Category Archives: Anti-social media

23rd October 2018 resources update

Updates to Anti-Social Media 

New York Times: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections – “WASHINGTON — The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation.”


The Facebook Newsroom: The Hunt for False News – fairly undramatic examples of fake news stories discovered, but somewhat interesting for the insight it gives into what approaches FB is taking towards finding such stories.


Graham Cluley: If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook? – “…if Facebook did actually acquire a company brimming with security boffins, there’s a good chance that a fair proportion of them would be very privacy-minded. And it’s quite possible that a good number of them would rather pull their toenails out with pliers than find that their new boss is Mark Zuckerberg.”


The Next Web: Firefox 63 will prevent cookies tracking you across sites TNW seems quite enthusiastic, saying “This is a welcome feature from Mozilla, which is increasingly concerned about the state of privacy and surveillance on the Internet.” I have to wonder, though, if it has considered modifying its own cookie policy.

TNW’s cookie statement says: “You give your consent for cookies to be placed and read out on our Platform by clicking “agree” on the cookie notice or by continuing to use the Platform. For more information about the use of the information collected through cookies see our Privacy Statement.

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Graham Cluley: Watch how a Tesla Model S was stolen with just a tablet – “Watching Kennedy’s video of the theft, it appears that the two criminals used a “relay attack”, where a signal from a nearby key fob (in this case, out of range of the car inside Kennedy’s darkened house) is boosted to a location close to the car.”


The Register: Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking. Further to this article from Zimperium, which I flagged on 22nd October: FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise: From Smart Homes to Critical Infrastructure Systems

David Harley

Advertisements

22nd October AVIEN updates

Updates to Anti-Social Media 

Wired: How a suspicious Facebook page is pushing pro-Brexit ads to millions – “The UK’s fake news inquiry says the website Mainstream has spent around £257,000 on pushing a pro-Brexit advertising campaign on Facebook in the last 10 months. The problem? Nobody knows who runs the page or where the money comes from”

And I somehow didn’t get round to posting this nearly a year ago, but it’s still worth reading. The Verge: Former Facebook exec says social media is ripping apart society – ‘No civil discourse, no cooperation; misinformation, mistruth….He went on to describe an incident in India where hoax messages about kidnappings shared on WhatsApp led to the lynching of seven innocent people.’

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Pierluigi Paganini: Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities.

Refers to this blog by Zimperium: FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise: From Smart Homes to Critical Infrastructure Systems

Updates to Tech support scams resource page

Lawrence Abrams for Bleeping Computer: McAfee Tech Support Scam Harvesting Credit Card Information. A scam that has its cake and attempts to eat it. Several times.

“Essentially, these scammers are not only earning commissions on affiliate sales, but also stealing your credit card and personal information. This information can then be used to charge other purchases or perform identity theft using your credentials.”

David Harley

Anti-social media part umpteen

BBC: Children ‘blackmailed’ for sexual images in online video chats. “A surge in the use of video chats and live-streaming among children is leaving them vulnerable to abuse, the NSPCC has warned, calling for a social network regulator to be introduced.”


Graham Cluley: Facebook Portal isn’t designed to be as private as you might hope – Graham says “I doubt I’m alone in the world in thinking that allowing Facebook, of all companies, into your home with a microphone and a video camera is a pretty terrible idea.” Indeed he isn’t… And this story is not reassuring, with FB’s weaselly partial backtracking on the assertion that it would not collect data for targeted advertising.


I’m not the biggest fan of SANS and its newsletters. (That would be SANS…) But the Top Of The News section in its October 19th 2018 Newsbites newsletter includes a number of links relevant to election interference and social media that you might find worth reading.

David Harley

Updates to Anti-Social Media October 17th 2018

Sophos: Donald Daters app for pro-Trump singles exposes users’ data at launch – “Donald Daters, a new dating app that promises to “make dating great again” has instead leaked its users’ data.”

The Mercury News: Facebook lured advertisers by inflating ad-watch times up to 900 percent: lawsuit – “A group of small advertisers … alleged in the filing that Facebook “induced” advertisers to buy video ads on its platform because advertisers believed Facebook users were watching video ads for longer than they actually were.”

David Harley

12th October resource updates

Updates to Anti-Social Media 

Sophos: Instagram tests sharing your location history with Facebook – “For those Facebook users who still cling to the notion that they can limit Facebook’s tracking of our lives like it’s an electronic bloodhound, you should be aware that its Instagram app has been prototyping a new privacy setting that would enable location history sharing with its parent company.”

The Register: Facebook mass hack last month was so totally overblown – only 30 million people affected – “Good news: 20m feared pwned are safe. Bad news: That’s still 30m profiles snooped…”

Me, for ESET: Facebook cloning revisited

Updates to Cryptocurrency/Crypto-mining News and Resources

Brad Duncan for Palo Alto Unit 42: Fake Flash Updaters Push Cryptocurrency Miners – “…As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

The Register: If you haven’t already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

Updates to Chain Mail Check

Facebook cloning revisited

Updates to Mac Virus

Chinese iPhone users – Apple IDs compromised

David Harley

Anti-social media update

Thomas Claburn for The Register: Facebook sued for exposing content moderators to Facebook – “Endless series of beheadings and horrible images take mental toll, US lawsuit claims”


Silicon: WhatsApp Founder Admits Selling Out Privacy To Facebook – “Co-founder of WhatsApp Brian Acton admits selling out the privacy of WhatsApp users to Facebook”


Sophos: Facebook scolds police for using fake accounts to snoop on citizens

‘In a letter to MPD Director Michael Rallings, Facebook’s Andrea Kirkpatrick, director and associate general counsel for security, scolded the police for creating multiple fake Facebook accounts and impersonating legitimate Facebook users as part of its investigations into “alleged criminal conduct unrelated to Facebook.”’


Graham Cluley for BitDefender: Zuckerberg’s Facebook page? I’ll livestream its deletion, says hacker


New York Times: Facebook Network is Breached, Putting 50 Million Users’ Data at Risk

The Register: Facebook confesses crappy code has exposed up to 90 million users to hackers

David Harley

Anti-Social Media updates

Updates to Anti-Social Media 

Lisa Vaas for Sophos: Years on, third party apps still exposing Grindr users’ locations – “Grindr, the premium gay dating app, is exposing the precise location of its more than 3.6 million active users, in addition to their body types, sexual preferences, relationship status, and HIV status…

…Still.”


Nathan Gleicher for Facebook: Expanding Security Tools to Protect Political Campaigns – “Over the past year, we have invested in new technology and more people to stay ahead of bad actors who are determined to use Facebook to disrupt elections. Today we’re introducing additional tools to further secure candidates and campaign staff who may be particularly vulnerable to targeting by hackers and foreign adversaries. This pilot program is an addition to our existing security tools and procedures, and we will apply what we learn to other elections in the US and around the world.”

Commentary by Danny Bradbury for Sophos: How Facebook wants to protect political campaigners from hacking – “Facebook is making the extra protections available to a select class of political operatives, namely candidates for federal or statewide office, and staff members and representatives from federal and state political party committees.”


Also by Lisa Vaas for Sophos: Facebook faces sanctions if it drags its feet on data transparency – Vera Jourova, the European Commissioner for justice, consumers and gender equality, is evidently not in the least impressed.

David Harley

Facebook takedown of influence operations

I was a little late spotting this New York Times article from August 21st: Sheera Frenkel and Nicholas Fandos: Facebook Identifies New Influence Operations Spanning Globe – “We know that trolls on social media are trying to sow discord on contentious subjects like race, guns and abortion, but how do they do it? Here is a visual guide to their strategy.”

It’s starting point is this article from Facebook – Taking Down More Coordinated Inauthentic Behavior – regarding how it has taken down 652 pages, groups and accounts for ‘inauthentic behavior’ after receiving information from FireEye about ‘Liberty Front Press’. FireEye’s analysis is summarized here – Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East – linking to a 38-page report.

Fascinating stuff.

David Harley

(Anti-)Social Media updates 24th August 2018

Updates to Anti-Social Media 

Richi Jennings for TechBeacon’s Security Blogwatch: It’s election hacking season: Are you a target? A selection of commentary from a variety of sources. “Allegedly, Russia and Iran have been phishing, hacking, and building fake profiles on Facebook, Twitter, and YouTube…With the midterms just a few months away, the froth is building.”


Graham Cluley for BitDefender: Facebook pulls its VPN from the iOS App Store after data-harvesting accusations – “Facebook has withdrawn its Onavo Protect VPN app from the iOS App Store after Apple determined that it was breaking data-collection policies.”

John Leyden for The Register: Facebook pulls ‘snoopy’ Onavo VPN from Apple’s App Store after falling foul of rules


Rebecca Hill for The Register: Chap asks Facebook for data on his web activity, Facebook says no, now watchdog’s on the case – “Info collected on folk outside the social network ‘not readily accessible’ … Facebook’s refusal … is to be probed by the Irish Data Protection Commissioner … Under the General Data Protection Regulation … people can demand that organisations hand over the data they hold on them.”


Lisa Vaas for Sophos: Facebook’s rating you on how trustworthy you are – a good analysis of the difficulties Facebook and other social media face in addressing the problem of fake news.

David Harley

How being online influences real-world behaviour

An article in the New York Times focuses on a paper by Karsten Müller and Carlo Schwarz of the University of Warwick that made a startling assertion: “Wherever per-person Facebook use rose to one standard deviation above the national average, attacks on refugees increased by about 50 percent.” I don’t think they mean to imply that Facebook directly or intentionally encourages the negative traits that such attacks represent: more that it “isolates us from moderating voices or authority figures, siphons us into like-minded groups and, through its algorithm, promotes content that engages our base emotions.” Or to put it another way, our tendency to group ourselves into like-minded ‘bubbles’ inclines us to make distorted assumptions about how widespread our pet beliefs are, assumptions reinforced by ‘superposters’ who energetically promulgate those same beliefs.

While it’s not exactly the same thing,, being more focused on anonymity and pseudonymity,  I was reminded of an older paper by Mich Kabay that has influenced my own thinking significantly over the years: Anonymity and Pseudonymity in Cyberspace: Deindividuation, Incivility and Lawlessness Versus Freedom and Privacy. The similarity is in the examination of the ways in which online behaviour can differ (for the worse) from behaviour in the real world. The difference is the way in which the Warwick study suggests that behaviour in the real world can be redirected into unacceptable channels by perceptions moulded by social media.


And here are a trio of further items about ‘anti-social media’….


A paper by Professor Douglas C. Schmidt on Google Data Collection makes clear just how much information Google is collecting about its users and the purposes for which it can be used. It is … disquieting …


Rebecca Hill for The Register: Bloke hurls sueball over Google’s ‘is it off yet?’ location data slurping – “…a lawsuit has accused the search-cum-ads biz of unlawfully invading users’ privates and intentionally complicating the opt-out process…after last week’s Associated Press probe into location data slurping.”


Lisa Vaas for Sophos: Social networks to be fined for hosting terrorist content – “On Sunday, the Financial Times reported that the EC’s going to follow through on threats to fine companies like Twitter, Facebook and YouTube for not deleting flagged content post-haste.”

David Harley