Tag: internet

The dark web’s criminal minds see Internet of Things as next big hacking prize

John Hultquist, vice president of intelligence analysis at Google-owned cybersecurity firm Mandiant, likens his job to studying criminal minds through a soda straw. He monitors cyberthreat groups in real time on the dark web, watching what amounts to a free market of criminal innovation ebb and flow.

Groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when people realize that it works to do damage or to get people to pay. Last year, it was ransomware, as criminal hacking groups figured out how to shut down servers through what’s called directed denial of service attacks. But 2022, say experts, may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

“What I wish is that the vulnerabilities of cybersecurity could never negatively affect human life and infrastructure,” says Meredith Schnur, cyber brokerage leader for US & Canada at Marsh & McLennan, which insures large companies against cyberattacks. “Everything else is just business.”

Keep reading

Government Spending Billions To Expand Broadband but Can’t Tell Who Needs It

In November 2021, Congress passed and President Joe Biden signed the Infrastructure Investment and Jobs Act (IIJA), a $1.2 trillion grab bag of public spending wish list items. One of those projects, the Broadband Equity, Access, and Deployment (BEAD) Program, would expand broadband access to communities that currently lack access to high-speed internet. BEAD would dole out $42.45 billion in state grants, and the Government Accountability Office estimated that the projects could require as many as 23,000 additional telecom workers to complete.

The only problem is that the government currently has no idea where broadband actually is and is not available.

The government defines broadband as any high-speed internet connection that is always on without needing to dial up. According to the text of the IIJA, “Access to affordable, reliable, high-speed broadband is essential to full participation in modern life in the United States,” especially in an era of remote work and Zoom schooling. As such, the law set out to bridge the so-called “digital divide” wherein some rural and low-income communities do not have easy broadband access.

To determine what areas need investment, the government relies on maps from the Federal Communications Commission (FCC). But despite costing $350 million, the FCC’s maps are notoriously unreliable and have been for many years. In 2021, The Washington Post noted the maps are based on census data, so “if even one household in a census block—a statistical area that conveys population data—has broadband available, then the agency considers the entire group served. In rural areas, one block could cover dozens of square miles.” The FCC’s maps also don’t take into account physical impediments, like trees and mountains, which can disrupt wireless signals.

Keep reading

New browser extension replaces Wikipedia pages in search results with Encyclosphere pages

Wikipedia co-founder Larry Sanger has announced the launch of a browser plugin that adds Encyclosphere results, while offering the possibility to remove those from Wikipedia – when performing a search using Google or DuckDuckGo.

Other search engines will be added soon, according to the plugin’s page on Chrome Web Store (also works with Brave). The description also notes that Wikipedia results are removed when there are relevant ones from the Encyclosphere.

Another feature, which Sanger admits in one of the tweets announcing the launch of the extension is likely to be “properly appreciated” only by “techies” is the inclusion of a built-in peer-to-peer encyclopedia reader, which opens articles from WebTorrent, in this way rendering the browser into a network node.

Keep reading

Biden Admin Funds AI To Police Online Language

Government spending records have revealed that the Biden Administration is dishing out more than half a million dollars in grants to fund the development of artificial intelligence that will censor language on social media in order to eliminate ‘microaggressions’.

The Washington Free Beacon reports that the funding was part of Biden’s $1.9 trillion ‘American Rescue Plan’ and was granted to researchers at the University of Washington in March to develop technologies that could be used to protect online users from ‘discriminatory’ language.

Judicial Watch president Tom Fitton compared the move to the Chinese Communist Party’s efforts to “censor speech unapproved by the state,” calling it a “project to make it easier for their leftist allies to censor speech.”

Keep reading

Israel to introduce sweeping online censorship law

The Israeli government has announced that it will adopt recommendations to regulate social media platforms to create a “safer” online environment. The recommendations are similar to the social media rules in the EU’s Digital Services Act (DSA), which will take effect next year.

Outgoing Communications Minister Yoaz Hendel announced that Israel would adopt recommendations made by the committee for examining legislation on online social media platforms, which was formed in October 2021. The committee, which was led by the Communications Ministry director-general Liran Avisar Ben-Horin, was created to find solutions to tackle the regulatory and ethical questions related to social media.

“This is an unregulated space where negative and harmful social phenomena have emerged,” said Hendel, as reported by the Times of Israel. “Legal responsibility needs to be applied to digital platforms in relation to the distribution of illegal sexual content, incitement to violence and terrorism, and more.”

“The step we are taking today brings us closer to a more protected and safer online space while preserving freedom of expression.”

The committee recommended that social media companies should be obligated to immediately remove illegal and offensive content, create an online hotline for reporting offensive and illegal content, create a system where users can appeal censorship and suspension decisions, and be more transparent.

Courts will be given the power to issue content removal orders, and a social media regulator will be created. Platforms operating in Israel will be required to set up offices in Israel.

Keep reading

New web tracking technique is bypassing privacy protections

Advertisers and web trackers have been able to aggregate users’ information across all of the websites they visit for decades, primarily by placing third-party cookies in users’ browsers.

Two years ago, several browsers that prioritize user privacy—including Safari, Firefox, and Brave—began to block third-party cookies for all users by default. This presents a significant issue for businesses that place ads on the web on behalf of other companies and rely on cookies to track click-through rates to determine how much they need to get paid.

Advertisers have responded by pioneering a new method for tracking users across the Web, known as user ID (or UID) smuggling, which does not require third-party cookies. But no one knew exactly how often this method was used to track people on the Internet.

Researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher. CrumbCruncher navigates the Web like an ordinary user, but along the way, it keeps track of how many times it has been tracked using UID smuggling.

The researchers found that UID smuggling was present in about 8 percent of the navigations that CrumbCruncher made. They presented these results at the Internet Measurement Conference Oct. 25 to 27, 2022 in Nice, France. The team is also releasing both their complete dataset and their measurement pipeline for use by browser developers.

The team’s main goal is to raise awareness of the issue with browser developers, said first author Audrey Randall, a computer science Ph.D. student at UC San Diego. “UID smuggling is more widely used than we anticipated,” she said. “But we don’t know how much of it is a threat to user privacy.”

UID smuggling can have legitimate uses, the researchers say. For example, embedding user IDs in URLs can allow a website to realize a user is already logged in, which means they can skip the login page and navigate directly to content. It’s also a tool that a company that owns websites with different domains can use to track user traffic.

It’s also, of course, a tool for affiliate advertisers to track traffic and get paid. For example, a blogger who advertises a product using affiliate links might be paid a commission if anyone clicks their links and then makes a purchase. UID smuggling can identify which blogger should get the commision.

But there are potentially more dangerous uses that researchers worry about. For example, a data broker could use UID smuggling to gather a database of users’ Internet navigation.

Keep reading

Major Web Browsers Drop Mysterious Authentication Company After Ties To US Military Contractor Exposed

This week several major web browsers quickly severed ties with a mysterious software company used to certify the security of websites, three weeks after the Washington Post exposed its connections to a US military contractor, the Post reports.

TrustCor Systems provided ‘certificates’ to browsers to Mozilla Firefox and Microsoft Edge, which vouched for the legitimacy of said websites.

“Certificate Authorities have highly trusted roles in the internet ecosystem and it is unacceptable for a CA to be closely tied, through ownership and operation, to a company engaged in the distribution of malware,” said Mozilla’s Kathleen Wilson in an email to browser security experts. “Trustcor’s responses via their Vice President of CA operations further substantiates the factual basis for Mozilla’s concerns.”

According to TrustCor’s Panamanian (!?) registration records, the company has the same slate of officers, agents and officers as Arizona-based Packet Forensics, which has sold communication interception services to the U.S. government for over a decade.

One of those contracts listed the “place of performance” as Fort Meade, Md., the home of the National Security Agency and the Pentagon’s Cyber Command.

The case has put a new spotlight on the obscure systems of trust and checks that allow people to rely on the internet for most purposes. Browsers typically have more than a hundred authorities approved by default, including government-owned ones and small companies, to seamlessly attest that secure websites are what they purport to be. -WaPo

Also of concern, TrustCor’s small staff in Canada lists its place of operation at a UPS Store mail drop, according to company executive Rachel McPherson, who says she told their Canadian staffers to work remotely. She also acknowledged that the company has ‘infrastructure’ in Arizona as well.

McPherson says that ownership in TrustCor was transferred to employees despite the fact that some of the same holding companies had invested in both TrustCor and Packet Forensics.

Various technologists in the email discussion said they found TrustCor to be evasive when it came to basic facts such as legal domicile and ownership – which they said was not appropriate for a company responsible for root certificate authority that verifies a secure ‘https’ website is not an imposter.

Keep reading

CIA VENTURE CAPITAL ARM PARTNERS WITH EX-GOOGLER’S STARTUP TO “SAFEGUARD THE INTERNET”

TRUST LAB WAS founded by a team of well-credentialed Big Tech alumni who came together in 2021 with a mission: Make online content moderation more transparent, accountable, and trustworthy. A year later, the company announced a “strategic partnership” with the CIA’s venture capital firm.

Trust Lab’s basic pitch is simple: Globe-spanning internet platforms like Facebook and YouTube so thoroughly and consistently botch their content moderation efforts that decisions about what speech to delete ought to be turned over to completely independent outside firms — firms like Trust Lab. In a June 2021 blog post, Trust Lab co-founder Tom Siegel described content moderation as “the Big Problem that Big Tech cannot solve.” The contention that Trust Lab can solve the unsolvable appears to have caught the attention of In-Q-Tel, a venture capital firm tasked with securing technology for the CIA’s thorniest challenges, not those of the global internet.

The quiet October 29 announcement of the partnership is light on details, stating that Trust Lab and In-Q-Tel — which invests in and collaborates with firms it believes will advance the mission of the CIA — will work on “a long-term project that will help identify harmful content and actors in order to safeguard the internet.” Key terms like “harmful” and “safeguard” are unexplained, but the press release goes on to say that the company will work toward “pinpointing many types of online harmful content, including toxicity and misinformation.”

Keep reading

The UK plots to ban private messaging

UK’s media regulator Ofcom will get more surveillance powers than spy agencies under the Online Safety Bill, according to a legal analysis by the Index on Censorship organization.

The legislation would allow Ofcom to force tech companies to clamp down on “child abuse” and “terrorist content” by ending end-to-end encrypted messaging platforms like WhatsApp, Signal, Telegram, and Facebook Messenger and force all communications to be scanned.

Human rights lawyer Matthew Ryder, in a legal opinion commissioned by Index on Censorship, said that the powers that Ofcom would be afforded by the bill allow “allow the state to compel [tech companies] to carry out surveillance of the content of communications on a generalized and widespread basis.”

The regulator would not need prior authorization before making a demand to a tech company to scan messages and there would be no independent oversight over how the regulator uses its powers.

Ryder added: “We are unable to envisage circumstances where such a destructive step in the security of global online communications for billions of users could be justified.”

Communications by journalists, whistleblowers, and victims would no longer be safe. Additionally, it is not clear if Ofcom would make public the demands it issues or whether it would keep them secret.

Keep reading

Two Far-Right Websites Attributed to David DePape to Smear Conservatives Were FABRICATED – They Were Created Friday and Deleted Saturday

The mainstream media attributed two websites to the man arrested with Paul Pelosi on early Friday morning, David DePape.  However, this all appears to be another far-left farce.

David DePape was found with Paul Pelosi early Friday morning in his underwear at the Pelosi home by police in San Francisco.  The mainstream media immediately tried to cover for the Pelosi family.  They then attempted to align the man in his underwear found with Paul Pelosi as a conservative.  But it was all a lie.

There are numerous questions related to this case already.

In addition, the media tried to frame DePape as a conservative based on websites that were reportedly his.  DePape was homeless and a drug addict but the media insisted he was running a conservative website?  Makes perfect sense.

FOX News reported on the websites reportedly connected to DePape:

Facebook disabled DePape’s profile early Friday and declined to answer questions. At least two online blogs under DePape’s name are stocked with posts from the years of 2007 and 2022 speaking of “censorship,” “Big Brother,” and pedophiles. One contained calls for violence and antisemitic content. It was not immediately clear that he was responsible for the posts, and San Francisco police did not immediately respond to questions about DePape’s online presence.

The LA Times also reported as well on the websites.

In the months before police accused him of attacking House Speaker Nancy Pelosi’s husband Friday morning, David DePape had been drifting further into the world of far-right conspiracies, antisemitism and hate, according to a Times review of his online accounts.

In a personal blog that DePape maintained, posts include such topics as “Manipulation of History,” “Holohoax” and “It’s OK to be white.” He mentioned 4chan, a favorite message board of the far right. He posted videos about conspiracies involving COVID-19 vaccines and the war in Ukraine being a ploy for Jewish people to buy land.

DePape’s screeds included posts about QAnon, an unfounded theory that former President Trump is at war with a cabal of Satan-worshipping elites who run a child sex ring and control the world. In an Aug. 23 entry titled “Q,” DePape wrote: “Either Q is Trump himself or Q is the deepstate moles within Trumps inner circle.”

Keep reading