Privacy Roundup #0105 • April 2015
April 2015 brought state hacking, regulator fines and a fresh fight over surveillance and encryption.
1. Obama signs an executive order to sanction overseas hackers
On 1 April President Obama announced an executive order letting the Treasury freeze the assets of people abroad who carry out serious cyber attacks. Critics warned that the broad wording could reach beyond the worst offenders.
→ cnn.com
2. Edward Snowden sits down with John Oliver in Moscow
On 5 April Last Week Tonight aired an interview in which John Oliver pressed Edward Snowden on how mass surveillance touches ordinary people. The segment reframed the debate around intimate photographs to make the stakes plain to a wide audience.
3. US officials say Russian hackers breached the White House network
On 7 April officials told reporters that hackers tied to Russia had reached an unclassified White House system after first compromising the State Department. The intruders are said to have seen sensitive material, including non-public details of the president's schedule.
4. FCC fines AT&T 25 million dollars over call centre data theft
On 8 April the Federal Communications Commission settled with AT&T for 25 million dollars after staff at overseas call centres stole the data of roughly 280,000 customers. The penalty was the largest the agency had ever imposed for a data security failure.
5. A decades-old DEA bulk phone records dragnet is exposed
On 8 April reporting revealed that for more than twenty years the Drug Enforcement Administration had logged nearly all calls from the United States to scores of foreign countries. The programme predated the NSA's post-2001 telephone collection by almost a decade.
6. A lawsuit forces out the unredacted FBI Stingray secrecy agreement
On 8 April litigation produced the full text of the FBI non-disclosure agreement that police sign before buying cell-site simulators. It showed the bureau could push for a case to be dropped rather than let Stingray details reach a courtroom.
7. Police forces sinkhole the polymorphic Beebone botnet
On 9 April an international operation led by the Dutch police and Europol seized the domains that the Beebone downloader used to control infected machines. The malware had quietly pulled banking trojans and ransomware onto thousands of computers.
8. French broadcaster TV5Monde is knocked off air in a cyber attack
On 9 April attackers took twelve TV5Monde channels off air and seized its websites and social accounts under a "Cyber Caliphate" banner. Investigators later linked the sabotage to a group widely associated with Russian military intelligence.
→ npr.org
9. Researchers expose China's Great Cannon and the GitHub attack
On 10 April Citizen Lab documented a new offensive system, the Great Cannon, sitting alongside the Great Firewall. It hijacked traffic to Chinese servers and turned foreign web users into an unwitting weapon in the record flood against GitHub and GreatFire.
10. Lufthansa frequent-flyer accounts are drained in a brute-force raid
On 11 April Lufthansa confirmed that attackers had used automated guessing to break into a number of Miles and More accounts on its website. Several premium members lost reward miles before the airline locked the affected profiles.
11. White Lodging confirms a second hotel payment card breach
On 13 April the hotel operator White Lodging said point-of-sale systems at restaurants and bars in ten of its properties had been infected with card-stealing malware. It was the second such compromise to hit the company in barely a year.
12. Debt brokers settle FTC charges over exposed consumer files
On 13 April two debt brokers settled with the Federal Trade Commission after posting unencrypted files on tens of thousands of consumers on a public website. The records included names, addresses, bank account numbers and card numbers.
13. Verizon's annual breach report plays down the mobile threat
On 14 April Verizon published its 2015 Data Breach Investigations Report, drawing on nearly 80,000 incidents and more than 2,000 confirmed breaches. It argued that mobile and the Internet of Things were a distraction from the attack routes criminals actually used.
14. HBO orders Periscope to stop the Game of Thrones livestreams
On 14 April HBO sent takedown notices to Twitter's new Periscope app after viewers rebroadcast the season premiere of Game of Thrones to strangers. The clash exposed how a live broadcasting tool could expose both copyrighted feeds and the bystanders caught on camera.
15. The European Commission charges Google over search results
On 15 April the European Commission issued a formal statement of objections accusing Google of abusing its dominance by favouring its own comparison shopping service. The same day it opened a separate inquiry into the Android mobile system.
→ npr.org
16. WikiLeaks publishes a searchable archive of the hacked Sony files
On 16 April WikiLeaks put the stolen Sony Pictures cache into a searchable database of more than thirty thousand documents and over a hundred thousand emails. Julian Assange argued the material belonged in the public domain, while Sony condemned the spread of its employees' private information.
17. The House passes cyber bills that critics call surveillance in disguise
On 22 April the House passed two information-sharing measures, including the Protecting Cyber Networks Act. The Electronic Frontier Foundation argued that they handed companies new immunity to send personal data to the government without fixing core privacy flaws.
→ eff.org
18. Nomi Technologies settles the FTC's first retail-tracking case
On 23 April the Federal Trade Commission announced a settlement with Nomi Technologies, which tracked shoppers through their phones' wireless signals. Its privacy policy promised an in-store opt-out that did not exist, the agency found.
19. Attackers race to exploit the Magento Shoplift flaw
On 23 April researchers reported that criminals were sweeping the web for unpatched Magento shops to plant rogue administrator accounts. The flaw let them harvest customer and payment details from online stores that had ignored an earlier fix.
20. A new nonprofit promises free certificates to encrypt the web
On 9 April the Internet Security Research Group unveiled Let's Encrypt, a free certificate authority backed by Mozilla, the EFF and others to make HTTPS the default. The project aimed to strip away the cost and complexity that had kept much of the web unencrypted and open to snooping.
→ eff.org
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: