aggregator

Senators Introduce Bipartisan 'Unplug Internet Kill Switch Act of 2020,' Preventing a President From Denying Access To the Internet

Slashdot - Your Rights Online - Śr, 2020-09-23 23:23
Yesterday, U.S. Senators Rand Paul (R-KY), Ron Wyden (D-OR), and Gary Peters (D-MI) introduced the bipartisan ''Unplug the Internet Kill Switch Act of 2020'' (S. 4646), which would help protect Americans' First and Fourth Amendment rights by preventing a president from using emergency powers to unilaterally take control over or deny access to the internet and other telecommunications capabilities. Slashdot reader SonicSpike shares an excerpt from the announcement: In a World War II-era amendment to Section 706 of the Communications Act of 1934, Congress gave the Executive sweeping authority to put under direct government control or even shut down "any facility or station for wire communication" should a president "[deem] it necessary in the interest of the national security and defense" following a proclamation "that there exists a state or threat of war involving the United States." Cause for alarm over such power has only increased across the decades with the technological revolution, which has included email, text messages, and the internet, as well as the expansion of television, radio, and telephone networks. The Unplug the Internet Kill Switch Act would amend Section 706 to strip out this "Internet Kill Switch" and help shut the door to broader government surveillance or outright control of our communications channels and some of Americans' most sensitive information. The legislation would also reassert a stronger balance of power during a national emergency between the Executive Branch and the people's representatives in Congress. You can read the "Unplug the Internet Kill Switch Act of 2020" here (PDF).

Read more of this story at Slashdot.

Dark Web Drugs Raid Leads To 179 Arrests

Slashdot - Your Rights Online - Śr, 2020-09-23 04:02
Police forces around the world have seized more than $6.5 million in cash and virtual currencies, as well as drugs and guns in a co-ordinated raid on dark web marketplaces. The BBC reports: Some 179 people were arrested across Europe and the U.S., and 500kg (1,102lb) of drugs and 64 guns confiscated. It ends the "golden age" of these underground marketplaces, Europol said. "The hidden internet is no longer hidden", said Edvardas Sileris, head of Europol's cyber-crime centre. The operation, known as DisrupTor, was a joint effort between the Department of Justice and Europol. It is believed that the criminals engaged in tens of thousands of sales of illicit goods and services across the U.S. and Europe. Drugs seized including fentanyl, oxycodone, methamphetamine, heroin, cocaine, ecstasy and MDMA. Of those arrested 119 were based in the U.S., two in Canada, 42 in Germany, eight in the Netherlands, four in the UK, three in Austria and one in Sweden.

Read more of this story at Slashdot.

Russia Wants To Ban the Use of Secure Protocols Such As TLS 1.3, DoH, DoT, ESNI

Slashdot - Your Rights Online - Wt, 2020-09-22 17:30
An anonymous reader writes: The Russian government is working on updating its technology laws so it can ban the use of modern internet protocols that can hinder its surveillance and censorship capabilities. According to a copy of the proposed law amendments and an explanatory note, the ban targets internet protocols and technologies such as TLS 1.3, DoH, DoT, and ESNI. Moscow officials aren't looking to ban HTTPS and encrypted communications as a whole, as these are essential to modern-day financial transactions, communications, military, and critical infrastructure. Instead, the government wants to ban the use of internet protocols that hide "the name (identifier) of a web page" inside HTTPS traffic.

Read more of this story at Slashdot.

Boeing Whistle-Blower Says Proposed 737 Max Fixes Aren't Enough

Slashdot - Your Rights Online - Wt, 2020-09-22 15:00
An anonymous reader quotes a report from Bloomberg: A whistle-blower at Boeing Co. is urging aviation regulators to add additional protections to the grounded 737 Max. Curtis Ewbank, who has previously raised concerns about the plane's design with congressional investigators, said in comments filed with the Federal Aviation Administration that a proposal to mandate fixes to the jet didn't address multiple hazards identified in the two fatal Max accidents and earlier incidents involving the 737. "Clearly more actions are required to revise FAA processes so that it accurately assesses airplane design and regulates in the public interest," Ewbank said in the comments, posted on the Regulations.gov website. The FAA has proposed multiple changes to the plane following the crashes that killed 346 people before allowing it to carry passengers again. The system that was driving the jet's nose down in both accidents would no longer activate repeatedly and various steps were taken to minimize the chances it would malfunction. The agency is also proposing to require multiple other revisions to the plane, such as an improved flight-computer system to improve its redundancy. Ewbank said the FAA and Boeing should do more to prohibit faulty readings from the sensor implicated in both crashes and improve the plane's warning systems. In addition, the agency should do a broader review of how pilots react to emergencies and do a more thorough redesign of the flight-control system, he said.

Read more of this story at Slashdot.

Feds Issue Emergency Order For Agencies To Patch Critical Windows Flaw

Slashdot - Your Rights Online - Wt, 2020-09-22 12:00
The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions. Ars Technica reports: Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday. The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers to create working attacks. Officials with the Cybersecurity and Infrastructure Security Agency, which belongs to the DHS, issued an emergency directive on Friday that warned of the potentially severe consequences for organizations that don't patch. [The agency's statement can be found in the article.] CISA, which has authorization to issue emergency directives intended to mitigate known or suspected security threats, is giving organizations until 11:59pm EDT on Monday to either install a Microsoft patch or disconnect the vulnerable domain controller from the organization network. No later than 11:59pm EDT on Wednesday, agencies are to submit a completion report attesting the update has been applied to all affected servers or provide assurance that newly provisioned or previously disconnected servers will be patched.

Read more of this story at Slashdot.

Proposal Would Give EU Power To Boot Tech Giants Out of European Market

Slashdot - Your Rights Online - Wt, 2020-09-22 05:30
An anonymous reader quotes a report from Ars Technica: The EU wants to arm itself with new powers to take on big technology companies, including the ability to force them to break up or sell some of their European operations if their market dominance is deemed to threaten the interests of customers and smaller rivals. EU Commissioner Thierry Breton told the Financial Times that the proposed remedies, which he said would only be used in extreme circumstances, also include the ability to exclude large tech groups from the single market altogether. In addition, Brussels is considering a rating system that would allow the public and stakeholders to assess companies' behavior in areas such as tax compliance and the speed with which they take down illegal content. "There is a feeling from end users of these platforms that they are too big to care," said Mr. Breton, who is leading the overhaul of digital rules in the bloc. "[Under] certain conditions we may also have the power to impose structural separation." The new EU legislation would increase Brussels' powers to scrutinize the way technology companies gather information on users, following concerns raised by independent researchers that the voluntary disclosures groups make are often misleading or partial. Mr. Breton confirmed that the EU would not remove the limited liability that companies have for the content published on their platforms. "The safe harbor of the liability exemption will stay," he said. "That's something that's accepted by everyone." Mr. Breton said draft legislation will be ready by the end of the year. Proposals are being finalized, and once they are agreed they will go through the European Parliament and the European Council.

Read more of this story at Slashdot.

Trump Pushes To Reap Biometric Data From Immigrants, Americans

Slashdot - Your Rights Online - Wt, 2020-09-22 04:05
Six million would-be U.S. immigrants face expanded collection of their biometric data, including iris scans, palm-, and voice-prints, facial recognition images, and DNA, under a proposed federal rule. The Department of Homeland Security also for the first time would gather that data from American citizens sponsoring or benefiting from a visa application. Bloomberg Law reports: Years in the making, the biometrics immigration rule has garnered more than 160 comments since its Sept. 11 publication. The 30-day comment period closes on Oct 13. A final version could be in place by Inauguration Day. Immigration and privacy advocates have voiced concerns over who will have to comply with the new requirements, why President Donald Trump is making this push so late in his term, and what it means for a federal agency already claiming a lack of resources. The 300-plus-page plan updates current biometrics requirements so that "any applicant, petitioner, sponsor, beneficiary, or individual filing or associated with an immigration benefit or request, including U.S. citizens, must appear for biometrics collection without regard to age unless the agency waives or exempts the requirement." The DHS estimates an additional 2.17 million new biometrics submissions will be collected annually, an increase from the current 3.9 million, under the rule. The DHS already collects fingerprints from some visa applicants. The new rule would expand that biometrics-gathering to iris images, palm- and voice- prints. The agency wants authority to require or request DNA testing to prove familial relationships where kinship is in question. The DNA data could be stored indefinitely, under the proposed rule. The DHS essentially has until Dec. 20 to review and respond to public comments and draft a final proposal, said Doug Rand, who worked on technology and immigration policy in the Obama White House and then joined the Federation of American Scientists. "They're really running out of time. And the fact that you'd put out a final regulation on such a far-ranging new policy that touches the lives of millions of people, you're opening up to huge legal vulnerability because any plaintiff can point to the comment period of only 30 days."

Read more of this story at Slashdot.

With New Security and Free Internet Issues, What Did the TikTok Deal Really Achieve?

Slashdot - Your Rights Online - Pn, 2020-09-21 04:19
Though the U.S. government averted a shutdown of TikTok through a new Oracle/Walmart partnership, that leaves much bigger questions unresolved. The biggest issue may be that banning apps "defeats the original intent of the internet," argues the New York TImes. "And that was to create a global communications network, unrestrained by national borders." "The vision for a single, interconnected network around the globe is long gone," Jason Healey, a senior research scholar at Columbia University's School for International and Public Affairs and an expert on cyber conflict. "All we can do now is try to steer toward optimal fragmentation." But the Times also asks whether the TikTok agreement fails even at its original goal of protecting the app from foreign influence: The code and algorithms are the magic sauce that Beijing now says, citing its own national security concerns, may not be exported to to a foreign adversary... Microsoft's bid went further: It would have owned the source code and algorithms from the first day of the acquisition, and over the course of a year moved their development entirely to the United States, with engineers vetted for "insider threats." So far, at least, Oracle has not declared how it would handle that issue. Nor did President Trump in his announcement of the deal. Until they do, it will be impossible to know if Mr. Trump has achieved his objective: preventing Chinese engineers, perhaps under the influence of the state, from manipulating the code in ways that could censor, or manipulate, what American users see. Other questions also remain, including America's larger policy towards other apps like Telegram made by foreign countries. Even Amy Zegart, a senior fellow at the Hoover Institution and Stanford's Freeman-Spogli Institute, complains to the Times that "bashing TikTok is not a China strategy. China has a multi-prong strategy to win the tech race. It invests in American technology, steals intellectual property and now develops its own technology that is coming into the U.S... And yet we think we can counter this by banning an app. The forest is on fire, and we are spraying a garden hose on a bush." And another article in the Times argues that the TikTok agreement doesn't even eliminate Chinese ownership of the app: Under the initial terms, ByteDance still controls 80 percent of TikTok Global, two people with knowledge of the situation have said, though details may change. ByteDance's chief executive, Zhang Yiming, will also be on the company's board of directors, said a third person. And the government did not provide specifics about how the deal would answer its security concerns about TikTok... A news release published by Walmart on Saturday on its website — then edited later — captured the chaos. "This unique technology eliminates the risk of foreign governments spying on American users or trying to influence them with disinformation," the company said. "Ekejechb ecehggedkrrnikldebgtkjkddhfdenbhbkuk."

Read more of this story at Slashdot.

Browser Extension uMatrix Ends Active Development

Slashdot - Your Rights Online - N, 2020-09-20 23:40
Slashdot reader Hmmmmmm quotes Ghacks: Raymond Hill, known online as gorhill, has set the status of the uMatrix GitHub repository to archived; this means that it is read-only at the time and that no updates will become available. The uMatrix extension is available for several browsers including Firefox, Google Chrome, and most Firefox and Chromium-based browsers. It is a privacy and security extensions for advanced users that provides firewall-like capabilities when it is installed... Hill suggests that developers could fork the extension to continue development under a new name. There is also the chance that Hill might resume development in the future but there is no guarantee that this is going to happen. For now, uMatrix is no longer in active development.

Read more of this story at Slashdot.

US Judge Blocks Attempt to Ban WeChat

Slashdot - Your Rights Online - N, 2020-09-20 19:34
"The popular Chinese messaging and payments app WeChat looks like it might still be available in the U.S. beyond Sunday night, after all," reports the Street: U.S. Magistrate Judge Laurel Beeler of San Francisco stopped the Trump administration from forcing Apple and Alphabet to take the Tencent Holdings' messaging app offline for downloading by late Sunday, according to a report from Reuters. The decision — which also blocks other restrictions imposed by the U.S. government on the app — follows the U.S. Commerce Department's move on Friday to virtually eliminate access to the application and impair its ability to function, in part by prohibiting companies from distributing or maintaining it and blocking financial transactions over the app in the U.S... The order also stated that the Commerce Department's orders "burden substantially more speech than is necessary to serve the government's significant interest in national security, especially given the lack of substitute channels for communication."

Read more of this story at Slashdot.

Chinese Intelligence Compiles 'Vast Database' About Millions Around the World

Slashdot - Your Rights Online - N, 2020-09-20 18:34
Australia's national public broadcaster ABC reports: A Chinese company with links to Beijing's military and intelligence networks has been amassing a vast database of detailed personal information on thousands of Australians, including prominent and influential figures. A database of 2.4 million people, including more than 35,000 Australians, has been leaked from the Shenzhen company Zhenhua Data which is believed to be used by China's intelligence service, the Ministry of State Security. Zhenhua has the People's Liberation Army and the Chinese Communist Party among its main clients. Information collected includes dates of birth, addresses, marital status, along with photographs, political associations, relatives and social media IDs. It collates Twitter, Facebook, LinkedIn, Instagram and even TikTok accounts, as well as news stories, criminal records and corporate misdemeanours. While much of the information has been "scraped," some profiles have information which appears to have been sourced from confidential bank records, job applications and psychological profiles. The company is believed to have sourced some of its information from the so-called "dark web". One intelligence analyst said the database was "Cambridge Analytica on steroids", referring to the trove of personal information sourced from Facebook profiles in the lead up to the 2016 US election campaign. But this data dump goes much further, suggesting a complex global operation using artificial intelligence to trawl publicly available data to create intricate profiles of individuals and organisations, potentially probing for compromise opportunities. Zhenhua Data's chief executive Wang Xuefeng, a former IBM employee, has used Chinese social media app WeChat to endorse waging "hybrid warfare" through manipulation of public opinion and "psychological warfare".... The database was leaked to a US academic, who worked with Canberra cyber security company Internet 2.0 and "was able to restore 10 per cent of the 2.4 million records for individuals... "Of the 250,000 records recovered, there are 52,000 on Americans, 35,000 Australians, 10,000 Indian, 9,700 British, 5,000 Canadians, 2,100 Indonesians, 1,400 Malaysia and 138 from Papua New Guinea."

Read more of this story at Slashdot.

Is Momentum Growing for Universal Basic Incomes?

Slashdot - Your Rights Online - N, 2020-09-20 17:34
"A successful basic-income trial in Stockton, California, has inspired a chain of similar pilots in other cities," reports Business Insider: The city council of Saint Paul, Minnesota, voted to approve funding for a pilot there on Wednesday. The program is set to begin this fall and will give up to 150 low-income families $500 per month for up to 18 months — no strings attached... "I think there's a budding realization that not only is this a good thing for us to try, but that we may not have any other option," St. Paul mayor Melvin Carter said on a Wednesday press call... "We're obviously seeing an unprecedented crisis in our communities across our country," Carter said. "We're coming to a recognition that we don't have a funding problem. We have a priorities problem." Twitter CEO Jack Dorsey announced he was donating $3 million to a coalition of "Mayors for a Guaranteed Income." The group currently has 25 mayors -- two who are already overseeing pilot programs in their own cities -- while Chicago, Newark, and Atlanta "have created task forces to help design their programs," and the mayor of Pittsburgh would like to launch one of their own by the end of the year. In another article, Business Insider created a map showing the locations of 48 basic income programs that have happened around the world (based on data from the Stanford Basic Income Lab). But they also provide this summary of their current state: So is basic income the real deal or a pipe dream? The results are still unclear. Some, like the initial pilots for Uganda's Eight program, were found to result in significant multipliers on economic activity and well-being. Other programs, however, returned mixed results that made further experimentation difficult. Finland's highly-touted pilot program decreased stress levels of recipients across the board, but didn't positively impact work activity. The biggest difficulty has been in keeping programs going and securing funding. Ontario's three-year projects were prematurely cancelled in 2018 before they could be completed and assessed, and the next stages of Finland's program are in limbo. Likewise in the U.S., start-up incubator Y Combinator has been planning a $60M basic income study program, but can't proceed until funding is secured.

Read more of this story at Slashdot.

Last-Minute TikTok Deal Averts Shutdown

Slashdot - Your Rights Online - N, 2020-09-20 06:30
"President Donald Trump said Saturday he's given his 'blessing' to a proposed deal that would see the popular video-sharing app TikTok partner with Oracle and Walmart and form a U.S. company," reports CBS News: Mr. Trump has targeted Chinese-owned TikTok for national security and data privacy concerns in the latest flashpoint in the rising tensions between Washington and Beijing. The president's support for a deal comes just a day after the Commerce Department announced restrictions that if put in place could eventually make it nearly impossible for TikTok's legions of younger fans to use the app. Mr. Trump said if completed the deal would create a new company likely to be based in Texas... TikTok said Oracle and Walmart could acquire up to a cumulative 20% stake in the new company in a financing round to be held before an initial public offering of stock, which Walmart said could happen within the next year. Oracle's stake would be 12.5%, and Walmart's would be 7.5%, the companies said in separate statements. The deal will make Oracle responsible for hosting all TikTok's U.S. user data and securing computer systems to ensure U.S. national security requirements are satisfied. Walmart said it will provide its ecommerce, fulfillment, payments and other services to the new company. "We are pleased that the proposal by TikTok, Oracle, and Walmart will resolve the security concerns of the U.S. administration and settle questions around TikTok's future in the U.S.," TikTok said in a statement. "According to a source close to the matter, ByteDance would keep the rest of the shares," reports a public TV station in Australia. "But since the Chinese company is 40 per cent owned by American investors, TikTok would eventually be majority American-owned." Today America's Treasury Department told CBS that the deal still needs to close with Oracle and Walmart, and those documents and conditions then need to be approved by government regulatory. But because of today's announcement, "the department said Saturday that it will delay the barring of TikTok from U.S. app stores until Sept. 27 at 11:59 p.m."

Read more of this story at Slashdot.

US Spy Plane Impersonates A Malaysian Aircraft

Slashdot - Your Rights Online - So, 2020-09-19 19:34
Popular Mechanics reports: A U.S. Air Force aircraft electronically impersonated a Malaysian plane while flying over the South China Sea this week. The RC-135W Rivet Joint reconnaissance aircraft flew off China's Hainan island on Tuesday, coming within 55 miles of the Chinese mainland. The caper was outed on Twitter by a think tank operated by the Chinese government, which provided enough details for independent verification. The plane's International Civil Aviation Organization (ICAO) Mode-S number, a 24-bit identifier assigned to all aircraft and broadcast by onboard transponder, was AE01CE. The Mode S system provides big-picture situational awareness and improves aviation safety. At some point, the plane's Mode-S number suddenly changed, from AE01CE to 750548. That's the ICAO number for an unknown Malaysian aircraft... The RC-135W Rivet Joint is a converted Boeing 707 jetliner designed to collect electronic intelligence for later analysis... It's not clear why the RC-135W flew where it did. The flight probably coincided with Chinese military exercises, likely air or naval, or even a missile test. It's also worth pointing out that China's nuclear ballistic missile submarine force is based at Yulin on Hainan Island. It's also not clear why the RC-135W engaged in the deception. Steffan Watkins, a Canadian open source intelligence researcher, tells Popular Mechanics. "If the reconnaissance is happening outside sovereign airspace, there is no pressing need to engage in that sort of deception. It's perfectly legal, and done in plain sight off the coast of Russia, Syria, and Crimea all the time — literally, every day there are RC-135s off the coast of Russia, with their transponders on, and broadcasting exactly who they are. I can't explain the difference with China. Why the difference in emissions posture and obfuscation....?" The announcement is likely a warning to the Pentagon that the Chinese military sees through the deception, and that it's watching the watchers.

Read more of this story at Slashdot.

At Least 10 Amazon Employees Took Bribes from Sellers, Indictment Alleges

Slashdot - Your Rights Online - So, 2020-09-19 16:34
CBS News reports: Six people allegedly conspired to bribe Amazon employees and contractors in order to gain a competitive advantage on the retailer's marketplace, federal prosecutors announced Friday. According to the U.S. Department of Justice, those charged posed as consultants and worked with third-party sellers whose products had previously been removed from Amazon Marketplace get the items back on the platform. The six then paid a total of more than $100,000 in bribes to least 10 Amazon employees in exchange for their restoring the banned products or services, the indictment alleges. The products included household goods, consumer electronics and dietary supplements, prosecutors said. "The ultimate victim from this criminal conduct is the buying public, who get inferior or even dangerous goods that should have been removed from the marketplace," U.S. Attorney Brian Moran said in a statement. "As the world moves increasingly to online commerce, we must ensure that the marketplace is not corrupted with unfair advantages obtained by bribes and kickbacks...." The six accused face up to five years in prison for commercial bribery and up to 20 years for wire fraud. One of the six actually worked for Amazon at the beginning of the scheme, according to the article, which notes that their tactics included temporarily suspending the accounts of competitors. One FBI agent in Seattle tells CBS, "What's equally concerning is that, not only did they attempt to increase sales of their own products, but they sought to damage and discredit their competitors."

Read more of this story at Slashdot.

Iranian Hackers Found Way Into Encrypted Apps, Researchers Say

Slashdot - Your Rights Online - So, 2020-09-19 05:30
An anonymous reader quotes a report from The New York Times: Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems -- a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic minorities and antigovernment activists abroad, but can also be used to spy on the general public inside Iran, said the reports byCheck Point Software Technologies, a cybersecurity technology firm, andthe Miaan Group, a human rights organization that focuses on digital security in the Middle East. The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said. [...] According to the report by Check Point's intelligence unit, the cyberespionage operation was set up in 2014, and its full range of capabilities went undetected for six years. Miaan traced the first the operation to February 2018 from a malicious email targeting a Sufi religious group in Iran after a violent confrontation between its members and Iranian security forces. It traced the malware used in that attack and further attacks in June 2020 to a private technology firm in Iran's northeast city of Mashhad named Andromedaa. Miaan researchers determined that Andromedaa had a pattern of attacking activists, ethnic minority groups and separatist opposition groups but also had developed phishing and malware tools that could target the general public. The hackers appeared to have a clear goal: stealing information about Iranian opposition groups in Europe and the United States and spying on Iranians who often use mobile applications to plan protests, according to the Miaan report. [...] According to Check Point, the hackers use a variety of infiltration techniques, including phishing, but the most widespread method is sending what appear to be tempting documents and applications to carefully selected targets. [...] The spyware enabled the attackers to gain access to almost any file, log clipboard data, take screenshots and steal information. According to Miaan, one application empowered hackers to download data stored on WhatsApp. In addition, the attackers discovered a weakness in the installation protocols of several encrypted applications including Telegram, which had always been deemed relatively secure, enabling them to steal the apps' installation files. These files, in turn, allow the attackers to make full use of the victims' Telegram accounts. "Although the attackers cannot decipher the encrypted communications of Telegram, their strategy makes it unnecessary," the report adds. "Rather, they use the stolen installation files to create Telegram logins to activate the app in the victims' names on another device. This enables the attackers to secretly monitor all Telegram activity of the victims."

Read more of this story at Slashdot.

Facebook Accused of Watching Instagram Users Through Cameras

Slashdot - Your Rights Online - So, 2020-09-19 03:20
Facebook is again being sued for allegedly spying on Instagram users, this time through the unauthorized use of their mobile phone cameras. Bloomberg reports: The lawsuit springs from media reports in July that the photo-sharing app appeared to be accessing iPhone cameras even when they weren't actively being used. Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras. In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app's use of the camera is intentional and done for the purpose of collecting "lucrative and valuable data on its users that it would not otherwise have access to." By "obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes," Instagram and Facebook are able to collect "valuable insights and market research," according to the complaint.

Read more of this story at Slashdot.

Tesla Wins Lawsuit Against Whistleblower Accused of Hacks

Slashdot - Your Rights Online - So, 2020-09-19 00:20
An anonymous reader writes: The US District Court of Nevada awarded Tesla a win in its lawsuit against a former employee, filed two years ago. You may recall CEO Elon Musk referred to this incident in a previously leaked email calling on employees to be "extremely vigilant." Martin Tripp, who worked at the company's Nevada Gigafactory, was accused of hacking the automaker and supplying sensitive information to unnamed third parties. Reuters reported Friday the court ruled in Tesla's favor and dismissed Tripp's motion to file another reply to the court. Tesla did not immediately respond to a request for comment, but according to Reuters, the court will grant Tesla's motion to seal the case. Tripp originally entered the spotlight two years ago after seeking whistleblower protections and accusing Tesla of "some really scary things." He told The Washington Post he was the individual who provided information to the media and accused Tesla of building Model 3 sedans with punctured batteries. Tesla, in turn, accused Tripp of making false claims to the media. Tripp also denied any allegations he hacked Tesla, saying, "I don't have the patience for coding." The automaker previously named Tripp as a disgruntled employee angry after not receiving a promotion and accused him of aiding the theft of confidential photos and videos documenting Tesla's manufacturing process.

Read more of this story at Slashdot.

CEO of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges

Slashdot - Your Rights Online - Pt, 2020-09-18 22:20
An anonymous reader quotes a report from Forbes: The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. "Adam Rogas was the proverbial fox guarding the henhouse," acting Manhattan U.S. Attorney Audrey Strauss said in a press statement. "While raising over $100 million from investors for his fraud prevention company, Rogas himself allegedly was engaging in a brazen fraud." NS8 launched in 2016 to provide online fraud detection and prevention software for small businesses. More than 200 NS8 employees were laid off last week after executives told them the company was under investigation by the SEC for fraud. The news was startling for many, considering the company had announced a $123 million Series A funding round in June, led by global VC firm Lightspeed Venture Partners. In a statement, NS8 said that its board "has learned that much of the company's revenue and customer information had been fabricated by Mr. Rogas." The company added that no other employees or stakeholders had been charged and that it is cooperating with federal investigators. In its complaint, filed in the Southern District of New York, the Justice Department alleged that from January 2019 to February 2020, between 40% and 95% of NS8's assets were made up. During that period, the agency alleged, Rogas presented doctored bank statements to reflect over $40 million in fictitious revenue. Charges by the Justice Department carry penalties up to 20 years in prison. Rogas is expected to face a judge in Nevada on Friday.

Read more of this story at Slashdot.

Encrochat Investigation Finds Corrupt Cops Leaking Information To Criminals

Slashdot - Your Rights Online - Pt, 2020-09-18 05:30
An anonymous reader quotes a report from Motherboard: After searching through some of the tens of millions of encrypted messages pulled from Encrochat devices, Dutch police have launched a new investigation team that will look specifically into corruption, the police force announced on Wednesday. In some cases authorities are looking to identify police who leaked information to organized criminals. The news broadens the scope of the Encrochat investigations, which have focused heavily on drug trafficking and organized crime more generally. Earlier this year, French authorities hacked into Encrochat phones en masse to retrieve message content, and then shared those communications with various other law enforcement agencies. "Criminal investigations into possible corruption are currently underway and there are likely to be more in the near future. In addition to investigations into drug trafficking and money laundering, investigations into corruption are also given top priority," Chief of Police Henk van Essen said in a Politie press release. Encrochat was an encrypted phone company that took base Android units, made physical alterations to them, and added its own software. Encrochat devices sent messages with end-to-end encryption, meaning only the intended recipient was supposed to be able to read them. The phones also had a remote wipe feature, letting users destroy communications if they lost physical control of the device, as well as a dual-boot system that let users open an innocuous looking operating system, or the second one containing their more sensitive information. The phones were particularly popular with criminals, including drug traffickers and hitmen. There are indications Encrochat may have had legitimate users too, however. Other Encrochat customers are allegedly those involved in corruption, including police themselves, the press release suggests.

Read more of this story at Slashdot.