fraudsters this Christmas and to follow the advice of the Take Five to Stop Fraud campaign. Criminals will stop at nothing to commit fraud and that includes exploiting the festive season to target their victims". 

Steps to Prevent Fraud Campaign:

• According to intelligence, people must be vigilant against phishing emails with fake links which can lead people to fake platforms and will ask them to fill in important data, particularly personal and financial. It can be seen that these emails may appear more genuine and trusted but be aware of any fraud scam like this which can cost you more than you expect. 

• People are advised to check their delivery notification attentively to ensure that they are genuine. Criminals are employing the same pattern as genuine companies use for their customers. 

• Customers should always remember that they are about to claim and hence, they should ask questions to the authorities or companies before sending information and money. 

• If one feels that the company is not genuine then he is advised to contact the company directly before sending any form of information. 

• Last and also the most important step to take is to report and register a complaint on a genuine platform if you are being attacked by any fraud or scam.

South Korea Fines Facebook For Sharing Data Without User Consent


South Korea fines social networking giant Facebook for 6.7 billion Won (around $6 million) for sharing user data without their consent. According to PIPC (Personal Information Protection Commission), Facebook has a total userbase of around 18 million users in South Korea. It says FB shared user data of 3.3 million users to third-party companies without user consent. The incident happened from May 2012 to June 2018. Also, PIPC says that it will charge a criminal complaint against the company for violating "personal information laws." 

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.

White House Declares Guidelines to U.S Federal Agencies for AI Applications

The U.S White House has issued guidelines to the U.S federal agencies regarding the AI (Artificial Intelligence) applications produced in the U.S. According to the Director of the Office of Management and Budget (OMB), the notice inspects policies that will overlook a limit allowed by legislation, non-regulatory and regulatory plans to AI apps made and used outside the U.S federal agencies. These OMB guidelines appear after almost two years when the former U.S President Donald Trump signed an executive order for fast-track expansion of Artificial Intelligence in the United States. 

When signing the executive order, President Trump emphasized that it would overlook the launch and ensure that the U.S resources are spent in developing the AI locally. As per the guidelines, the aim is to assure that organizations won't bring out rules or regulations that may restrict AI's growth and innovation. The guidelines also ask agencies to point out challenging, difficult, or other state laws that may affect the launch of AI in the national market. OMB has issued ten principles that federal agencies can use while implementing AI applications. 

The principles were first brought out as a part of the draft memorandum during the start of 2020. The principles include creating a trust for AI among the people with ensuring the privacy and safety of AI users, promote public participation in the application of AI, provide scientific data and information to the public, assuring risk assessment measures accross various agencies, profit maximization while implementing the AI, aim for ways to AI that won't affect the innovation, technology must be safe and reliable, user transparency, promotion of a safe AI system that is secure and companies must share their experience with the AI. 

The White House memo says, "given that many AI applications do not necessarily raise novel issues, the following principles also reflect longstanding Federal regulatory principles and practices that are relevant to promoting the innovative use of AI. Promoting innovation and the growth of AI is a high priority of the U.S. government. Fostering AI innovation and growth through forbearing from new regulation may be appropriate in some cases."

Russian expert told how to figure out surveillance via a webcam

 It is becoming more and more difficult to find out whether you are being followed through a webcam. According to Arseny Shcheltsin, General Director of Digital Platforms, earlier it was used by a special indicator, which showed whether the camera is recording, but now it’s easy to bypass this device.

"The most characteristic signs of tracking are the “freezing” of the computer or phone only when there is an Internet connection, or immediately after switching on,” explained the specialist.

As Shcheltsin noted, the appearance of unknown programs on the device that significantly "slow down" its work should also be alerted. One of the most obvious confirmations that a person is being spied on through a webcam is its spontaneous activation, but today, as the expert clarified, the burning icon near the device's camera may not light up, while it will record what is happening around.

The expert noted that it is worth paying attention to where the potential use of the camera can harm its owner. For example, it is better not to use the phone where the person is not fully dressed — in the locker room, bathroom, etc.

It is also important to keep your computer's antivirus software up-to-date. They should be updated as a new version is released.

Previously, Mr. Shcheltsin reported that intelligence services of various countries are using backdoors to spy on people around the world through Smart TVs.

U.S Elections: Spammers Use Fake Voter Registration Forms To Steal User Data and Banking Credentials

 

As the U.S. presidential elections are approaching, the hacking and spamming attacks related to it are rising. In a similar incident, hackers use fake voter registration forms to steal data of the users who access the fake government sites. The voter registration links work as bait, and if the user clicks it, he is redirected to a fake government website. The hacker then steals personal user data, along with banking credentials sometimes. 

"Whatever the intent behind this particular phishing attack, it should serve as a reminder that human beings -- users, employees, citizens, and voters -- are "soft targets" for malicious actors. This is especially true in turbulent times such as the present -- when fear, confusion, and doubt are surging in the run-up to a historic election that happens to fall in the middle of a catastrophic pandemic," says KnowBe4. These phishing campaigns started in September and are still active. 

Cybersecurity firms KnowBe4 and Proofpoint identified the attacks; they say that these attacks are trying to undermine the U.S. government agency's credibility (U.S. Election Assistance Commission (EAC), which is responsible for generating the voter list. The phishing emails have a simple subject line, and it works because citizens feel that they might be left out from the voting list. The phishing campaign uses hacked WordPress websites to host fake websites operated for luring the users. The sites contain incorrect URLs, and if the user fails to notice it, his data can be susceptible to hackers. According to experts, the hackers use a simple template for phishing attacks, and the fake website looks exactly as same as the original government website. 

According to Proofpoint, these spammers have become more aggressive in their recent attacks. They have changed their strategies and now ask for user's data and along with his banking credentials. "Now, as the U.S. election draws closer, many individuals are confirming their voter registration status. Using messages that suggest voter registration is invalid drives user urgency and uncertainty in an election season. We observed the last news from this actor using voter registration themes sent on October 7, 2020. This suggests that the actor may have already shifted to another type of lure," says Proofpoint.

Spying Malware Attacks Activists and Civil Societies in Egypt


Spying malware "FinSpy" has come back again in Egypt. This time in new campaigns is attacking activists and protestor organizations. Cyber experts have found evidence that the malware is attacking Linus and macOS users. In earlier campaigns, the spyware used to attack Android, Windows, and iOS users. But now, according to researchers, these campaigns are using malware that attacks Linux and macOS systems. FinSpy is a spying malware used for monitoring and surveillance purposes. According to the findings by Amnesty International, the new malware variants can record target's calls, control audio, and video, monitor chats and steal personal data. Law enforcement agencies and government has been using this software since 2011. But in recent findings, the experts identified new variants of the spyware operating since October 2019. The sample "PDF" targets Linux, and the sample "Jabuka.app" targets macOS users; both the samples are FinSpy variants. Researchers announced the samples to the public last week.

According to Amnesty International, "In September 2019, Amnesty International discovered samples of FinFisher's spyware distributed by malicious infrastructure tied to the attacker group, commonly known as NilePhish. Likely to be state-sponsored, these attacks took place amid an unprecedented crackdown on independent civil society and critical voices. Over the years, numerous research reports, including Amnesty International, detailed NilePhish's campaigns of targeting Egyptian civil society organizations." 

About FinSpy 

Enforcement agencies and the government has been using FinSpy since 2011. But through the years, experts have noticed that the spyware has become more creative in its approaches. Amnesty International had published a report in 2019. It covered how phishing campaigns in Egypt were targeting Human Rights organizations, activists, civil societies, and protestor organizations. The campaign was operated by a hacking group called "NilePhish." 

Amnesty reports, "the attacks all bear the same hallmarks and appear to be part of a coordinated campaign to spy on, harass and intimidate their targets." Kaspersky, in 2019, reported that it had observed new variants of spying malware working in Myanmar. Experts say that the new malware variant has infected over a dozen of Android and iOS devices.

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.

American IT-businessman of Russian origin says Durov gave data of Telegram to Kremlin

The founder of Telegram Pavel Durov  gave the messenger with the data of all users to the Kremlin because the messenger became an unbearable financial burden, the costs of which exceeded $2-3 million a month, said an American IT businessman of Russian origin, the head of Pi5 Cloud Michael Talan.

"Telegram is a fully cloud-based solution that hosts its systems in three providers: Google, Amazon, and DigitalOcean. According to my calculations, for Pavel Durov, monthly payments on Telegram exceed $2-3 million. For him, this has become an expense that cannot be recouped. Previously, he paid with money from investors TON (Telegram Open Network),” said Talan.

He clarified that Durov had financial problems related to Telegram after the decision of the American Securities and Exchange Commission, which banned the Russian programmer from launching the TON commercial platform.

"I am 100% convinced of this. So if you are still using Telegram in Ukraine, I urge you: delete all correspondence from there and close your account, because now Telegram is a tool of the Kremlin," the American IT businessman addressed the Ukrainians.

It’s important to note that, in early August 2020, Pavel Durov reported that in two countries he was offered to sell part of Telegram, but he refused because the messenger is not sold "either partially or completely". "This will always be our position,” stressed Durov.

It should be noted that the social network VKontakte, created by Pavel Durov, has found a way to circumvent the ban on the use of the social network in Ukraine. The social network mobile application is now working on the territory of Ukraine. At the same time, in order to access the social network from a computer, residents of Ukraine still need to use another VPN.

Earlier, Ukrainian President Zelensky extended a decree banning Russian social networks.

TikTok Files Lawsuit Against the U.S. Government Over Ban of Its Application


Tiktok has confirmed that it is going to sue the U.S. government for banning the use of Tiktok application in the United States. However, the Lawsuit will not ensure the Chinese company's future in the U.S. market even if it wins. The company claims that it has been trying to agree with Donald Trump administration's concerns and has been trying to reach a consensus for one year. Instead of entering a general agreement, the U.S. government is not paying attention to this issue, says TikTok. According to the company, the administration is not willing to offer any opportunities to resolve the problems.


Reuter reports, "it was not immediately clear which court TikTok plans to file its lawsuit. The company had previously said it was exploring its legal options, and its employees were also preparing their own lawsuit. While TikTok is best known for its anodyne videos of people dancing and going viral among teenagers, U.S. officials have expressed concerns that information on users could be passed on to China's communist government."

Tiktok says that to safeguard fair treatment of its users' and justice, it has no other option than to challenge the Trump administration in the court. Earlier this month, Trump had banned financial dealings with Tiktok, owned by ByteDance and WeChat, owned by Tencent. According to him, these Chinese apps could be a threat to U.S. national security, economy, and trade affairs. According to the administration, TikTok stores a large amount of user data, including internet usage, browser history, network data, and location.

The Chinese Communist Party can exploit this data and use it for extortion purposes, blackmail, cyberattacks, and even espionage acts. "TikTok did not specify which court it planned to tap for its lawsuit, but this move would not stop the company from being compelled to relinquish its U.S. operations, which was laid out under Trump's second executive order issued on August 14 and was not subject to judicial review," reports ZDNet. In response, TikTok says that it modified its user policies to deal with the issue, bringing new measures to prevent misinformation and ensure user privacy.

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

For Privacy and Safety, Disable these features from your Google Assistance


It's difficult to imagine life without Google and every day the search engine gets more involved and intricate in our lives. One of its features - the Google Assistant is used quite extensively by masses to make their life easier and tasks swifter.

Google Assistant is an Artificial Intelligence virtual assistant developed by Google that can be availed from your smartphone and smart devices. A very efficient digital assistant that can hold two-way conversations, as Google says, "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

 "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

But since it is connected with almost all of your smart devices and able to listen and record you always, it's imperative to be concerned over privacy and thus there are few tips that you should consider to make your Google assistant more safe and private-
  
Change Voice Recording Settings

 Only recently Google updated their voice recording privacy settings and you can now opt-in or opt-out for the voice recording to be saved and shared with their human analyzers. So, definitely check out these settings in the Your Data in the Assistant then Audio Recordings and set them as you like but the recordings saved previously should also be looked into- you can choose to delete them manually or set how long can Google keep them.

 Turn off Continued Conversation

 Under the Continued Conversation feature your Google Assistant can listen for another follow up question without you saying 'Hey, Google'. Though the feature can be useful it can allow your device to listen in when you're not interacting with the assistant and simply asking a question to someone else. 

 May want to keep the camera disable when not in use

If you're using a Google-enabled smart display it's best to keep the camera disabled when not in use. It might become tedious to switch it on and off every time you make a video call but it's better than to keep it on always. 

 Google Activity Controls 

Google Assistant gathers up information from other apps you use from the Google account for better performance. If you like you can control the amount and type of information that your Google Assistance can access for privacy concerns. You can also opt for auto-delete and intervals for which data can be kept.