Elsewhere online: 

• OpenAI Under Fire as FTC Opens Investigation Into Potential Consumer Protection Law Violations
• Hackers Exploit Zero-Day Flaw in Ivanti’s Software to Compromise Norwegian Government Agencies
• North Korean Lazarus Hackers Utilize Compromised Microsoft IIS Servers to Spread Malware
• Hacker Claims 2 Million Medical Records Stolen from Egypt’s Ministry of Health
• Apple Issues Urgent Patches for Zero-Day Flaws

UK Version of “Online Harms Bill” wants to prefilter content without due process

We’ve been covering Canada’s Bill C-36 “Online Harms” for awhile, the UK has a similar online harms legislation in the works that would see content “prefiltered” before it ever makes it online.

It calls this “prior restraint” and it would require ISPs to “prevent users from encountering illegal content,” whatever that means (or is even possible to mean, given that this would be prior to any legal due process occurring.)

The UK’s Open Rights Group drafted a lengthy legal analysis of the bill.

Read: https://easydns.com/blog/2023/07/26/uk-version-of-online-harms-bill-wants-to-prefilter-content-without-due-process/

AirBnB may cancel you for what you do online at a rental

Unverified, but something we were tagged with under our @AxisOfEasy Twitter handle  (which you should be following, if you aren’t already), one Dr. Syed Haider found his AirBnB reservation canceled while he was on the trip because

“The property owner told me that Comcast Internet reported to him that we illegally downloaded copyrighted content.”

Not sure who to be outraged with on this one, other than to point out that this is what it’ll feel like when CBDCs are here, all the time, everywhere.

The original tweet is here: https://twitter.com/DrSyedHaider/status/1683979240004374530


Controversial EU Poll Sparks Concerns Over Chat Control and Privacy Rights

Recent poll results conducted by the EU Department of the Interior DG Home via the Eurobarometer platform have been scrutinized for allegedly manipulating public opinion in favor of total chat control. The poll inquired about mandatory automatic detection of online child sexual abuse content, which received overwhelming support. However, privacy advocates argue that the questions were misleading, as respondents were not informed about the extent of the proposed measures, including the scrutiny of private messages with potentially fallible algorithms.

Critics highlight that the phrasing of certain questions subtly implied perfect accuracy in detection, despite the reality that up to 80% of machine-flagged private messages and images are non-incriminating. In an independent survey, a majority opposed the unsolicited examination of private messages for dubious material due to the high probability of false positives.

Additionally, critics point out that the poll neglected crucial aspects of the proposal, such as potentially barring individuals under 16 from installing most apps. A survey focusing on young people’s views revealed overwhelming disapproval of this measure.

Critics see the dissemination of the poll as an “information war on digital privacy of correspondence,” led by Home Affairs Commissioner Ylva Johansson. Privacy advocates stress the importance of countering this government propaganda through consistent educational efforts about the truth of chat control.

Read: https://reclaimthenet.org/u-tries-to-justify-support-for-scanning-private-messages

North Korean State Actors Linked to Cyber Attacks and Manipulative Survey

In a recent report, North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) were attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their IP address. Google-owned threat intelligence firm Mandiant identified the activity as UNC4899, a group with overlaps to Jade Sleet and TraderTraitor, known for targeting blockchain and cryptocurrency sectors. UNC4899 also shares similarities with APT43, associated with conducting campaigns to gather intelligence and siphon cryptocurrency from targeted companies.

The EU Department of the Interior DG Home’s survey on chat control has come under scrutiny for allegedly manipulating public opinion in favor of stricter measures. Privacy advocates, like European MEP Patrick Breyer, argue that the questions were misleading, concealing the universal scrutiny of private messages via fallible algorithms and its implications on privacy.

The report further mentions the manipulation of questions regarding detection accuracy, with as much as 80% of machine-flagged private messages found to be non-incriminating. The poll also failed to address critical elements of the proposal, such as the potential barring of individuals under 16 from installing most apps.

The report emphasizes the need for public education about the truth of chat control and the importance of preserving digital privacy. The Lazarus Group, a state-sponsored threat actor, remains active in deploying various cyber attacks, including ransomware and backdoors. A second RGB-backed group, Kimsuky, also focuses on gathering geopolitical information through spear-phishing attacks.

Read: https://thehackernews.com/2023/07/north-korean-nation-state-actors.html

Unmasking Phone Number Fraud: A Canadian Investigative Journey

In 2018, the author encountered a distressing incident of phone number fraud when an imposter managed to infiltrate their cell phone provider account using minimal personal information. This breach led to unauthorized access to the author’s email, Facebook, and Dropbox accounts. Intrigued by the potential frequency of such scams, the author pursued transparency by filing an access to information-request with Canada’s telecom regulator in 2020.

The response contained data on unauthorized SIM swaps and ports. However, vital aggregate figures for the entire industry were redacted under exemptions, including potential financial repercussions to third parties. Unsatisfied with this incomplete disclosure, the author complained to the Office of the Information Commissioner of Canada, initiating a year-long process.

Finally, after consultation with the OIC, a breakthrough emerged as the CRTC agreed to unredact the industry-wide totals for both SIM swaps and port frauds. The data revealed 24,627 unauthorized number ports and SIM swaps occurred over ten months. Although carrier-specific figures remained undisclosed, this information offered crucial insights into the prevalence of phone-number fraud in Canada.

Throughout the ordeal, the author implemented stringent safety measures to safeguard their online accounts from similar threats in the future. Despite not obtaining the complete dataset sought, the author’s determination shed light on the issue and facilitated protective measures to defend against potential phone number fraud.

Read: https://www.secretcanada.com/news/foi-canada-phone-number-fraud

OpenAI Quietly Closes Down AI Detection Tool, Sparking Speculation

OpenAI, a prominent player in artificial intelligence, unveiled a tool that could help educators and scholars identify content generated through AI, including their own ChatGPT, thereby preserving their mental well-being and possibly even contributing to saving the world.

OpenAI stated that they are actively seeking and incorporating feedback and researching for more efficient techniques to determine the text’s origin. They also pledged to create and implement mechanisms that would allow users to identify if audio or visual content has been produced with the aid of AI technology.

According to OpenAI, the AI Classifier has certain limitations, such as being inconsistent on text containing less than 1,000 characters, incorrectly identifying human-written content as AI-generated, and neural network-based classifiers underperforming when dealing with data outside of their training dataset.

Read: https://decrypt.co/149826/openai-quietly-shutters-its-ai-detection-tool

US Congress Takes Action Against Government Surveillance with Fourth Amendment Is Not for Sale Act

With unusual urgency, lawmakers in the United States are working to eliminate a loophole in federal legislation that allows law enforcement and intelligence agencies to obtain sensitive data on American citizens, including their physical location, without requiring a warrant.

Republican Congressman Warren Davidson from Ohio stated that the unconstitutional mass government surveillance must come to an end. The House Judiciary Committee, headed by Ohio’s Republican representative Jim Jordan, will conduct a markup hearing the following day to evaluate Davidson’s bill designed to limit the acquisition of Americans’ data without a subpoena, court order, or warrant.

The House voted to adopt an amendment to a defense funding measure mandating a warrant for all data ordinarily protected by the Fourth Amendment, regardless of whether it is for sale. (Earlier this week, the change was narrowed to exclude non-military agencies, such as state and local police departments, which are not subject to the jurisdiction of the committee of jurisdiction.)

Read: https://www.wired.com/story/fourth-amendment-is-not-for-sale-act-2023/


Ubuntu update addresses Linux kernel vulnerabilities

The latest Ubuntu security update fixes a few vulnerabilities in the Linux kernel itself.
Some of the functions allowed local users to gain elevated acces while others could cause denial of service (a system crash.)
No matter your operating system, it’s always a good idea to keep up to date with security updates.

Read: https://ubuntu.com/security/notices/USN-6250-1

 
Elsewhere online: 

OpenAI Under Fire as FTC Opens Investigation Into Potential Consumer Protection Law Violations
Read: https://www.cpomagazine.com/data-privacy/ftc-investigation-into-openai-opened-over-potential-consumer-protection-law-violations/

Hackers Exploit Zero-Day Flaw in Ivanti’s Software to Compromise Norwegian Government Agencies
Read: https://techcrunch.com/2023/07/25/ivanti-epmm-zero-day-norway-government-breach/

North Korean Lazarus Hackers Utilize Compromised Microsoft IIS Servers to Spread Malware
Read: https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/

Hacker Claims 2 Million Medical Records Stolen from Egypt’s Ministry of Health
Read: https://www.infosecurity-magazine.com/news/hacker-stolen-medical-records/

Apple Issues Urgent Patches for Zero-Day Flaws
Read: https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html?&web\_view=true

Previously on #AxisOfEasy