The Twitter Files

One of the bigger things that went down at the beginning of the weekend is the release of “The Twitter Files” by Elon Musk, through independent journalist Matt Taibbi. Before the release of the files, Taibbi was known as a balanced journalist with integrity.

The gist of the Twitter Files is the government had access to Twitter employees and asked them to censor/ban or otherwise make tweets unavailable if they mentioned the story about Hunter Biden’s laptop that came out in October of 2020 from the New York Post. The laptop was dubbed “Russian Misinformation” at the time with 51 ex intelligence agents signing a declaration saying it had all earmarks of a “Russian disinformation campaign.” The media went with that, Big Tech censored all mention of it and that seemed to be the end of that, just before the 2020 election.

Some say it was enough to sway the presidential election away from then president Donald Trump. This seems to be the “the current debate” on social media.

Some of the same people and outlets who dismissed the story back then are now attacking the messenger. After the release, Matt Taibbi was dubbed as doing “PR for the richest man in the world.”

Read the Twitter Files: https://twitter.com/mtaibbi/status/1598822959866683394
Also: https://www.newsweek.com/matt-taibbi-dismisses-criticism-twitter-files-after-journalists-pile-1764480

TikTok Invisible Challenge “Unfilter” steals credit cards and other info

Apparently there is a challenge on TikTok where you can make yourself “invisible” with a filter. For some reason, unbeknownst to us, people record themselves made with the filter, only showing their silhouette in the videos.

Naturally, curiosity arises and people wonder if the filter can be removed from the videos. Here comes the call to arms of nefarious actors. Hackers have lured the curious to Discord (a chat app for Kool kids) where they show videos of their great app, “Unfilter” removing the filter. All that needs to be done is to download and install the app and the filter is no more.

Unfortunately, that app is actually a WASP (an information stealer). It scans the affected device for logins, passwords, credit cards, crypto wallets and other private/sensitive information to steal. The article suggests keeping your clothes on for starters, in case at some point a legit “unfilter” gets developed as well as avoiding TikTok all together.

Read: https://www.malwarebytes.com/blog/news/2022/11/tiktok-invisible-challenge-unfilter-steals-credit-cards-and-other-info


Phony iSpoof service bust goes down in London for $120 million charge

The website’s services allow those who signed up and paid for the service to make fake calls, send recorded messages, and intercept one-time passwords discreetly.

The Metropolitan Police in London, which began investigating iSpoof in June 2021 in collaboration with international law enforcement agencies in the United States, the Netherlands, and Ukraine, announced the arrest of the website’s suspected administrator, Teejai Fletcher, 34, on charges of fraud and organized crime.

According to Europol estimates of $3.8 million in profits in 16 months from operations based out of the Netherlands, moving earlier this year in Kyiv, the service’s operators raked in estimated profits of $3.8 million in the last 16 months alone. Europol estimates that iSpoof had around 59,000 users, which caused £48 million of losses to 200,000 identified victims in the U.K.

The Metropolitan Police claimed it also used bitcoin payment records discovered on the website’s server to locate and apprehend an additional 100 users of the iSpoof service who were situated in the United Kingdom. According to Helen Rance of the Metropolitan Police Cyber Crime Unit, they are pursuing iSpoof users rather than just shutting down the website and apprehending its operators.  She noted, “Instead of just taking down the website and arresting the administrator, we have gone after the users of iSpoof. Our message to criminals who have used this website is: We have your details and are working hard to locate you, regardless of where you are.”

Read: https://techcrunch.com/2022/11/24/ispoof-seized/

Iranian hacking group threatens Israeli security, exposes Jerusalem explosion security footage

In a series of events, an Iranian hacking group shared footage of the Jerusalem explosion on its Telegram channel. According to the group’s claims, Moses Staff hacked the surveillance cameras of a prominent Israeli security institution.

The footage was followed by a Hebrew caption that read, “for a long time, we had control over all your activities – step by step, moment by moment.“

It also indicated the precise moment of the explosion near Jerusalem’s Central Bus Station. Moses Staff also claims to have “formatted the camera’s hard disk.“

According to the Times of Israel, the Israeli government denies that any cameras were compromised. Moreover, they stated, “the footage was not taken by a camera belonging to the city.”

The group has previously published information about the Israeli military, personal records from Israeli companies, and disclosures of hundreds of thousands of Israelis. They even distributed images allegedly taken at Defense Minister Benny Gantz’s house around a year ago.

Lastly, they also claim to have high-quality satellite photos of Israel.

Read: https://www.hackread.com/moses-staff-hackers-jerusalem-footage/

The media’s opposition to arresting Julian Assange under the Espionage Act

The Guardian, New York Times, Le Monde, Der Spiegel, and El Pas published excerpts from Assange’s 250,000 “Cablegate” files twelve years ago today. Wikileaks’ revelations by Chelsea Manning exposed US diplomacy around the world.

The editors and publishers of the media outlets that initially published Julian Assange’s leaks 12 years ago have publicly opposed proposals to arrest him under a statute created to try first-world-war spies, claiming that “publication is not a crime.“

Assange has been held at Belmarsh jail in south London since his arrest in the Ecuadorian embassy in 2019. He spent seven years in the diplomatic complex to avoid arrest after failing to appear in a UK court. Assange’s lawyers are challenging Priti Patel’s extradition to the United States.

Because of the precedent it would set, the US government declined to prosecute Assange for the 2010 leak under Barack Obama, but it did under Donald Trump. Media outlets are now urging President Joe Biden’s administration to disregard the allegations, which he was a vice president at the time.

Some key points in the letter sent by the media organizations:

Publishing is not a crime: The US government should end its prosecution of Julian Assange for publishing secrets.

Twelve years ago, on November 28, 2010, our five international media outlets – the New York Times, the Guardian, Le Monde, El País, and Der Spiegel – published a series of revelations in cooperation with WikiLeaks that made the headlines around the globe.

In the words of the New York Times, the documents told “the unvarnished story of how the government makes its biggest decisions, the decisions that cost the country most heavily in lives and money.” Even in 2022, journalists and historians continue to publish new revelations using the unique trove of documents.

Read:
https://www.theguardian.com/media/2022/nov/28/media-groups-urge-us-drop-julian-assange-charges

A Salvadoran newsroom is suing NSO for compromising Pegasus spyware

NSO Group is being sued by nearly two dozen journalists, and other staffers of El Faro, an El Salvador-based digital newspaper, for unleashing spyware they claim stole their most sensitive information.

Columbia University’s Knight First Amendment Institute is assisting the 22 plaintiffs from El Faro in their lawsuit. El Faro’s attorneys filed the lawsuit in US District Court in Northern California because Pegasus hacked Apple servers in Silicon Valley to monitor the newsroom.

Pegasus spyware is used by authoritarian governments to take full control of devices, including downloading contacts and text messages and turning on the device microphone to listen to conversations in real-time.

In the court filing, members of the news-gathering group at the influential Central American publication claim that they were targeted by the Salvadoran government while reporting on human rights abuses and communicating with confidential sources, including the US Embassy.

“The Pegasus attacks have profoundly disrupted Plaintiffs’ lives and work,” the Pegasus spyware suit claims. “The attacks have compromised Plaintiffs’ safety as well as the safety of their colleagues, sources, and family members.”

Read: https://www.darkreading.com/application-security/newsroom-sues-nso-group-for-pegasus-spyware

 

Netizens in China take on China’s Internet censorship

A week ago, demonstrators took to the streets of Urumqi to protest China’s strict zero-Covid policy. On that same night, users flooded Chinese social media apps with videos of the demonstrators and songs like “Do You Hear the People Sing” from Les Misérables, Bob Marley’s “Get Up, Stand Up,” and Patti Smith’s “Power to the People.”

Protests spread across China in the days that followed the Covid policies. Crowds gathered in several districts of Beijing; in Liangmaqiao, people wore masks and held up blank sheets of paper, and across town, at Tsinghua University, students held up physics formulas known as the Friedmann equation because its namesake sounds like “free man.“

The Chinese government has tried to balance embracing technology and limiting citizens’ power to use it to protest. But last weekend, the momentum of China’s digital savvy population seemed to break free of the government’s control.

The demonstrations began as unofficial vigils for the victims of a fatal fire in Urumqi, the capital of China’s northwestern Xinjiang province. The tragedy came as frustrations with zero-Covid policies were already starting to spike. The government signaled some restrictions would soon loosen, but the Urumqi fire and news that Covid cases were rising again “pushed people over the edge.“

Chinese citizens tired of lockdowns turned to their phones to express their anger. Using now-familiar censorship evasion techniques, they posted screengrabs of close-captioned music videos and ironically flooded official posts with comments like “good” or “correct.”

Towards the end of last weekend, government efforts to clamp down on the protests were becoming evident, both on city streets and on the internet. Police were checking people’s phones for VPNs and apps such as Telegram. Digital censorship ramped up across Chinese platforms early this week, with the Cyberspace Administration of China ordering media and search engines to remove information about how to use VPNs.

By midweek, the streets and social feeds had quieted, and the censorship machine was in high gear, but Chinese netizens filled WeChat with tributes to the late president Jiang Zemin, continuing the week’s protests in a subtler form.
Read:
https://www.wired.com/story/how-chinese-protests-netizens-swamped-chinas-internet-controls/

Elsewhere Online:

Antivirus apps are the newest tools in malware’s bag of tricks
Read: https://thehackernews.com/2022/11/this-android-file-manager-app-infected.html

Human rights tribunal hears case against Chinese media site in New Zealand
Read: https://www.theguardian.com/world/2022/dec/03/new-zealand-woman-takes-chinese-media-site-to-human-rights-tribunal-over-ban

Dutch experts concern TikTok’s ability to access EU users’ data in China
Read: https://nltimes.nl/2022/12/02/tiktoks-employees-china-can-now-access-eu-users-data-dutch-experts-concerned

British water company’s customer bank details may have been stolen by a ransomware group
Read: https://therecord.media/ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company/

Mitsubishi Electric PLCs are vulnerable to multiple critical vulnerabilities, according to CISA
Read: https://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html