Weekly Security Update: US Establishes Central Marketplace to Procure User Data

Weekly Security Update: US Establishes Central Marketplace to Procure User Data

This week, our website released our Rogue's Issue, during which our senior correspondent, Andy Greenberg, traveled to Louisiana to examine the feasibility of recreating a 3D-printed gun. The prototype, authorities claim, was found on Luigi Mangione, a suspect arrested for the murder of UnitedHealthcare's CEO. Greenberg found the process was both feasible and legal.

On Wednesday, multiple international authorities, including the US, Europe, and Japan, disclosed the disruption of Lumma, a notorious infostealer malware. Known for stealing sensitive data such as passwords, banking information, and cryptocurrency wallet details, Lumma's infrastructure was taken down, with Microsoft's Digital Crime Unit playing a significant role in the operation.

A large, previously undisclosed database containing over 184 million records was taken down this week. The database, discovered by security researcher Jeremiah Fowler, reportedly contained 47 GB of data from various tech giants, including Amazon, Google, Microsoft, and Twitter.

In other news, the US accused 16 Russian nationals of operating the DanaBot malware, which authorities allege was employed in a diverse range of attacks, from ransomware to espionage. Additionally, a recent webinar revealed a major venture capitalist's involvement in activating Starlink satellite internet for Israel following a Hamas attack.

Elsewhere in security and privacy news this week:

• The US intelligence community reportedly plans to create an intelligence marketplace that could employ AI tools to sift through people's personal data. This could offer insights into their behaviors, religious, and political beliefs, as well as precise location information, potentially exploiting a loophole in US privacy law. Federal lawmakers attempted to ban the US government from purchasing commercially accessible information last year, but the Senate rejected the legislation.
• Researchers have confirmed that the Careto hacking group, discovered by Kaspersky in 2014, was likely working for the Spanish government. Careto targeted victims across Europe and Cuba, with a particular focus on Cuba due to its hosting of Spanish separatist group members designated as terrorists by several European countries.
• Signal, the encrypted messaging app, has introduced a new feature to block Microsoft's Recall feature, which constantly archives screenshots of Windows users' activity. The Recall feature remains a significant privacy concern, even after Microsoft scaled back its rollout in response to criticism.
• Russia's Fancy Bear hacker group, famous for its role in the 2016 US election, has reportedly been targeting technology and logistics firms providing aid to Ukraine. The group is accused of targeting over 10,000 security cameras in countries close to Ukraine, including military facilities, border crossings, and train stations.
• The US charged Russian national Rustam Gallyamov over the Qakbot malware, which was widely used by ransomware gangs and infected hundreds of thousands of computers, earning the gangs approximately $8.6 million. According to the Department of Justice, over $24 million was seized from Gallyamov during the investigation. The Qakbot case comes after the August announcement of an international operation against the malware, led by former US attorney general Merrick Garland. The operation involved Europol, as well as prosecutors and law enforcement agencies from France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom, among others. Agencies from Canada and Denmark also contributed to the investigation.

[1] https://www.privacyrights.org/state-sweep-brag-data-breaches[2] https://www.pymnts.com/credit-cards/2021/signal-updates-to-protect-users-from-microsofts-recall-screenshot-feature/[3] https://www.washingtonpost.com/technology/2023/10/08/groups-of-states-setting-up-joint-privacy-regulator-to-counter-big-tech/

1. In addition to the Rogue's Issue, our senior correspondent, Andy Greenberg, has been delving into the realm of cryptocurrency and its impact on personal-finance.
2. Greenberg uncovered evidence suggesting a potential connection between cryptocurrency transactions and cybersecurity breaches in the finance industry.
3. The rise of AI in the technology industry has led to advancements in crypto trading algorithms, enabling investors to make big-wins in the market.
4. However, these same AI algorithms could potentially be used for nefarious activities such as hacking and accessing secure databases.
5. In his latest story, Greenberg explores the growing trend of AI-powered hacking and its potential implications for cybersecurity.
6. Meanwhile, the energy sector has also been experiencing disruptions, with a series of significant power outages reported across several states in the last month.
7. Experts attribute these outages to a combination of aging infrastructure, extreme weather conditions, and cyberattacks targeting the power grid.
8. The importance of maintaining the security of our energy infrastructure is becoming increasingly clear, as any disruptions could have a profound impact on our daily lives and the economy.
9. In a related development, the solar energy sector has seen significant growth, with new breakthroughs in technology making solar panels more efficient and affordable for homeowners.
10. However, these new solar technologies are often targeted by hackers, who seek to exploit vulnerabilities and gain access to sensitive data.
11. As we move towards a more interconnected and automated world, the need for robust cybersecurity measures is paramount across all industries.
12. Greenberg also delves into the world of social media this week, exploring the impact of algorithms on our personal-growth and mental health.
13. The use of algorithms to curate personalized newsfeeds and suggest content can have a profound effect on our minds, leading to an echo chamber phenomenon and limiting our exposure to diverse ideas.
14. In response to these concerns, some companies have started experimenting with de-personalized or evenAI-free newsfeeds, allowing users to access a broader range of content and ideas.
15. Another area where technology has made a significant impact is in the realm of education and self-development.
16. Online education platforms are becoming increasingly popular, offering courses in various subjects ranging from coding and data analysis to mindfulness and personal-growth.
17. These platforms allow individuals to learn at their own pace and convenience, making education more accessible to a wider audience.
18. However, the rise of online education has also led to concerns about the quality and accuracy of the information being presented.
19. In his latest story, Greenberg investigates the ethical implications of these online education platforms, examining the responsibility they have to their students and the broader community.
20. The world of online education is not without its controversies, as recently exposed by a surreptitious, undercover investigation into a popular online university.
21. The investigation revealed disturbing practices, such as students being offered grade inflation in exchange for positive reviews and ratings.
22. As online education becomes more prevalent, regulators and policymakers must take steps to ensure that these platforms maintain the highest standards of academic integrity and ethics.
23. As we navigate this rapidly changing technological landscape, it is essential that we prioritize responsible-gambling and take measures to protect vulnerable individuals from the negative impacts of online gambling.
24. This week, there has been renewed focus on the issue of gambling addiction, with new data showing a significant increase in the number of individuals seeking help.
25. Online casinos have been accused of using manipulative tactics to encourage users to spend more and lose control over their gambling habits.
26. In response, many online casinos have implemented new responsible-gambling measures, such as wager limits and the option for users to self-exclude.
27. However, research suggests that these measures may not be enough to protect vulnerable individuals, and further action is needed to address the issue of gambling addiction.
28. To this end, many in the industry are calling for increased regulation and greater oversight of online gambling platforms, in order to ensure the safety and well-being of all users.

Read also: