Updates

On our radar
#theGIP

last 30 days

12 Oct

Facebook revealed it had discovered a security issue affecting millions of accounts on 25 September. The attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets users see what their own profile looks like to someone else. When composing a birthday wish message with video, as of July 2017 the attacker could exploit 'View as' option of the video uploader to get access to the profile of the user being looked up, including their log-in details. The access token was then available in the HTML of the page and extracted by the attackers who exploited it to log in as another user. Facebook reset the access tokens of the almost 50 million accounts thought to be affected and temporarily disabled the “View As” feature. On 12 October, Facebook announced hackers actually stole access tokens for about 30 million people, 20 million less than previously thought. For 15 million people, attackers accessed name and contact details (phone number, email, or both). For 14 million people, the attackers accessed name and contact details, as well as other details people had on their profiles, including username, gender, religion, birthdate, etc. For 1 million people, the attackers did not access any information.

 

8 Oct

Pat Didomenco asks Is illegal bias lurking in your online job ad? when writing about bias in online employment ads, highlighting the recent American Civil Liberties Union (ACLU) Equal Employment Opportunity Commission complaint against Facebook and 10 employers that post ads on Facebook. The complaint alleges that Facebook used its ad-targeting features to target men, while not showing online ads for police officers, construction workers, truck drivers and sales staff to women. Didomenco also points out discriminatory practices in age discrimination, and how to identify bias.

                                                                       Facebook gender targeted ad

                                                                          Image source: Seattle Times

Google revealed a software glitch of the Google+ social network gave outside developers potential access to private data of 500,000 Google+ profiles between 2015 and March 2018. The exposed data included names, birth dates, gender, profile photos, relationship status, occupation, places lived and email addresses. Google claims it found no evidence that any developer was aware of this bug or that any Profile data was misused. The company patched the bug in March 2018, but did not disclose it. According to the Wall Street Journal, a memo prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and cause reputational damage as at the time when Facebook was already under investigation following Cambridge Analytica. Google announced that low usage and engagement of Google+ as well as the failure to meet consumers’ expectations prompted the decision to shut down of Google+ for consumers. The shutdown will be implemented in the next ten months (slated to finish in August 2018) and users will be instructed how to download and migrate their data. Google also stated its review showed that Google+ is better suited as an enterprise product, and the company decided to focus on its enterprise efforts and will be launching new features purpose-built for businesses.

4 Oct

The National Cyber Security Centre (NCSC) of the United Kingdom has attributed a “campaign of indiscriminate and reckless cyber attacks” to the GRU, the Russian military intelligence service. UK Foreign Secretary Jeremy Hunt stated that the GRU’s actions demonstrate “their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences”. The NCSC associated 12 threat groups with the GRU, among them APT 28, Fancy Bear, Sofacy, Voodoo Bear and CyberCaliphate (previously thought to be affiliated with ISIS). NCSC assessed with “high confidence” that the GRU was “almost certainly responsible” also for the BadRabbit ransomware of 2017, the release of confidential files of international athletes stolen from the World Anti-Doping Agency (WADA) in 2016, and attacks on the servers of the US Democratic National Committee in 2016. The NSCS also claimed the GRU attempted to compromise the UK Foreign and Commonwealth Office (FCO) computer systems via a spearphishing attack and gain access to the UK Defence and Science Technology Laboratory (DSTL) computer systems. At the same time, the UK Prime Minister May and The Netherlands Prime Minister Rutte issued a joint statement attributing the cyber attacks on the Organisation on the Prevention of Chemical Weapons (OPCW) to the GRU. Australia and New Zealand supported NCSC’s findings. The Russian Ambassador in London has denied the claims since. As some specialists point out, the attributions come at time of heated debates at the UN General Assembly around Russian proposals for the future of the UN Group of Governmental Experts and possible international treaties on cybersecurity and cybercrime.

1 Oct

At the first official update to the community, Jovan Kurbalija used a virtual town hall meeting to talk about the role of capacity development in the work of the High-Level Panel on Digital Co-operation. He stressed that all stakeholders need capacity development to deal with digital policy issues and that the process of the Panel as such already increases the capacity due to its efforts for inclusivity. In fact, capacity development has been one of the success criteria as identified by the UN Secretary General. Kurbalija reassured that the Panel work will not just bring general concepts but will try to submit suggestions for very concrete next steps.

After a great success of the Accelerated Mobile Pages (AMP), Google is decided to give away of control how code is behaving in the background. AMP format which Google developed in a open source manner with the contribution of Google employees and all of the community, enables the high speed access of the online content on mobile phones. Accelerated Mobile Pages (AMP) is widely used now, across the thousands of websites.

29 Sep

Microsoft has launched Digital Peace Now initiative, inviting citizens to sign the petition and call upon world leaders to create rules to protect the global digital society. The initiative highlights the weaponization of the shared cyberspace and technology by governments, cautioning that these attacks may be devastating and may spread from the digital to the physical world. It therefore aims to stop cyberwarfare, underlining that there is no peace without digital peace. The initiative follows Microsoft’s call to governments for the Digital Geneva Convention, and its commitments to the principles of the Cybersecurity Tech Accord drafted by tech companies.

25 Sep

The Privacy International, an international NGO, published a press release stating that the UK’s intelligence agency, MI5, has admitted unlawfully collecting and examining private data from the Privacy International or their staff members through two of their surveillance programmes, Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD). Privacy International’s executive director, Gus Hosein, sent a letter to the Home Secretary and Investigatory Powers Tribunal (IPT), expressing concern and requesting urgent action over the documents revealed during the course of Privacy International’s challenge to the BPD and BCD powers, which show that Privacy International was part of MI5's investigations because its data was part of the UK intelligence agencies vast databases. The case is currently pending before the IPT. In the letter, the NGO also asks about the changes to be made in the Investigatory Powers Act, the so-called Snoopers’ Charter, provisions as a result of the recent ECHR judgment.

21 Sep

During the press briefing, European Commissioner for Competition, Margrethe Vestager, announced that a preliminary antitrust investigation over Amazon has been opened in order to gather information about ways the company uses data. More specifically, it aims to examine how the company uses data that it gathers through transactions and from sellers on their marketplace, as well as to see if that data potentially gives Amazon a competitive advantage over merchants by having an insight into consumer behaviour. Questionnaires have been sent to merchants in order to ‘get the full picture’, however Vestager underlined: ‘We are at very early days, there are no conclusions yet, and the case has not been formally open yet.’ The media reports that the Amazon refused to comment.

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top