Category Archives: information security

Fake Comments: How U.S. Companies & Partisans Hack Democracy to Undermine Your Voice

This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of U.S. democracy — the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens.

This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones.

The big telecommunications companies paid millions of dollars to specialist “AstroTurf” companies to generate public comments. These companies then stole people’s names and email addresses from old files and from hacked data dumps and attached them to 8.5 million public comments and half a million letters to members of Congress. All of them said that they supported the corporations’ position on something called “net neutrality,” the idea that telecommunications companies must treat all Internet content equally and not prioritize any company or service. Three AstroTurf companies — Fluent, Opt-Intelligence and React2Media — agreed to pay nearly $4 million in fines.

Read more

https://www.washingtonpost.com/outlook/2021/05/20/ai-bots-grassroots-astroturf/

Good Read: 2020 Cybersecurity Trends to Watch

The wheels of 2020’s biggest cybersecurity threats have already been set motion. Mobile, the cloud and artificial intelligence, to name a few, are trends that will continue to be exploited by criminals. Couple that with the rapid growth of software development and a cybersecurity skills shortage and that should be enough to keep security pros on their toes.

Here is what experts say the year ahead in cybersecurity has in store. Reference

https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/

Mobile will become a primary phishing vector for credential attacks in 2020. “Traditional secure email gateways block potential phishing emails and malicious URLs, which works for protecting corporate email from account takeover attacks, but neglects mobile attack vectors, including personal email, social networking, and other mobile centric messaging platforms such as secure messaging apps and SMS/MMS,” according to Lookout security experts.

CyberSecurity: Why every app needs to know your location?

Just a few days back, Me & my friend was planning to go to Chipotle for Lunch. We both love Chipotle. We have been to Chipotle before. Just a few months back & Restaurant was little bit far away. So I asked him to go near by this time. While we were discussing, we both try to search the same Chipotle nearby. Interesting, For me Google shows nearby but for my friend, It shows up 15 KM away. Same google search.

He asked me why does google not show chipotle near by? The interesting thing is google didn’t show Chipotle which is near to us but showing the results where we have been before. It is not about search. It is about your location data. Google knows where your are & Where you have been before?
The truth is Google track your location even if you are offline.

So, What’s the big deal of Location Data?

Well, Applications have all your data. Very very sensitive data your health records, your home address & every details about you. Apps have penetrated successful in life & collected your data that we have come to the situation where apps know more about you than you know about yourself. Experts call it surveillance economy.

But question is Why is location data have more security concern? Isn’t like any other data? Well, Yes it is important because Home address, email etc are one & permanent address & do not change frequently. You can be out of home & close email etc. However, Keep an eye on location data means Someone following you wherever you go & you can’t stop them. Your smartphone is a spy device & you are carrying willingly allowing apps to track you.

Cyber experts always say the privacy isn’t something you own it or controlled it. However, If some app actually needs it then it makes sense. For example, If I want to take a cab. I wish to get my location by Uber or Lyft automatically. However, These apps should not track my location all the time. My location data would be used for commercial as well & This is perfectly alright up-to some extent.

However, torch, Health apps, photo scanner etc trying to collect your location data does not make sense.

Why these apps know about location?

It’s all about showing relevant content & ads to the users. And, One of the reason is that companies like Apple, Facebook, Amazon & Google are trying to reduce the gaps between offline & online world. Let’s if Google knows what kind of stores you have been visiting & same data shared with Amazon. They can target you & show personalized content, offer etc.

If weather apps can share your location data with facebook or other restaurants & facebook can start showing up ads accordingly. In general, Fee apps (Nothing is free as such) are more aggressive in collecting data & selling to companies like Facebook, Amazon etc.

How to put safety guards?

Android & iOS both operating systems supports apps level permission & settings. iOs devices have easy settings where user can modify apps behaviour & allow to collect location data when you are using it.

Google does have guide to change the apps permission.

https://support.google.com/android/answer/6179507


CyberSecurity: EMV enabled credit cards does not stop fraud!

State bank of India asked their customer to get rid of a conventional swipe card and replace with EMV enabled chip cards. EMV Chips are considered to be safer & prevent credit/Debit cards fraud.

FYI: EMV stands for ‘Europay MasterCard Visa’ while the PIN is an acronym for the personal identification number.

Purpose of EMV

In theory, EMV should reduce fraud because every card transaction requires an encrypted connection between the chip card and the merchant’s point-of-sale terminal. EMV is meant to replace conventional swipe transactions that rely on magnetic strips, which contain data that is relatively easy for criminals to intercept and then copy on to a new card.

Reality of EVM

new report from the research firm Gemini Advisory has found that, of more than 60 million cases of credit card theft in the last 12 months, a whopping 93% of the stolen cards had the new chip technology.

This represents a major setback for the technology, known as the EMV standard, which is named after the companies (Europay, Mastercard and Visa) that created it.

“45.8 million…records [were] likely compromised through card-sniffing and point-of-sale (POS) breaches of businesses such as Saks, Lord & Taylor, Jason’s Deli, Cheddar’s Scratch Kitchen, Forever 21, and Whole Foods. To break it down even further, 90% or 41.6 million of those records were EMV chip-enabled,” states the report.

How fraud is still possible?

While the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems. This is the problem where banks & merchants are not configuring their systems and keep the system vulnerable.

What is the use of stolen Data?

There are multiple ways cybercriminals use stolen data. First & easy way is to sell these credit cards number in the dark web. A market full of criminals & isn’t public web or apps. The second method is that They create the replica of these cards & use it to withdraw money.

Reference:

http://fortune.com/2018/11/05/credit-card-chips-fail-to-halt-fraud-survey-says/