Buzzing overhead with the IT Privacy and Security Update for the Week ending September 6th., 2022


From the Depths of the Dark Web to the summit of Mount Everest, we have you covered.

In this update, we have a creative idea for what to do with the rellies for the holidays, where the commute may be long but the privacy superb.
4 prop Drone

We have a sensational story of TikTok actually telling the truth and another of Irish authorities objecting to Instagram/Meta business accounts for 13-year-olds.

We have a pretty firm reason not to stay at a particular hotelier and why you should be a little suspicious of all the beautiful people who just adore Russian soldiers.

We have our first NFT story out of Afghanistan, and our second out of your TV set.

This week’s update moves faster than USB4, so let’s plug in and go!

CN: TikTok Denies Reports That It’s Been Hacked. And this time it appears they are telling the Truth.

TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform’s source code and user information.

In response to these allegations, TikTok said its team “found no evidence of a security breach.”

According to Bleeping Computer, hackers shared the images of the alleged database to a hacking forum, saying they obtained the data on a server used by TikTok.

It claims the server stores over 2 billion records and 790GB worth of user data, platform statistics, code, and more.

“We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”

So what’s the upshot for you? “Please note that the breach is not from TikTok and that he most likely was lying or didn’t even investigate it before making such outrageous claims."

The AgainstTheWest threat actor claiming to have breached TikTok and WeChat has been banned on the Breached hacking forum where they had leaked samples of the stolen data.

AU: Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43

Friday the Electronic Frontier Foundation (EFF)'s director of cybersecurity announced the sudden death of Peter Eckersley at age 43.

“If you have ever used Let’s Encrypt or Certbot or you enjoy the fact that transport layer encryption on the web is so ubiquitous it’s nearly invisible, you have him to thank for it,” the announcement says.

“Raise a glass.”

Peter Eckersley’s web site is still online, touting “impactful privacy and cybersecurity projects.”

Peter, originally from Melbourne Australia, was recently diagnosed with colon cancer and succumbed suddenly on Friday.

So what’s the upshot for you? Peter’s work at EFF included privacy and security projects such as Panopticlick, HTTPS Everywhere, Switzerland, Certbot, Privacy Badger, and the SSL Observatory.

His most ambitious project was probably Let’s Encrypt, the free and automated certificate authority, which entered public beta in 2015 and last year issued over a billion certificates to over 280 million websites.

Global: Blocking Kiwifarms

Cloudflare finally dropped Kiwifarms, which has functionally become a real-world harassment platform primarily aimed at the LGPBTQ+ community.

They stated the reason was, "This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with.

However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before."

So what’s the upshot for you? The article shows the agonizing that Cloudflare went through in coming to this decision, and it gives some idea of how much they want to stay away from “policing the internet”.

IR: Ireland Fines Instagram a Record $400 Million Over Children’s Data

Ireland’s data privacy regulator has agreed to levy a record fine of 405 million euros ($402 million) against social network Instagram following an investigation into its handling of children’s data, a spokesperson for the watchdog said.

The investigation, which started in 2020, focused on child users between the ages of 13 and 17 who were allowed to operate business accounts, which facilitated the publication of the user’s phone number and/or email address.

“We adopted our final decision last Friday and it does contain a fine of 405 million euros,” said the spokesperson for Ireland’s Data Protection Commissioner (DPC), the lead regulator of Instagram’s parent company Meta Platforms.

So what’s the upshot for you? Instagram updated its settings last year and has since released new features to keep teens safe and their information private, a Meta spokesperson said.

Global: Holiday Inn-owner IHG hit by ‘unauthorized activity’ in tech systems***

Holiday Inn owner IHG (IHG.L)said on Tuesday that bookings on its websites and apps were facing disruptions after its technology systems were hit by “unauthorized activity”.

IHG said it was assessing the nature, extent and impact of the incident and had implemented its response plans.

The incident comes amid increased scrutiny on appropriate defenses against cyber attacks, particularly on western financial institutions, in the wake of heightened geopolitical tensions following Russia’s invasion of Ukraine early this year.

So what’s the upshot for you? The company, which has appointed external specialists to investigate the incident and is in the process of notifying regulatory authorities, said its hotels were still able to operate despite the disruption.

Which we read as saying, “if you don’t mind your data being stolen, we have clean rooms and fluffy pillows for your stay.”

UA: How Ukrainians Infiltrated Internet-Connected Security Cameras, Exposed Russian Bases

The Financial Times tells how the head of a Ukrainian cybersecurity company recruited dozens of “high-level Ukrainian hackers” and borrowed a Starlink internet satellite for “the large-scale infiltration of internet-connected security cameras to surveil Russian-occupied territory, and honey-trapping Russian soldiers into revealing their bases.”

They hacked thousands of security and traffic cameras in Belarus and parts of Ukraine that Russia had occupied.

To filter the information, the team wrote machine-learning code that helped them separate military movements from ordinary traffic, and they funneled the information to the military via a public portal.

In one example, described to the Financial Times with photographs and locations, they identified a remote Russian base near occupied Melitopol in southern Ukraine.

Then, using fake profiles of attractive women on Facebook and Russian social media websites, they tricked soldiers into sending photos that they geolocated, and shared with the Ukrainian military…

So what’s the upshot for you? A few days later, they got to watch on TV as the Russian base was blown up by Ukrainian artillery.

AF: Islamic State Turns to NFTs

A simple digital card praising Islamist militants for an attack on a Taliban position in Afghanistan last month is the first known nonfungible token created and disseminated by a terrorist sympathizer, according to former senior U.S. intelligence officials.

It is a sign that Islamic State and other terror groups may be preparing to use the emerging financial technology to sidestep Western efforts to eradicate their online fundraising and messaging, they said.

The NFT, visible on at least one NFT trading website and titled “IS-NEWS #01,” bears Islamic State’s emblem. It was created by a supporter of the group, likely as an experiment to test a new outreach and funding strategy for ISIS, the former officials said.

Regulators and national-security officials have expressed concern about the potential for terrorists to exploit new financial technologies and markets, including NFTs.

So what’s the upshot for you? IS-NEWS #01 doesn’t appear to have been traded, but its existence on the blockchain—distributed across countless systems connected to the internet—makes it nearly impossible for the US Justice Department and other law-enforcement agencies to take it off the internet, unlike, say, a news release that lives on a conventional website serviced by a host.

“It’s as censorship-proof as you can get,” said a former federal intelligence analyst specializing in blockchain currencies.

“There’s not really anything anyone can do to actually take this NFT down.”

Global: Move over Home Shopping Network: LG is Bringing NFTs To Its Smart TVs

Just months after Samsung announced that it’s bringing non-fungible tokens (NFTs) to its TVs, now LG’s doing the same.

The company’s new NFT marketplace, called LG Art Lab, lets you “buy, sell and enjoy high-quality digital artwork” from your TV.

For now, only users in the US with an LG TV that runs webOS 5.0 or later can access the app, which is available to download from the TV’s home screen.

Through the portal, you can buy and sell digital works made available through LG’s NFT drops.

LG’s NFT platform is built on Hedera, which describes itself as the “most used, sustainable, enterprise public ledger for the decentralized economy.”

Unlike the Ethereum or Solana networks many popular NFT marketplaces support, the Hedera network doesn’t operate on the blockchain — it uses a blockchain alternative, called hashgraph.

LG is just one of the several corporations that serve as a governing member of the Hedera network, with proponents of the system claiming it’s faster and more efficient than transacting on the blockchain.

LG says it’s going to keep adding NFTs from artists on a “monthly basis,” and that you’ll get to view any NFTs your purchase from the LG Art Lab app.

So what’s the upshot for you? Using an LG TV as a monitor we thought we would install the app and try out the marketplace. Not much to peruse, at this point, perhaps we will remember to check back in a few weeks … after a frenzied bout on the Home Shopping Network.

Global: Apple Plans To Double Its Digital Advertising Business Workforce

Apple plans to nearly double the workforce in its fast-growing digital advertising business less than 18 months after it introduced sweeping privacy changes that hobbled its bigger rivals in the lucrative industry.

The iPhone maker has about 250 people on its ad platforms team, according to LinkedIn.

According to Apple’s careers website, it is looking to fill another 216 such roles, almost quadrupling the 56 it was hiring in late 2020.

Apple disputed the figures but declined to elaborate.

The digital ads industry has been on edge about Apple’s advertising ambitions since it launched privacy rules last year that disrupted the $400bn digital ads market, making it difficult to tailor ads to Apple’s 1bn-plus iPhone users.

Since the policy was introduced, Facebook parent Meta, Snap, and Twitter have lost billions of dollars in revenue – and far more in market valuation, although there have been additional contributing factors. "

It was really almost like a global panic," said Jade Arenstein, global service lead at Incubeta, a South Africa-based marketing performance company, of the impact of Apple’s changes.

Meanwhile, Apple’s once-fledgling ads business is now “incredibly fast-growing,” according to a job ad.

The business has gone from just a few hundred million dollars of revenue in the late 2010s to about $5bn this year, according to research group Evercore ISI, which expects Apple to have a $30bn ads business within four years.

So what’s the upshot for you? And as we’ve hinted in previous updates, soon you could have a pocket full of ads…

Global: Announcing Google’s Open Source Software Vulnerability Rewards Program

Last week Google’s Open Source Software Vulnerability Rewards Program was launched to reward discoveries of vulnerabilities in Google’s open source projects.

As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world.

With the addition of the Open Source Software Vulnerability Rewards Program to our family of Vulnerability Reward Programs, researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem.

To focus efforts on discoveries that have the greatest impact on the supply chain, we welcome submissions of:

  • Vulnerabilities that lead to supply chain compromise

  • Design issues that cause product vulnerabilities

  • Other security issues such as sensitive or leaked credentials, weak passwords, or insecure installations.

So what’s the upshot for you? The important bit. Depending on the severity of the vulnerability and the project’s importance, rewards will range from $100 to $31,337.

US: Back to School in LA

The Los Angeles Unified School District has confirmed it was hit by a ransomware attack that is causing ongoing technical disruptions.

LA is the second largest school district in the U.S. after the New York City Department of Education.

The LAUSD serves over 600,000 students spanning from kindergarten through 12th grade at over 1,000 schools and employs more than 26,000 teachers.

The district said on Monday that it was hit by a cyberattack over the weekend, which it later confirmed was ransomware.

Although the attack caused “significant disruption” to LAUSD’s infrastructure, the district said it resumed classes today (Tuesday) – after observing Labor Day on Monday – while it worked to restore impacted services.

LAUSD said that it does not expect technical issues to impact transportation, food or after-school programs, but noted that “business operations may be delayed or modified.”

It warned that ongoing disruptions include “access to email, computer systems, and applications,” while a post from Northridge Academy High, a school in the district, confirmed that teachers and students might be unable to access Google Drive and Schoology, a K-12 learning management system, until further notice.

So what’s the upshot for you? It’s like a snow day in LA! We can’t imagine the kids are too upset by this one…

Global: Wait for it! USB 4 Version 2.0 Announced With 80 Gbps of Bandwidth

Key characteristics of the updated USB4 solution include:

  • Up to 80 Gbps operation, based on a new physical layer architecture, using existing 40 Gbps USB Type-C passive cables and newly-defined 80 Gbps USB Type-C active cables.
  • Updates to data and display protocols to better use the increase in available bandwidth.
  • USB data architecture updates now enable USB 3.2 data tunneling to exceed 20 Gbps.
  • Updated to align with the latest versions of the DisplayPort and PCIe specifications.
  • Backward compatibility with USB4 Version 1.0, USB 3.2, USB 2.0 and Thunderbolt™ 3.

So what’s the upshot for you? in another 10 years this will seem so slow, but for right now, wow!

Outer Space: With the Holidays coming, True Privacy for those annoying Family Members

The James Webb Space Telescope — already famous for its mesmerizing images of the cosmos — has done it again.

The telescope has captured the first unambiguous evidence of carbon dioxide in the atmosphere of a planet outside the Solar System.

For a little more than eight hours on 10 July, the infrared telescope observed the planet called WASP-39b move across the face of its star.

As it did, starlight shone through the planet’s atmosphere where various molecules absorbed specific wavelengths of infrared light.

Astronomers wondered whether carbon dioxide would show up as a telltale blip in the spectrum. “And there it was — just jumping off of the computer screen,” says Natalie Batalha, an astronomer at the University of California at Santa Cruz

Astronomers think that a mixture of carbon dioxide and methane in a planet’s atmosphere could be an indicator of life — a so-called biosignature.

WASP-39b’s signal is “halfway to a good biosignature." Batalha’s team built a model predicting that the planet’s atmosphere also contains water, carbon monoxide and hydrogen sulfide.

So what’s the upshot for you? The Downside? WASP 39b is 200 parsecs from Earth.

A parsec is a unit of distance used in astronomy.

It is exactly 648,000/π astronomical units, or approximately 30.9 trillion kilometers.

You don’t want to be the one to have to drop the unruly family member off there….you’d probably get 67 light-years of “are we there yet?”

NP: Drone over Mt. Everest

Privacy? We felt awful for the gentleman who stopped for a waz after summiting Mt. Everest, only to find a drone filming him at 29,032 feet.
Camera Drone

So what’s the upshot for you? This video proves unequivocally that yes, great feats of adventure always do come with music soundtracks.

…and our quote of the week: “It is what you read when you don’t have to… that determines what you will be when you can’t help it.” Oscar Wilde

That’s it for this week. Stay safe, stay secure, avoid drones, and see you in se7en.