This week, former Twitter chief security officer Peiter Mudge Zatko filed an explosive whistleblower complaint contrary to the company. The allegations, which Twitter contests, claim the social media marketing firm has multiple security flaws that it hasnt taken seriously. Zatko alleges Twitter put an Indian government agent on its payroll and didn’t patch servers and company laptops. On the list of claims, however, one sticks out: the suggestion that Twitter engineers could access live software and had virtually untracked usage of its system.
In a privacy win for students over the US, an Ohio judge has ruled that it’s unconstitutional to scan students homes while they’re taking remote tests. We also detailed the privacy flaw that’s threatening US democracytoo little federal privacy protections means mass surveillance systems could possibly be used against citizens in new ways.
Elsewhere, as Russias full-scale invasion of Ukraine passes half a year, military forces are increasingly embracing open source data to back their efforts. Police in India are using facial recognition with suprisingly low accuracy ratesthe technology has been trusted in Delhi but could possibly be throwing up a lot of false positives. And we dived deeply (perhaps too deeply) into how four students hacked 500 of these schools cameras, across six locations, and rickrolled a large number of students and teachers. Its one elaborate graduation prank.
And theres more. Every week, we highlight the news headlines we didnt cover in-depth ourselves. Go through the headlines below to learn the entire stories. And remain safe on the market.
Since Russia-backed trolls flooded Facebook and Twitter with disinformation round the 2016 US elections, the social media marketing firms have improved their capability to bust disinformation networks. The firms frequently remove propaganda accounts associated with authoritarian states, such as for example Iran, Russia, and China. But its rare that Western disinformation efforts are discovered and exposed. This week, the Stanford Internet Observatory and social media marketing analysis firm Graphika detailed a five-year operation that has been pushing pro-Western narratives. (The study follows Twitter, Facebook, and Instagram because they remove a number of accounts from their platforms for coordinated inauthentic behavior.)
The propaganda accounts used memes, fake news websites, online petitions, and different hashtags so that they can push pro-Western views and were associated with both overt and covert influence operations. The accounts, a few of which may actually use AI-generated profile pictures, targeted internet surfers in Russia, China, and Iran, among other countries. The researchers say the accounts heavily criticized Russia after its full-scale invasion of Ukraine in February and in addition promoted anti-extremism messaging. Twitter said the experience it saw will probably have started in the united states and the united kingdom, while Meta said it had been the united states.
Most of the techniques utilized by the web influence operation may actually mimic those the Russia-backed accounts found in the buildup to the 2016 elections. Its likely, however, that the Western influence operations werent that successful. Almost all posts and tweets we reviewed received only a small number of likes or retweets, and only 19 percent of the covert assets we identified had a lot more than 1,000 followers, the researchers say.
Recently, Charming Kitten, a hacking group associated with Iran, has been known because of its aggressive, targeted phishing campaigns. These phishing efforts try to gather the usernames and passwords of peoples online accounts. This week, Googles Threat Analysis Group (TAG) detailed a fresh hacking tool Charming Kitten is using thats with the capacity of downloading peoples entire email inboxes. Dubbed Hyperscrape, the tool can steal peoples details from Gmail, Yahoo, and Microsoft Outlook. The attacker runs Hyperscrape by themselves machine to download victims inboxes using previously acquired credentials, TAG says in a post. The tool may also open new emails, download their contents, and mark them as unread, in order never to raise suspicions. Up to now, Google says it has seen the tool used against less than two dozen accounts owned by people located in Iran.
Password management company LastPass says it’s been hacked. Fourteen days ago, we detected some unusual activity within portions of the LastPass development environment, the business wrote in a statement this week. LastPass says an unauthorized party could access its development environment by way of a compromised developer account. As the hacker (or hackers) were within LastPasss systems, they took a few of its source code and proprietary LastPass technical information, the business says in its statement. It have not detailed which components of its source code were taken, rendering it difficult to measure the seriousness of the breach. However, the business does say that customer passwords and data haven’t been accessedtheres nothing LastPass users should do in reaction to the hack. Not surprisingly, the indictment continues to be apt to be a headache for the LastPass technical teams. (Its not the very first time LastPass has been targeted by code hackers either.)
The principle communications officer of crypto exchange Binance claims scammers created a deepfake version of him and tricked people into attending conferences on Zoom calls along with his fake. In a post on the companys website, Binances Patrick Hillmann said that several people had messaged him for his time. As it happens a sophisticated hacking team used previous news interviews and TV appearances through the years to produce a deepfake of me, Hillmann wrote, adding that the alleged deepfake was refined enough to fool several highly intelligent crypto community members. Neither Hillmann nor Binance has posted any images showing the claimed deepfake. Since deepfakes first emerged in 2017, there were relatively few incidents of faked video or audio scams impersonating people. (Almost all deepfakes have already been used to generate nonconsensual pornographic images). However, recent reports say deepfake scams are increasing, and in March of this past year the FBI warned that it anticipated a growth in malicious deepfakes next 12 to 18 months.