Facebook Scandal Settlement, BTC.com Cyber Attack, BitKeep Trojans
Facebook enters into a settlement related to the Cambridge Analytica scandal
Facebook has agreed to pay $725 million as a penalty to settle a long-running legal battle related to the sale of user data to the now-defunct Cambridge Analytica. During US 2016 polls, Cambridge Analytica exploited the data to request information such as page likes, DoBs, gender, locations and political interests using a survey app called “thisisyourdigitallife”. The procedure was considered illegal because it was carried out for political advertising without the consent of Facebook’s users. The proposed settlement is pending approval by San Francisco’s U.S. District Court.
(Insider on cyber security)
BTC.com lost $3 million in cyber attack
One of the world’s largest crypto mining pools, BTC.com, discovered on December 3 that it was the victim of a cyber attack that resulted in the theft of approximately $3 million worth of crypto assets. Around $700,000 worth of the stolen crypto was owned by customers, while $2.3 million in digital assets is owned by the company. BTC.com reported the incident to Chinese authorities and says it has recovered some of the stolen funds. The company says it has taken steps to block such attacks in the future, but has not disclosed whether any data was affected as a result of the incident.
Hackers use Trojans to steal $8 million from BitKeep users
Several BitKeep crypto wallet users reported that their wallets were emptied over Christmas after hackers triggered transactions that did not require verification. BitKeep is a decentralized multi-chain web3 DeFi wallet used by over eight million users worldwide. The incident appears to have affected users who downloaded an unofficial and trojanized version of the BitKeep app. Affected users should create a new wallet address after downloading the official apps from Google Play or App Store and then transfer their money to it. Losses are expected to increase due to delays in users noticing and reacting to the incident due to the attack occurring during the holiday season.
Military device containing PII sold on eBay
More than ten years ago, the US military last used its Secure Electronic Enrollment Kit (SEEK II) in Afghanistan to scan fingerprints and irises. Back in August 2022, German security researcher Matthias Marx bought the thick black rectangular device on eBay for $68. The device included a memory card containing PII for more than 2,600 people, including names, nationalities, photos and biometric data. Most of the information belongs to those classified as terrorists or wanted persons, but some information belongs to other civilians. The Ministry of Defense said the hardware should have been destroyed on site as soon as it became obsolete and requested that it be returned. One of the sellers told the New York Times that the company bought the device at a public equipment auction.
And now a word from our sponsor, Tines
TikTok used its app to spy on journalists
Employees at TikTok’s Chinese parent company, ByteDance, tracked IP addresses of journalists who used TikTok to try to determine whether they were in the same location as employees suspected of leaking confidential information. According to an internal email from ByteDance’s general counsel, at least four employees based in both the US and China improperly accessed the data. All four have been fired and company officials said they were taking additional steps to protect user data.
J. Robert Oppenheimer cleared of 68-year-old charges
Nearly 70 years after his security clearance was revoked by the Atomic Energy Commission (AEC) on suspicion of being a Soviet spy, renowned Manhattan Project physicist J. Robert Oppenheimer has finally received some form of justice. In 1954, Oppenheimer was subjected to security hearings over his alleged communist ties, and was ultimately found not guilty of treason, but he was judged “not trustworthy or reliable” and was deprived of access to military secrets. The hearings seriously damaged the reputation of the accomplished physicist. US Energy Secretary Jennifer M. Granholm released a statement voiding the controversial decision against Oppenheimer, declaring that it was the result of a biased and flawed process that violated the AEC’s own regulations.
EarSpy attacked eavesdropping on phones via motion sensors
A team of researchers from several American universities has developed a side-channel eavesdropping attack for Android devices, called EarSpy. Researchers used the ‘Physics Toolbox Sensor Suite’ to capture reverberation from the ear speaker of Android devices and then fed it to MATLAB for analysis. A machine learning (ML) algorithm was then used to recognize speech content, caller identity and gender. Using this approach, researchers correctly identified caller gender between 77.7% and 98.7% of the time, caller ID classification ranged between 63.0% and 91.2%, and speech recognition ranged between 33.3% and 56 .4%. Not surprisingly, user movement and lowering the ear speaker volume resulted in lower accuracy.
Piers Morgan’s Twitter account abuses Queen and Ed Sheeran in apparent hack
On Tuesday, the Twitter account of former Good Morning Britain (GMB) host Piers Morgan was deleted for much of its content amid reports that it had been hacked. On Monday evening, Morgan’s account shared posts containing false information, racial slurs and abusive messages directed at the late Queen Elizabeth II and singer Ed Sheeran. The incident comes on the heels of UK Education Secretary Gillian Keegan’s account apparently being hacked on Christmas Day. Morgan has yet to publicly address the apparent hack, and his other social media accounts appear to be functioning normally.