TechSec’s Bi-Weekly Tech News Digest: May 20, 2022
By Daniel Haltmeier
Welcome to the sixth bi-weekly Tech News Digest, provided by the GISA Technology and Security Initiative (TechSec). Our goal here is to give you an easy-to-read update of what has been happening lately in the world of technology and security. To do so, we pick the top news stories from the last two weeks and present a short summary. Should you be interested in knowing more, just follow the links below the respective paragraphs.
US courts go after cryptocurrencies
In our very first tech news digest we already mentioned the difficulty of enforcing sanctions on cryptocurrency platforms and as it seems, the US has now recognized the same problem (and although we would like to believe so, it’s probably not because of our amazing tech news digests). A US federal court has unsealed an opinion stating explicitly that cryptocurrencies can’t be used to evade sanctions.
A not further named cryptocurrency platform has apparently been indicted by the US for allowing users to avoid sanctions. What’s worse, according to court records the platform even advertised its services in sanction evasion. The court memorandum on cryptocurrencies and sanctions has most likely been unsealed now because somebody involved in these illegal crypto exchanges has been arrested.
While the decision certainly has the effect of enforcing the law in that specific case, it also has a signaling effect to other crypto platforms that they are liable if they allow users to sidestep sanctions. This is contrary to what has been popularly argued for a long time now; namely that cryptocurrencies are the ‘wild west’ and that laws, especially sanctions, only apply to them in a limited manner. What was known for a long time as a financial safe haven for criminals is now slowly coming under scrutiny from states. The era of anonymity in cryptocurrencies is coming to an end; at least if everything goes to the US prosecutors’ plan.
“How to overthrow a government”: Ransomware edition
This story could come straight out of Hollywood. The (allegedly Russian) cybercrime group called ‘Conti Gang’ has conducted a ransomware attack against the Costa Rican government in an attempt to overthrow that government. The cybercriminals encrypted crucial government data and will only decrypt the data if the Costa Rican governments pay a ransom. However, the gang argues that their main intention is not to make money. In their message they call for the Costa Rican population to take to the streets and take matters into their own hands as government services are severely limited as a result of the attack. It’s a suboptimal start for the new president of Costa Rica, Rodrigo Chaves, who has only been in office for a week now.
Given the urgency of the situation, president Chaves has declared that his country is ‘at war’ with the Conti gang. According to him, the foreign cybercriminals had support from within the government and he therefore sees this whole situation as a fight against both domestic and foreign terrorists.
Experts are not taking Conti’s call for a government overthrow too seriously. They see the danger and real intention in more potential disruption that could be caused by the cybercriminals. Because of this threat, the government of Costa Rica has now declared a state of emergency. As a reaction, the Conti gang raised its demand to $20 million if the government wants to regain access to its systems.
Data brokers sell information on who uses period apps or visits planned parenthood
Guess how much it would cost somebody to find out where people visiting planned parenthood clinics in the US came from… The answer: About as much as some good noise-canceling earphones (which would mean around $160). Data brokers are selling this data without any shame, but this story broke over two weeks ago. So why are we still mentioning this? Because the story has gotten worse. Data brokers now also sell the information of those who use period tracking apps.
The data marketplace ‘Narrative’ has an interesting business model; it lets anyone sign up and purchase information on who uses particular apps. This includes information on devices that downloaded period tracking apps, which can then be linked to the respective owners. Narrative allows you to buy this information with just a few clicks. To be clear, the data on sale does not include menstrual cycles of the users, but just who uses those apps. Knowing who uses those apps could however be the first step in getting access to the data on exact menstrual cycles, either through gaining unauthorized access to the devices using such apps or buying that information from other brokers if available. Do you want to know how much that initial information of knowing who uses which type of period app would cost you? About as much as a Disney Princess Castle (so around $100).
Surveillance cameras are now driving through San Francisco’s streets
What’s better than a surveillance camera? Somebody in San Francisco must have asked him- or herself that question and came up with a simple answer: a surveillance camera with wheels. If you’re following us on social media or joined our WhatsApp chat you already know this story. So this San Francisco police officer who came up with that great idea of having rolling cameras, let’s call him Mitch, had an even better idea: Why invent new surveillance cameras on wheels if you can simply use driverless cars?
The story of Mitch admittedly sounds a tiny bit ridiculous but is actually already practiced at the San Francisco police department (SFPD). An internal training document praises the advantages of using driverless cars, which are full of cameras and sensors, to help with investigative leads. They can drive around the city and film their surroundings all day long, without the need for a coffee or donut break. The investigative department of SFPD has already used these rolling helpers several times. Hence, if you are in San Francisco and see a driverless car, don’t stare at it in awe and wonder at modern technology; hide your face and run for your life because the car is watching you!
Read more about this on VICE.
If you would like to hear more tech news, participate in events related to technology and security or learn practical technology skills, consider following us on Instagram, LinkedIn or join our Initiative as a member!