“Ipsa scientia potestas est,” 16th-century philosopher and statesman Sir Frances Bacon famously wrote in his 1597 work, Meditationes Sacrae. Knowledge itself is power. The aphorism, cliché as it may be, takes on a palpable truth in times of war.
Just ask the people of Mariupol, a city in southeastern Ukraine, where Russia’s devastating attacks have cut off the flow of information in and out of the city. Meanwhile, in Russia, the government has banned Facebook and Instagram amid its crackdown on news without the state’s stamp of approval. But as we explained this week, building a full China-style splinternet is far more difficult than the Kremlin might like to admit.
We further explored the power of information—and the power to keep information secret—this week with a look at a new idea for creating digital cash in the US—no, not Bitcoin or any other cryptocurrency. Actual digital cash that, crucially, has the same built-in privacy as the bills in your actual wallet. We also dove into the pitfalls of knowing where your children and other loved ones are at any moment through the use of tracking apps, which you should probably stop using. And following last week’s approval of the Digital Markets Act in Europe, we parsed the tricky business of forcing encrypted messaging apps to work together, as the law requires.
To round things out, we got our mitts on some leaked internal documents that shed new light on the Lapsus$ extortion gang’s Okta hack. And we took a look at how researchers used a decommissioned satellite to broadcast hacker TV.
But that’s not all, folks. Read along below for the rest of the top security stories of the week.
The advent of technology in our lives has led us down a very deep and spiraling rabbit hole from which, barring catastrophic global events, there is no real way out. The story above is just another example of how technology has certain loopholes that may not be apparent on its face. Before reading this article, I had no knowledge of the hacker group known as Lapsus$, I also had no knowledge of the Okta hack they performed earlier this year. This information worries me because it apparently is not hard to, given the right knowledge, hack into some of the most security-conscious companies in the world. This raises so many more questions than it does answers. In the case of Apple and Facebook(Meta), if they can be so easily fooled by a false emergency data request (EDR) while simultaneously stating that they have systems in place to help verify such requests, who are we supposed to believe. Clearly, we have anecdotal evidence that proves just the opposite. Did they simply approve the request because it was sent from an unknowingly compromised police system? If that is the case, such an explanation directly counters their claim to have ways of verifying these requests. How do they verify these requests? This one situation could open the door to an innumerable amount of false EDR requests being pinged from compromised police systems or worse even, this could lead to a delay in EDR requests being approved as they will need time to verify them. This, in turn, would lead to more harm coming to someone who is actually in imminent danger.
In an age of widely sought-after data, data is more valuable than gold these days. User-tracked data across social media platforms and other website platforms are used by corporations to target advertisements to users or to keep for other means of efficiencies such as password saving or any identification that is saved for the ease of use by the consumer. While user data is extremely valuable to companies, the data is kept in data servers that can easily be hacked into. This article shows a method that hackers used to hack into Apple and Meta’s data to get user information. If these companies can get so easily fooled into giving away user data by acting like cops, they have no business storing or even collecting data in the first place. The data that is stored in these server rooms are sensitive to being hacked. They have constantly been hacked by individuals who are trying to get their hands on valuable data. I personally believe these big companies should not be allowed to monitor their users at all. I frankly think it is an invasion of privacy that is the most dangerous for monitoring in this day in age, given the ease of data leaks. What is an even scarier thought is that Russians who work under Vladimir Putin, are always on the prowl to obtain U.S. intelligence. Russians have exponentially increased their hacking attempts on U.S. companies, governments, and individuals. These multi-billion dollar companies such as Apple and Meta should be banned from collecting and storing user data as they cannot be trusted to be kept from leaks. If my data were to be hacked I would want it to be from my own mistakes not from a company I never gave explicit consent to collect my data. These companies had a supposed method of verifying EDR requests, but it did not work. The hackers used EDRs to trick Apple and Meta into giving them consumer information. A bit too easy if you ask me.
In a world of technological advances and a digitized society, individual privacy is becoming harder and harder to contain especially with much of our information already out there on the internet and social media. For one of this week’s blog comments I chose to read article about how fake cops pulled off scamming the worlds leading technological firm as well as Zuckerburg’s Metaverse. These hackers pulled off this feat in an extremely simple manner that can easily be abused by any hacker with basic information. The hackers posed as fake police officers and claimed EDR’s (Emergency Data Requests) from Apple as well as Meta. EDR’s are used by law enforcement in order to access private data from users who may be putting another individual(s) in danger, usually claimed when someone has been abducted or someone is holding someone hostage. The hackers took access of police systems in order to send fraudulent EDR’s to both Apple and Meta.
These forged EDR’s allowed the hackers to access basic data provided to both Apple and Meta such as the consumers residence address, IP address, phone number, etc. In order to access such info you usually need a search warrant, however in the case of EDR’s no such warrant is needed. A scary fact to know that your information could just be given away upon request, an even scarier fact to know that these companies have access to this info and can dig even deeper and acquire all your personal data. Breach of privacy in regard to personal data being leaked by companies you are affiliated with is a much more common phenomenon then you would imagine. For example in recent days tik tok has been in the spotlight for breaching various privacy laws and were found to be data harvesting. As a Chinese based company this is very alarming to the United States as most of tik tok’s community is based in the U.S. With tensions being so volatile between both nations, this is a prime example of the harmful effects data breaches can have on individuals and a community.
This article is a prime example as to why you should keep your personal data private and off of a computer or phone. With a new wave of technological advances and extraordinary innovation, we see a rapid increase in incorporating technology into our everyday life. Cars being built today primarily function through a computer chip, we carry our phones with us constantly throughout the day, and the world is seeing a shift from storing information on paper to keeping it on a computer or phone. While this may seem like an advantage due to how easily accessible it is, this is the exact reason why we cannot fully rely on technology just yet. Information may seem like it is secure on a device, but it is at a high risk of being taken by online hackers. These hackers will then sell your information to buyers, further exposing your personal data to others. If we want to shift into a world surrounded by technology in the near future, these problems have to be fixed or avoided. When everything was done on paper, there was no concern on your information being taken since you owned the only physical document. Along came technological advances and the world was shocked how easy everything could be if all of your documents could be stored on one device. But along with accessibility comes risk. By having all of your data on one device, it makes it easier to be stolen by hackers. Ways we could solve this include being smarter about where we enter our private information, as well as new innovations being made to protect computers and phones from any unwanted intruders. I will be one of the first to say that technology can propel society into a new way of life for the better. While it appears that technology will be our future, we still have a lot of issues to deal with before making a total change.