Privacy Roundup #0061 • August 2011
August 2011 was dominated by hacktivist data dumps, the BART cell shutdown free-speech fight, web tracking exposed, and the fraudulent certificates that broke trust in the web.
1. McAfee details Operation Shady RAT, a five-year spying campaign
McAfee revealed a sustained intrusion campaign that had quietly compromised 72 governments, companies and bodies such as the United Nations since 2006. The report framed the thefts as a historically unprecedented transfer of secrets and source code from mostly Western targets.
2. Facebook launches a bug bounty for security researchers
Facebook opened a programme paying researchers at least 500 dollars for reporting flaws that put user data or privacy at risk. The move invited outside scrutiny of a platform then used by some 750 million people.
→ www.infosecurity-magazine.com
3. KISSmetrics and Hulu sued over respawning supercookies
A proposed class action followed a Berkeley study showing that analytics firm KISSmetrics used ETags to rebuild tracking identifiers even after users deleted their cookies. Hulu quickly severed ties with the firm, and KISSmetrics rewrote its privacy policy.
4. German regulator says Facebook face recognition breaks the law
Hamburg's data protection commissioner demanded that Facebook switch off its automatic tag-suggestion feature and delete the biometric data it had gathered. The official warned of fines, arguing that scanning faces without consent violated German and European law.
5. AntiSec dumps 10GB stolen from 70-plus US sheriff sites
Hackers under the AntiSec banner breached a shared hosting provider and exposed records from dozens of small-town law enforcement agencies. The cache held emails, passwords, Social Security numbers and informant details, released in retaliation for arrests of suspected members.
6. Anonymous defaces Syria's Ministry of Defence website
Anonymous took over the Syrian defence ministry homepage and replaced it with the pre-Baathist flag and a message of solidarity with anti-government protesters. The defacement linked to footage of state violence during the uprising against Bashar al-Assad.
7. RIM offers to help police over BlackBerry use in the riots
Research In Motion said it would cooperate with London's Metropolitan Police after reports that looters used BlackBerry Messenger to coordinate during the England riots. The pledge to hand over messaging data drew immediate criticism from privacy advocates.
8. BlackBerry blog defaced after RIM agrees to assist police
The group TeaMp0isoN hijacked RIM's official BlackBerry blog and threatened to leak employee details to rioters. The hackers warned the company against handing chat logs, locations and customer data to the authorities.
9. UK ministers weigh blocking Twitter and BlackBerry during unrest
In the wake of the riots the government floated giving police power to bar suspected troublemakers from social networks, or to suspend messaging services entirely. Prime Minister David Cameron signalled he was willing to shut down access if it helped restore order.
10. BART cuts mobile service to head off a protest
Bay Area Rapid Transit shut down cell coverage in four downtown San Francisco stations to disrupt a planned demonstration over a police shooting. Civil liberties groups condemned the move as a prior restraint on the speech of thousands of ordinary riders.
11. Anonymous hacks myBART and leaks rider data
In retaliation for the cell shutdown, Anonymous breached the myBART.org site and posted the names, addresses, phone numbers and passwords of around 2,400 registered users. The group dubbed the wider campaign OpBART and called for street protests.
12. Second OpBART breach exposes BART police officers
Days after the first leak, attackers struck the BART Police Officers Association website and published personal details of around 100 officers. The escalation widened the OpBART campaign from passengers to the transit force itself.
13. Anonymous leaks private images of BART spokesman
As OpBART continued, Anonymous targeted BART spokesman Linton Johnson personally by publishing nude images found online. The stunt aimed to embarrass the agency figure who had defended the cell-service shutdown.
14. AntiSec breaches drone maker Vanguard Defense Industries
Hackers raided the systems of Vanguard Defense Industries, maker of the ShadowHawk surveillance drone, and leaked roughly a gigabyte of internal email and documents. The breach targeted a senior executive with ties to the FBI and InfraGard.
15. Nokia developer forum breached by SQL injection
A hacker exploited a flaw in the forum software running Nokia's developer community and accessed a table of members' email addresses. The site was briefly defaced and redirected before Nokia regained control.
16. Facebook overhauls privacy controls with inline tagging review
Facing sustained criticism, Facebook moved sharing controls next to each post and added a review step so users could approve tags before they appeared. The redesign also introduced a tool to preview how a profile looked to other people.
→ tech.co
17. RankMyHack, a leaderboard for hackers, gets hacked
RankMyHack.com, a site where intruders submitted and scored each other's exploits, was itself compromised by a hacker calling himself HaxOr. The episode underlined how exposed even security-minded communities could be.
18. DigiNotar fraud lets attackers impersonate Google in Iran
A fraudulent wildcard certificate for Google, issued through the Dutch authority DigiNotar, was used to intercept the traffic of hundreds of thousands of Iranian internet users. The discovery exposed hundreds of rogue certificates and shattered confidence in the certificate system.
19. Rights groups ask the FCC to rule the BART shutdown unlawful
The EFF, Public Knowledge and the Center for Democracy and Technology petitioned the FCC to declare that BART broke telecommunications law by cutting cell service. The filing pressed regulators to set limits on government interruptions of mobile networks.
20. Former News of the World editor arrested in hacking inquiry
Stuart Kuttner, the tabloid's long-serving managing editor, was arrested over suspected interception of voicemail messages and corrupt payments. His detention deepened the phone-hacking scandal engulfing Rupert Murdoch's British newspapers.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: