Cyber Week in Review: August 16, 2019
Audio Snippets Subject to Human Review: Big tech companies are being scrutinized for collecting audio snippets from consumer devices and subjecting them to human review. Contractors employed with monitoring or reviewing these audio snippets, which the companies say are only seconds long, admitted they regularly hear confidential information such as medical and financial details. Ireland’s Data Protection Commission (DPC), which leads the EU’s privacy enforcement, is seeking information on how Facebook believes that such processing of audio data from its Messenger service is compliant with the GDPR. Amazon, Apple, and Microsoft also hire contractors to monitor and occasionally transcribe audio snippets for their home assistant products in an effort to improve user experience and quality of service.
Huawei Employees Helped African Governments’ Spying: An investigation by the Wall Street Journal revealed that Huawei technicians have helped the governments of Uganda and Zambia spy on political opponents. While it was known that Huawei has sold surveillance and censorship tools to African governments, this is the first reporting of Huawei employees using cell data to track political opponents’ locations and intercept encrypted communications and social media. The investigation did not uncover any evidence of spying by or on the behalf of Beijing, but still highlights the United States’ accusation that Huawei is a potential tool for the Chinese government to spy abroad.
Major Cyber Vulnerabilities Revealed in U.S. Fighter Jets: Hackers vetted by the Air Force found a “motherlode” of critical weaknesses that could be exploited to shut down vital flight systems in the F-15. The hackers accessed the Trusted Aircraft Download Station system through known vulnerabilities which the Air Force failed to fix. While the U.S. military has historically kept white-hat hackers away from sensitive technology, the Air Force hopes to use hackers to identify and patch vulnerabilities before foreign hackers discover and exploit them. Dr. Will Roper, the Air Force’s top acquisition official, plans to have hackers test other systems in the future.
China’s Central Bank Close to Releasing Digital Currency: The People’s Bank of China (PBOC) appears closer to releasing its own digital currency. The central bank has been working on the currency for the past five years, but has ramped up development since the announcement of Facebook’s proposed Libra currency, which Beijing seesas a potential threat to its own e-payment systems and the stability of national currencies. Based on patents filed by the Digital Currency Research Lab of the PBOC, people will most likely convert cash into digital currency kept in digital wallets managed by the PBOC, granting government access to payment records. The digital currency is supposed to replace circulated cash and should not impact monetary policy.
New Ransomware Used to Attack Companies: Attacks using a new type of ransomware, dubbed Sodinokibi, have led to a surge in claims on cyber insurance. Cybersecurity firm CyberReason attributed the ransomware to the suspected Russian authors of GandCrab ransomware, which is responsible for nearly 40 percent of all ransomware attacks and was sunsetted shortly after the release of Sodinokibi. The hackers sent out emails, purportedly from Germany’s national cybersecurity authority, which contained the Sodinokibi ransomware disguised as downloadable email attachments.