Security News
For the wider population, hacking has become synonymous with nefarious activities because - for the vast majority of people who experience it - it's in a criminal context. Regular Register readers can differentiate between criminal hackers who break the law and ruin people's lives, and hardware and software hackers who ingeniously lash together systems and perform miracles to get things running.
Canadian authorities have found that the collection of facial-recognition data by Clearview AI is illegal because it violates federal and provincial privacy laws, representing a win for individuals' privacy and potentially setting a precedent for other legal challenges to the controversial technology. A joint investigation of privacy authorities led by the Office of the Privacy Commissioner of Canada came to this conclusion Wednesday, claiming that the New York-based company's scraping of billions of images of people from across the Internet represented mass surveillance and infringes on the privacy rights of Canadians, according to a release the Office posted online.
Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency, and the U.S. Federal Bureau of Investigation. The illegal internet market specialized in the sales of drugs, counterfeit money, stolen or forged credit card information, anonymous SIM cards, and off-the-shelf malware.
The US Federal Trade Commission and a coalition of 48 state attorneys general on Wednesday filed a pair of sweeping antitrust suits against Facebook, alleging that the company abused its power in the marketplace to neutralize competitors through its acquisitions of Instagram and WhatsApp and depriving users of better privacy-friendly alternatives. Specifically, the lawsuits seek to rescind the acquisitions of Instagram and WhatsApp, spinning off both platforms into independent companies, prohibit Facebook from imposing anti-competitive conditions on software developers, and require the company to seek prior notice and approval for future mergers and acquisitions.
Mass surveillance programs run by the UK, French and Belgian governments are illegal, Europe's top court has decided in a huge win for privacy advocates. The European Court of Justice announced on Tuesday that legislation passed by all three countries that allows the government to demand traffic and location data from internet and mobile providers in "a general or indiscriminate way" breaks EU data privacy laws - even when national security concerns are invoked.
It's been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn't sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group. Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, "Which effectively ended the NSA's bulk telephony metadata collection program," according to the panel.
A U.S. federal appeals court ruled that the controversial National Security Agency mass surveillance program exposed in 2013 was illegal - and may have even been unconstitutional. The call comes seven years after former NSA contractor and whistleblower Edward Snowden outed the mass surveillance program, which enabled snooping in on millions of American's phone calls, in a bombshell leak that drew widespread worries about privacy.
Denmark's top foreign intelligence chief has been suspended for spying on Danish citizens illegally for up to six years after a whistleblower released a trove of documents to government regulators. In a press release yesterday, the independent regulator of the Danish security services said it had received information from a whistleblower in November that revealed the country's foreign intelligence service "Had withheld key and crucial information," and given "Incorrect information on matters relating to the collection of the service and disclosure of information."
ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issueing valid commands to dispense currency. "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the cash and check deposit module and the host computer. An attacker with physical access to internal ATM components can intercept and modify messages, such as the amount and value of currency being deposited, and send modified messages to the host computer," the CERT Coordination Center at Carnegie Mellon University explained the root of CVE-2020-9062.
Police in Germany have arrested 32 people and detained 11 after nationwide raids targeting users of an illegal online platform, prosecutors in Frankfurt and Bamberg said Wednesday. More than 1,400 police were involved in the raids in 15 of Germany's 16 states and in neighbouring Austria and Poland on Tuesday, said prosecutors in Bamberg, in the southern state of Bavaria.