In addition, the US “no fly” list is revealed, the SCOTUS leaker eludes investigators, and PayPal is stuffed.
DO YOU KNOW where the pork chops for dinner tonight came from? You may not like the response.
This week, we released the first-ever footage of a CO2 “stun chamber” used in the slaughtering of pigs in a US meatpacking company. Using little infrared pinhole spy cameras, an activist with the organization Direct Action Everywhere obtained the film at a California facility. The mission’s objective was to demonstrate that this ostensibly “painless” method of execution is illegal and inhumane.
Apple has worked hard to promote itself as Big Tech’s privacy-friendly giant, and in many ways, this is accurate. However, this does not mean that it will not acquire your information for advertising purposes if given the chance. We sifted through about 70,000 words of Apple’s policies to determine exactly what information it collects about you and how to keep it under control.
Speaking of online advertisements, Human Security recently found a large ad-fraud scheme known as Vastflux. At its peak, the operation exploited vulnerabilities in the advertising ecosystem to target around 1,700 apps and 11 million mobile devices, resulting in approximately 12 billion requests for advertisements per day. The fraud has since been virtually eradicated, but its perpetrators have yet to be identified.
Putting fraud aside, it’s becoming exceedingly fortunate to be online at all. This week, Cloudflare, an Internet infrastructure business, released its first annual study on the global state of online connectivity interruptions and discovered a stunning increase. From North Carolina blackouts triggered by an attack on the power system to Iran’s authoritarian internet shutdowns designed to crush anti-government protests, 2022 appears to be the beginning of a new era of online blackouts.
In addition, we delved into the persistent menace of online echo chambers, which continue to have a disproportionate impact on US politics, as well as the ongoing debacle at T-Mobile, which this week disclosed yet another big data breach affecting 37 million consumers.
But there’s more. Each week, we cover in-depth the stories that we were unable to cover ourselves. Click on the headlines to view the complete articles. And remain safe outside.
Program of Surveillance Captures Millions of Money Transfers Between the United States and Twenty-Plus Countries
The Wall Street Journal reported this week that hundreds of law enforcement agencies in the United States have access to a database of 150 million money transfers sent between the United States, Mexico, and 22 other regions. The database, which is maintained by the non-profit Transaction Record Analysis Center (TRAC), gives over 600 local and federal law enforcement agencies warrantless access to the “full names of the sender and recipient” and the amounts of money transferred via services such as Western Union, MoneyGram, and Viamericas.
According to the study, the initiative was designed to help government authorities collect evidence of financial crimes such as fraud and money laundering. However, privacy activists are concerned because it permits bulk access to data on money transfers, which are not as strictly controlled as typical banking operations.
The WSJ was warned by Nathan Freed Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project, that “ordinary people’s private financial records are being indiscriminately sucked into a vast database, with access granted to nearly any cop who wants it.” This initiative should have never been initiated, and it must be terminated immediately.
A security researcher uncovered a version of the notorious United States “no fly list” on an insecure computer operated by CommuteAir, an Ohio-based minor airline. The list, which comprises more than 1.5 million entries, is significantly larger than previously reported and contains the names of those who are prohibited from entering the United States by air.
The Daily Dot was the first to report on the leaked list. CommuteAir confirmed the document’s veracity to the Daily Dot.
According to the Daily Dot, the list includes the name of the convicted Russian arms dealer Viktor Bout. The Biden administration returned Bout to Russia in exchange for the return of WNBA star Brittney Griner to the United States in December. There were approximately 30 entries for persons born after 2010 in the data, which was shared with WIRED on Thursday evening.
CNN reports that the US Transportation Security Administration is investigating the incident.
US Supreme Court Unable to Capture Dobbs Decision Leaker
The US Supreme Court has been unable to determine who leaked the draft judgment overturning Roe v. Wade, according to a report released by the court on Thursday. The investigation lasted eight months. The unusual leak to Politico in the spring of 2016 occurred more than a month before the issuance of the final opinion and triggered countrywide demonstrations.
During the inquiry into the leak, 97 court employees were interrogated and forensic experts were brought in to analyze call logs, printer logs, and fingerprints. According to the study, in addition to the nine justices, eighty individuals had access to the draft opinion.
The report notes, “No one admitted to publicly revealing the material, and none of the available forensic and other evidence gave a foundation for identifying any individual as the source of the document.” “It is impossible to tell who may have supplied the document or how the draft opinion wound up in Politico’s possession.”
The report makes no mention of whether or not the justices were interviewed.
PayPal Gets Stuffed
According to a PayPal notice of security issue, between December 6 and December 8, 2022, attackers gained unauthorized access to the accounts of thousands of users through a credential-stuffing assault. Credential stuffing is when hackers, generally utilizing a bot, attempt to enter accounts using lists of compromised password and username combinations.
Hackers got access to the full names, dates of birth, postal addresses, Social Security numbers, and individual tax identification numbers of account holders for two days. PayPal reports that 34,942 of its users were affected by the issue.
Equifax will provide affected individuals with a free identity monitoring service for two years.