Weekly Axis Of Easy #46
In this issue:
- Private intelligence agency leaks scraped data of 48 million people
- Do you know Palantir? They know you.
- Breached chat service leaks data of K-Mart, Best Buy customers
- New fileless malware eludes antivirus scanners
- Honduran government unveils new cyber censorship laws
- Facebook plays shell game with Euro Privacy laws
- More Facebook foibles: Login service can be hijacked and a class action lawsuit
- Internet pioneers apologize for the monster they’ve set loose
I always love it when some company I’ve never heard of turns out to be compiling dossiers on people and scraping their social media data, only to leave about 48 million of them wide open on an Amazon S3 bucket so it can all get scooped up in one shot. Well done Localbox. *golf clap*.
Speaking of private intelligence agencies, you may not have heard of Palentir, but I have. They are Peter Thiel’s data mining company, and they do more than scrape social media. Palantir markets its services to governments and corporations like JP Morgan to conduct pervasive surveillance. From vacuuming up emails, GPS locations from corporate smartphones, and transcripts of phone calls, Palantir uses everything it can get its hands on and then sifts through it for telltale signs of miscreant activity.
One of the worse data breaches to come to light in the past week, 7.ai, a company that provides online chat services to the likes of K-Mart, Delta Airlines, Sears and Bestbuy, disclosed that it had been the victim of a data breach in 2017. In this case the breached material includes customer identifying information and credit card details. The takeaway? Don’t ever provide credit card details via an online chat session.
Security journalist Kim Crawley reports on a new security vector called “fileless malware attacks”, where hostile software attacks your system via memory or CPU without leaving any files behind, thus rendering them invisible to the standard antivirus programs. My read on the article is that this affects primarily Windows operating system computers.
Via Mike Masnik at Techdirt: “The masterplan for censorship: follow up a highly-questionable election with a ‘cybersecurity’ law granting the government power to shut down critics and dissenting views. That’s what’s happening in Honduras, following the reinstallation of Juan Orlando Hernandez as president following an election ‘filled with irregularities.’
The new law mandates the policing of ‘hate speech’ as defined by a government that would love to see its critics deprived of an online platform. Whatever the government declares to be hateful must be taken down within 24 hours. Failure triggers fines and third-party platforms will be held responsible for content created by users.”
Whether we’re talking ‘hate speech’ or ‘fake news’ this kind of thing is sounding a little too familiar.
Background: The European Union’s General Data Protection Rules (GDPR) take effect next month. We haven’t mentioned it here yet because frankly, most of the domain biz still doesn’t know how to handle it, especially Whois, which looks to get rekt by the new rules. We just finalized our plan and I’ll cover it next week.
Facebook, after initially saying it will implement the new Euro-style GDPR rules for all users quietly updated its Terms of Service last week to move legal jurisdiction for its 1.5 billion non-Euro users from Ireland – which would be covered under GDPR, to California, where the new rules presumably won’t apply.
On a separate front, a US judge has ruled that a class action lawsuit against Facebook may proceed. The suit dates from 2015 and alleges that the platform’s photo tagging feature violates an Illinois state law against the the collection of biometric data. Oops.
A long read but worth it in NYMag where some of the most illustrious Internet pioneers such as Jaron Lanier and Richard Stallman talk about the lofty aspirations that drove their work on the early Internet and the disappointment around the generally toxic dumpster fire large swaths of it have become.
(h/t to Cameron Johnson)
(P.S If you’re going to be at the 5 years of Let’s Talk Bitcoin celebration in Chicago on Wednesday night, look for me there and I’ll score you an easyDNS webcam cover or maybe even a T-shirt)
Would you recommend easyDNS to a friend or colleague? If yes, feel free to send them this edition of #AxisOfEasy and let them know how we can help. If NO, send support an email and tell us what’s wrong! Thx.