#AxisOfEasy 238: Sen. Wyden Says DHS Collected Americans’ Financial Records In Bulk


Weekly Axis Of Easy #238


Last Week’s Quote was “Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth.”  was by Marcus Aurelius.  Congrats to Mike on the right answer for a fantastic quote! 

This Week’s Quote:  “Don’t worry about the level of individual prominence you have achieved; worry about the individuals you have helped become better people.” … by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

 


This is your easyDNS #AxisOfEasy Briefing for the week of March 20th, 2022, wherein our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy. 
 
In this issue:

  • There is an online underground meth market hidden in plain sight
  • Governmental sites in Israel are attacked in possible Iranian retaliation
  • Files deleted by famous package to protest Ukraine war 
  • Anonymous targets the Russian Federal Security Service (FSB) and top sites with DDoS attacks 
  • Sen. Wyden says DHS collected Americans’ financial records in bulk
 
Elsewhere online:
  • Bank of Canada and MIT announce central bank collaboration on digital currency
  • Thousands of GDPR breaches in 2018 resulted in an $18.6M fine for Facebook 
  • For the Lapsus$ hacking group, chaos rules
  • People who do not tweet are becoming the new silent majority
  • Now Americans can buy beef from genetically modified cows

 

There is an online underground meth market hidden in plain sight

According to NBNC, the experience of using meth has fundamentally changed as online platforms have aggravated parts of the global meth addiction crisis. As social media platforms have increased their platform moderation, meth users have posted photos of themselves using the drug, selling drugs, and encouraging others to use meth.

Even though law enforcement and prosecutors are increasingly targeting drug users and sellers online, social media platforms and communication tools like Zoom have changed how people use methamphetamine. NBC News found hundreds of Zoom rooms where people congregate to use meth, Facebook groups where people sell meth, and Twitter, Tumblr, YouTube, and Instagram profiles devoted to meth.

Experts and former meth users agree that technology and the internet exacerbate an already blazing global meth addiction problem. Meth can keep users awake and often leave them craving social and sexual connections. Technology makes connecting with other users and sellers easier than ever before.

Some current and former meth addicts told NBC that, in 2018, the platform Zoom was frequently used to host large, online meth parties for LGBTQ men and among mixed-gender groups. It is common for at least 50 to 150 people to be on video using meth in Zoom chat rooms on social media sites.

For their part, the company Zoom provided a statement to NBC News saying that the company would only take action if it received reports of possible violations of its Terms of Service or Community Standards.

Read: https://www.nbcnews.com/tech/internet/meth-only-click-away-facebook-zoom-twitter-reddit-n1291506 


Governmental sites in Israel are attacked in possible Iranian retaliation

On March 14th, Israel declared a state of cyber emergency after being hit by the largest cyberattack against Israeli infrastructure to date. According to Haaretz, a DDoS attack took down the websites of the Prime Minister’s Office and several other government ministries.

The NY Post says the breach was the work of another country and that Israel could not yet determine who was behind it. IRGC intelligence dismantled a sabotage attempt at the Fordow nuclear facility in Iran on Monday evening, a statement by the IRGC Intelligence Unit says.

According to Iranian TV, an Iranian employee at Fordow cooperated with Israeli intelligence officers in exchange for cash and digital currency. The government news agency reported that the IRGC captured six “terrorists” linked to foreign intelligence services, who had attempted to assassinate foreign workers in Sistan and Baluchestan. Iran has weathered several attacks on its nuclear program, including an explosion in the Natanz enrichment facility.

Read: https://www.zerohedge.com/geopolitical/iran-thwarts-sabotage-nuclear-site-claims-israel-behind-plot-report


Files deleted by famous package to protest Ukraine war

The developer of the “node-ipc” package released new versions this month that contained malicious code aimed at deleting files that were not intended to be deleted. The malicious code affects users in the Russian and Belarusian regions. Versions of these vulnerabilities have been tracked under CVE-2022-23812.

On March 8th, developer Brandon Nozaki Miller released open-source software packages called peacenotwar and oneday-test that would add a message of peace to the desktop of any user installing the packages.

According to RIAEvangelist, the code is “a non-destructive example of why controlling your node modules is important,” but it is also a destructive protest against Russia’s aggression.

Chaos broke out, however, when a select number of npm versions of the famous ‘node-ipc’ library — also maintained by RIAEvangelist — sent a destructive payload overwriting users’ files. The malicious code embedded within ‘node-ipc’ contained a base64-encoded strings and obfuscation techniques to hide its true intent.

In addition, because ‘node-ipc’ versions 9.2.2, 11.0.0, and those greater than 11.0.0 include the peacenotwar module, “WITH-LOVE-FROM-AMERICA.txt” files appeared on the desktop of affected users.

Those who live in Russia or Belarus would face a severe supply chain security incident, according to a blog post from Snyk’s Director of Developer Advocacy.

Read: https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/ 


Anonymous targets the Russian Federal Security Service (FSB) and top sites with DDoS attacks

The Anonymous hacktivist collective appears to have launched a series of DDoS attacks against the Russian stock exchange, the Russian Security Service, and the Ministry of Sport of the Russian Federation.

The Anonymous cyberattack took place on March 15th, 2022, at 12:12 PM GMT, and most of the targeted websites were still unreachable and offline after almost seven hours.

The famous hacktivists have been hacking Russian websites, State-run TV channels, online video streaming platforms, and government websites every other day since the country invaded Ukrainian territories. However, in its most significant attack, the group hacked over 400 surveillance cameras in Russia last week through one of its affiliates. After the cameras were compromised, the hacktivists defaced them with messages supporting Ukraine and critical of President Putin.

Read: https://www.hackread.com/ddos-attacks-anonymous-cripple-russia-fsb-websites/?web_view=true 


Sen. Wyden says DHS collected Americans’ financial records in bulk

Senator Ron Wyden revealed a program operated by Homeland Security Investigations (HSI) that collected millions of Americans’ financial records. 

After my staff contacted HSI about the program in January 2022, HSI immediately terminated the program,” Wyden wrote to DHS Inspector General Joseph Cuffari.

The senator said the HSI used “custom summonses to obtain 6 million records about money transfers above $500.” There are numerous reasons why these records are problematic, including that only eight warrants obtained them. Wyden said the DHS should have known that bulk surveillance could not be conducted under its authority. The database allowed law enforcement agencies unfettered access to the data without court supervision.

The Electronic Frontier Foundation called the HSI program blatantly illegal and said sharing financial records of domestic violence survivors, asylum seekers, and human rights activists could expose them to danger. EFF agreed with Wyden’s call to investigate the program and called on companies like Western Union and Maxi to stand up to government requests for data.

Western Union stated that they would protect their customers’ data and actively work with law enforcement agencies to combat money laundering, human trafficking, and human smuggling.

Read: https://www.zerohedge.com/personal-finance/dhs-collected-americans-financial-records-bulk-sen-wyden 


Elsewhere online:


Bank of Canada and MIT announce central bank collaboration on digital currency

Read: https://www.bankofcanada.ca/2022/03/central-bank-digital-currency-collaboration/ 


Thousands of GDPR breaches in 2018 resulted in an $18.6M fine for Facebook

Read:  https://uk.finance.yahoo.com/news/facebook-fined-18-6m-over-162002171.html


For the Lapsus$ hacking group, chaos rules

Read: https://www.wired.com/story/lapsus-hacking-group-extortion-nvidia-samsung/


People who do not tweet are becoming the new silent majority 

Read: https://www.axios.com/political-polarization-twitter-cable-news-ac9699c6-260d-4141-b511-5c7193566ea1.html 

Now Americans can buy beef from genetically modified cows

Read: https://nypost.com/2022/03/17/beef-from-gene-hacked-super-cows-can-now-be-sold-in-the-us/

 

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

 

 

 

 

One thought on “#AxisOfEasy 238: Sen. Wyden Says DHS Collected Americans’ Financial Records In Bulk

Leave a Reply to Karen McMillan Cancel reply

Your email address will not be published. Required fields are marked *