Category Archives: Digital Security

What is the Root Cause of ID Theft in the USA? | Sep 12 2018

Illegal immigrants cited in theft of 39 million Social Security numbers

|| Washington Examiner

Nearly 40 million Social Security numbers have been stolen and used by illegal immigrants and others to get work, according to agency records obtained by an immigration reform group.

The Immigration Reform Law Institute said that from 2012 to 2016 there were “39 million instances where names and Social Security numbers on W-2 tax forms did not match the corresponding Social Security records.”

The group said that there is a “thriving black market” used by illegal immigrants to get Social Security numbers needed to get a job.

Their report draws attention to a move by former President Barack Obama to stop sending so-called “no match” letters to employers notifying them that numbers used by employees on the wage forms do not match their identity.

The change followed the president’s decision to approve amnesty for some 700,000 younger immigrants let into the U.S. under his Deferred Action for Childhood Arrivals. Some of those have been dubbed “dreamers.”

Several groups promoting immigration reform and limitations have shown that illegal immigrants compete with low-income Americans for jobs.

“The Social Security numbers of young children are especially sought by illegal aliens, as this theft is likely to go undetected for years. As children reach late teenage years and apply for credit for cars, student loans, and other needs, they may find that their credit has been compromised with mortgages, credit cards and criminal records attached to their identities,” said the group.

“This investigation shines a light on the depth of America’s problems as a result of allowing illegal aliens into the country,” said Dale L. Wilcox, executive director and general counsel of IRLI. “It also debunks the idea that being in the country illegally is a victimless crime. Millions of Americans, in many cases children, are having their identities stolen to enable even more criminal activity. Illegal aliens should not reap Social Security benefits that result from the commission of identity theft.”

….Read more @ Washington Examiner

China Hacked Hillary Clinton’s Private Email Server

Sources: CHINA HACKED HILLARY CLINTON’S PRIVATE EMAIL SERVER

|| Daily Caller

  • A Chinese-owned company penetrated former Secretary of State Hillary Clinton’s private server, according to sources briefed on the matter.
  • The company inserted code that forwarded copies of Clinton’s emails to the Chinese company in real time.
  • The Intelligence Community Inspector General warned of the problem, but the FBI subsequently failed to act, Texas Republican Rep. Louie Gohmert said during a July hearing.

“A Chinese-owned company operating in the Washington, D.C., area hacked Hillary Clinton’s private server throughout her term as secretary of state and obtained nearly all her emails, two sources briefed on the matter told The Daily Caller News Foundation.

The Chinese firm obtained Clinton’s emails in real time as she sent and received communications and documents through her personal server, according to the sources, who said the hacking was conducted as part of an intelligence operation.

The Chinese wrote code that was embedded in the server, which was kept in Clinton’s residence in upstate New York. The code generated an instant “courtesy copy” for nearly all of her emails and forwarded them to the Chinese company, according to the sources.

The Intelligence Community Inspector General (ICIG) found that virtually all of Clinton’s emails were sent to a “foreign entity,” Rep. Louie Gohmert, a Texas Republican, said at a July 12 House Committee on the Judiciary hearing. He did not reveal the entity’s identity, but said it was unrelated to Russia.”

Two officials with the ICIG, investigator Frank Rucker and attorney Janette McMillan, met repeatedly with FBI officials to warn them of the Chinese intrusion, according to a former intelligence officer with expertise in cybersecurity issues, who was briefed on the matter. He spoke anonymously, as he was not authorized to publicly address the Chinese’s role with Clinton’s server.

Among those FBI officials was Peter Strzok, who was then the bureau’s top counterintelligence official. Strzok was fired this month following the discovery he sent anti-Trump texts to his mistress and co-worker, Lisa Page. Strzok didn’t act on the information the ICIG provided him, according to Gohmert.

Gohmert mentioned in the Judiciary Committee hearing that ICIG officials told Strzok and three other top FBI officials that they found an “anomaly” on Clinton’s server.

The former intelligence officer TheDCNF spoke with said the ICIG “discovered the anomaly pretty early in 2015.”

“When [the ICIG] did a very deep dive, they found in the actual metadata — the data which is at the header and footer of all the emails — that a copy, a ‘courtesy copy,’ was being sent to a third party and that third party was a known Chinese public company that was involved in collecting intelligence for China,” the former intelligence officer told TheDCNF.

“The [the ICIG] believe that there was some level of phishing. But once they got into the server something was embedded,” he said. “The Chinese are notorious for embedding little surprises like this.”

The intelligence officer declined to name the Chinese company.

“We do know the name of the company. There are indications there are other ‘cutouts’ that were involved. I would be in a lot of trouble if I gave you the name,” he told TheDCNF.

A government staff official who’s been briefed on the ICIG’s findings told TheDCNF that the Chinese state-owned firm linked to the hacking operates in Washington’s northern Virginia suburbs. The source was not authorized to publicly discuss the matter.

The company that penetrated Clinton’s server was not a technology firm and it served as a “front group” for the Chinese government, the source told TheDCNF.

The Fairfax and Loudoun county governments told TheDCNF that 13 state-owned Chinese companies operate in the area. Of those, three were not technologically oriented.”

….Read more at Daily Caller

 

Does Fake Music Streaming Account for Millions in Theft? ‘Physically Impossible’ Numbers | July 26 2018

Halfway Through 2018, Streaming Continued Growth Defies Mathematical Trends

|| Billboard

“In the first half of 2018, overall on-demand streaming increased 41.7 percent to reach 403.5 billion U.S. streams, according to Nielsen Music. That growth defies mathematical trends, which dictate that, as a base enlarges, it becomes harder to achieve a bigger percentage growth than in preceding time periods.

.. ..

When looking at only album consumption units constructed with audio on-demand streams — the kind used in tallying the Billboard 200 and U.S. market share — the industry grew by 13.8 percent to 270 million units at midyear 2018, compared to 237.2 million at the midway point of 2017. Audio on-demand streams grew 45.5 percent to 268.3 billion, from the 184.5 billion accumulated in the first six months of 2017, while video on-demand streams grew 34.7 percent to 135.2 billion from the 100.4 billion streams tallied in the first half of 2017. (Overall video stream count is not available because YouTube stopped reporting streams of song videos that do not garner at least 1,000 views a day in mid-2016.)

.. ..

R&B/hip-hop remained the most popular genre with a 31.2 percent market share, and had the largest gain overall, up from 28.65 percent in 2017. Conversely, rock came in second at 23.1 percent, but had the largest decline, falling from the 24.81 percent it had accumulated in the first six months of 2017. Latin continued to show strong growth, accounting for 7.74 percent market share, up from 6.46 percent for the corresponding period in 2017, while the other large genre, pop, grew to 15.09 percent this year from 14.76 percent last year, with its album consumption units increasing to 46.22 million from 38.93 million units.

While country grew 8.1 percent to 25.74 million album consumption units at the midway points, its market share actually declined to 8.4 percent, down from 9.03 percent last year, because it isn’t growing as fast as the overall market.”

….Continue reading more @ Billboard.com

 

Beyoncé Claps Back At Accusations Of Fake Streaming Numbers On New Album

|| The Federalist

Beyoncé and Jay-Z’s new collaborative album takes a shot at Spotify, presumably in response to recent reports about Tidal’s fudging of subscriber numbers.

“My success can’t be quantified/ If I gave two f–ks about streaming numbers, would’ve put ‘Lemonade’ up on Spotify/ F–k you, f–k you,” Beyoncé spits on her new joint album with Jay-Z. Queen Bey’s not-so-cryptic lyrics seem to be a response to accusations her husband’s streaming service, Tidal, faked hundreds of millions of plays and subscriber numbers.

In May, the Norwegian newspaper Dagens Næringsliv reported that Tidal fudged the streaming numbers for both Kanye West’s “The Life of Pablo” and Beyonce’s “Lemonade,” generating “massive royalty payouts at the expense of other artists.”

According to Variety, Tidal claims that West’s album recorded 250 million plays in the first 10 days of its release with just 3 million subscribers. Meaning that every subscriber played the album on average eight times per day. Tidal also said “Lemonade”was streamed 306 million times in its first 15 days of release last April.

The paper’s investigation used data from the Norwegian University of Science and Technology, where researchers estimated that Tidal’s total number of subscribers was closer to 1 million globally. Tidal denied the report and responded in a statement issued to Music Week: “This is a smear campaign from a publication that once referred to our employee as an ‘Israeli Intelligence officer’ and our owner as a ‘crack dealer’. We expect nothing less from them than this ridiculous story, lies and falsehoods. The information was stolen and manipulated and we will fight these claims vigorously.”

This isn’t the only sign of Tidal’s struggle. Kanye West ended his contract with the company last summer over money, claiming Tidal owed him $3 million. And TMZ reported on Tuesday that the heirs of Prince’s estate are about to back out of a deal giving Tidal exclusive streaming rights, saying “they don’t want the estate getting caught up in the streaming service’s legal problems.”

The other tracks on the power couple’s new album collaboration talk about their life at home, life in the public eye, celebrating their marriage rehab and growing family. “This beach ain’t always been no paradise/But nightmares only last one night,” Bey raps on “LoveHappy.”

 The real irony of Beyonce’s lyrics on the track ‘NICE’ is that she actually does give more than two f–ks about her streaming numbers. The album dropped exclusively on Tidal over the weekend, but was available on Spotify and Apple Music by Monday morning.”

…Read more @ The Federalist

 

 

 

FORGET ABOUT FAKE ARTISTS – IT’S TIME TO TALK ABOUT FAKE STREAMS

|| Music Business Worldwide | By Tim Ingham

“I’ve got a confession to make. I’m a fake artist.

One afternoon, about a decade ago, I started nobbing about on GarageBand. Made a scratchy demo. It wasn’t very good.

Last month, thinking nothing of it, I uploaded that demo to Spotify, via Tunecore.

I called it PH, by Pinky Hue. On Pinky Hue Records.

(As it turns out, my pseudonymous tendencies wererather more in vogue than I’d appreciated.)

Then, for over a fortnight, nothing. Aside, that is, from one loyal monthly listener in Milton Keynes, England. (Thanks mum.)

But this past week-and-a-half, things have kicked right off.

First 1,000 listens, then 3,000, then 5,000. Word’s getting out.

As we stand today, Pinky Hue has racked up more than 10,000 Spotify plays – and is already marching towards 15,000.

Anyone know a good manager?

There’s just one problem with this empowering rags-to-riches story, of course.

I bought these streams off the internet.

And I could have bought 2 million of them.


The issue of fake streams has been on my mind since Midem back in June – in particular, a panel called ‘How distributors and streaming services collaborate.’

Anne-Marie Robert (VP International, Tunecore France) appeared alongside reps from the likes of The Orchard and ADA, and was asked how self-releasing artists could gain better access to streaming playlists which would then revolutionize their career.

“Contrary to my friends from ADA and The Orchard, we don’t provide direct trade marketing services because we let the artist do [that] and we take no commission,” she replied.

“But we give a lot of advice on our blog… and also, we are partnering with some services where you can buy some streams [on] Deezer and other websites which can help you.”

Robert specifically mentioned Feature.fm, which allows artists and rights-holders to have their music played in promotional slots on streaming platforms – for a price.

Robert’s comments triggered a subsequent thought in my head: How hard is it to go out and actually purchase fake plays online?

So, the other week, I Googled ‘buy fake Spotify streams’.

And voila: options.

The top result was for a company called Streamify, which boasts on its homepage: ‘Whether you want to get more fans, boost sales or just monitor your plays [sic] count, Streamify has the answers and insights you need to get your songs played more.’

Streamify LLC is officially located in Houston, Texas and offers a full menu of fake stream delicacies specific to Daniel Ek’s platform.

For the timid trialist, $5 will buy you 1,000 Spotify plays.

For the bolder connoisseur, $200 will buy you 100,000 Spotify plays.

And for the full-on, screw-it-this-will-change-my-life desperado, $2,250 will buy you 2 million Spotify plays.

Other options for buying Spotify streams on the internet – and to be clear, MBW cannot vouch for the legitimacy of these companies – include Streampot/StreamKO and Mass Media, both of which also sell packages of fake YouTube plays.”

….Read more @ Musicbusinessworldwide.com

 

Did Tidal really fake Kanye and Beyoncé’s streaming numbers?

|| Digital Trends

“A Norwegian newspaper made huge waves in the music streaming industry on May 9, claiming that on-demand music streaming service Tidal had manipulated listener data for two of its biggest artists: Kanye West and Beyoncé.

The accusations surround both artists’ most recent albums, Kanye’s The Life of Pablo and Beyoncé’s Lemonade, with the newspaper claiming that it had gained access to royalty reports and a hard drive that contained “extensive data” regarding Tidal’s streaming plays. Tidal had exclusive streaming rights to both albums when they launched. Tidal owner Jay-Z is married to Beyoncé and is a longtime friend and collaborator of West.

.. ..

Rolling Stone has since reported that Tidal has contracted a third-party cybersecurity firm to investigate the data breach.  The company still denies the allegations made by the story and says it is undertaking the investigation as a means of reassuring its customers that their data is secure.

“Although we do not typically comment on stories we believe to be false, we feel it is important to make sure that our artists, employees and subscribers know that we are not taking the security and integrity of our data lightly,” Tidal CEO Richard Sanders told Rolling Stone.

The newspaper, Dagens Naeringsliv, worked in collaboration with the Norwegian University of Science and Technology to analyze the data, producing a report which claims that more than 320 million false plays had been logged for the two albums on more than 1.7 million user accounts. In March 2016, Tidal claimed that The Life of Pablo had been streaming 250 million times in 10 days. The streaming service claimed that Lemonade had 306 million plays in just 15 days following its release.

A later article from Dagens Naeringsliv that was published Wednesday, May 16 claims that Tidal has also failed to make royalty payments to some major labels since October of 2017.

.. ..

Many may be wondering why Tidal would want to skew its own streaming numbers in the first place. After all, you may think that increased plays would just cost the streaming service more money in royalty payments overall, thereby hurting the company. That is not true, as Billboard points out. Due to the nature of its contracts with major labels, Tidal — as well as competitors like Apple Music and Spotify — pays royalties from a percentage of revenue, not based on the total number of plays in a given term. This means it would simply shift the proportion of money they would have already paid other labels and artists towards West and Beyoncé.

There a few reasons this may have been in Tidal’s interest, should the allegations be true. First, it would have garnered increased publicity for two of its biggest artists. Second, it would have increased Tidal’s position and valuation in the marketplace — potentially profiting the company in terms of its increased ability to sell equity (Tidal sold a 30 percent stake in the business to Sprint in early 2017). And third, it would have made both artists over a million dollars in extra royalties, provided they were paid the “superstar” royalty rate of 50 percent on streaming from Def Jam and Columbia, the labels that produced the albums.

Tidal claims that the data was stolen and manipulated by Dagens Naeringsliv itself. One thing the study did indicate is that the data was unlikely to have been manipulated by a software bug or by accident.

“Due to the targeted nature and extent of the manipulation, it is very unlikely that this manipulation was solely the result of a code-based bug or other anomalies,” the study reads.

“[It] is highly likely that the manipulation happened from within the streaming service itself,” concludes professor Katrin Franke, who led the university team.

As part of its extensive story, Dagens Naeringsliv interviewed numerous affected customers, whose accounts show numerous plays of the album during odd hours.

Music critic Geir Rakvaag, for example, is shown in the data to have listened to songs from The Life of Pablo 96 times in a single day, and 54 times in the middle of the night.

“It’s physically impossible,” he claims in the story.

We’ll continue to keep tabs as this story develops. As for whether or not Tidal actually did manipulate user data to generate bigger publicity and profits for two of its biggest artists: Time will tell, and numerous lawsuits are likely forthcoming.”

…Read more @ Digitaltrends.com

Zuckerberg Gets Grilled in Front of Congress | Apr 11 2018

IF CONGRESS DOESN’T UNDERSTAND FACEBOOK, WHAT HOPE DO ITS USERS HAVE?

|| Wired

“What many young people feel about Facebook is they’ve kind of turned on us,” said Emmanuel Sessegnon, as he waited to enter the hearing room. “Whereas before we had this expectation when I signed up when I was 13, that when you’re on Facebook what you want to be public will be public, but what you want to be private will be private. What we see here is all this information that was leaked out by Facebook to these third-party companies…”

 

FACEBOOK CEO MARK Zuckerberg received a less than warm welcome in Washington, DC, where he testified before a joint hearing of two Senate committees Tuesday. Among the crowds of spectators lining up to watch Zuckerberg get grilled were members of the activist group CodePink, wearing oversized sunglasses with the words, “Stop Spying,” written across them. Another group wore t-shirts with the hashtag #DeleteFacebook scrawled on them in red Sharpie.

“What many young people feel about Facebook is they’ve kind of turned on us,” said Emmanuel Sessegnon, as he waited to enter the hearing room. “Whereas before we had this expectation when I signed up when I was 13, that when you’re on Facebook what you want to be public will be public, but what you want to be private will be private. What we see here is all this information that was leaked out by Facebook to these third-party companies, we just feel its inappropriate.”

Zuckerberg came to Congress to answer for a series of scandals that have plagued the company since at least the 2016 election. The first, of course, was the news that a Russian propaganda group called the Internet Research Agency used Facebook ads, fake accounts, and pages to influence voters in the run-up to the 2016 US election. The most recent was Facebook’s admission that a data firm named Cambridge Analytica received unauthorized accessto up to 87 million users’ private data without their consent beginning in 2014.

Anyone expecting Tuesday’s hearing to be a bloodbath, however, likely came away disappointed. The five-hour marathon felt more like Social Media 101, as Zuckerberg spent the bulk of his time in the hot seat walking through Facebook’s terms of service, the way advertisers target users, the way app developers access people’s information, and how and when and why Facebook collects and stores data. For close observers of both the company and the online ad ecosystem in general, the questions were largely rudimentary. That wasn’t necessarily a bad thing.

FACEBOOK CEO MARK Zuckerberg received a less than warm welcome in Washington, DC, where he testified before a joint hearing of two Senate committees Tuesday. Among the crowds of spectators lining up to watch Zuckerberg get grilled were members of the activist group CodePink, wearing oversized sunglasses with the words, “Stop Spying,” written across them. Another group wore t-shirts with the hashtag #DeleteFacebook scrawled on them in red Sharpie.

“What many young people feel about Facebook is they’ve kind of turned on us,” said Emmanuel Sessegnon, as he waited to enter the hearing room. “Whereas before we had this expectation when I signed up when I was 13, that when you’re on Facebook what you want to be public will be public, but what you want to be private will be private. What we see here is all this information that was leaked out by Facebook to these third-party companies, we just feel its inappropriate.”

Zuckerberg came to Congress to answer for a series of scandals that have plagued the company since at least the 2016 election. The first, of course, was the news that a Russian propaganda group called the Internet Research Agency used Facebook ads, fake accounts, and pages to influence voters in the run-up to the 2016 US election. The most recent was Facebook’s admission that a data firm named Cambridge Analytica received unauthorized access to up to 87 million users’ private data without their consent beginning in 2014.

Anyone expecting Tuesday’s hearing to be a bloodbath, however, likely came away disappointed. The five-hour marathon felt more like Social Media 101, as Zuckerberg spent the bulk of his time in the hot seat walking through Facebook’s terms of service, the way advertisers target users, the way app developers access people’s information, and how and when and why Facebook collects and stores data. For close observers of both the company and the online ad ecosystem in general, the questions were largely rudimentary. That wasn’t necessarily a bad thing.”

….Continue reading @ Wired.com

 

FOUR QUESTIONS CONGRESS SHOULD ACTUALLY ASK MARK ZUCKERBERG

|| Wired

 

“Mark Zuckerberg testified for almost five hours Tuesday in a televised Senate hearing about Facebook’s privacy practices and data abuse. More than 40 Senators had five minutes each to ask questions. Zuckerberg’s most frequent response? “My team will follow up with you.” House members will have their own chance to coax answers from the evasive Facebook CEO on Wednesday when he testifies before that chamber’s Energy and Commerce Committee.

It’s a rare opportunity. Zuckerberg has been heavily coached for the DC leg of his apology tour, but for the controlling CEO, with a cautiously curated personal brand, these hearings provide a forum to pin him down with facts and get his statements on the record.

The impetus for the hearing was the scandal over Cambridge Analytica, which collected data on 87 million Facebook users without their consent. But some of the most telling lines of inquiry on Tuesday focused on the longstanding tradeoffs from Facebook’s business model and the mechanics of data collection that Zuckerberg would prefer to obscure: How Facebook tracks you online and offline; what personal data you inadvertent reveal; how a $477 billion company that makes money from advertisers might still respect privacy.

There were few revelations, and a longer list of not-quite-answered questions. Some lawmakers had clearly been briefed by tech-savvy Facebook critics, but still couldn’t quite hit it home.

Toward the end of the hearing, Senator Kamala Harris (D-California) attempted to list the questions where she thought Zuckerberg had been less than candid. “During the course of this hearing these last four hours you’ve been asked several critical questions for which you don’t have answers,” Harris said.

With that in mind, we offer these suggested queries for House members:

1. How does Facebook track users when they’re not on Facebook?

Users are now accustomed to the notion that Facebook harvests every post, like, comment, and share to build profiles that inform the ads it displays to a user. But senators sounded a lot like ordinary Facebook users when they asked about whether, or how, Facebook tracks them when they are not on the social network. Consider this exchange with Sen. Roger Wicker (R-Mississippi).

Wicker: There have been reports that Facebook can track a user’s internet browsing activity even after that user has logged off of the Facebook platform. Can you confirm whether or not this is true?

Zuckerberg: Senator, I want to make sure I get this accurate, so it would probably be better to have my team follow up afterwards.

Wicker: You don’t know?

Zuckerberg: I know that people use cookies on the internet and that you can probably correlate activity between sessions. We do that for a number of reasons including security and including measuring ads to make sure the experience is the most effective, which of course people can opt-out of but I want to make sure that I’m precise.

Zuckerberg also got a lot of mileage from the line that Facebook doesn’t sell your data, until Sen. John Cornyn (R-Texas) shut him down by responding, “You clearly rent it!” Why not delve more into this rental agreement? The Wall Street Journal’s recent breakdown of all the data shared just to organize a pizza party is a good start.

Committee members could also ask about Facebook Pixel, its Like button, or other Facebook plugins that track consumers around around the web, even when they’re not logged in to Facebook. They could also probe more deeply about how data from Facebook gets combined with other sources, including shopping histories and public records.

2. Does Facebook behave like a monopoly?

Quite a few legislators asked tried to get Zuckerberg to admit that Facebook is a monopoly. Zuckerberg was asked to name Facebook’s competitors and identify a viable alternative for users who want to leave Facebook and go elsewhere. Zuckerberg responded that the typical American uses eight different communication apps, neglecting to mention that Facebook owns a few of those other apps too, including Instagram, WhatsApp, and Facebook Messenger.

A straighter route might be to ask Facebook about specific instances where it has allegedly engaged in anticompetitive behavior, such as brazenly copying Snapchat’s features or acquiring Onavo, a tool that help Facebook identify the next Snapchat it needs to buy or crush.

3. Pull out a laptop and ask Zuckerberg to walk us through the process of changing the privacy settings on a Facebook account.

This would be mostly for dramatic effect, but in keeping with this week’s corporate theater. But it would also prove a point. Zuckerberg repeatedly insisted that users own their own data, can remove it at any time, and can control who has access to it while they are on Facebook.

Exercising that control is not that simple, however. Start with Facebook’s 3,200-word user agreement. “I say this gently: Your user agreement sucks,” Sen. John Kennedy (R-Louisiana) told Zuckerberg. “The purpose of the user agreement is to cover Facebook’s rear end. It is not to inform your users about their rights. You know that and I know that.”

Then there are Facebook’s privacy controls, which are famously difficult to find and opaque. Warning: this question could go well over your five minute allotment.”

….Continue reading more @ Wired.com

Facebook on the Hot Seat, Zuckerberg in Hiding | Mar 21 2018

Where’s Zuck? Facebook CEO silent as data harvesting scandal unfolds

|| The Guardian UK

Amid calls for investigation and a #DeleteFacebook campaign, company releases an official statement but its figurehead keeps quiet

“The chief executive of Facebook, Mark Zuckerberg, has remained silent over the more than 48 hours since the Observer revealed the harvesting of 50 million users’ personal data, even as his company is buffeted by mounting calls for investigation and regulation, falling stock prices and a social media campaign to #DeleteFacebook.

Facebook’s shares slid 6.77% on Monday following the news, knocking $36bn off the company’s valuation as investors worried about the consequences of the revelations. Zuckerberg owns 16% of the company and personally saw his fortune fall $5.5bn to $69bn, according to Forbes’ live tracker of the world’s wealthiest people.

The embattled social media company announced on Monday that it will engage a digital forensics firm to conduct an audit of Cambridge Analytica to determine whether or not the firm still has copies of the data in question.

The Observer reported this weekend that a company called Global Science Research (GSR) harvested tens of millions of Facebook profiles and sold the data to Cambridge Analytica. The New York Times reported on Saturday that Cambridge Analytica still possesses “most or all” of the harvested data. Cambridge Analytica has denied knowing that the data was obtained improperly.

“If this data still exists, it would be a grave violation of Facebook’s policies and an unacceptable violation of trust and the commitments these groups made,” Facebook said in a statement.

The engagement of the digital forensics firm Stroz Friedberg is unlikely to assuage officials in the US or UK, where lawmakers have issued calls for Zuckerberg to testify about the data breach. Representatives of Stroz Friedberg were at Cambridge Analytica’s office in London on Monday evening when the UK Information Commissioner’s Office asked them to leave so the authorities could pursue its own investigation, Facebook said hours after the first announcement.

On Monday, the US senator Ron Wyden sent Zuckerberg a detailed list of questions related to the breach, with a demand for answers by 13 April. Two members of the Senate judiciary committee, Democrat Amy Klobuchar and Republican John Kennedy, called for hearings with the CEOs of Facebook, Twitter and Google.

“It’s time for Mark Zuckerberg to stop hiding behind his Facebook page,” said the Conservative MP Damian Collins, chair of the digital, culture, media and sport select committee.

Referencing the government’s request for Facebook’s auditors to leave Cambridge Analytica’s offices, Collins tweeted: “These investigations need to be undertaken by the proper authorities.”

The three social media companies testified in Washington last fall, following the revelation that their platforms had been used by foreign agents seeking to illegally influence the US presidential election. All three companies sent their general counsels, a move that was criticized at the time. It is unlikely that Zuckerberg will be able to avoid congressional questioning a second time.

Experts have long criticized Facebook’s privacy practices, but their warnings have done little to dissuade users – now numbering more than 2 billion around the world – from signing up for the platform.

Whether the scandal will result in actual change in user trust of the company remains to be seen, but the hashtag #DeleteFacebook trended on Twitter on Monday as users shared their intention to log off the social network for good. Others tweeted #WheresZuck, in reference to the executive’s silence.

Also on Monday, the New York Times reported that Facebook’s chief security officer, Alex Stamos, would be leaving the company following disagreements with other executives over the handling of the investigation into the Russian influence operation.”

….Continue reading more @ The Guardian

Hillary’s ‘Muslim Spy’ Huma Abedin Gave Away U.S. Secrets with Yahoo Account | Jan 02 2017

Huma Abedin Forwarded State Dept Passwords to Yahoo Email Account Before it Was Hacked By Foreign Agents… Including Russians

|| theGatewayPundit

(Photo by Olivier Douliery-Pool/Getty Images)

“As previously reported, the State Department released a portion of the documents found on pervert Anthony Weiner’s laptop Friday and at least 5 emails contain classified information.

The FBI seized Weiner’s laptop after he was caught sexting with an underage teenager and discovered CLASSIFIED INFORMATION on the disgraced politician’s computer.

It turns out Hillary Clinton’s aide, Huma Abedin forwarded sensitive State Department emails to all of her insecure Yahoo email accounts which were later hacked by foreign actors. Among the foreign agents that hacked Huma’s Yahoo emails included RUSSIANS.

Via Luke Rosiak of The Daily Caller:

Huma Abedin forwarded sensitive State Department emails, including passwords to government systems, to her personal Yahoo email account before every single Yahoo account was hacked, a Daily Caller News Foundation analysis of emails released as part of a lawsuit brought by Judicial Watch shows.

The U.S. later charged Russian intelligence agent Igor Sushchin with hacking 500 million Yahoo email accounts. The initial hack occurred in 2014 and allowed his associates to access accounts into 2015 and 2016 by using forged cookies. Sushchin also worked for the Russian investment bank Renaissance Capital, which paid former President Bill Clinton $500,000 for a June 2010 speech in Moscow.

A separate hack in 2013 compromised three billion accounts across multiple Yahoo properties, and the culprit is still unclear. “All Yahoo user accounts were affected by the August 2013 theft,” the company said in a statement.

[…]

Long-time Clinton confidante Sid Blumenthal sent Clinton an email in July 2009 with the subject line: “Important. Not for circulation. You only. Sid.” The email began “CONFIDENTIAL… Re: Moscow Summit.” Abedin forwarded the email to her Yahoo address, potentially making it visible to hackers.

According to The Daily Caller report, the three email accounts Abedin used were abedinh@state.gov, huma@clintonemail.com, and humamabedin@yahoo.com.

Judicial Watch President Tom Fitton had this to say about the new Huma/Hillary doc dump from the State Department Friday:

This is a major victory. After years of hard work in federal court, Judicial Watch has forced the State Department to finally allow Americans to see these public documents. It will be in keeping with our past experience that Abedin’s emails on Weiner’s laptop will include classified and other sensitive materials. That these government docs were on Anthony Weiner’s laptop dramatically illustrates the need for the Justice Department to finally do a serious investigation of Hillary Clinton’s and Huma Abedin’s obvious violations of law.

Read the full report by Luke Rosiak here.”

….Continue reading more @ TGP

Huma Abedin Forwarded Classified Emails to Yahoo Archive Account | Oct 2016

Equifax Hack Raises Major Questions of Consumer Privacy | Sep 9 2017

Equifax finally responds to swirling concerns over consumers’ legal rights

|| Washington Post

Update: Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.

Sharp-eyed social media users have combed through the Equifax data breach site’s fine print — and found what they argue is a red flag.

Buried in the terms of service is language that appears to bar those who enroll in an Equifax credit monitoring program from participating in any class-action lawsuits that may arise from the incident. Here’s the relevant passage of the terms of service:

AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

This language is commonly known in the industry as an “arbitration clause.” In theory, arbitration clauses are meant to streamline the amount of work that’s dumped onto the court system. But the Consumer Financial Protection Bureau concluded in the summer arbitration that clauses do more harm to consumers than good — and the agency put in place a rule to ban them.

“In practice, companies use these clauses to bar groups of consumers from joining to seek justice by vindicating their legal right,” Richard Cordray, the CFPB’s director, told reporters in July, according to my colleague Jonnelle Marte.

Here’s a further look into why the language raised concerns.

Why is arbitration a big deal?

There is already at least one class-action suit brewing against Equifax. Arbitration clauses make it hard if not impossible for consumers to join such suits. Arbitration is weaker than class-action suits, critics say, because it limits consumers’ ability to find facts to support their case, to appeal decisions or to present their case before a jury.

Friday afternoon, New York Attorney General Eric Schneiderman took aim at Equifax’s arbitration clause, tweeting his staff has contacted the company urging it to remove that part of the fine print.

“This language is unacceptable and unenforceable,” the state’s top lawyer said in his tweet. Minutes later, Schneiderman’s office announced a formal probe into the Equifax breach. In a release, the state attorney general’s office said Schneiderman had sent a letter to Equifax asking for more information. Among the questions were whether any consumer information has found its way to the “black market,” according to a person familiar with the investigation.

A spokesperson for Schneiderman declined to comment on whether officials were investigating the sale of company stock by Equifax executives before the discovery of the hack.

So should I register with the Equifax site, or not?

It’s up to you, but you should know going into the process what you’re signing up for. Equifax issued a statement Friday evening apologizing for consumers’ inconvenience and said the arbitration clause and class-action waiver “does not apply to this cybersecurity incident.”

…Continue reading more @ https://www.washingtonpost.com

 

Were You Hit By The Equifax Security Breach?

|| Refinery 29

“The three credit reporting agencies collect a vast array of personal data from consumers to calculate credit scores, which can determine an individual’s loan-worthiness or the terms of a loan. At a minimum, the accrued information includes Social Security numbers and credit card information that would be nerve-wracking to have stolen.

Yesterday, this information from as many as 143 million people in the U.S. — about 44% of the population — was leaked after a cybersecurity breach of Equifax’s database.
“The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed,” the firm said in a statement. “As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain U.K. and Canadian residents.”
Equifax says the breach occurred from mid-May through July 2017, and they urge consumers to “check potential impact” at a dedicated website, which you can do here. They’ve also opened a call center line (which will be open on weekends), and recommend that people with questions advises people who are worried about their information being exposed to consider placing a temporary fraud alert on their credit report for now.”
…Continue reading more @ Refinery29.com