Kaspersky investigators uncover evidence that may support US claims Moscow was behind attack

A Moscow-based cybersecurity company has reported that some of the malicious code employed against the US government in a cyber-attack last month overlaps with code previously used by suspected Russian hackers.

The findings by Kaspersky investigators may provide the first public evidence to support accusations from Washington that Moscow was behind the biggest cyber-raid against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies.

Related: What you need to know about the biggest hack of the US government in years

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3q9T9V6
via IFTTT

Fraud worries as UK company Now:Pensions says ‘third-party contractor’ posted personal details of clients to online public forum

About 30,000 customers of Now:Pensions face an anxious Christmas after a serious data breach at the pensions provider led to their sensitive personal details being posted on the internet.

In an email sent to affected customers, the workplace pensions firm warned that names, postal and email addresses, birth dates and National Insurance numbers all appeared in a public forum online.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/34EkLJS
via IFTTT

Analysis: NSO Group’s Pegasus spyware could allegedly track locations and access passwords

• Dozens of Al Jazeera journalists allegedly hacked using Israeli firm’s spyware

For almost a year, spyware sold by Israel’s NSO Group was allegedly armed with a computer security super-weapon: a zero-footprint, zero-click, zero-day exploit that used a vulnerability in iMessage to seize control of an iPhone at the push of a button.

That means it would have left no visible trace of being placed on target’s phones, could be installed by simply sending a message that the victim didn’t even need to click on, and worked even on phones that were running the then-latest version of iOS, the operating system for iPhones.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/34yI1ce
via IFTTT

Analysis: trade in stolen data is a boon for investigators and a headache for Kremlin

In early 2019, the journalist Andrey Zakharov managed to buy his own phone records and banking records in a groundbreaking investigation into Russia’s thriving markets in stolen personal data, in which law enforcement and telecoms employees can be contracted anonymously to dip into their systems and pull out sensitive details on anyone.

A year and a half later, investigators from Bellingcat and the Insider used some of the same tools and clever analysis to out a secret FSB team that had been tasked with killing Alexei Navalny using a novichok nerve agent.

Related: Russian FSB hit squad poisoned Alexei Navalny, report says

Related: ‘We got really lucky’: how novichok suspects’ identities were revealed

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3mq7LgW
via IFTTT

UK information commissioner calls for international approach to emerging threat

The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.

Elizabeth Denham, the information commissioner, spoke to Damian Collins MP, the former chair of the digital, culture, media and sport committee, who led the parliamentary enquiry into disinformation, on his podcast Infotagion. She described discovering that Facebook was inside the offices of defunct electioneering consultancy Cambridge Analytica while in the middle of an interview with Channel 4’s Jon Snow.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3kZkMgT
via IFTTT

Peiter Zatko’s appointment follows mass attack on social media platform in July

Twitter has appointed one of the world’s most respected hackers as its new head of security in the wake of a humiliating mass attack in July.

The company has placed Peiter Zatko in charge of protecting its platform from threats of all varieties, poaching him from the payments startup Stripe. Zatko is better known as Mudge, his handle for more than 20 years of operation on both sides of the information security arena.

Related: Why are public thinkers flocking to Substack? | Sean Monahan

Continue reading…

from Data and computer security | The Guardian https://ift.tt/2UAZE5K
via IFTTT

Personal details of more than 400,000 customers accessed by hackers in 2018

British Airways has been fined a record £20m for a data breach in which more than 400,000 customers’ personal details were compromised by hackers in 2018.

The fine is the biggest ever issued by the Information Commissioner’s Office (ICO), but a fraction of the £183m fine initially announced last year. This was reduced after investigators accepted BA’s representations about the circumstances of the attack; and was reduced further to take into account the dire financial position of BA since the onset of Covid-19.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3k5iiOe
via IFTTT

In Privacy Is Power, professor Carissa Véliz has made a shocking survey of how much intimate data we are surrendering. But she has a plan to fight back

“If you’re reading this book, you probably already know your personal data is being collected, stored and analysed,” Carissa Véliz begins, in Privacy Is Power. Her challenge, as a writer and a privacy advocate, is to shake us out of our complacency; to persuade us to see this not as a necessary sacrifice in the digital age, but an intolerable invasion. From the mounting dread I felt while reading Privacy Is Power, I’d say she was successful.

From the moment you wake up and first check your phone, to the marketers that infer your mood from your music choices, to the smart speaker that shares your private conversations, or the television that listens in on them (from the terms and conditions of a Samsung smart TV: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured”), there is nowhere to hide – or even just be – in this hyper-connected hellscape. Corporations can track you both by your face and your digital footprint, your medical records may be handed over to Big Tech, and advertisers may learn of your break-up before you do. In her book, Véliz, a professor at the Institute for Ethics in AI at Oxford University, often veers into the second person, cleverly underscoring her point: it’s impossible not to picture yourself blindly navigating this horror, then you remember – you already are.

Think twice before sharing. Before you post something, think how it might be used against you.

In Japan last year, a man sexually assaulted a pop star, claiming he had found her by analysing reflections in her eyes in photos she had posted online

Related: Government admits breaking privacy law with NHS test and trace

Privacy Is Power: Why and How You Should Take Back Control of Your Data, by Carissa Véliz is published by Bantam Press. To order a copy, go to guardianbookshop.com.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3kPma5K
via IFTTT

The controversial app’s users are ignoring geopolitical battle over its digital security, says Richard Waterworth

TikTok’s UK chief has strenuously denied the video-sharing app, which Donald Trump has threatened to ban, shares data with China.

Richard Waterworth told the Observer that the UK and European arm of TikTok was growing quickly, despite the “turbulent” geopolitical battle in which the Chinese-born app has found itself.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3hpClpd
via IFTTT

UK information commissioner ‘must ensure government uses public’s data safely and legally’

• Coronavirus – latest updates
• See all our coronavirus coverage

A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme.

The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3l3V1x1
via IFTTT