This Week’s Security News: Ransomware Attacks Are Growing Worse facial recognition

TFD – Three Black men, wrongfully convicted due to faulty police facial recognition software, are challenging California’s AB 1814 legislation. They argue that the proposed measures wouldn’t have prevented their wrongful arrests, highlighting the technology’s flaws.

Despite years worth of efforts to eliminate the scourge of ransomware targeting schools, hospitals, and critical infrastructure worldwide, experts are warning that the crisis is only heating up, with criminal gangs growing ever more aggressive in their tactics. The threat of real-world violence now looms, some experts warn, as the data stolen grows increasingly sensitive and millions in potential profits hang in the balance. “We know where your CEO lives,” read a message reportedly received by one victim. Attacks targeting the medical sector are blooming in response to the $44 million payout by Change Healthcare this March.

Following the disclosure of Israel’s role in a malicious influence campaign aimed at US voters, lawmakers and intelligence officials in the US are pulling out of what is perceived as an attempt by America’s Middle East ally to artificially increase support for an increasingly unpopular war that was sparked by Hamas’ historic Oct. 7th attack. An Israeli contractor used OpenAI’s ChatGPT software to build a sock-puppet operation on X, Facebook, and Instagram. The operation impersonated primarily Black Americans and targeted lawmakers who were “Black and Democratic.” A weeks’ worth of efforts by TFD to get answers from US officials who may have been notified about the operation prior to a vote on enhancing military aide to Israel went ignored. Strikingly, the National Security Council denied having ever heard of it.

Frank McCourt, a real estate mogul and former owner of the Los Angeles Dodgers, explained why he’s spearheading an effort to purchase TikTok, which the United States is slated to ban unless its current owner, ByteDance, decides to sell the platform to a US company—a decision that will undoubtedly require the consent of the Chinese government. McCourt sees the internet as being imperiled by closed-off platforms like Facebook and X and is embracing the growing interest in decentralized networks. Decentralized platforms such as Mastodon have been popular among a subset of users for many years, allowing people to effectively own their own social networks and moderate them according to their own rules. These private networks are free to connect with others using the same software but can also sever connections to communities that embrace harmful content. (Think of these user-controlled networks as “islands” with diplomatic ties between them.) McCourt says purchasing and decentralizing TikTok could be the first step in raising the internet out of the siloed swamp that it is today thanks to Meta and its competitors.

That’s not all, though. Every week, we compile the security news that we didn’t have time to discuss in-depth. To read the complete stories, click the headlines. Be careful out there.

A shocking revelation A Reuters investigation has uncovered a hostile influence operation that the US military carried out during the peak of the Covid-19 outbreak in 2020. The campaign, which preyed on Muslim religious sensibilities, used sock-puppet profiles on Facebook, Instagram, and X to persuade Filipino citizens that vaccinations made in China were harmful and contained a lot of pig parts. Experts in infectious diseases voiced shock at the Pentagon’s move. According to Reuters, the campaign was ordered to an end by the Biden White House shortly after the president’s inauguration, though the Pentagon was apparently slow to enact the commander in chief’s orders. The Pentagon’s disinformation producer, a private contractor, was recently given a $493 million US government contract.

According to ProPublica, in 2016 a leading cybersecurity expert at Microsoft, a significant US government contractor, voiced concerns about a cloud-based vulnerability. Among other sensitive data, the vulnerability threatens to reveal secrets related to national security. The specialist “pleaded” with the corporation to fix the issue, but in its pursuit of a multibillion-dollar government contract in the cloud computing field, the computer giant disregarded his worries. Exasperated, the expert left the organization, and a few months later, Russian hackers executed SolarWinds, one of the biggest assaults in US history, just as expected. The reporting brings into question testimony by Microsoft president Brad Smith, who assured Congress in 2016 there was no way the hackers had exploited his company’s software.

Three Black men who were wrongfully convicted of crimes in the United States after being misidentified by police facial recognition software are speaking out against proposed legislation in California that supporters say would shield people from such heinous errors. The men claim that the bill, which was unanimously approved by the state legislature last month and is currently being examined in its upper house, would not have prevented their unjustified apprehension. One of the men said, “In my case, as in others, the police did exactly what AB 1814 would require them to do,” and that the inquiry was tainted once the face recognition software revealed that I was the suspect. This technology should be outlawed since it is faulty and racially discriminatory.

While much of the scrutiny facing the data broker industry concerns its power to monitor people’s movements and attendance at sensitive locations such abortion clinics and mental health facilities, there’s another issue at play: Much of the data it markets is “inaccurate trash,” The Record reports. A chief privacy officer at Acxiom, a leading third-party data broker, acknowledged as much in an interview last month, saying the “inferences” drawn by his company are, at best, “informed guesses.” Experts are growing increasingly concerned about the downstream effects, with some highlighting how insurance companies are relying more and more on data brokers to inform how much customers should pay. Another expert tells The Record that data brokers may be incentivized not to scrutinize the data too closely, noting that customers aren’t too worried if a fraction of it leads them to false assumptions.