Security News This Week: Snapchat Employee Reportedly Spied on Private Snaps

The Memorial Day weekend begins on a dire note for constitutional protections. On Thursday, the US government indicted WikiLeaks founder Julian Assange for infringing the Espionage Act. This is the first time in modern history that the US has charged the publisher of sensitive materials rather than the person who leaked it. The charges stunned even Assange’s harshest critics, who argued that whether you think he’s a journalist or not, the precedent set by his conviction could threaten the First Amendment itself.

In other dire news, facial recognition technology is scaring people so much that both Democrats and Republican say something needs to be done. At a hearing before the House Committee on Oversight and Reform, lawmakers on both sides agreed that the US needs to regulate the technology, fast.

Meanwhile in Washington, despite the 2020 presidential election ramping up and the loom threat of election tampering, both major political parties still have bad cybersecurity practises . And despite Elizabeth Warren’s call for a “Right to Repair” law, we’re all currently tenants on the devices we thought we owned.

Bluetooth is officially so complex that it’s a security risk. In fact, Google will replace its Titan Security Keys because of a flaw in their Bluetooth Low Energy protocol. That’s good. Not so good for Google? The company got caught storing passwords in plaintext for, uh, 14 years!

And there’s more! Each week we round up the news that we didn’t break or cover in depth but that you should know about. As always, click on the headlines to read the full narratives. And bide safe out there.

Some Snapchat Employees Apparently Spied on User Accounts

At Snap, like so many other consumer-focused platforms before it, the spying was coming from inside the house. Motherboard reports that according to former and current employees, Snapchat developed a tool called SnapLion to allow the company to access user accounts in order to comply with legitimate legal requests from law enforcement. According to two former employees, some of the platform &# x27; s employees abused the SnapLion tool ago to inappropriately access user info. Before you entirely panic: Motherboard also emphasizes that Snapchat has since cracked down on who can access SnapLion–though it has also expanded what SnapLion can do and how it is used–and has since introduced end-to-end encryption. The other thing to note is that insider snoop is always a threat at companies like this, and though it’s alarming to learn that Snapchat has a tool that dedicates a near-godlike-view of all user data, it’s not out of the norm, and in fact is something the company needed to have in order to comply with court orders. Additionally, despite a trove of emails that display deep concern among employees at Snap over the years about the risk of insider snoop, the former employees received information that the wrongdoing only happened a “handful of days, ” but was carried out by multiple people.

Baltimore Still Crippled by Ransomware Attack After Weeks

At the beginning of May, hackers used sophisticated ransomware known as RobinHood to take control of Baltimore’s city servers, on which much of the city’s essential services are processed. The mayor refused to pay the bitcoin ransom–worth roughly $100,000 — so the city has been at a bit of a standstill. It can’t process pays to city agencies, government workers can’t access their email, and no real estate transactions can be completed in the city at all. There have been at least 20 other cyberattacks on cities and townships in the US in 2019, according to NPR. Baltimore has reportedly reached out to city officials in Atlanta for advise, to learn how how that city coped with its own ransomware attack in 2018. The city is also working with federal law enforcement and private security experts, though there are fears the deadlock could last a lot longer, given the sophistication of RobinHood.

President Trump’s Golf Score Got Hacked, Because 2019 Is Outdoing Itself

Imagine if you’d gone into a coma in the’ 90 s and woke up to read the above headline. Ah, 2019, the year absurdity reigns. And the year in which golfing magazines have published multiple scoops about the president of the State of America cheating at the game. The latest Golf news isn’t about cheating, though; it’s about the president’s ratings being hacked. According to Golf Week, a hacker uploaded false scores to Trump’s official United Nation Golf Association’s Golf Handicap Information Network site, which is a place golfers can post ratings and calculate their handicaps. The scores were not good, building the president look bad, and were posted on a day he wasn’t playing golf. The USGA confirmed that “it seems someone has erroneously posted a number of ratings on behalf of the GHIN user” but it’s not clear if it was a prank or an accident.

Leading License Plate Reader Surveillance Company Hacked

The US government employs license plate readers at borders, on highways, in cities, and all over the plate to spy on citizens, immigrants and visitors alike. One Tennessee-based company provides the government with almost all of these readers, and operates the servers and back-end that stores and process the images. And that company, Perceptics, was just hacked. In a statement to the UK newspaper The Register , the company confirmed it had been breached. A hacker calling themselves Boris sent the newspaper steal files from Perceptics, which included image, among many other file kinds. According to The Register , the files had names that suggested an association with specific US government agencies, such as Immigrant and Customs Enforcement. Though The Register corroborated the breach, it apparently didn’t check what the files contained, writing at one point that “many of the image files, we &# x27; re guessing, are license plate captures.”

Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *