What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast

Data Security

The latest on data breaches and cybersecurity and data security by Adam K Levin.

Multiple data breaches
Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations.  Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data...
FaceApp
If you missed the news about Russian-owned FaceApp going viral, you've probably been vacationing on the coast of a dust pond on the dark side of the moon. It highlights the general lack of privacy laws out there, and may herald the start of meaningful legislation. FaceApp allows users to tap into the power of artificial intelligence to see what they might look like with...
Security researchers have announced the discovery of several election systems across the country connected to the internet that are vulnerable to hacking. As a security policy, voting machines and election systems are supposed to remain disconnected from the internet, or “air-gapped,” unless they are transmitting data. This is to prevent the possibility of hackers connecting to them and subverting the...
Russian election interference
A report from the Senate Intelligence Committee released last week concluded that the Russian government extensively interfered in U.S. elections from 2014 to at least 2017. The partially redacted bipartisan report describes several findings related to Russian activities, including: “While the Committee does not know with confidence what Moscow’s intentions were, Russia may have been probing vulnerabilities in voting systems...
Siri eavesdropping
Consumer audio recorded by Apple’s Siri platform has been shared with external contractors. A whistleblower working as a contractor revealed that the company’s digital voice assistant software records audio collected by consumer devices--including iPhones, Apple Watches, and HomePods--and shares it with external contractors. The recordings contained potentially sensitive information. “A small portion of Siri requests are analysed to improve Siri and...
NSA Cybersecurity Directorate
The U.S. National Security Agency announced the formation of a new Cybersecurity Directorate earlier this week. Effective October 1, the directorate’a mission is will be the creation of a “major organization that unifies NSA’s foreign intelligence and cyber defense missions,” according to the agency’s website. It will be led by Anne Neuberger, the former NSA deputy director of operations and...
Facebook
If ever the shrug wemoji belonged in a blog post, today is the day. The tech giant reached a $5 billion settlement for misrepresenting the way it handles user privacy, the SEC fined it $100 million for misleading investors about the risks associated with the misuse of user information, and, still later in the day, Facebook admitted that it...
Equifax settlement
Equifax has reached a settlement for the 2017 data breach that exposed the Social Security numbers and personal information of nearly 150 million people. The proposed deal with the U.S. Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission and attorneys representing 48 states would cost the company a maximum of $700 million and would bring to a close several...
Kazakh intercepting traffic
The Kazakhstan government is intercepting all HTTPS-encrypted internet traffic within its borders. Under a new directive effective 7/17, the Kazakhstan government is requiring every internet service provider in the country to install a security certificate onto every internet-enabled device and browser. Once installed, this certificate allows the government to decrypt and analyze all incoming internet traffic.  Kazakhstan ISP Kcell posted a...
eavesdrop
Google employees and subcontractors are listening to recordings gleaned from Google Home smart speakers and the Google Assistant smartphone app. A report from Belgian news outlet VRT NWS showed that Google regularly uses staff and subcontractors to transcribe audio recordings taken from its network of home devices for the stated purpose of improving its speech recognition technology. A whistleblower employed...