Online Safety Bill Introduces Mass Surveillance, Leaves Citizens’ E2E Encrypted Messages Vulnerable to Criminal and Foreign Activity

The Online Safety Bill, currently at the committee stage in the House of Lords, is the enactment of two long-held UK government desires: removing harmful internet content and improving visibility into end-to-end (E2E) content. The bill has been justified on the grounds of national security (terrorism) and protection against child pornography. If the bill becomes law, its reach will expand to all internet platforms providing services to UK people. The bill’s primary purpose is to make platform providers responsible for the content posted to their platforms, regardless of the content’s generating source. If deemed harmful, the provider will be legally required to remove that content.

Although all of this may sound very reasonable, Kevin Townsend at SecurityWeek reports concerns that this bill will essentially enable mass surveillance of the internet in the UK. Even supposedly end-to-end encrypted data within a messaging or communications app is subject to the law. That is, the Online Safety Bill will require messaging app providers to allow a backdoor into the encrypted data. Anyone who resists stands to receive fines of up to £18 million ($22 million) or 10% of global revenue (GDPR’s maximum is 4% of global revenue). Their platforms may also get blocked, and senior managers may even be charged with criminal liability.

Former security policy advisor to the Open Rights Group, Alec Muffett, wrote in 2022 in his Primer for E2E Encryption Policy: “You can’t be ‘a little bit surveilled.” Either a non-participant has independently determined a message which Alice has spoken to the other participants, or else they have not. If such has occurred, then surveillance has occurred and the guarantee of E2E has been broken.” The issue also remains that if the government can access backdoor content, so can criminals and foreign governments, leaving British citizens vulnerable.

Read: https://www.securityweek.com/uk-introduces-mass-surveillance-with-online-safety-bill/

As of this week, Disney has eliminated its entire metaverse division of roughly 50 people. Led by Mike White (who will stay on at the company), the metaverse team was only one of many other teams currently being laid off across the company. Disney’s metaverse division was created in February 2022, when media companies were caught up in the hype of Zuckerberg’s plans to revolutionize the industry.

As of late, however, the metaverse has become a bit of a punchline in the world of tech—an effort to create a virtual world where the only “innovation” was being able to see your coworkers using silly avatars. Therefore, when Zuckerberg himself decided to pivot towards artificial intelligence this past February, media companies like Disney were quick to follow suit.

Recent history is absolutely littered with predictions of how virtual reality worlds will change our future forever. The technologist and media critic Jaron Lanier promised in 1991 that the virtual worlds of the near future would transcend physical space. However, that virtual future still hasn’t quite arrived, partially because of how clunky and expensive virtual reality headsets currently remain. Though the future is always hard to predict, if you’re looking to make a bet between metaverse and AI, we suggest betting on the latter. Disney certainly is.

Read: https://www.forbes.com/sites/mattnovak/2023/03/27/disney-scraps-metaverse-division-as-virtual-worlds-become-yesterdays-tech-fad-report/


Google’s Threat Analysis Group Reveals Two “Limited and Highly Targeted” Spyware Campaigns Targeting Apple and Android Devices

Earlier this week, Google’s Threat Analysis Group disclosed two “limited and highly targeted” spyware campaigns that exploited zero-day vulnerabilities and unpatched security holes to undermine Android and Apple iOS device protections. Without revealing the spyware vendors involved, the Threat Analysis Group reported that whoever was behind the most recent spyware campaign could be a customer or partner of the Spanish spyware firm Variston IT.

This discovery comes days after the U.S. government enforced an executive order barring federal agencies from using commercial spyware that presents a national security risk after spyware had been found on devices associated with 50 U.S. personnel globally.

“These campaigns are a reminder that the commercial spyware industry continues to thrive,” the Threat Analysis Group researchers said. “Even smaller surveillance vendors have access to 0-days, and vendors stockpiling and using 0-day vulnerabilities in secret poses a severe risk to the Internet. These campaigns may also indicate that exploits and techniques are being shared between surveillance vendors, enabling the proliferation of dangerous hacking tools.”

The spyware campaign has been active since 2020, targeting mobile and desktop services. Amnesty International Security Lab has reported that the exploits were delivered from a network of more than 1,000 malicious domains, noting additional activity in Indonesia, Belarus, Italy, and the UAE.

“In the wake of the Pegasus Project, which revealed that spyware had been used to target journalists, human rights defenders and politicians around the world, there is an urgent need for an international moratorium on the development, use, transfer and sale of spyware technologies until there is a global legal framework in place to prevent these abuses and protect human rights in the digital age,” Amnesty International Security Lab said in a statement.

Read: https://cyberscoop.com/google-tag-spyware-android-ios-chrome/


Proposed Legislation Aimed at TikTok and WeChat Draws Orwellian Comparisons

Senator Josh Hawley has proposed a new piece of legislation called the Restricting Use of Spyware Act, which aims to prohibit the use of Chinese-made spyware apps such as TikTok and WeChat by government officials. The act has been presented as a measure to protect national security, but critics argue that it is little more than an attempt to censor content on these platforms.

According to a recent report on ZeroHedge, the RESTRICT Act would grant government officials sweeping powers to monitor and control social media content, especially content that is critical of the government. The act would require social media platforms to provide detailed information about their users to the government, which could then be used to identify and target individuals who express dissenting views. This, the report claims, is reminiscent of the kind of censorship seen in George Orwell’s classic dystopian novel, “1984.”

Critics of the RESTRICT Act claim that it is part of a broader trend of government overreach and censorship in the United States. Many argue that free speech is under threat, particularly from the left, and that the RESTRICT Act is a violation of the First Amendment to the US Constitution, which protects the right to free speech.

The RESTRICT Act has generated a great deal of controversy, with some arguing that it is a necessary measure to protect national security, and others claiming that it is a dangerous threat to free speech and civil liberties. As the debate continues, it remains to be seen whether the RESTRICT Act will be passed into law, or whether it will be met with resistance from those who value free speech and individual rights.

Read: https://www.zerohedge.com/political/restrict-act-orwellian-censorship-grab-disguised-anti-tiktok-legislation

Twitter recommendation algorithms have been posted

Rumours began to circulate that an employee of Twitter had been leaking source code. After an initial effort to track down the source, Elon Musk decided to end-run it and began posting large swaths of source code to Github – the initial installment of which is the tweet recommendation engine which governs which tweets a user sees in their timeline.

The Mongolian hordes (a.k.a the general public) immediately descended on the repository and began surfacing all manner of revelations about the internal algo of the bird app like how if you are verified, your entire account gets a big boost and exactly how your tweets are ranked.

Read: https://github.com/twitter/the-algorithm

Elsewhere online:

Medusa Ransomware Operation Forecasted to Target More Corporations Worldwide in 2023
Read: https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/

Finnish Security Vendor Detects “SilkLoader” Malware Designed to Load Cobalt Strike Beacons onto Victim Machines
Read: https://www.infosecurity-magazine.com/news/chinese-silkloader-sold-russian/

Produce Giant Dole Admits Employee Information was Compromised in Ransomware Attack
Read: https://www.securityweek.com/dole-says-employee-information-compromised-in-ransomware-attack/

Virus-infecting Windows bug squashed by Microsoft
Read: https://www.theregister.com/2023/03/14/windows\_ransomware\_zero\_day\_patched/

CISA Adds Ten Known Exploited Vulnerabilities to Catalog
Read: https://www.cisa.gov/news-events/alerts/2023/03/30/cisa-adds-ten-known-exploited-vulnerabilities-catalog