Dark web market shuts down after DDoS
On November 23rd, the operators of the Cannazon dark web market announced their intent to shutdown operations, with the site going fully offline on November 29th. Cannazon was one of the largest dark web markets known for marijuana products. This comes after the site was hit with a massive DDoS attack at the start of November. The operators said they attempted to reduce the number of orders and take the site partially offline to mitigate the attack. The operators apologized for the lack of transparency, but said the sudden shutdown notice was an attempt to prevent exit scams.
Clearview facing fines in the UK
The UK’s Information Commissioner’s Office (ICO) issued a provisional notice to stop further processing of UK citizen data by Clearview AI, as well as delete any such data it’s already processed. The ICO described Clearview’s actions as “alleged serious breaches” of the country’s national data protection law. This comes as part of a joint investigation into Clearview with the Australian Information Commissioner, which similarly ordered citizen data be deleted earlier this month. The ICO said in the provisional notice its intent to fine Clearview over £17 million for suspected breaches, including failure to process information fairly, onerous processes in place for people objecting to processing their data, and not having a system in place to prevent data being held indefinitely.
New Chinese surveillance system will target journalists and students
According to documents seen by Reuters, the Chinese province of Henan detailed plans to build a system of 3,000 facial recognition cameras that will connect to various national and regional databases to track movements of persons of interest in the region. The documents specifically name journalists as surveillance targets, providing a way for public security officials to locate them and potentially obstruct their work. International students and illegal residents from other countries were also named as targets for the system. The system is being built out by the Chinese tech company Neusoft, and operated by 2,000 officials and policemen.
(Reuters)
Intel builds warehouse for legacy tech security testing
In the second half of 2019, Intel created the Long-Term Retention Lab and warehouse in Costa Rica to provide access to its legacy hardware and software, going back at least a decade. Intel began planning the warehouse in mid-2018, currently storing 3000 pieces of hardware and software, with plans to double that by next year. It wasn’t easy to put this collection together, with Intel managers saying they had to resort to eBay to acquire some equipment. Intel engineers can request specific configurations, which are assembled and made accessible through cloud services. The lab currently gets about 1000 requests a month to build equipment for security tests.
(WSJ)
Thanks to our episode sponsor, Votiro
Waiting on quantum encryption cracking
A new report from Booz Allen Hamilton looks at the impacts that quantum computing could have on traditionally strong encryption. The report outlines the threat of “state-aligned cyber threat actors”, specifically China, stealing encrypted pharmaceutical, chemical and material science research with an eye to waiting on quantum decryption. The report asserts that quantum-assisted decryption would arrive faster than encryption solutions, providing a window for threat actors to use it. This would mainly apply to encrypted data with “intelligence longevity” like biometric markets, intelligence officers and source identities, social security numbers, and weapons’ designs. While threat actors may be collecting this data now, it’s not believed quantum computing will advance to the point to practically break the latest encryption methods until at least 2030.
Australian draft law looks to curb online trolling
According to new laws drafted by the Australian federal government, social media companies could be forced to reveal real identities of anonymous users in an effort to tackle trolling. This would require social platforms to collect these details from all users, and hand them over to aid in defamation cases. The law would also make the platforms liable for content published by users. Platforms would have a complaint process set up, where a user could submit allegedly defamatory content, which would them ask the posting user to remove it. If they do not take down the content, the company would ask for consent to release their identity, which could be compelled with a court order. The law is expected to be introduced to parliament early next year.
(ABC AU)
Russia to keep throttling Twitter
The Russian communications regulator Roskomnadzor said it will continue to throttle mobile access speeds for Twitter until the platform removes all content deemed illegal, claiming Twitter still hosts 761 illegal posts. The regulator began slowing down Twitter traffic in March, saying Twitter ignored calls to remove banned material since 2014, although it said it has taken down over 90% of illegal posts. We’ll have to see if new Twitter CEO Parag Agrawal can ever resolve this impasse.
(Reuters)
Panasonic confirms data breach
The Japanese tech company confirmed that it detected its network was accessed by an illegal third party on November 11th, with the attacker able to access “some data on a file server.” This breach began on June 22nd and ended November 3rd, so the attacker had flown the coop before being found out. No details about what was accessed, with Panasonic saying its investigating, working with third-parties, and will notify customers who have been impacted. This is the second notable cyber incident against the company in recent memory, with Panasonic India hit with a ransomware attack last year.