{"id":958,"date":"2020-11-09T03:59:13","date_gmt":"2020-11-09T03:59:13","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1327130"},"modified":"2020-11-09T03:59:13","modified_gmt":"2020-11-09T03:59:13","slug":"pardon-the-intrusion-30-your-data-is-up-for-sale","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=958","title":{"rendered":"Pardon the Intrusion #30: Your data is up for sale"},"content":{"rendered":"\n<p><strong><em>Subscribe to this bi-weekly newsletter <a href=\"https:\/\/tnw.to\/newsletter\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>During the first wave of COVID-19, contact tracing apps were touted as THE BIG SOLUTION to tackling the pandemic.<\/span><\/p>\n<p><span>Most countries rolled out their own versions, and later Apple and Google together built a unified exposure notification API that works across Android and iOS.<\/span><\/p>\n<p><span>This is all well and good, but there\u2019s been no <\/span><a href=\"https:\/\/theconversation.com\/contact-tracing-apps-theres-no-evidence-theyre-helping-stop-covid-19-148397\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">actual<\/a><span> <\/span><a href=\"https:\/\/www.wired.com\/story\/opinion-the-logic-around-contact-tracing-apps-is-all-wrong\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">evidence<\/a><span> yet they\u2019re helping to stop COVID-19.<\/span><\/p>\n<p><span>Then there are the privacy and security worries. Contact tracing apps often rely on Bluetooth and location tracking as a means to alert people who\u2019ve been near someone who has tested positive.<\/span><\/p>\n<p><span>One such app is <\/span><a href=\"https:\/\/thenextweb.com\/corona\/2020\/04\/02\/indian-government-officially-launches-its-coronavirus-tracking-app\/\" target=\"_blank\" rel=\"noopener noreferrer\">Aarogya Setu<\/a><span>, which is the Indian government\u2019s official nationwide coronavirus tracker.<\/span><\/p>\n<p><span>After <\/span><a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/05\/08\/pardon-the-intrusion-17-hands-up-this-is-a-hold-up\/\" target=\"_blank\" rel=\"noopener noreferrer\">concerns<\/a><span> were repeatedly raised about the app\u2019s use of GPS data, the Android version of the app was eventually <\/span><a href=\"https:\/\/www.medianama.com\/2020\/05\/223-aarogya-setu-code-open-sourced\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">open-sourced in May<\/a><span> (the iOS version has not been made available to date).<\/span><\/p>\n<p><span>But apparently, there\u2019s more to worry about. India\u2019s <\/span><a href=\"https:\/\/www.theregister.com\/2020\/10\/29\/indian_government_labels_itself_evasive\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Central Information Commission<\/a><span> has now warned the country\u2019s Ministry of Electronics and Information Technology (MeitY) for \u201cobstruction of information and providing an evasive reply\u201d to questions raised by activist Saurav Das about&nbsp;the app\u2019s conception,&nbsp;including details of private sector involvement.<\/span><\/p>\n<p><span>MeitY did put out a <\/span><a href=\"https:\/\/pib.gov.in\/PressReleaseIframePage.aspx?PRID=1668194\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">statement<\/a><span> to address the issue, insisting the \u201capp has been developed in the most transparent manner and all details and documents including Privacy Policy and Aarogya Setu <\/span><a href=\"https:\/\/aarogyasetu.gov.in\/wp-content\/uploads\/2020\/06\/mygov-1000000000981057882.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Data Access &amp; Knowledge Sharing<\/a><span> Protocols.\u201d<\/span><\/p>\n<p><span>While there is no denying contact tracing apps can be useful to track real-time spikes in exposures, transparency and accountability will go a long way towards instilling trust in the technology.<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span>What\u2019s trending in security?<\/span><\/h3>\n<p><span>The gang behind Maze ransomware <\/span><a href=\"https:\/\/techcrunch.com\/2020\/11\/02\/maze-ransomware-group-shutting-down\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">shut down<\/a><span>, offline messaging app Bridgefy added <\/span><a href=\"https:\/\/techcrunch.com\/2020\/11\/02\/bridgefy-launches-end-to-end-encrypted-messaging-for-the-app-used-during-protests-and-disasters\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">end-to-end encryption<\/a><span>, and NSA whistleblower Edward Snowden was granted <\/span><a href=\"https:\/\/www.reuters.com\/article\/us-usa-security-snowden-russia-idUSKBN27I0H8\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">permanent residency<\/a><span> in Russia.<\/span><\/p>\n<ul>\n<li>\n<span>WIRED\u2019s Lily Hay Newman profiled Maddie Stone, who works for Google\u2019s Project Zero elite bug-hunting team, tracking down some of the most severe vulnerabilities.&nbsp;<\/span><span>\u201cFor me the driving factor of my work is how cool it would be if every person on Earth, regardless of how cheap or expensive their device, is had safe and secure access to the internet. That could propagate to so many different parts of humanity,\u201d says Stone. [<\/span><a href=\"https:\/\/www.wired.com\/story\/maddie-stone-project-zero-reverse-engineering\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WIRED<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Another long read. This time from Signal CEO Moxie Marlinspike, who is \u201ctrying to bring normality to the Internet.\u201d [<\/span><a href=\"https:\/\/www.newyorker.com\/magazine\/2020\/10\/26\/taking-back-our-privacy\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The New Yorker<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>NSA whistleblower and privacy activist Edward Snowden was granted permanent residency in Russia. [<\/span><a href=\"https:\/\/www.reuters.com\/article\/us-usa-security-snowden-russia-idUSKBN27I0H8\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Reuters<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Offline messaging app Bridgefy added support for end-to-end encryption, two months after researchers discovered a <\/span><a href=\"https:\/\/arstechnica.com\/features\/2020\/08\/bridgefy-the-app-promoted-for-mass-protests-is-a-privacy-disaster\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">number of security flaws<\/a><span> that could be used to deanonymize users, decrypt and read direct messages, and even shut down the network. [<\/span><a href=\"https:\/\/techcrunch.com\/2020\/11\/02\/bridgefy-launches-end-to-end-encrypted-messaging-for-the-app-used-during-protests-and-disasters\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TechCrunch<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/d3d06d51-3569-4a00-8063-f12aedd6c2b3.gif\" width=\"480\" height=\"200\" data-file-id=\"58930\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>The group behind Maze ransomware shut down operations for good. [<\/span><a href=\"https:\/\/techcrunch.com\/2020\/11\/02\/maze-ransomware-group-shutting-down\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TechCrunch<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Singapore amended its Personal Data Protection Act (PDPA) to allow local businesses to use consumer data without prior consent for selective purposes, such as business improvement and research. The revised regulation also allows for harsher financial penalties to be meted out for data breaches, above the previous cap of SG$1 million. [<\/span><a href=\"https:\/\/www.zdnet.com\/article\/singapore-updates-data-protection-law-to-exclude-user-consent-for-legitimate-business-purposes\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ZDNet<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>A data breach broker is selling account databases containing 34 million user records on behalf of a threat actor who broke into 17 companies this year. [<\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-is-selling-34-million-user-records-stolen-from-17-companies\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Bleeping Computer<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/d99b8842-79f9-4b63-b1ae-7349c5b569d4.gif\" width=\"480\" height=\"189\" data-file-id=\"58958\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>The DHS, CISA, and FBI shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration data from U.S. state websites, including election sites. [<\/span><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-304a\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CISA<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Grayshift, the maker of the GrayKey device used by law enforcment to break into encrypted iPhones, raised $47 million. [<\/span><a href=\"https:\/\/www.grayshift.com\/company\/newsroom\/grayshift-secures-47-million-series-financing-round-led-peakequity-partners\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Grayshift<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Researchers managed to extract the secret key that encrypts microcode updates Intel provides to fix security vulnerabilities and other types of bugs in its CPUs. [<\/span><a href=\"https:\/\/arstechnica.com\/gadgets\/2020\/10\/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ars Technica<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>The last fortnight in data breaches, leaks and ransomware: <\/span><a href=\"https:\/\/threatpost.com\/covid-19-vaccine-cyberattack-data-breach\/160495\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Dr. Reddy\u2019s<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/folksam-data-breach-leaks-info-of-1m-swedes-to-google-facebook-more\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Folksam<\/a><span>, <\/span><a href=\"https:\/\/krebsonsecurity.com\/2020\/10\/security-blueprints-of-many-companies-leaked-in-hack-of-swedish-firm-gunnebo\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Gunnebo Group<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-1m-lazada-redmart-accounts-sold-online-after-data-breach\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Lazada RedMart<\/a><span>, <\/span><a href=\"https:\/\/threatpost.com\/mattel-hit-by-ransomware\/160947\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Mattel<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/massive-nitro-data-breach-impacts-microsoft-google-apple-more\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Nitro PDF<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/french-it-giant-sopra-steria-hit-by-ryuk-ransomware\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Sopra Steria<\/a><span>, <\/span><a href=\"https:\/\/techcrunch.com\/2020\/10\/28\/true-social-app-privacy-exposed-data\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">True<\/a><span>, and <\/span><a href=\"https:\/\/www.vice.com\/en\/article\/n7vw9d\/hackers-are-holding-psychotherapy-data-ransom\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Vastaamo<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\">Data Point<\/h3>\n<p><span>Even as the US government is warning of <\/span><a href=\"https:\/\/thehackernews.com\/2020\/10\/ransomware-attack-hospital.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ransomware attacks<\/a><span> against healthcare systems, cybersecurity firm ESET\u2019s <\/span><a href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2020\/10\/ESET_Threat_Report_Q32020.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Threat Report for Q3 2020<\/a><span> shows an almost 20% decline in ransomware activity in the quarter. Based on telemetry data, Win\/Filecoder.WannaCryptor led the category with more than 52% of detections. The Win\/Filecoder.Crysis family ranked second with 6.6%, followed by Win\/Filecoder.Phobos with 4.7% of detections.<\/span><\/p>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/4e1cc1c0-dd09-48d9-8ecb-7843e3a1bce5.png\" width=\"600\" height=\"337\" data-file-id=\"58914\" data-lazy=\"true\"><\/figure>\n<\/p>\n<h3 class=\"h2 mso-font\">Tweet of the Week<\/h3>\n<p><span>Talk about an opsec fail! The US government&nbsp;<\/span><a href=\"https:\/\/thehackernews.com\/2020\/10\/russian-hackers.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">charged 6 Russian intelligence officers<\/a><span>&nbsp;last month for carrying out some of the most destructive cyberattacks. It turns out 3 of those indicted, and 46 others, all registered their vehicles to a non-existent apartment in Moscow: \u201c<\/span><a href=\"https:\/\/www.bellingcat.com\/news\/uk-and-europe\/2020\/10\/22\/russian-vehicle-registration-leak-reveals-additional-gru-hackers\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Svobody 21\u0412<\/a><span>.\u201d<\/span><\/p>\n<p><a href=\"https:\/\/twitter.com\/AricToler\/status\/1319300242706206720\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/cc34c8a1-c1dd-4fb1-a6bf-bd25c81cdd6a.png\" alt width=\"588\" height=\"532\" data-file-id=\"58962\" data-lazy=\"true\"><\/figure>\n<p><\/a><\/p>\n<p>That\u2019s it. See you all in two weeks. Stay safe!<\/p>\n<p><em>Ravie x TNW (ravie[at]thenextweb[dot]com)<\/em><\/p>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" class=\"aligncenter lazy lazyLoaded lazy\" src=\"https:\/\/ci3.googleusercontent.com\/proxy\/zf8opweeNMr8bl6Pjb03mIXs97YyT2KlsZfj6yx45oin4M987ojFwI3P3vRqEy7vt2mX1CA8mEPhe3U40xaL1huLDjGVFkO0ROdmYkvncg6l-wkdRpDh_0a8n_ajjUURdFhiHHcAcmfxFmGoOmjuGddwLcdUKj0x8DM=s0-d-e1-ft#https:\/\/gallery.mailchimp.com\/22ec88eb9b9d8bc3bcf660787\/images\/2a1d9c8a-7d0d-4ff8-8703-07138b8722de.gif\" data-lazy=\"true\"><\/figure>\n<\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/11\/09\/pardon-the-intrusion-30-your-data-is-up-for-sale\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. During the first wave of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":959,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/958"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=958"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/958\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/959"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}