Category Archives: Data and computer security

YouTube’s fine and child safety online | Letters

Fining YouTube for targeting adverts at children as if they were adults shows progress is being made on both sides of the Atlantic, writes Steve Wood of the Information Commissioner’s Office

The conclusion of the Federal Trade Commission investigation into YouTube’s gathering of young people’s personal information (‘Woeful’ YouTube fine for child data breach, 5 September) shows progress is being made on both sides of the Atlantic towards a more children-friendly internet. The company was accused of treating younger users’ data in the same way it treats adult users’ data.

YouTube’s journey sounds similar to many other online services: it began targeting adults, found more and more children were using its service, and so continued to take commercial advantage of that. But the allegation is it didn’t treat those young people differently, gathering their data and using it to target content and adverts at them as though they were adult users.

Continue reading...

Data breach may affect 50,000 Australian university students using ‘Get’ app

Students using events app Get, previously known as Qnect, may have had their personal data exposed online

The personal details of an estimated 50,000 students involved in university clubs and societies around Australia may have been exposed online, in the second breach of its kind for the company holding the data.

Get, previously known as Qnect, is an app built for university societies and clubs to facilitate payments for events and merchandise. The app operates in four countries with 159,000 active student users, and 453 clubs using it.

Continue reading...

Guardian investigations: how tech helps tackle big data … and big lawyers

Our head of investigations explains how a new IT system, Giant, has the power to find needles in journalistic haystacks

There aren’t too many places to hide at the Guardian. The offices are open-plan and most of the meeting rooms have glass walls.

There is one room, however, that has a special status. In recent years, when we have been involved in big investigations, this is the place where reporters and editors have relocated for months on end.

Continue reading...

A ‘deep fake’ app will make us film stars – but will we regret our narcissism?

Users of Zao can now add themselves into the scenes of their favourite movies. But is our desire to insert ourselves into everything putting our privacy at risk?

‘You oughta be in pictures,” goes the 1934 Rudy Vallée song. And, as of last week, pretty much anyone can be. The entry requirements for being a star fell dramatically thanks to the launch, in China, of a face-swapping app that can decant users into film and TV clips.

Zao, which has quickly become China’s most downloaded free app, fuses the face in the original clip with your features. All that is required is a single selfie and the man or woman in the street is transformed into a star of the mobile screen, if not quite the silver one. In other words, anyone who yearns to be part of Titanic or Game of Thrones, The Big Bang Theory or the latest J-Pop sensation can now bypass the audition and go straight to the limelight without all that pesky hard work, talent and dedication. A whole new generation of synthetic movie idols could be unleashed upon the world: a Humphrey Bogus, a Phony Curtis, a Fake Dunaway.

Related: The rise of the deepfake and the threat to democracy

Continue reading...

Chinese deepfake app Zao sparks privacy row after going viral

Critics say face-swap app could spread misinformation on a massive scale

A Chinese app that lets users convincingly swap their faces with film or TV characters has rapidly become one of the country’s most downloaded apps, triggering a privacy row.

Related: The rise of the deepfake and the threat to democracy

In case you haven't heard, #ZAO is a Chinese app which completely blew up since Friday. Best application of 'Deepfake'-style AI facial replacement I've ever seen.

Here's an example of me as DiCaprio (generated in under 8 secs from that one photo in the thumbnail) pic.twitter.com/1RpnJJ3wgT

Continue reading...

Uighurs in China were target of two-year iOS malware attack – reports

Android and Windows devices also targeted in campaign believed to be state-backed

Chinese Uighurs were the target of an iOS malware attack lasting more than two years that was revealed last week, according to multiple reports.

Android and Windows devices were also targeted in the campaign, which took the form of “watering hole attacks”: taking over commonly visited websites or redirecting their visitors to clones in order to indiscriminately attack each member of a community.

Related: China’s hi-tech war on its Muslim minority

Continue reading...

Maths and tech specialists need Hippocratic oath, says academic

Exclusive: Hannah Fry says ethical pledge needed in tech fields that will shape future

Mathematicians, computer engineers and scientists in related fields should take a Hippocratic oath to protect the public from powerful new technologies under development in laboratories and tech firms, a leading researcher has said.

The ethical pledge would commit scientists to think deeply about the possible applications of their work and compel them to pursue only those that, at the least, do no harm to society.

Despite being invisible, maths has a dramatic impact on our lives

Related: Google whistleblower launches project to keep tech ethical

Related: To fix the problem of deepfakes we must treat the cause, not the symptoms | Matt Beard

Continue reading...

Myki data release breached privacy laws and revealed travel histories, including of Victorian MP

Researchers able to identify MP Anthony Carbines’s travel history using tweets and Public Transport Victoria dataset

The three-year travel history of a Victorian politician was able to be identified after the state government released the supposedly “de-identified” data of more than 15m myki public transport users in a breach of privacy laws.

In July 2018, Public Transport Victoria (now the Department of Transport) released a dataset containing 1.8bn travel records for 15.1m myki public transport users for the period between June 2015 and June 2018.

Related: Major breach found in biometrics system used by banks, UK police and defence firms

See you about 05.24AM tomorrow at Rosanna to catch the first train to town. Well done all. Thanks for hanging in there. Massive construction effort. Single track gone. Two level crossings gone. The trains! The trains! The trains are coming! pic.twitter.com/kk2Cj3ey9T

Continue reading...

Major breach found in biometrics system used by banks, UK police and defence firms

Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Related: The Great Hack: the film that goes behind the scenes of the Facebook data scandal

Related: Chinese cyberhackers 'blurring line between state power and crime'

Continue reading...

From Watergate to El Paso: should we be relying on unelected bodies to protect us? | John Naughton

Web security firm Cloudflare’s decision to terminate 8chan as a customer is welcome, but risks setting a dangerous precedent

Last Saturday morning, a gunman armed with an assault rifle walked into a Walmart store in El Paso, Texas, and shot 22 people dead and injured 24 more. Shortly before he did so, a post by him appeared on the /pol/ [politically incorrect] message board of the far-right website 8chan. Attached to it was a four-page “manifesto”. The 8chan thread was quickly deleted by a site moderator (it was news to me that 8chan had moderators), but archived copies of it rapidly circulated on the internet.

“There is nothing new in this killer’s ramblings,” wrote one analyst who had read it. “He expresses fears of the same ‘replacement’ of white people that motivated the Christchurch shooter and notes that he was deeply motivated by that shooter’s manifesto.”

Continue reading...

Chinese cyberhackers ‘blurring line between state power and crime’

Cybersecurity firm FireEye says ‘aggressive’ APT41 group working for Beijing is also hacking video games to make money

A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for the Chinese government in 14 different countries, the cybersecurity firm FireEye has said.

In a report released on Thursday, the company said the hacking group APT41 was different to other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.

Related: Australia joins condemnation of 'huge, audacious' Chinese hacking plot

Continue reading...

Briton who helped stop 2017 WannaCry virus spared jail over malware charges

  • Marcus Hutchins pleaded guilty to two malware charges
  • 25-year-old ‘incredibly thankful’ to be sentenced to time served

The British computer expert who helped shut down the WannaCry cyberattack on the NHS said he is “incredibly thankful” after being spared jail in the US for creating malware.

Marcus Hutchins was hailed as a hero in May 2017 when he found a “kill switch” that slowed the effects of the WannaCry virus affecting more than 300,000 computers in 150 countries.

Related: FTSE 250 firms exposed to possible cyber-attacks, report finds

Continue reading...

Is buying a ‘smart nappy’ really such a clever idea? | Arwa Mahdawi

Anxious parents may see the appeal of measuring their baby’s vital signs – but sharing your child’s data with a private company may not be wise

This week’s instalment of innovations no one was waiting for is brought to you by Pampers, which has announced a “smart nappy” system. Lumi consists of a sensor that you stick to a specially designed nappy; the gizmo then beams information about how much your little bub is peeing and sleeping to a dedicated app. You can complement this with a video monitor that links to the app and tracks room temperature and humidity. Voilà: your embarrassingly low-tech baby is now a sophisticated analytics machine.

If you can’t wait to start a more data-driven relationship with your newborn, I am afraid to say there is no word on when Lumi will launch in the UK (it arrives in the US this autumn). If you are in South Korea, however, you can grab some Huggies smart nappies; these let you know, via Bluetooth, whether your baby has urinated or defecated. A truly brilliant update to the obsolete technology known as “your nose”.

Related: ‘You can track everything’: the parents who digitise their babies’ lives

Continue reading...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance capitalism’ out of control

Related: Arron Banks threatens Netflix over Great Hack documentary

Cambridge Analytica may have become the byword for a scandal, but it’s not entirely clear that anyone knows exactly what that scandal is. It’s more like toxic word association: “Facebook”, “data”, “harvested”, “weaponised”, “Trump” and, in this country, most controversially, “Brexit”.

Cambridge Analytica didn’t decide democracy was for sale. We built this world, so we should own it

(December 11, 2015) First hint of the scandal

People have completely misunderstood the scandal as being about privacy, when it’s actually about power

The Cambridge Analytica files resulted in a multi-year investigation from the UK Information Commissioner's Office, "the most important ever", according to Elizabeth Denham, the Information Commissioner.

Continue reading...

How do I remove malware from my Windows laptop?

Don’s laptop is infected with malware and he’d like a clean machine, what’s the best way?

What’s the cheapest way to get my Windows laptop swept and cleaned out of malware etc? Don

There are two obvious ways to clean a Windows laptop, and both of them are free. The first is to run a number of anti-malware programs to find and remove the bad stuff. The second is to reset it to factory condition.

Continue reading...

Hacked forensic firm pays ransom after malware attack

Largest private provider Eurofins hands over undisclosed fee to regain control of systems

Britain’s largest private forensics provider has paid a ransom to hackers after its IT systems were brought to a standstill by a cyber-attack, it has been reported.

Eurofins, which is thought to carry out about half of all private forensic analysis, was targeted in a ransomware attack on 2 June, which the company described at the time as “highly sophisticated”. Three weeks later the company said its operations were “returning to normal”, but did not disclose whether or not a ransom had been paid.

Continue reading...

How Chinese spy app allows officials to harvest personal data

Intrusive software collects emails and texts and could be used to track movement

The tourists travelling into China were never supposed to know their phones had been compromised.

The surveillance app being installed on their devices should have been removed by the border officers tasked with the job. But their apparent carelessness has provided a rare insight into the techniques used by China to snoop on visitors and the kind of information being harvested from their phones.

Continue reading...

Australian National University hit by huge data breach

Vice-chancellor says hack involved personal and payroll details going back 19 years

The Australian National University is in damage control after discovering a major data breach a fortnight ago in which a “significant” amount of staff and student information was accessed by a “sophisticated operator”.

The university has confirmed an estimated 200,000 people have been affected by the hack, based on student numbers each year and staff turnover.

Related: Australian security services investigate attempted cyber attack on parliament

Continue reading...

The Guardian view on cybercrime: the law must be enforced | Editorial

Governments and police must take crime on the internet seriously. It is where we all live now

About half of all property crime in the developed world now takes place online. When so much of our lives, and almost all of our money, have been digitised, this is not surprising – but it has some surprising consequences. For one thing, the decline in reported property crimes trumpeted by successive British governments between 2005 and 2015 turns out to have been an illusion. Because banks were not required to report fraud to the police after 2005, they often didn’t. It would have made both banks and police look bad to have all that crime known and nothing done about it. The cost of the resulting ignorance was paid by the rest of government, and by the public, too, deprived of accurate and reliable knowledge. Since then, the total number of property crimes reported has risen from about 6m to 11m a year as the figures have taken computerised crime into account.

The indirect costs to society are very much higher than the hundreds of millions that individuals lose. One example is the proliferation of plagiarism software online, which developed an entire industry in poor, English-speaking countries like Kenya, serving idle or ignorant students in England and North America. The effort required by schools and universities to guard against such fraud has been considerable, and its cost entirely disproportionate to the gains made by the perpetrators.

Continue reading...