This week, before Twitter’s chief security officer, Peiter “Mudge” Zatko, has filed a lawsuit against the company. The allegations, which Twitter countered, allege that the social media company had numerous security flaws that it did not take seriously. Zatko accused Twitter of putting an Indian government employee on its payroll and failing to patch the company’s servers and laptops. Among the claims, however, one stands out: the suggestion that Twitter engineers can access the software directly and have virtually unrestricted access to its systems..
In a victory over student privacy across the United States, an Ohio judge ruled that unconstitutional to sweep students’ homes while they are doing remote tests. We also detail Vulnerabilities are threatening American democracy— The lack of federal privacy protections means that mass surveillance systems can be used against citizens in new ways.
Elsewhere, as Russia’s full-blown invasion of Ukraine unfolded in six months, military forces increasingly turn to open source data to support their efforts. Police in India are use facial recognition with very low accuracy rate—Technology is widely used in Delhi but can produce many false positives. And we went in-depth (perhaps too deeply) into how four high school students hacked their school’s 500 cameras, across six locations, and thousands of students and teachers were swept away. It was an elaborate graduation prank.
And much more than that. Every week we highlight news that we don’t cover in depth. Click on the title below to read the full story. And it’s safe out there.
Ever since the Russian-backed trolls flooded Facebook and Twitter with disinformation about the 2016 US electionSocial media companies have improved their ability to knock down disinformation networks. Companies regularly take down propaganda accounts linked to authoritarian countries, such as Iran, Russia, and China. But rarely are the West’s misinformation efforts discovered and exposed. This week, Stanford Internet Observatory and social media analytics company Graphika details a five-year operation that promoted pro-Western articles. (The study followed Twitter, Facebook, and Instagram as they deleted a series of accounts from their platforms for “coordinated inauthentic behavior.”)
The propaganda account used memes, fake news websites, online petitions, and various hashtags in an attempt to promote pro-Western views and was involved in both public influence activity and secret. The accounts, some of which appear to use AI-generated profile pictures, target internet users in Russia, China and Iran, among other countries. These accounts “severely criticize” Russia after its full-scale invasion of Ukraine in February, the researchers said, and also “promote the anti-extremism message.” Twitter said the activity it saw likely originated in the US and UK, while Meta said it was the US.
Many of the techniques used by online influence operations appear to mimic those used by Russian-backed accounts during the 2016 election build-up, however, it is likely that Western influence operations were unsuccessful. The majority of posts and tweets we reviewed received no more than a handful of likes or retweets, and only 19% of the crypto assets we identified had more than 1,000 people, the researchers said. follow.
In recent years, Charming Kitten, a hacking group linked to Iran, has been known for “targeted, aggressive phishing campaigns. These phishing attempts aim to collect usernames and passwords of people’s online accounts. This week, Google Threat Analysis Team (TAG) detail a new hacking tool Charming Kitten is using has the ability download everyone’s email inbox. Dubbed Hyperscrape, the tool can steal people’s details from Gmail, Yahoo, and Microsoft Outlook. TAG said in a blog post. The tool can also open new emails, download their contents, and then mark them as unread so as not to raise suspicion. So far, Google says it has seen the tool used against less than two dozen accounts belonging to those based in Iran.
Password management company LastPass said it was hacked. “Two weeks ago, we detected some unusual activity in parts of the LastPass development environment,” the company wrote in a statement. announced this week. LastPass says an “unauthorized party” was able to gain access to its development environment through a compromised developer account. While the hackers (or hackers) were on LastPass’ systems, they obtained some of its source code and “LastPass proprietary technical information,” the company said in its statement. It did not detail which elements of its source code were used, making it difficult to gauge the severity of the violation. However, the company says that customers’ passwords and data have not been accessed — there’s nothing LastPass users need to do to deal with the hack. Even so, the indictment is still likely to cause headaches for LastPass’ technical teams. (This is not the first time LastPass Has Been Targeted By Hackers one in two.)
Communications Director of Cryptocurrency Exchange Binance claims scammers created a deepfake version of him and tricked people into attending business meetings on Zoom calls with his fake. In one blog post on the company’s website, Binance’s Patrick Hillmann said that several people messaged him for his time. “It turned out that a sophisticated hacking group had used previous news interviews and television appearances over the years to create a ‘deepfake’ about me,” Hillmann wrote, adding that the accused deepfake forced to be “subtle enough to fool some very smart crypto community members. Neither Hillmann nor Binance have posted any images showing the claimed deepfake. Since deepfakes first surfaced in 2017, there have been relatively few incidents of fake audio or video defrauding others. (The vast majority deepfakes were used to create gratuitous erotic images). However, recent reports say Deepfake scams are on the riseand in March of last year, FBI warning that it predicts an increase in malicious scams over the next 12 to 18 months.
