The End of Encryption in Kazakhstan, a New Surveillance Super Tool, and The FTC Should Have Gone to Trial

This week in tech

This week it was reported by ZDNet that the government in Kazakhstan has begun intercepting all HTTPS traffic. By requiring local ISPs to force their customers to install a government issued certificate, the Kazakh government will be able to read the unencrypted version of all HTTPS traffic from those users. The government announced plans to do this early as 2015, but were forced to delay because of a series of lawsuits from local institutions including ISPs and banks.

Kazakhstan isn’t the only nation that wants to circumvent encryption. This week U.S. Attorney General Barr also called for weakening of encryption standards. Specifically Barr has asked for a special backdoor in encryption algorithms that would allow U.S. officials to break encryption on demand. this is not the first time a U.S. government official has requested a backdoor, and security researchers have responded the same way they always have: by reminding politicians weakness designed for one entity can still be exploited by anyone who discovers it. Given the worldwide outbreak of ransomware using the Eternal Blue exploit — originally developed at NSA and later stolen by a hacker group called the Shadow Brokers — it’s hard to believe any “America only” backdoor would remain that way for long.

A new surveillance super tool, called Monokle, has been discovered by security researchers. Monokle appears to have originated in Russia and is only known to affect Android devices — thought it is conjectured to have an iOS version as well. The malware has extraordinary capabilities including the capacity to: retrieve and send text messages, track device locations, log and otherwise steal passwords, make calls, and record audio using the microphone (among other capabilities). Researchers have only found Monokle on a small number of devices. Combined with the level of sophistication, this suggests that its use has been carefully calculated. Researchers at the firm Lookout have also indicated that the people behind the tool appear to be targeting individuals living in the Caucasus region and interested in Ahrar al-Sham — a militant group fighting against the Syrian government and Bashar al-Assad.

While Monokle has only affected a few people, reports about a series of compromised browser extensions as well as a botnet called Agent Smith have impacted many more people. The browser extension breach known as DataSpii has impacted as many as 4.1 million individuals who had their web histories compromised in great detail. Those histories were funneled to a firm called Nacho Analytics who brags that their service is, “like God Mode for the internet.” The adware botnet Agent Smith was found on more than 25 million devices, but instead of monetizing data stolen from those devices the adware causes those devices to load advertisements. Hackers can drive advertising revenue by forcing infected devices to interact with ads, often without the device owners ever realizing what has happened.

The regulatory world continues to focus their gaze on big tech. While the $5 billion settlement against Facebook might seem like a lot, one of the FTC commissioners disagrees. Rebecca Kelly Slaughter wrote a detailed dissenting opinion arguing the FTC should have taken Facebook to trial. Others agree, with articles in the New York Times and Wiredboth arguing the settlement will fail to have a lasting impact. Not everyone is pessimistic, Jennifer Hudson published an op-ed in Business Insider arguing the settlement is fair. I am more persuaded by commissioner Slaughter, but I’m also an established anti-fan of Facebook, so take my opinion with a grain of salt.

Regardless of whether this settlement goes far enough, U.S. regulators will likely have more opportunities to see Facebook in court: The Department of Justice just launched a wide-ranging investigation into anti-competitive behavior specifically targeting tech giants.

A few tidbits: Equifax was ordered to pay $600 million over their massive 2017 data breach. The New York Times wants to use blockchain technology in the fight against fake news. California Passed a law requiring bots — or more accurately their owners — to identify themselves online. A new prosthetic hand allows users to feel. An Instagram app allows users to spy on people they follow by using geo-tagged photos to construct a location history. And the medals for the Tokyo Olympics are going to be made from recycled electronics.

All Rights Reserved for Tyler Elliot Bettilyon

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.