from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: April 9, 2021

Data leak exposes 533 million Facebook users; Belgian authorities decrypt half a billion messages on Sky ECC, confiscate twenty-seven tons of cocaine; Automobile manufacturers call upon U.S. government amid chip shortage; Chinese supercomputing companies added to U.S. blacklist; and Vietnam considers legislation to regulate tech firms.
People are silhouetted as they pose with laptops in front of a screen projected with a Facebook logo.
People are silhouetted as they pose with laptops in front of a screen projected with a Facebook logo. REUTERS/Dado Ruvic/File Photo

Data Leak Exposes 533 million Facebook Users

The personal information of 533 million Facebook users from 106 countries was scraped and published for free on an online hacking forum on Saturday. The leak, which impacted over 32.3 million users in the United States, 11.5 million in the United Kingdom, and 6.1 million in India, included phone numbers, full names, birth dates, email addresses, locations, biographical data, and other sensitive information. On Wednesday, Facebook stated that the vulnerability which led to the leak was patched in 2019 and that the company does not plan on notifying any of its impacted users. Despite the age of the leak, experts warn that cybercriminals can still exploit the information. “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts,” Alon Gal of cybercrime intelligence firm Hudson Rock told Business Insider. Days after the Facebook leak was revealed, news surfaced that the data of 500 million LinkedIn users was also scraped. According to CyberNews, this information is being auctioned off on a popular hacker forum.

Belgian Authorities Decrypt Half a Billion Messages on Sky ECC, Confiscate Twenty-Seven Tons of Cocaine

After reportedly decrypting half a billion messages sent via encrypted messaging service Sky ECC, Belgian and Dutch authorities announced on Monday that they had arrested forty-eight people in Belgium, seventy-three people in the Netherlands, and seized 27.64 tons of cocaine worth $1.67 billion in Antwerp over the past two months. According to Motherboard, Sky ECC, which was shut down last March by its service provider, claims that its encryption was not broken but rather counterfeit versions of its app were disseminated through “unauthorized channels” by police in order to phish users. No matter the method used to intercept data, the authorities warned that the seizure “may not immediately end drug trafficking in Antwerp” because “other means of communication will emerge that criminals will use.”

Automobile Manufacturers Call Upon U.S. Government Amid Chip Shortage

More on:

Cybersecurity

Privacy

Vietnam

Technology and Innovation

On Monday, a coalition of automobile companies with factories in the United States urged the U.S. government to expand semiconductor manufacturing for the auto sector, warning that the global chip shortage could stifle production for another six months and result in 1.28 million fewer vehicles built this year. The Alliance for Auto Innovation, which represents General Motors, Ford, Volkswagen, and other major car manufacturers in the United States, argued that some funding in an upcoming bill aimed at boosting American competitiveness against China should “be used to build new capacity that will support the auto industry and mitigate the risks to the automotive supply chain evidenced by the current chip shortage.” They also advocated for a “particular percentage” to be “allocated for facilities that will support the production of auto grade chips in some manner.” General Motors, Ford, and Kia are cutting production at North American locations because of the current chip shortage.

Chinese Supercomputing Companies Added to U.S. Blacklist

The U.S. Department of Commerce’s Bureau of Industry and Security announced on Thursday that it will add seven Chinese supercomputing organizations to its Entity List, requiring them to apply for licenses to purchase items from U.S. suppliers in the future. According to the department, the seven entities, which include Tianjin Phytium Information Technology and the National Supercomputing Center in Shenzhen, are being added to its blacklist due to their involvement in “building supercomputers used by China’s military actors, [China’s] destabilizing military modernization efforts, and/or weapons of mass destruction.” “Supercomputing capabilities are vital for the development of many — perhaps almost all — modern nuclear weapons and hypersonic weapons,” Commerce Secretary Gina Raimondo added. Although the blacklisting will take effect immediately, goods currently en route will not be affected.

Vietnam Considers Legislation to Regulate Tech Firms

On Tuesday, Nikkei reported that Vietnamese lawmakers are considering two regulatory measures that would increase the government’s purview over global technology firms. The first measure would grant authorities access to e-commerce firms’ internal data on third-party merchants in order to investigate online counterfeit goods while the second would require domestic banks to withhold taxes on payments to foreign e-commerce and digital services by clients. To avoid having their revenue reduced by this process, foreign companies will be able to register with the Vietnamese government through a web portal that will be released later this year. Tech firms have raised privacy concerns about the anti-counterfeiting proposal and voiced reservations about the new taxation measures. “Certain provisions in the draft [tax] are concerning and overly complex,” Jeff Paine, managing director of the Asia Internet Coalition, said. “[It] will likely result in onerous and unnecessary burdens throughout the value chain, including on Vietnamese customers.”

More on:

Cybersecurity

Privacy

Vietnam

Technology and Innovation