Privacy Roundup #0094 • May 2014
May 2014 turned the first anniversary of the Snowden leaks into a wave of fresh NSA disclosures, while Europe handed people a right to be forgotten and a run of huge breaches struck eBay, Orange and others.
1. Microsoft ships an emergency Internet Explorer fix and patches Windows XP
Microsoft broke its own schedule to push an out-of-band fix for a critical Internet Explorer flaw that attackers were already exploiting. The company also relented and patched Windows XP, weeks after it had supposedly retired the operating system.
2. White House releases its big data and privacy review
A ninety-day study led by John Podesta warned that big data analytics could entrench discrimination and erode privacy across daily life. The report urged Congress to pass baseline privacy legislation and to rein in the data broker industry.
3. Target chief executive resigns over the data breach
Gregg Steinhafel stepped down as chairman and chief executive of Target, the most senior casualty of the breach that exposed forty million payment cards and the details of seventy million customers. His departure showed that a failure to protect customer data could now cost a long-serving boss his job.
4. Orange France is hacked again, exposing 1.3 million customers
French telecoms group Orange admitted that attackers had stolen names, email addresses, phone numbers and dates of birth for 1.3 million customers and prospects. It was the company's second breach in four months, this time through a platform used to send marketing messages.
5. Bitly resets accounts after credentials are compromised
The link-shortening service Bitly disclosed that account credentials, including encrypted passwords, API keys and OAuth tokens, had been exposed. The intrusion was traced to a compromised employee account that held the keys to offsite database backups.
6. European court establishes a right to be forgotten
The Court of Justice of the European Union ruled in the Google Spain case that people may ask search engines to delist results about them that are inadequate, irrelevant or excessive. The judgment treated search engines as data controllers and set privacy rights above the commercial interests of the operator.
7. Privacy International sues GCHQ over government malware
Privacy International filed a complaint at the Investigatory Powers Tribunal accusing GCHQ of working with the NSA to infect computers and phones with surveillance software. The group argued that such hacking could switch on cameras and microphones and was far more intrusive than ordinary interception.
8. Leaked photos show the NSA bugging Cisco routers in transit
Documents published with Glenn Greenwald's book revealed that the NSA intercepts network hardware being shipped abroad, implants surveillance beacons, then reseals the packages. Photographs showed agents fitting an implant into a Cisco router destined for a foreign customer.
9. EFF dissects the watered-down House surveillance bill
The Electronic Frontier Foundation examined the House version of the USA Freedom Act and warned that it had been stripped of key safeguards. The group flagged vague collection language and the failure to touch Section 702 of the surveillance laws.
10. The NSA records every mobile call in the Bahamas
The Intercept revealed that a system code-named SOMALGET captures the full audio of virtually every cellphone call in the Bahamas and stores it for replay. Part of the wider MYSTIC programme, it was built without the knowledge or consent of the Bahamian government.
11. eBay tells 145 million users to change their passwords
eBay disclosed that attackers had used stolen employee credentials to reach a database holding names, encrypted passwords, addresses, phone numbers and dates of birth. The company asked all 145 million active users to reset their passwords, one of the largest such requests to date.
12. House passes a weakened USA Freedom Act
The House of Representatives passed the USA Freedom Act by 303 votes to 121, but only after last-minute changes gutted several reforms. Original sponsors including Justin Amash voted against it, arguing that it still permitted broad domestic collection.
13. Snowden gives his first American television interview
Edward Snowden sat down with Brian Williams of NBC in Moscow for his first interview with a United States network. He described himself as a trained intelligence officer and said he had raised concerns inside the NSA before going public.
14. Avast forum is hacked and taken offline
Antivirus maker Avast pulled its community forum offline after attackers broke in and exposed nicknames, usernames, email addresses and hashed passwords. The breach hit around four hundred thousand accounts, although payment and licensing systems were not touched.
15. FTC calls for transparency from data brokers
The Federal Trade Commission published a study of nine data brokers and found an industry that collects billions of data points on almost every consumer in near total secrecy. The agency urged Congress to give people the right to see and control the information held about them.
16. California Senate passes a smartphone kill switch bill
California legislators approved a bill requiring smartphones sold in the state to carry a kill switch that lets owners disable a stolen handset remotely. The measure cleared the Senate despite earlier opposition from Apple and other large technology companies.
17. Spotify warns of unauthorised access and pushes a new app
Spotify said attackers had reached its systems, although it stated that only one user's data was accessed and no passwords or payment details were taken. As a precaution the company rolled out a new Android app and signed many users out of their accounts.
18. Iranian hackers run a fake news network to spy on officials
Researchers at iSIGHT Partners exposed Operation Newscaster, a long-running campaign that used fake journalist personas across social media to befriend targets. The operation reached more than two thousand senior military, diplomatic and political figures in the United States and allied countries.
19. Google opens a right to be forgotten request form
Two weeks after the European ruling, Google launched an online form letting people in Europe ask for search results to be delisted. The company said it would weigh each request against the public interest, and it received thousands of submissions on the first day.
20. The NSA harvests millions of images for facial recognition
The New York Times reported that the NSA collects millions of images a day from emails, messages and social media to feed sophisticated facial recognition systems. About fifty-five thousand of those daily images were good enough to identify a face, and the agency crosschecked them against other databases.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: