by crissly | Mar 30, 2023 | Uncategorized
The literally unprecedented indictment against Donald Trump marks an outright dangerous—and politically fraught—moment for the United States and serves as a reminder of the unparalleled level of criminality and conspiracy that surrounded the 2016 election.
It’s easy to look back at the 2016 election as though its outcome was inevitable—that Hillary Clinton was too weak of a candidate, one whose years of high-priced speeches had made her lose touch with the working-class voters of Wisconsin and Pennsylvania; that “but her emails” and Jim Comey’s repeated, inappropriate, and misguided meddling in the election turned the tide. But the new indictment of Trump is an important historical corrective, a moment that makes clear how the US, as a country, must reckon with the fact that Trump’s surprise victory was aided by not one but two separate criminal conspiracies.
In the 2016 race’s final push, in an election that came down to incredibly narrow victories in just three states—10,704 voters in Michigan, 46,765 in Pennsylvania, and 22,177 in Wisconsin—and where Trump lost the overall popular vote by some 3 million votes, he was helped along by a massive and wide-ranging official Russian government operation. That effort was funded in part by oligarch Yevgeny Prigozhin, who is now behind the brutal combat of his Wagner Group mercenary army in Ukraine, which targeted US social media companies and activists on the ground. According to the US Department of Justice’s exhaustive report, in the second arm of the Russian operation, the military intelligence service GRU hacked top Democratic officials, leaked their emails, and shifted the national narrative around Clinton and other Democrats. (Not to mention that this gave rise to the Pizzagate conspiracy theory and, arguably, QAnon.)
Then there was the separate criminal conspiracy that was the subject of today’s new indictment in New York: the plot in the final weeks of the 2016 election by Trump’s campaign, Trump family fixer Michael Cohen, and the National Enquirer to pay hush money to bury stories of two of the candidate’s affairs, including infamously one with porn star Stormy Daniels.
While it may seem like news of such an affair would have ended up being a nothingburger amid the campaign’s final weeks, it’s worth remembering the specific context that Cohen and the Trump orbit faced in those finals hours of the campaign. They were performing a fraught and knife’s-edge balancing act to hold onto support from conservatives and evangelicals in the wake of the devastating Access Hollywood tape, a moment where vice presidential nominee Mike Pence seriously considered throwing in the towel himself. The follow-on of more non-family-values-friendly stories might well have begun an unrecoverable spiral. (It’s also worth remembering the still-suspicious interplay of these two threads: how, on a single Friday in October 2016, US intelligence leaders announced publicly for the first time that Russia was behind the election meddling, the Washington Post scooped the existence of the lewd Access Hollywood tape, and then, hours later, Wikileaks began dumping a fresh set of stolen emails from Clinton campaign chair John Podesta.)
The new criminal case related to that second Stormy Daniels conspiracy, brought by Manhattan district attorney Alvin Bragg, also is a reminder of the historic mistake by the US Justice Department to not pursue its own charges against Trump in the same matter. This was a mind-boggling abdication of responsibility given that the Justice Department—in the midst of Donald Trump’s own presidency, no less!—prosecuted Cohen for the same conspiracy, naming Trump in the charges against Cohen as “Individual 1” and, according to a new book by Elie Honig, outlined in a draft indictment Trump’s personal direction and involvement in the case.
by crissly | Mar 11, 2023 | Uncategorized
In a statement released a day before the investigation’s release, Jayd Henricks, the group’s president, said, “It isn’t about straight or gay priests and seminarians. It’s about behavior that harms everyone involved, at some level and in some way, and is a witness against the ministry of the church.”
No national US data privacy laws prohibit the sale of this kind of data.
On Wednesday, the District of Columbia’s health insurance exchange confirmed that it was working with law enforcement to investigate an alleged leak after a database containing personal information of about 170,000 individuals was offered for sale on a hacker forum popular with cybercriminals. The reported breach in DC Health Link, as the exchange is known, could expose sensitive personal data of lawmakers, their employees, and their families. Thousands of the exchange’s participants work in the US House and Senate, and a sample of the stolen data set reviewed by CyberScoop indicates that the victims of the breach also range from lobbyists to coffee shop employees.
According to a letter to the head of the DC Health Benefit Exchange Authority from House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries, the FBI has apparently purchased some of the stolen data from the dark web. While the FBI had not yet determined the extent of the breach, according to the letter, “the size and scope of impacted House customers could be extraordinary.”
A report by Politico published March 7 details how Ring, Amazon’s home-surveillance company, handed law enforcement videos captured by an Ohio man’s 20 Ring cameras against his will. In December, the Hamilton Police Department sought a warrant for camera footage—including from inside the man’s house—while investigating his neighbor. According to the report, after he willingly providing video to the police that showed the street outside his home, police used the courts to access more footage against his will.
While law enforcement often seeks warrants for digital data, those warrants typically pertain to the subject of a particular investigation. However, as networked home surveillance cameras have become increasingly popular, sometimes blanketing city blocks, law enforcement is increasingly turning to individuals who are completely unaffiliated with a case to provide data. According to Politico, the lack of legal controls on what police can ask for opens the door for a bystander’s indoor home footage to be lawfully acquired by police.
Following Politico’s story, Gizmodo reported that a customer service agent for Ring told a concerned customer that the Politico story was a “hoax” perpetrated by a competitor. In response, an Amazon spokesperson told Gizmodo that the company does not in fact think the story was a hoax and the statement was the result of a misunderstanding on the part of the customer support agent. “We will ensure the agent receives the appropriate coaching,” the spokesperson said.
A former roommate of noted fabulist George Santos told federal authorities that the US congressman from Long Island, New York, had orchestrated a credit card skimming operation in Seattle in 2017. In a declaration submitted to authorities and obtained by Politico, the Brazilian man—convicted of credit card fraud and deported from the US—told the FBI, “Santos taught me how to skim card information and how to clone cards. He gave me all the materials and taught me how to put skimming devices and cameras on ATM machines.”
According to the declaration, Gustavo Ribeiro Trelha met Santos in 2016 when he rented a room from him in his Florida apartment. There Santos reportedly taught Trelha how to use credit card cloning equipment and eventually flew him to Seattle to begin stealing financial information. “My deal with Santos was 50 percent for him, 50 percent for me,” Trelha wrote.
by crissly | Mar 8, 2023 | Uncategorized
The United States Federal Bureau of Investigation has acknowledged for the first time that it purchased US location data rather than obtaining a warrant. While the practice of buying people’s location data has grown increasingly common since the US Supreme Court reined in the government’s ability to warrantlessly track Americans’ phones nearly five years ago, the FBI had not previously revealed ever making such purchases.
The disclosure came today during a US Senate hearing on global threats attended by five of the nation’s intelligence chiefs. Senator Ron Wyden, an Oregon Democrat, put the question of the bureau’s use of commercial data to its director, Christopher Wray: “Does the FBI purchase US phone-geolocation information?” Wray said his agency was not currently doing so, but he acknowledged that it had in the past. He also limited his response to data companies gathered specifically for advertising purposes.
“To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising,” Wray said. “I understand that we previously–as in the past–purchased some such information for a specific national security pilot project. But that’s not been active for some time.” He added that the bureau now relies on a “court-authorized process” to obtain location data from companies.
It’s not immediately clear whether Wray was referring to a warrant—that is, an order signed by a judge reasonably convinced a crime has occurred—or another legal device. Nor did Wray indicate what motivated the FBI to end the practice.
In its landmark Carpenter v. United States decision, the Supreme Court held that government agencies accessing historical location data without a warrant were violating the Fourth Amendment’s guarantee against unreasonable searches. But the ruling was narrowly construed. Privacy advocates say the decision left open a glaring “loophole” that allows the government to simply purchase whatever it cannot otherwise legally obtain. US Customs and Border Protection (CBP) and the Defense Intelligence Agency are among the list of federal agencies known to have taken advantage of this loophole.
The Department of Homeland Security, for one, is reported to have purchased the geolocations of millions of Americans from private marketing firms. In that instance, the data were derived from a range of deceivingly benign sources, such as mobile games and weather apps. Beyond the federal government, state and local authorities have been known to acquire software that feeds off cellphone-tracking data.
Asked during the Senate hearing whether the FBI would pick up the practice of purchasing location data again, Wray replied: “We have no plans to change that, at the current time.”
Sean Vitka, a policy attorney at Demand Progress, a nonprofit focused on national security and privacy reform, says the FBI needs to be more forthcoming about the purchases, calling Wray’s admission “horrifying” in its implications. “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” he says, adding that Congress should also move to ban the practice entirely.
by crissly | Feb 23, 2023 | Uncategorized
It’s basically impossible to keep track of what all your mobile apps are doing and what data they share with whom and when. So over the past couple of years, Apple and Google have both added mechanisms to their app stores meant to act as a sort of privacy nutrition label, giving users some insight into how apps behave and what information they may share. These transparency tools, though, are populated with self-reported information from app developers themselves. And a new study focused on the Data Safety information in Google Play indicates that the details developers are providing are often inaccurate.
Researchers from the nonprofit software group Mozilla looked at the Data Safety information of Google Play’s top 40 most-downloaded apps and rated these privacy disclosures as “poor,” “needs improvement,” or “OK.” The assessments were based on the degree to which the Data Safety information did or did not align with the information in each app’s privacy policy. Sixteen of the 40 apps, including Facebook and Minecraft, received the lowest grade for their Data Safety disclosures. Fifteen apps received the middle grade. These included the Meta-owned apps Instagram and WhatsApp, but also the Google-owned YouTube, Google Maps, and Gmail. Six of the apps were awarded the highest grade, including Google Play Games and Candy Crush Saga.
“When you land on Twitter’s app page or TikTok’s app page and click on Data Safety, the first thing you see is these companies declaring that they don’t share data with third parties. That’s ridiculous—you immediately know something is off,” says Jen Caltrider, Mozilla’s project lead. “As a privacy researcher, I could tell this information was not going to help people make informed decisions. What’s more, a regular person reading it would most certainly walk away with a false sense of security.”
Google mandates that all app developers submitting to Google Play complete the Data Safety form. The rationale is that the developers are the ones who have the information on how their product handles data and interacts with other parties, not the app store that facilitates distribution.
“If we find that a developer has provided inaccurate information in their Data Safety form and is in violation of the policy, we will require the developer to correct the issue to comply. Apps that aren’t compliant are subject to enforcement actions,” Google told the Mozilla researchers. The company did not address questions from WIRED about the nature of these enforcement actions or how often they have been taken.
Google refutes the researchers’ methodology, though. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data Safety labels, which inform users about the data that a specific app collects,” the company says in a statement. “The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information.”
In other words, Google is saying that the Mozilla researchers misunderstood the scope of the privacy policies they were looking at or even consulted the wrong policies entirely. But the researchers say the privacy policies they used in their analysis are the exact policies each app developer links to on Google Play, indicating that they apply to the apps in question.
by crissly | Feb 18, 2023 | Uncategorized
Twitter announced yesterday that as of March 20, it will only allow its users to secure their accounts with SMS-based two-factor authentication if they pay for a Twitter Blue subscription. Two-factor authentication, or 2FA, requires users to log in with a username and password and then an additional “factor” like a numeric code. Security experts have long advised that people use a generator app to get these codes. But receiving them in SMS text messages is a popular alternative, so removing that option for unpaid users has left security experts scratching their heads.
Twitter’s two-factor move is the latest in a series of controversial policy changes since Elon Musk acquired the company last year. The paid service Twitter Blue—the only way to get a blue verified checkmark on Twitter accounts now—costs $11 per month on Android and iOS and less for a desktop-only subscription. Users being booted off of SMS-based two-factor authentication will have the option to switch to an authenticator app or a physical security key.
“While historically a popular form of 2FA, unfortunately, we have seen phone-number based 2FA be used—and abused—by bad actors,” Twitter wrote in a blog post published yesterday evening. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
In a July 2022 report about account security, Twitter said that only 2.6 percent of its active users have any type of two-factor authentication enabled. Of those users, nearly 75 percent were using the SMS version. Almost 29 percent were using authenticator apps and less than 1 percent had added a physical authentication key.
SMS-based two-factor authentication is insecure because attackers can hijack targets’ phone numbers or use other techniques to intercept the texts. But security experts have long emphasized that using SMS two-factor is significantly better than not having a second authentication factor enabled at all.
Increasingly, tech giants like Apple and Google have eliminated the option for SMS two-factor and transitioned users (typically over many months or years) to other forms of authentication. Researchers worry that Twitter’s policy change will confuse users by giving them so little time to complete the transition and making SMS two-factor seem like a premium feature.
“The Twitter blog is right to point out that two-factor authentication that uses text messages is frequently abused by bad actors. I agree that it is less secure than other 2FA methods,” says Lorrie Cranor, director of Carnegie Mellon’s usable privacy and security lab. “But if their motivation is security, wouldn’t they want to keep paid accounts secure too? It doesn’t make sense to allow the less secure method for paid accounts only.”
While the company says its changes to two-factor will roll out in mid-March, Twitter users with SMS two-factor turned on started encountering a pop-up overlay screen yesterday that advised them to remove two-factor entirely or switch to “the authentication app or security key methods.”
It is unclear what will happen if users do not disable SMS two-factor by the new deadline. The in-app message to users implies that people who still have SMS two-factor turned on when the change officially happens on March 20 will be locked out of their accounts. “To avoid losing access to Twitter, remove text message two-factor authentication by March 19, 2023,” the notification says. But Twitter’s blog post says that two-factor will simply be disabled on March 20 if users don’t adjust it before then. “After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method,” the company wrote. “At that time, accounts with text message 2FA still enabled will have it disabled.”
Page 1 of 2512345...1020...»Last »
