What Do We Know about the Russian Cyber-Spying Threat? The Case of TikTok, Forbes and the Kremlin
That’s the point that TikTok tried to make on Tuesday. Hilary McQuaide said in a statement that it was troubling that instead of encouraging the administration to conclude its national security review of TikTok, some members of congress wanted to push for a politically-motivated ban that will do nothing to advance national security.
The article, posted earlier on Thursday, said that ByteDance’s Internal Audit team — usually tasked with keeping an eye on those who currently work for the company or who have worked for the company in the past — planned on surveilling at least two Americans who “had never had an employment relationship with the company.” Forbes did not include details about who was likely to be tracked or why, but it did say that doing so may put its sources at risk.
As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. The conflict is entering a phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. We look at what indicators are available to the global community, in assessing whether Russia is preparing to use nuclear weapons, because NATO officials are watching closely for any signs of movement.
How to Save Yourself from the Flick: A Top Ten Threats to Protect Your Privacy on-Premises Exchange Server and Google Chrome
Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. The new research is examining how the custodians of the encyclopedia ferret out fake news from the state.
If you’re worried about the ongoing threat of cyberattacks around the world, research this week shows that middle-of- the-pack gangs like the Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. They don’t run much operations to target the under funded sectors of health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.
But wait another day, there is more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. Stay safe out there.
EnergyStar for Security: The United States Moved Forward in a Security Labeling Scheme for the Internet of Things (US-Data Security Roundup)
Microsoft said this week that a misconfiguration exposed the data of some prospective customers of its cloud services. Researchers from the threat intelligence firm SOCRadar disclosed the leak to Microsoft on September 24, and the company quickly closed the exposure. The exposed information went back as far as last year and up to August of this year according to the report. The researchers were able to link the data to more than 60,000 organizations from around the world. Microsoft said the exposed details included names, company names, phone numbers, email addresses, email content, and files sent between potential customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk that have led to countless exposures and, sometimes, breaches.
There are no easy answers to fix the longstanding security dumpster fire because of cheap internet of things devices in homes and businesses all over the world. The countries of Singapore and Germany have found that security labels are added to internet-connected cameras, printers, toothbrushes, and more. The labels help consumers understand the protections in different devices, as well as giving manufacturers incentives to improve their practices and get a gold seal. This week, the United States moved in this direction. A labeling scheme for the internet of things, known as EnergyStar for security, was announced by the White House. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.
Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/
Vulnerabilities of the World’s Internet Infrastructure and its Cables: How to Protect Yourself in the Age of Cyber-Security
The Washington Post is quoting sources that say sensitive information about the Iranian nuclear program and the United States intelligence operations in China were included in the documents seized by the FBI. It is possible for unauthorized disclosures of specific information in the documents to pose multiple risks. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could make other countries retaliate against the US.
Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. We looked at the state of the world’s internet infrastructure and the vulnerability of important cables.
Evidence shows that the US has a new legal climate for abortion access that is encouraging people to report potential wrongdoing. Soccer stadiums in the world are being monitored more and more. The eight stadiums in use during the 2022 World Cup in Qatar, for example, will be packed with more than 15,000 cameras to monitor spectators and to conduct biometric scanning.
The Rust programming language is making inroads into the tech industry with hope that it will one day be able to eliminate all of the common vulnerabilities. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.
Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/
The Financial Crimes of Jack Dorsey: How do U.S. Financial Institutions Become More Secure by Hijacking Their Personal Cell Phones?
Liz is having a hard time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. The Russians may have been able to intercept messages about Ukraine between Truss and officials in other countries. The Mail report further claims that former prime minister Boris Johnson and cabinet secretary Simon Case suppressed the breach. Labor Party officials want an investigation into their Conservative opponents. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. “There are also serious security questions around why and how this information has been leaked or released right now, which must also be urgently investigated.”
Another entity created by Jack Dorsey is facing increased scrutiny. The Cash App is reported to be helping fuel sex traffickers in the US and elsewhere. The investigation found rampant use of the Cash App in sex traffickers and other crimes, based on the police records and claims by former employees. The company owned by Dorsey-led Block Inc. does not tolerate illegal activity on the Cash App and has staff dedicated to working with law enforcement. Forbes writes that the National Center for Missing and Exploited Children doesn’t receive any tips about potential child abuse from block because they don’t provide any.
The US Treasury Department said this week that US financial institutions helped to make over $1 billion in ransomware payments by the year 2021, a 200 percent increase since 2020. The report landed amid an international White House summit aiming to combat the rise of ransomware, a type of malware that allows attackers to encrypt a target’s files and hold them for ransom until the victim pays. The financial crimes enforcement network acting director said in a statement that the attacks are a threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.
Implications of a Democratic Senate Budget Measure for the Security of TikTok and its Use in the U.S. Social Media
A person close to TikTok, who requested anonymity because they were not publicly authorized to speak on the matter, said that it was playing to the Fox News crowd. The person noted that many of the lawmakers expressing concern about China’s influence are ironically expressing such sentiments from their Chinese-made iPhones.
The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.
Having TikTok on a device issued by the federal government is about to become illegal under a sprawling spending bill for the upcoming fiscal year released by lawmakers in Washington on Tuesday. It is expected to become a law in the near future to keep the government open.
The posturing comes at a pivotal moment in the years-long negotiations between TikTok and the US government on a potential deal that aims to address national security concerns and allow the app’s continued use in the US.
“We will continue to brief members of Congress on the plans that have been developed under the oversight of our country’s top national security agencies—plans that we are well underway in implementing—to further secure our platform in the United States,” McQuaide added.
A version of this article first appeared in the “Reliable Sources” newsletter. Sign up for the daily digest chronicling the evolving media landscape here.
Government officials are alarmed by its widespread usage. Christopher Wray, the FBI director, told lawmakers that the app could be used to control users’ devices.
The Senate-passed bill would provide exceptions for “law enforcement activities, national security interests and activities, and security researchers.”
The White House isn’t interested in the privacy concerns of TikTok, a social media app created after Ukraine invaded by Russia
TikTok is used by more than 100 million monthly active users in the U.S. alone, and its ability to create instant viral hits has put it at the forefront of internet culture, though concerns about data security have long dogged the app.
The White House took a call from 30 TikTok creators on March 10 after Russia invaded Ukraine. The creators, who collectively had over 100 million followers, were briefed on the latest news from the conflict and the White House goals and priorities by Jen Psaki and members of the National Security Council. The WhiteHouse recruited dozens of TikTokers in order to encourage young people to get vaccinated against Covid.
If information is ever sought from the company, it is likely that it would give unfettered access to the authoritarian regime.
Most drastic measures have not advanced since the efforts lacked the political will, or courts interceded to stop them.
“I think some concern about TikTok is warranted,” said Julian McAuley, a professor of computer science at the University of California San Diego, who noted that the main difference between TikTok and other social media apps is that TikTok is much more driven by user-specific recommendations.
“While ByteDance claims that it maintains its operations in the United States separately, there is no easy way to determine the extent to which that claim is true,” said Sameer Patil, a professor at the University of Utah who studies user privacy online.
“While social media companies are certainly harvesting all kinds of data about users, I think it’s usually overblown to what extent they ‘know’ about users on an individual level,” he said.
The committee can either set a bigger ban on the app or force it to go to an American company that the Chinese government will likely fight.
Another possible resolution is that the committee is satisfied with the steps TikTok has taken to ensure there is a firewall between U.S. user data and ByteDance employees in Beijing and the Chinese government.
secretive and happen behind closed doors. It is not clear when the committee might finish its investigation, nor is it known which way it is leaning.
Why the proposed tiktok-ban-is-more-about-politics-than-privacy-according-to-expex13-theory-inspired-byte-dance-law
At least 14 states have recently banned the application from being used on government devices; some state-run public universities followed suit, banning or blocking the app on their campuses.
This is in part because Byte Dance is required by Chinese law to assist the government, which could include sharing user data from anywhere in the world.
“There is no more time to waste on meaningless negotiations with a CCP-puppet company,” Rubio said in a statement. It’s time to outlaw Beijing-controlled TikTok.
“It certainly makes sense, then, for U.S. soldiers to be told, ‘Hey, don’t use the app because it might share your location information with other entities,” said Chander. “That’s true of the weather app as well as lots of other applications that are on your phone, whether they’re owned by China or not.”
Ryan Calo is a professor of law and information science at the University of Washington. He says that, while data privacy in the United States still needs much improvement, the proposed legislation is more about geopolitical tensions and less about TikTok specifically.
“The truth of the matter is, if the sophisticated Chinese intelligence sector wanted to gather information on particular state employees in the United States, it wouldn’t probably have to go through TikTok.”
He says that it’s easy to say that a foreign government is a threat and to protect yourself from it. “And I think we should be a little cautious about how that can be politicized in a way that far exceeds the actual threat in order to achieve political ends.”
Source: https://www.npr.org/2022/12/22/1144745813/why-the-proposed-tiktok-ban-is-more-about-politics-than-privacy-according-to-exp
Is Privacy Issues in the Establishment of Government Reform? Reply to Chander, Calo, and How to Stop the Tik Tok Campaign
Both Chander and Calo are skeptical that an outright TikTok ban would gain much political momentum, and both argue that even if it were to move forward, banning a communication platform would raise First Amendment concerns. Calo thinks the conversation could push policy in a positive direction.
He said that they’re right in the United States to be thinking about the consequences of having so many commercial monitoring of citizens and residents. “And we should do something to address it, but not in this ad hoc posturing way, but by passing comprehensive privacy rules or laws, which is something that, for example, the Federal Trade Commission seems very interested in doing.”