This Week In Security - 03/02/2020
Clearview Obscured by Privacy Concerns
Clearview AI uses facial recognition software to help law enforcement agencies track down criminals, but its dubious data collection methods and recent data breach leave many questioning both its tactics and its security.
An intruder recently “gained unauthorized access” to Clearview AI’s entire client list but, the company claims, without compromising its systems. While Clearview clients are concerned, Clearview representatives seem rather more blasé about the incident.
Clearview attorney, Tor Ekeland, said, “Unfortunately, data breaches are part of life in the 21st century… We patched the flaw, and continue to work to strengthen our security”.
Meanwhile, managing director of Aspen Cybersecurity Group, David Forscey, says the breach is a “big deal”. “If you’re a law-enforcement agency”, Forscey said, “you depend on Clearview … to have good security, and it seems like they don’t”.
This isn’t the first time Clearview AI’s hit the headlines – earlier this year, privacy concerns brought it into the spotlight after it was found to be scraping millions of images off the internet.
While it could be an effective law-enforcement tool in the future, at present, Clearview is treading a thin line between using AI technology to track down criminals and facilitating the end of personal privacy.
Will Gmail Choose the Next President of the United States?
Gmail’s inbox filtering algorithms could change the face of American democracy and influence the results of the next election.
Some candidates are more promising than others, but that doesn’t seem to affect whether their emails end up in your inbox or your promotions folder. Currently, Pete Buttigieg seems to have a 63% chance of getting into your inbox, while Elizabeth Warren is more likely to be found in a remote spam folder.
As Kenneth Pennington, consultant and digital election campaign manager, notes, “It’s scary that if Gmail changes their algorithms, they’d have the power to impact our election”.
Mail classification categories are used to help users organize their emails and are activated in Gmail’s default settings, but the promotions folder is, some say, “just a step up above spam” and certainly not somewhere you want your important political messages to end up.
In a test run by The Guardian and The Markup, a non-profit organization focusing on data-driven journalism, “the distinctions between emails that wound up in the folder and those that went to the primary inbox were less consistent”.
As Pennington asserts, “The fact that Gmail has so much control over our democracy… and who raises money is frightening”.
RSA Witnesses Spat Between Huawei and DoD
It’s common knowledge that there is little love lost between the Department of Defense and Chinese technology giant Huawei, but when the two came to blows at the RSA Conference earlier this week, accusations started flying.
Things started getting heated when the DoD’s official in charge of acquisition, Katie Arrington, defended the government’s decision to remove all Huawei technology “because the risk is so high”.
Huawei’s USA chief security officer, Andy Purdy, responded saying the US government should observe the manufacturing process more closely to ensure “security flaws don’t get introduced into tech during the manufacturing process”.
Cybersecurity expert, Bruce Schneier, added his two cents’ worth, saying that, until recently, the US government was unconcerned about device security “because its spy agencies were the best at using those vulnerabilities to gain intelligence”. Now other countries are catching up, the government has become increasingly security conscious.
Another expert, Katherine Waldron, added that “the US government’s decision to ban Huawei tech has cemented the idea that Chinese tech companies are closely tied to the Chinese government”.
How important that is, is a matter of opinion, especially as, according to Waldron, “All countries are engaged in spying” anyway.
New Chrome Encryption Damages Cybercrime Black Market
Google’s latest version of Chrome increases user password protection and hits the cybercrime marketplace where it hurts.
Google released version 80 of its web browser earlier this month, introducing AES-256 encryption to protect stored passwords and credentials. If the effects on the black marketplace, Genesis Store, is anything to go by, the enhanced security seems to be working.
Genesis Store sells stolen digital fingerprints and browser credentials, but it’s recently seen a “35% drop in the number of hacked credentials sold on the site”.
Experts believe the cybercrime store’s future is in jeopardy as Google’s improved security “has crippled AZORult’s ability to extract passwords”.
AZORult is a form of malware that tracks down and appropriates “browsing history, cookies, ID/passwords, cryptocurrency information, and more”. Googles’ improved security has had a “tremendous impact on Genesis operations”, by negating AZORult’s “ability to extract passwords from Chrome browsers”.
Compared with “a steady influx of 18,000 new stolen fingerprints being added to the site” daily, the number has dropped to around 600.
Although experts expect “Genesis to survive AZORult’s ‘second death” and come up with a new form of malware, improved Chrome security has had a positive impact on the trade on stolen credentials, at least temporarily.