This is your easyDNS #AxisOfEasy Briefing for the week of August 12th 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• Check out our _1-star review_ on Trustpilot ⭐
• Iranian Hackers Target Trump Campaign Ahead of 2024 Election
• UN Cybercrime Treaty: A New Era of Global Surveillance
• Labour’s Plan to Curb Fake News Sparks Free Speech Concerns
• Massive Data Breach Exposes Personal Information of Nearly 3 Billion People
• Court Rules Border Searches of Personal Devices Unconstitutional

Elsewhere Online:

• FBI’s Nationwide Social Media Monitoring Exposed Ahead of 2022 Midterms
• Hackers Could Gain Full Control Through Ivanti Software Flaw
• Prolific Cyber Criminal, Maksim Silnikau, Extradited to US to Face Charges
• Azure Health Bot Flaw Exposed User Data Risk
• Urgent SAP Patch Released to Address Critical Flaw

Check out our 1-star review on Trustpilot ⭐️

It’s rare, but it happens – the occassional spammer or scammer sets up on easyDNS, we nuke them, and they go and complain about it to Trustpilot with a 1-star review.

In the past, we could flag the review (still can), explain that the reviewer in question was terminated for AUP violations and they would pull the review.

For some reason that doesn’t seem to be an avenue anymore, but you can respond – and maybe in this case leaving that up there may serve as a cautionary take to other would-be cyber-criminals, to wit:

That said, the one-star review seems to inordinately skew our score on Trustpilot – with all other reviews being 5 star, TrustPilot weighs the most recent review more heavily than anything else, so this one, measly scammer is impuninig our stellar reputation.

Seems kinda smarmy, tbh, but maybe if you’re a happy, contented easyDNS customer you can leave a review for us there, and help us get our corporate social credit score back into a respectable range…

More: https://ca.trustpilot.com/review/www.easydns.com

Iranian Hackers Target Trump Campaign Ahead of 2024 Election

Republican nominee Donald Trump announced that his campaign website was hacked by Iranian government-backed cyber actors. The attack, which occurred in July 2024, was revealed by Microsoft Corp., which identified the hackers as part of the Mint Sandstorm group. The breach only accessed publicly available information, according to Trump, but raised concerns about foreign interference in the upcoming presidential election.

Trump condemned the hacking on his Truth Social account, stating, “Iran and others will stop at nothing, because our Government is Weak and Ineffective.” He linked the hack to broader threats from Iran, referencing both past and recent attempts on his life.

Microsoft’s report highlighted Iran’s increased cyber activities aimed at the U.S. election, including fake news sites and cyberattacks. “Foreign malign influence concerning the 2024 US election has picked up pace,” the report stated. Microsoft’s Threat Analysis Center noted that Iranian operations, like those by Mint Sandstorm, are focused on disrupting election processes rather than swaying voters.

Trump’s campaign warned media outlets against publishing any stolen materials, calling such actions “doing the bidding of America’s enemies.” Despite the attack, the campaign remains vigilant, asserting the importance of election integrity amidst rising foreign threats.

Read: https://www.bloomberg.com/news/articles/2024-08-10/trump-campaign-says-it-was-hacked-suggests-iran-to-blame

UN Cybercrime Treaty: A New Era of Global Surveillance

On Friday, the United Nations finalized the draft of a new Cybercrime Convention. This treaty, originally proposed by Russia and China in 2017, aims to enhance international cooperation in fighting cybercrime. If adopted, it will empower governments to expand their surveillance capabilities and override bank secrecy, even criminalizing some activities like hacking and whistleblowing.

The Convention mandates that UN member states share personal data and financial records to trace and confiscate criminal proceeds. This raises significant concerns. For instance, digital rights organizations, like the Electronic Frontier Foundation, warn that “private unshared thoughts and information are no longer safe” under this treaty.

Key figures in the cybersecurity community, including IT professionals and journalists, fear that the treaty could endanger their work. The Chaos Computer Club criticized it as a “surveillance treaty that tramples human rights.”

The Convention is expected to be adopted by the end of the year, despite widespread criticism. More than 100 NGOs have expressed concerns that it could be used to target civil society actors and suppress dissent, posing a serious threat to privacy and freedom worldwide.

Read: https://www.therage.co/un-cybercrime-convention-bank-secrecy/

Labour’s Plan to Curb Fake News Sparks Free Speech Concerns

The UK Government is considering a plan to force tech companies to ban fake news, even if the content isn’t illegal. This move, hinted at by Labour leader Sir Keir Starmer on Friday, is part of a broader effort to prevent further riots and social unrest. The plan may require social media platforms to remove posts deemed “legal but harmful,” such as misinformation about asylum seekers.

Critics, including former Tory leader Sir Iain Duncan Smith, warn that this approach could threaten free speech. “This risks setting up online companies as judge and jury,” he said, questioning who would decide what is considered harmful.

The potential regulations follow tensions between Starmer and tech mogul Elon Musk, owner of X (formerly Twitter), after Musk criticized the UK’s handling of recent riots. Esther McVey, a former Tory Cabinet minister, described the proposal as the “authoritarian side” of Starmer’s Labour Party.

The debate intensifies as polling shows that 71% of Britons believe social media platforms have failed to tackle misinformation during the riots. The final decision on these measures could significantly impact how online content is regulated in the UK.

Read: https://www.telegraph.co.uk/politics/2024/08/09/tech-giants-forced-ban-fake-news-labour/

Massive Data Breach Exposes Personal Information of Nearly 3 Billion People

A massive data breach at Jerico Pictures Inc., operating as National Public Data, has exposed the personal information of nearly 3 billion people. The breach, revealed in a recent class action lawsuit, was carried out by a hacker group called USDoD earlier this year.

The stolen data includes full names, addresses, Social Security numbers, and information about family members, both living and deceased. Disturbingly, many affected individuals are unaware that their data was compromised. National Public Data allegedly collected this information by scraping non-public sources without consent.

Christopher Hofmann, the lawsuit’s named plaintiff, discovered his data was compromised in July when an identity theft protection service alerted him. He is just one of nearly 3 billion people whose information was leaked.

The stolen data was posted on a dark web forum in April, with the hackers demanding $3.5 million from potential buyers. This breach is one of the largest in history, second only to Yahoo’s 2013 breach that impacted 3 billion accounts.

Despite the enormity of the breach, it remains unclear exactly when it occurred. National Public Data has yet to comment on the situation.

Read: https://mashable.com/article/background-check-company-breached-3-billion-affected

Court Rules Border Searches of Personal Devices Unconstitutional

The Ontario Court of Appeal has ruled that Canadian border officers’ searches of personal devices are unconstitutional. This decision was made on Friday, following a case involving two men whose devices were searched at the border.

The court found that the current law, which allows searches based on the mere possibility of illegal activity, violates the Charter of Rights and Freedoms. Chief Justice Michael Tulloch stated, “The border is not an almost-anything-goes zone for highly intrusive searches like digital device examinations.”

The court ruled that a “reasonable suspicion” standard is needed for such searches, similar to what is required for strip searches. This change aims to protect privacy and prevent discrimination.

Tulloch pointed out that over 31,000 searches were conducted between 2017 and 2020, with 62% revealing no illegal activity. “This significant invasion of the privacy of many innocent travelers is a strong sign that the law is unreasonable,” he said.

Parliament has six months to draft new legislation. The Canadian Civil Liberties Association welcomed the decision, urging for stricter safeguards on device searches at the border.
Meanwhile, the two men involved in the case, both found with child pornography, faced different legal outcomes despite the court’s ruling.

Read: https://www.thestar.com/news/appeal-court-strikes-down-law-on-searching-phones-tablets-and-laptops-at-border/article_329a6ec6-568e-11ef-9e5f-e3f71604238a.html

Elsewhere Online:

FBI’s Nationwide Social Media Monitoring Exposed Ahead of 2022 Midterms
Read: https://reclaimthenet.org/new-documents-show-the-fbi-implemented-nationwide-social-media-monitoring-ahead-of-the-2022-midterms

Hackers Could Gain Full Control Through Ivanti Software Flaw
Read: https://thehackernews.com/2024/08/critical-flaw-in-ivanti-virtual-traffic.html

Prolific Cyber Criminal, Maksim Silnikau, Extradited to US to Face Charges
Read: https://therecord.media/prolific-scammer-arrested-extradited-us

Azure Health Bot Flaw Exposed User Data Risk
Read: https://www.darkreading.com/application-security/microsoft-azure-ai-health-bot-infected-with-critical-vulnerabilities

Urgent SAP Patch Released to Address Critical Flaw
Read: https://www.bleepingcomputer.com/news/security/critical-sap-flaw-allows-remote-attackers-to-bypass-authentication/