Snapchat Employees Reportedly Spied on Private Snaps

The Memorial Day weekend begins on a dire note for constitutional protections. On Thursday, the US government indicted Wikileaks founder Julian Assange for violating the Espionage Act. This is the first time in modern history that the US has charged the publisher of sensitive materials rather than the person who leaked it. The charges stunned even Assange’s harshest critics, who argued that whether you think he’s a journalist or not, the precedent set by his conviction could threaten the First Amendment itself.

In other dire news, facial recognition technology is scaring people so much that both Democrats and Republicans say something needs to be done. At a hearing before the House Committee on Oversight and Reform, lawmakers on both sides agreed that the US needs to regulate the technology, fast.

Meanwhile in Washington, despite the 2020 presidential election ramping up and the looming threat of election tampering, both major political parties still have bad [...]  read more

The Julian Assange Espionage Act Charges Target Press Freedom

On Thursday, the Department of Justice unsealed new charges against WikiLeaks founder Julian Assange. Unlike the previous indictment—which focused narrowly on an apparent offer to help crack a password—the 17 superseding counts focus instead on alleged violations of the Espionage Act. In doing so, the DOJ has aimed a battering ram at the freedom of the press, whether you think Assange is a journalist or not.

The indictment, which you can read in full below, alleges that Assange published classified information over a dozen times, an act expressly forbidden by the Espionage Act, which Congress first passed in 1917. But the Espionage Act has only rarely, and never successfully, been applied to the recipient of a leak. “For the first time in the history of our country, the government has brought criminal charges against a publisher for the publication of truthful information,” says Ben Wizner, director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. [...]  read more

The Danger in Assange’s Charges, a Memory Experiment, and More News

DANIEL LEAL-OLIVAS/AFP/Getty Images

New charges against Julian Assange threaten all of the press, scientists have figured out how to alter emotional memories, and Memorial Day is coming. Here’s the news you need to know, in two minutes or less.

Today’s Headlines

Julian Assange’s charges put all of the press at risk

New charges unveiled by the Justice Department against WikiLeaks founder Julian Assange paint a troublesome picture for him—and for all journalists. The charges claim Assange was in violation of the Espionage Act when he published classified information, but that charge has never been successfully applied to a leak before. No matter how you feel about Assange, it’s important to note: If the DOJ can bring that charge against him, it can bring it against anyone.

Scientists have found a volume knob for emotional memories

Through extensive testing on mice, scientists believe they have figured out the makeup of emotional memories. This discovery could lead to the [...]  read more

Facial Recognition Has Already Reached Its Breaking Point

As facial recognition technologies have evolved from fledgling projects into powerful software platforms, researchers and civil liberties advocates have been issuing warnings about the potential for privacy erosions. Those mounting fears came to a head Wednesday in Congress.

Alarms over facial recognition had already gained urgency in recent years, as studies have shown that the systems still produce relatively high rates of false positives, and consistently contain racial and gender biases. Yet the technology has proliferated unchecked in the US, spreading among law enforcement agencies at every level of government, as well as among private employers and schools. At a hearing before the House Committee on Oversight and Reform, the lack of regulation garnered bipartisan concern.

“Fifty million cameras [used for surveillance in the US]. A violation of people’s First Amendment, Fourth Amendment liberties, due process liberties. All kinds of mistakes. Those mistakes [...]  read more

Google Has Stored Some Passwords in Plaintext Since 2005

It happened again: Google announced today that it’s the latest tech giant to have accidentally stored user passwords unprotected in plaintext. G Suite users, pay attention.

Google says that the bug affected “a small percentage of G Suite users,” meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords on its servers in a cryptographically scrambled state known as a hash. But a bug in G Suite’s password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console. Google has disabled the features that contained the bug.

Before it did so, the passwords would have been accessible to authorized Google personnel or malicious interlopers. Each organization’s administrator could have also accessed the plaintext passwords for the [...]  read more

Political Parties Still Have Cybersecurity Hygiene Problems

In the three years since Russian operatives breached the servers of the Democratic National Committee and threw presidential politics into a state of perpetual chaos, countries around the world have been on notice to the threat of foreign interference in elections. But as the US prepares for another presidential election next year, and as the European Union holds parliamentary elections this week, a new report reveals a range of obvious and ongoing security flaws that could leave political parties in both places vulnerable to attack.

The report, which will publish Tuesday, was compiled by SecurityScorecard, a New York–based risk analysis firm that monitors IT infrastructure for more than 1 million entities around the world. For this report, the researchers drilled down into the networks operated by 29 political parties from 11 countries during the first quarter of this year. In general, they found that smaller parties in both the EU and the US pose the biggest risks.

In [...]  read more

Bluetooth’s Complexity Has Become a Security Risk

Bluetooth is the invisible glue that binds devices together. Which means that when it has bugs, it affects everything from iPhones and Android devices, to scooters, and even physical authentication keys used to secure other accounts. The order of magnitude can be stunning: The BlueBorne flaw, first disclosed in September 2017, impacted five billion PCs, phones, and IoT units.

As with any computing standard, there’s always the possibility of vulnerabilities in the actual code of the Bluetooth protocol itself, or in its lighter-weight sibling Bluetooth Low Energy. But security researchers say that the big reason Bluetooth bugs come up has more to do with sheer scale of the written standard, development of which is facilitated by the consortium known as the Bluetooth Special Interest Group. Bluetooth offers so many options for deployment that developers don’t necessarily have full mastery of the available choices—which can result in faulty implementations.

“One [...]  read more

Google Tracks What You Buy Online With Gmail

The week started out with a bang, or several of them really. Remember Meltdown and Spectre, the vulnerabilities that affected basically every Intel processor from the last decade? There’s a related attack called ZombieLoad—yes, ZombieLoad—with similarly broad and bad impact. Serious stuff! But honestly not even the worst disclosure of the week.

That distinction probably goes to Cisco. Researchers at security firm Red Balloon found that they could hack the company’s ubiquitous enterprise router, meaning they could listen in on whatever traffic goes to and from those networks. Cisco then acknowledged that dozens of its products were susceptible to the attack, likely comprising millions of devices, and that a fix would require an on-site visit.

And that’s before you even get to the week’s big actual hack: Israeli hacking company NSO Group apparently found a way to break into phones simply by placing [...]  read more

Goznym Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

For decades, the security industry has warned that the cybercriminal economy has been developing its own highly specialized, professional supply chain. But only when law enforcement tears the lid off a well-honed hacker operation—as they did today with the global Goznym malware crew—does the full picture of every interlinked step in that globalized crime network come into focus.

On Thursday, police in six countries along with the US Justice Department and Europol announced the takedown of Goznym—linked with another operation known as Avalanche, an associated cybercrime operation that was largely dismantled in 2016—including the arrest of five of its members across Bulgaria, Georgia, Moldova, and Ukraine. Five more alleged members remain at large in Russia. In total, the operation infected 41,000 computers with fraud-focused malware, and attempted to steal $100 million from victims in the US, though it’s not clear exactly how much of that theft they successfully pulled off.

 [...]  read more

The False Promise of “Lawful Access” to Private Data

A stark reality keeps confronting us: Terrible things are being done in the world. The darkest impulses of some people are honed and polished on the internet, in secret. Then those impulses are visited upon us, in violent and sickening ways. One of the most recent such tragedies, as I write, happened in Christchurch, New Zealand, on March 15, 2019, but there might be another by the time you read this. Every time, we all want to know the same thing: What is to be done about this?

<

p class=”paywall”>Many are trying to figure this very thing out. On Wednesday, the leaders of New Zealand and France organized a meeting with various other heads of state to discuss “The Christchurch Call,” a global pact to crack down on extremist content online. Ahead of the summit, Facebook announced that users violating certain policies by the platform will be restricted from using Facebook Live, a service that was used by the shooter in New Zealand to broadcast the terror attack.

But [...]  read more