Privacy Roundup #0054 • January 2011
January 2011 was shaped by the WikiLeaks fallout, hacktivist attacks across the Arab Spring, and a steady drip of data breaches and tracking rows.
1. Pro-WikiLeaks hackers knock Zimbabwe government sites offline
Anonymous took down three Zimbabwean government websites with denial-of-service attacks on New Year's Day. The action followed Grace Mugabe's threatened lawsuit against a newspaper that had published a leaked diplomatic cable.
2. Geinimi trojan turns Android phones into a botnet
Security firm Lookout identified Geinimi, the first Android malware to display botnet-like control over infected handsets. The trojan harvested location data, device identifiers and the list of installed apps, then sent them to a remote server.
3. Anonymous attacks Tunisian government websites
The hacker collective launched Operation Tunisia, taking down at least eight state sites including those of the president and the stock exchange. The group framed the attacks as a response to the government's censorship of WikiLeaks and the wider web.
4. Twitter tells WikiLeaks users about a secret DOJ data demand
Twitter went to court to unseal a Justice Department order seeking account records tied to five people linked to WikiLeaks. By winning the right to notify those users, the company gave them ten days to challenge the demand themselves.
5. Vodafone confirms a customer database breach in Australia
Vodafone admitted that its secure customer database had been compromised after an employee or dealer shared the access password. Home addresses, driving licence numbers and credit card details of millions of customers were exposed.
6. Fine Gael website hacked days before the Irish election
Attackers calling themselves Anonymous broke into the Irish opposition party's revamped website and took the contact details of almost 2,000 subscribers. Emails, IP addresses and mobile numbers were exposed, and the FBI joined the investigation.
7. Ex-Swiss banker hands offshore account data to WikiLeaks
Rudolf Elmer publicly gave Julian Assange two discs that he claimed held details of around 2,000 offshore account holders. Swiss police rearrested him within days on fresh charges of breaching banking secrecy law.
8. Facebook moves to share addresses and phone numbers with apps
Facebook quietly announced that third-party developers could request users' home addresses and mobile numbers through new permission dialogs. The plan drew immediate criticism and was suspended within days.
→ phys.org
9. FTC dismissed Google Street View Wi-Fi probe as a wasted summer
Documents obtained by EPIC under freedom of information law showed a senior FTC lawyer describing the Street View investigation as a "wasted summer". The agency dropped its inquiry even as regulators abroad found Google had broken privacy law.
10. EFF publishes social media law enforcement guides
The EFF released the confidential guides that thirteen companies, including Facebook and MySpace, send to police explaining how to obtain user data. The documents revealed inconsistent policies and, in some cases, fee schedules for handing over records.
11. Trapster speed-trap app warns of a massive breach
Trapster told its users that millions of email addresses and passwords may have been stolen in two separate intrusions. With around ten million accounts, the breach risked dwarfing the recent Gawker hack.
12. Al Jazeera and the Guardian publish the Palestine Papers
The two outlets began releasing nearly 1,700 leaked files from a decade of Israeli-Palestinian negotiations. The disclosure exposed private memos, emails and meeting minutes from inside the Palestinian negotiating team.
13. Mozilla builds a Do Not Track header into Firefox
Mozilla announced a Do Not Track signal that Firefox would send with every page request, placing the onus on advertisers to respect it. The EFF praised the move as a practical path forward for people who want privacy as they browse.
14. Google ships a Keep My Opt-Outs extension for Chrome
Google released a browser extension that makes advertising opt-out cookies persistent so they survive being cleared. Critics noted it covered only firms that had adopted the industry self-regulatory standard, leaving gaps such as Facebook.
15. Lush website breach exposes thousands of card details
The cosmetics retailer disclosed that hackers had accessed the payment details of around 5,000 customers who ordered online between October and January. The intrusion was blamed on a long-known SQL injection weakness.
16. Tunisia ran a country-wide Facebook password grab
Tunisian internet providers injected code into Facebook's login pages to harvest the passwords of the entire country during the uprising. Facebook responded by forcing encrypted connections for all Tunisian traffic and adding identity checks.
17. Facebook adds optional HTTPS and social authentication
After Mark Zuckerberg's own page was hijacked, Facebook let users switch on full-session HTTPS to thwart sniffing tools such as Firesheep. It also added a check that asks suspicious logins to identify friends from photos.
18. UK police arrest five over Operation Payback attacks
British officers arrested five people aged fifteen to twenty-six in raids tied to the Anonymous denial-of-service attacks on PayPal, Visa and Mastercard. The group called the arrests a "sad mistake" and a declaration of war.
19. Egypt cuts off the internet during mass protests
On the "Day of Anger" Egypt's providers severed mobile and internet access nationwide as protests against Hosni Mubarak grew. Human Rights Watch warned that the blackout was a major threat to basic rights.
20. PlentyOfFish hack exposes plain-text passwords
The dating site admitted that an intruder had accessed account details for tens of millions of users, with passwords stored in plain text. The founder responded by accusing the researcher who reported it of extortion rather than fixing the underlying weakness.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: