Critical software bug sets ‘internet on fire’ — RT World News

https://www.rt.com/news/542927-critical-software-bug-internet-hackers/

The fault, known as ‘Log4Shell’, has been described as the “single biggest, most critical vulnerability of the last decade” – which puts it in the running for a place among the biggest glitches
in modern computing history. Researchers have warned that the flaw
affects servers run by tech giants like Microsoft, Apple, Amazon, and Twitter…

Report: Authoritarian Governments Use Huawei Technology To Censor Journalists

https://www.nationandstate.com/2021/12/02/report-authoritarian-governments-use-huawei-technology-to-censor-journalists/?amp
Authoritarian governments use Huawei’s technology to censor journalists, according to an internet freedom watchdog. Researchers at Top10VPN determined that 17 of the 69 countries studied use the Chinese telecom giant’s hardware to enforce censorship laws. Cuba uses Huawei’s “middlebox” devices to censor stories that criticize the country’s communist regime. In Burundi, the government blocks media…

Samsung Bricks Smart TVs | Hackaday

https://hackaday.com/2021/11/29/samsung-bricks-smart-tvs/

… it is a bit alarming to realize the implication of such a feature — the manufacturer can reach into your TV and disable it from afar. One can assume that Samsung won’t abuse this capability, because acting otherwise would harm their reputation. In a press release, Samsung announced in a press release that any consumers whose sets were incorrectly bricked can have their sets un-bricked after demonstrating proper ownership.

Despite such good intentions, the mere existence of such a feature is worrisome…

Linux Malware mulling to Spoil Black Friday – muunyayo

https://muunyayo.com/2021/11/22/linux-malware-mulling-to-spoil-black-friday/

TheCyberThrone

Researchers have discovered a new Linux backdoor on compromised ecommerce servers that intercepts and exfiltrates sensitive customer information, including credit card details.

The malicious agent, dubbed linux_avp is written in Golang, and was discovered by researchers at Sansec, who were approached by an affected merchant who couldn’t seem to get rid of malware from his store. Once deployed will take commands from china C2C.

The discovery of the malware across ecommerce stores all around the world comes mere days before the Black Friday shopping extravaganza. The attackers first run automated tests to probe ecommerce websites against dozens of known vulnerabilities. As soon as one is found, it installs a backdoor and uploads the linux_avp server agent.

The linux_avp agent injects fake payment forms on checkout pages displayed to customers of the compromised stores. Further analysis reveals that the fake payment form written in PHP is designed to steal and…

View original post 65 more words

Teen accused of North America’s biggest-ever single-person crypto heist — RT World News

https://www.rt.com/news/540726-teen-accused-canada-cryptocurrency-theft/

A Canadian teenager has been arrested after allegedly stealing $36.5 million in cryptocurrency from a person in the US. The police
claim it was the largest such heist involving one victim ever registered in North America.
Police in the city of
Hamilton, Ontario, arrested the unidentified perpetrator on Wednesday,
after over a year investigating what they have described as the
biggest-ever cryptocurrency theft from a single person in either the US
or Canada. Local police began a joint investigation with the Federal
Bureau of Investigation and the US Secret Service Electronic Crimes Task
Force in March 2020, when the theft was reported.

The Hamilton Police Service said it had made “multiple”
seizures in excess of CA$7 million (US$5.5 million) during the arrest,
which came after investigators noticed some of the stolen money had been
used to buy an online username considered “rare” in the gaming community, according to a police statement.

The
victim was apparently targeted by a cell phone hijack known as SIM
swapping. This method involves manipulating cellular network employees
to duplicate phone numbers in order to let the scammer intercept the
two-factor authorization requests that allow them access to a victim’s
account.

This method is considered especially potent because a lot
of people use the same password for multiple sites, according to
Detective Constable Kenneth Kirkpatrick, of the Hamilton Police’s
cybercrimes unit. He added that cyber and cryptocurrency crimes were
becoming increasingly common, but noted that the figures involved in
this case were “very surprising.”

“It’s a large amount of money in anybody’s opinion,” Kirkpatrick said, adding that the case was currently in the Hamilton court system.

The police haven’t revealed the age or gender of the youth, the username they purchased, or whether they were acting alone.

Pegasus-style spyware found on thousands of smartphones — RT World News

https://www.rt.com/news/540024-pegasus-spyware-android-apps/

Cybersecurity researchers have found spyware, similar to the
notorious ‘Pegasus’ malware peddled by Israeli company NSO Group, on
thousands of South Korean smartphones. The software is disguised as
innocent yoga and photo apps.
Used by governments
worldwide to spy on rival politicians, foreign powers, journalists,
lawyers, and business figures, NSO Group’s Pegasus malware has gotten
significant media attention since its existence was revealed earlier
this year by activists. While the Israeli firm has found itself maligned
by the press and blacklisted
by Washington, similar snooping software is reportedly still active and
going unnoticed, as highlighted in a report published on Wednesday by
cybersecurity company Zimperium.

The article examines the PhoneSpy software, which is aimed at South Korean Android users. According to Zimperium, “PhoneSpy
hides in plain sight, disguising itself as a regular application with
purposes ranging from learning Yoga to watching TV and videos, or
browsing photos.” These apps aren’t found on the Android app store,
meaning users had to download them directly, likely by clicking
malicious links or through “social engineering.”

Once
installed, PhoneSpy gives snoops access to virtually every function of
the target’s smartphone. Cameras and microphones can be remotely
activated, call logs and messages retrieved, GPS coordinates tracked,
and web traffic monitored.

Zimperium’s report did not identify who was actually using PhoneSpy to surveil targeted phones, but it said that “thousands of South Korean victims have fallen prey to the spyware campaign.” As the fake apps were all South Korean, the spying operation is believed to be limited to that country.

PhoneSpy
is one of several Pegasus-like programs currently suspected of being in
operation. When the US added NSO Group to its trade blacklist earlier
this month, it also added Russian firm Positive Technologies and
Singapore’s Computer Security Initiative Consultancy, claiming that both
trafficked in “cyber tools” used to gain “unauthorized access to computer systems.”

Daily SA: China using 5G to spy on Americans – Nwo Report

Comment by tonytran2015: Australia was the first to ban Huawei and alerted her allies. The action angered China tremendously and triggered the “punishment” against Australia.

https://nworeport.me/2021/11/04/daily-sa-china-using-5g-to-spy-on-americans/

NSA: The National Security Agency and U.S. Cybersecurity Infrastructure and Security Agency (CISA) jointly warned that hackers, without naming China, could target American 5G networks through existing security gaps. In part, the warning encouraged 5G providers to take recommended steps to close security holes, focusing on preventing lateral movement for hackers who have gained access to 5G cloud servers. (Analyst Comment: Earlier this year, we reported from the annual Blackhat hacking convention, where security researchers stressed that criminal and state-backed hacking groups had adopted new tactics, including targeting upstream networks to gain wider access to downstream targets. You can read our full report in the 09 August 2021 issue of Early Warning. Attacks against critical infrastructure are increasing, and conditions are likely to worsen. Readers should continue preparing for disruptions to the supply chain, oil and gas, and the information and communications environment – M.S.)

US lawmakers play with the idea of social media ID verification, following proposals from other countries – Nwo Report

https://nworeport.me/2021/10/29/us-lawmakers-play-with-the-idea-of-social-media-id-verification-following-proposals-from-other-countries/

A draft discussion bill hints at future proposals.

Source: Tom Parker

Anonymity is often vital for those who want to speak truth to power and expose government wrongdoing. We only need to look to the US government’s treatment of National Security Agency (NSA) whistleblower Edward Snowden and Wikileaks founder Julian Assange to see how far governments will go to target those that don’t have the shield of anonymity when they reveal information that governments want to hide.

And in 2021 governments have renewed their efforts to end online anonymity by proposing and introducing new laws that force users to hand over their identity documents (IDs) to use social media and by framing online anonymity as something that needs to be eradicated.

While most of these government efforts to end online anonymity have been widely covered in the media, America’s recent proposals have managed to stay out of the spotlight.

But despite flying under the radar, these proposals do exist in a discussion draft that was introduced by Congressman John Curtis in May.

The discussion draft aims to “require a provider of a social media service to verify the identity of users of the service, and for other purposes” and prevent anyone from creating a social media account without verifying their identity.

Not only does this discussion draft intend to make ID verification mandatory for anyone who wants to create a social media account but it also wants to force social media companies to report users to the Federal Trade Commission (FTC) whenever they suspect users have submitted fake IDs. Additionally, it contains a requirement for the FTC to submit these reports to the United States (US) Department of Justice (DOJ).

Social media companies that fail to comply with the terms outlined in this discussion draft will be targeted under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)) which allows the FTC to define “unfair or deceptive acts or practices,” impose additional requirements on companies to prevent these acts or practices, and introduce “significant civil penalties for rulebreakers.”

While the discussion draft does include an exception for social media providers that have annual revenues of less than $1 billion for three consecutive years, the large social media platforms where the vast majority of the more than three billion total social media users are registered will be forced to verify the real identity of their users under the discussion draft’s current requirements.

Alternative social media platforms will only be shielded from this requirement if their revenues stay below the annual $1 billion threshold and if the discussion draft becomes law, this limit could be encroached upon and lowered, as has happened many times before with other laws.

We obtained a copy of this social media ID discussion draft for you here.

This discussion draft is the latest of many attempts by local and federal US governments to erase online anonymity by forcing online service providers to verify the identity of their users. Some of the most notable attempts include:

The Communications Decency Act (CDA) (1996) which was signed into law on February 8, 1996 and prohibited the “the knowing transmission of obscene or indecent messages” to minors but allowed online service providers to protect themselves from prosecution by implementing age verification measures. The provisions related to age verification were ultimately struck down after the Supreme Court declared them an unconstitutional violation of the First Amendment.

The Child Online Protection Act (COPA) (1998) which was signed into law on October 21, 1998 and required website operators and content providers to prove that they had restricted children’s access to “harmful” content by requiring the use of a credit card, a debit card account, an “adult access code,” an “adult personal identification number, a “digital certificate that verifies age,” or “any other reasonable measures that are feasible under available technology.” However, it was blocked from taking effect by multiple courts which declared it unconstitutional on First Amendment groups. After more than a decade of ongoing legal challenges, the Supreme Court killed the law by refusing to hear further appeals.

The Children’s Online Privacy Protection Act (COPPA) (1998) which was signed into law on October 21, 1998 and requires websites and online service providers to obtain “verifiable parental consent” if they’re “directed to children under 13” or they have “actual knowledge” that they collect personal information from children under 13.

Louisiana’s Online Age Verification Law (2015) which required publishers of material that’s deemed to be “harmful to minors on the Internet” to age-verify every internet user before providing access to the material. The law was permanently blocked by a federal judge in 2016 for violating the First Amendment.

While this discussion draft is likely to ultimately fail for First Amendment violations, many other countries that don’t have these same First Amendment protections are pushing similar proposals that would end online anonymity.

UK lawmakers recently bolstered their calls for a social media ID system in the wake of the murder of Member of Parliament (MP) David Amess, despite it being unknown whether the murder suspect had previously targeted Amess on social media.

In Australia, the federal government recently released an exposure draft for an Online Privacy Bill that would require citizens to verify their age by submitting official ID in order to create social media accounts, days after Australian Prime Minister Scott Morrison called for social media platforms to be held responsible for anonymous users.

And in Canada, the proposed Senate Bill S-203, the “Protecting Young Persons from Exposure to Pornography Act,” would essentially mandate age-verification for all sites that host user-generated content by making these criminally liable whenever an underage user engages with sexual content on their service unless they implement “a prescribed age-verification method.”

If these governments succeed with their push to end online anonymity, protest and dissent are likely to be one of the first things they attempt to crush. Australia’s authoritarian response to citizens who protest or oppose the government’s COVID response shows just how far governments will go to target those who dissent on social media. And if social media accounts were forcibly linked to real ID, it would be even easier for governments to use these tactics against their critics.

In fact, Lin Junyue, one of the early theoretical designers of China’s all-encompassing social credit system which links real IDs to a wide range of online data, has actually touted the ease with which it allows governments to crush dissent as one of its main benefits.

“If you had the social credit system, there never would have been the yellow vests,” Lin Junyue said in an interview with European public service channel ARTE. “We would have detected that before they acted. One could have foreseen…these events would not have happened. It is one of the great advantages, the social credit system.”

Not only do these proposals to end online anonymity threaten citizens’ rights to protest and criticize the government but by forcing social media platforms to collect real IDs, they also create a huge privacy risk. Numerous vaccine passport systems which impose similar ID collection requirements have already exposed the personal data and IDs of millions of people. Forcing social media companies to collect real IDs would create an even larger honeypot that could be leaked or breached.

Even more concerning is that these attacks on online anonymity serve as a gateway to a dystopian digital ID system that would give governments even more control of people’s digital activities. COVID passports are already paving the way for such a system in the physical world by making access to certain premises and events contingent on showing a vaccine passport. Forcing users to associate their social media accounts with real ID would make it easy for governments to expand this control to the digital realm and dictate which websites and online services people are allowed to use.

Although the First Amendment will likely shield US citizens from this government encroachment, for now, the persistent push to end online anonymity shows that many Western lawmakers are more than happy to ignore these significant privacy and civil liberties concerns so that they can more easily control and monitor their citizen’s digital lives.