Weekly Axis Of Easy #164
- FTC is preparing anti-trust case against Facebook
- Facebook sued for watching Instagram users through their device camera
- Suspicious activity spotted on previously hacked CRA accounts
- Ransomware attack on German hospital causes a fatality
- Fraud prevention unicorn implodes amid SEC investigation into… fraud
- Another Magecart attack hits over 2K e-commerce sites
- Chinese database exposed detailing targeting info on 2.4 million people
- Operation Legend: pacifying US cities with intrusive surveillance
- The Projection Racket: How we cede our autonomy one step at a time
- When the Going Gets Weird, The Weird Turn To Youtube
According to the Wall Street Journal the US Federal Trade Commission (FTC) is gearing up to file an antitrust suit against Facebook, which could be filed before the end of the year.
While it’s not guaranteed that a suit will be filed, despite the preparations being made, the WSJ is speculating that the legal theory behind it could be their practice of acquiring potential competitors (speaking of which, see below).
Facebook avoided an earlier suit aimed at the company’s (lack of) privacy practices after paying a record $5 billion USD settlement.
As reported in AoE 146, the FTC also has an investigation underway into Google.
A new complaint filed in a San Francisco federal court alleges that the Instagram app spied on users by accessing their device cameras when they weren’t being actively used.
Facebook has denied the allegations and blamed the behaviour on a software bug (“it’s not a feature, it’s a bug”). The plaintiff counters that the behaviour is
“Intentional and done for the purpose of collecting lucrative and valuable data on its users that it would not otherwise have access to by obtaining…extremely private and intimate personal data on their users, including in the privacy of their own home Instagram and Facebook are able to collect ‘valuable insights and market research’”
This is a separate lawsuit than the one we reported on in AxisOfEasy #159 that alleges Instagram illegally collects biometric data by creating “face templates” from its face tagging feature.
Also back in AxisOfEasy 159 we had an item on that security breach at the Canada Revenue Agency. At the time the official number of identities whose data had been breached as around 5K.
Now the Treasury Board of Canada is saying that they’ve uncovered “suspicious activity” on 48,000 accounts that were breached in those July and August incidents.
CRA is pointing out that the system targeted, GCKey, through which Canadians access immigration and unemployment insurance services, was not itself hacked. The affected users were targeted via “credential stuffing”: they were reusing authentication credentials that had been already compromised in other hacks (don’t do that).
In what appears to be the first instance of its kind, a ransomware attack has led to the death of a person in Germany. The attack on the Dusseldorf University Hospital caused it to be unable to receive inbound emergency patients. A woman who was being brought to the ER at the afflicted university was then diverted to another facility 20 miles away. She succumbed en route.
To make matters worse, it appears the hospital was not even the target of the ransomware attack, which was intended to hit the nearby university.
Authorities are still investigating the facts of the incident but if it is determined that diverting to the next hospital was the factor that killed the victim, they will treat the cyberattack as a homicide.
Las Vegas based fraud prevention start-up, NS8 recently raised $123 million at a $400 valuation from the VC firm Lightspeed. The company just fired hundreds of employees via an all hands Zoom meeting, and disclosed that they were under investigation by the SEC.
The company bills itself as an fraud detection and prevention platform for small business.
Heading into the equity raise they boasted a 200% jump in ARR but was burning between $4 and $6 million per month. The company apparently had offices in Miami, Amsterdam, Singapore, Melbourne, Australia, and San Ramon, California.
As per Threatpost:
“One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information stolen.”
Magecart, which has been reported here before, is a type of credit card skimmer which gets injected into websites running Magento. It lifts credit card data being entered into online shopping forms via a keylogger and sends the data back to the hackers.
Researchers say that most of the sites affected had no previous security incidents and theorize that the attack vector was via a Magento zero-day hack that was offered up for sale on hacker underground boards for $5,000 USD in August.
An associate professor from the Fullbright University in Vietnam has revealed the existence of a data trove compiled by a Chinese company known to supply services to government military and intelligence agencies.
The professor, Chris Bolling, has co-authored a paper outlining how the company used open source intelligence collection techniques to compile dossiers on 2.4 million “influential people” known as the “Overseas Key Information Database (OKIDB).”
According to Bolling, the database
“Specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target.
The breadth of data is also staggering. It compiles information on everyone from key public individuals to low level individuals in an institution to better monitor and understand how to exert influence when needed.”
People of influence includes the likes of: politicians, activists, academics, military officers, media personalities, and government employees.
The paper: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3691999
This article via The Intercept looks at various layers of surveillance technology used by increasingly militarized police departments across the US, now more then ever. Police departments are getting federal funding from the US Dept. of Homeland Security, and also grants from the DoJ, to invest in technologies like ShotSpotter, which are sensors installed throughout the city that detect the sound of gunshots and realtime license plate readers that feed into a “video wall” of live surveillance feeds.
Other surveillance tools being procured are social media data extraction and cellphone hacking technologies, which we’ve mentioned several times before in regards to Israeli firm NSO. It turns out there’s another Israeli company called Cellebrite who also makes systems that can pull data off of smart phones.
These technologies are being combined for use in comprehensive law enforcement operations to tame multiple US cities. Operation Legend is being coordinated for Memphis (the article also details civil liberty legal challenges over the years against the Memphis authorities) and has already been deployed in St Louis. In all, Operation Legend and its precursor, Operation Relentless Pursuit are being run in four other cities in addition to Memphis.
This piece from Ben Hunt over at Epsilon Theory isn’t technology related per se, Hunt has been mentioned in one of our Salons, concerns himself more with the role of narrative in our society and since the carrier tone for narrative is technology, I find the work by The Pack over at ET of interest.
“Anyone who considers themselves a small-c conservative should feel uncomfortable about burning anything down without knowing what “it” is. Anyone who considers themselves a small-l liberal should feel uncomfortable about burning anything down without knowing “how” we plan to do it. Anyone who is invested in a message of change from the bottom up should feel uncomfortable about a solution that sounds like it comes from the top down.”
What Hunt says here, that I think is so important for everybody to be cognizant of, is his outline of the three main reasons people voluntarily surrender their freedoms:
Reason 1, is because they think it is necessary.
Reason 2, is because they think it’ll be temporary.
And the third reason, is the most insidious of all, is that we trade in our freedoms, bit by bit, in exchange for high sounding platitudes about freedom, democracy and equality. But in reality what we get instead are more controls, more inequality and more authoritarianism.
Ben is by no means some right wing Libertarian (the way I’m sure some readers here think about yours truly). But what Hunt consistently does is think about issues, especially in term of narrative, from beyond the left/right paradigm, which I think is a refreshing way to approach things…
AxisOfEasy Salon #22: When the Going Gets Weird, The Weird Turn To Youtube
We had another grand ole talk on the AxisOfEasy Salon #22 covering topics from resilience, the Network State and the release of Charles’ new book: A Hacker’s Teleology: Sharing the Wealth of Our Shrinking Planet
Also last week on the Axis:
- GPT-3 and Existential Angst (by Jesse Hirsh / Metaviews)
- This is why inflation will rip everybody’s face off
Among others, check it out!