Category Archives: Security

Challenges of the digital era

Reading Time: 3 minutes

In today’s era of digitalization, data has surpassed oil in becoming the world’s most valuable resource. It is a strategic asset, commonly referred to as a “new currency”. A testimonial to this is the fact that the five highest valued listed companies in the world are all technology and digital market operators. Their impressive valuations are largely a result of extensive consumer data aggregation, which fuels machine learning and revenue generating processes. While the possibilities of what can be done with data are endless, it’s important to consider the significant privacy, political and legal concerns that have developed as a result of corporate data processing in recent years.

The most important issues surrounding data gathering are neither technological, nor commercial, but rather legal and social. They center around the fundamental right to privacy, safeguarded on an international level by Article 12 of the Universal Declaration of Human Rights. While we also have national protections in place, it is clear that the existing privacy laws are no longer fit for their original intended purpose. Despite constantly increasing volumes of personal information handled by private companies, privacy standards are deteriorating. Consumers, often unaware of the actual value of their online contributions to data mining algorithms, are being deprived of any bargaining power. With limited options to meaningfully opt-out, they have little choice but to accept arcane and non-negotiable privacy policies. One study found that an average internet user would need over 30 working days per year just to read through them. Such information overload, in combination with several other factors, leads individuals to progressively lose control over their digital identities.

 

 

There are also profound concerns about accountability of tech giants. The possibility of surveillance, profiling and hacks are just some of the triggers that have contributed to the case of serious public anxiety that we feel today. In 2018, hackers were able to access the private information of over 150 million users of MyFitnessPal. The Cambridge Analytica scandal was an even more striking example of how access to large datasets may allow private companies to peddle misinformation, thereby undermining democratic processes.

Beyond strict data protection concerns, there is an important interplay with law and fair competition. A significant peculiarity of online services is that they are often provided at “zero price”. This is due to the network effects in dual-sided business models, where cross-financing is enabled by revenue made through advertising and by trading information with data brokers. As a result, the concentration of user data can entrench market power and contribute to higher barriers to entry. Data-driven mergers often occur in order to eliminate nascent competitors, yielding serious exclusionary effects in extremely highly concentrated digital markets. Consequently, there is little incentive for the incumbents to innovate and provide users with optimal privacy protection. Given these negative developments as well as the industry’s general tendency towards monopolization, a wholesome regulatory reform seems inevitable. The EU General Data Protection Regulation and California’s Consumer Protection Act are the best examples of increased awareness surrounding the issues of privacy and transparency of tech giants. They also give hope for greater scrutiny of digital market operators worldwide. Yet, there is no doubt that technological innovations can increase productivity, accelerate business processes and automate mundane tasks. Indeed, it was technological tools such as Zoom, Microsoft Teams or Skype that allowed us to continue working and studying, despite the global pandemic. Thus, it is important to

Overall, while there is a clear need for global action to mitigate some of the risks, we must be careful not to squelch innovation and opportunities of the digital age. Ultimately, it is all about the balance between embracing innovation and effectively safeguarding fundamental rights and freedoms.

Sources:

1. M. Vestager, ‘Competition in a big data world’, DLD 16, Munich, 17 January 2016.

2. A.M. McDonald, L.F. Cranor, ‘The Cost of Reading Privacy Policies’ (2008) 4 I/S: A Journal of Law and Policy for the Information Society.

3. G. Colangelo, M. Maggiolino, ‘Data Protection in Attention Markets: Protecting Privacy through Competition?’ (2017) 8 Journal of European Competition Law & Practice.

4. A.D. Chirita, ‘Data-Driven Mergers Under EU Competition Law’ in The Future of Commercial Law: Ways Forward for Harmonisation, J. Linarelli & O. Akseli (Hart Publishing, 2019), p. 51.

18 shops in south of England using Facewatch system to prevent shoplifting

Reading Time: 3 minutes

Start-up Facewatch created the system which alerts workers if it sees someone entering the store who had a record of theft or anti-social behaviour.

Already 18 branches of co-op food stores in the south of England have tried the system. However many concerns aroseFacial recognition in a shop privacy issues. Privacy International have questioned whether the data is shared with the police and about the legality of the technologies which are being used in the stores.
No public announcement was made when the system was introduced to those 18 shops. This has left privacy advocates with concerns whether those shops can justify the use of Facewatch programme.

Last year, it was reported the firm was on the verge of signing data-sharing deals with the Metropolitan Police and the City of London police, and was in talks with constabularies in Hampshire and Sussex.1

 

 

Director of civil rights group Big Brother Watch, Silkie Carlo, said: “To see a supposedly ethical company secretly using rights-abusive tech like facial recognition on its customers in the UK is deeply chilling.
“This surveillance is well-known to suffer from severe inaccuracy and biases, leading to innocent people being wrongly flagged and put on criminal databases.
“Live facial recognition is more commonly seen in dictatorships than democracies. This is a serious error of judgement by Southern Co-op and we urge them to drop these Big Brother-style cameras immediately.” 2Co-op shop

You may ask yourself in what way the program is recognizing people on the “blacklist”, who had a record of shoplifting?

CCTV images made by cameras in the shops are converted into the numerical data. Then it is compared with a watchlist of criminals and looks for a match. If the result is positive, workers in such a shop get a notification on their smartphones.
“The system alerts our store teams immediately when someone enters their store who has a past record of theft or anti-social behaviour,” Gareth Lewis says.

Facial recognition technique has demonstrated controversial, along with legal issues regarding privacy infringement, with 
questions on how well it identifies darker colours of skin. In August, in lawsuit filed by human rights campaigner, 
the use of equipment by British police forces was found unconstitutional. Ithe US, major tech corporations such as Amazon and IBM have halted its use of police facial recognition tools to allow 
policymakers to discuss regulations about how to deploy it.
In my opinion, introducing such a program is a huge technology development. However, I think that before allowing shops for using it, few things should be explained and looked after as it is a highly controversial topic.
All of the customers and workers should be informed before the technology is used. Even though, we all know that shoplifting is illegal, and checking it should not be explained, here shops are scanning customers faces in order to prevent it.
When such technology is introduced, all of the safety and ethical issues should be talked through with specialists in this area. Also, I think that there should be tests of the program in many different situations with different coloured skin people in order to make sure everything is working as good as the intentions were while making the program.
1. BBC News. 2020. Co-Op Facial Recognition Trial Raises Privacy Concerns. [online] Available at: <https://www.bbc.com/news/technology-55259179> [Accessed 10 December 2020].
2. BBC News. 2020. Co-Op Facial Recognition Trial Raises Privacy Concerns. [online] Available at: <https://www.bbc.com/news/technology-55259179> [Accessed 10 December 2020].
Used websites:
BBC News. 2020. Co-Op Facial Recognition Trial Raises Privacy Concerns. [online] Available at: <https://www.bbc.com/news/technology-55259179> [Accessed 10 December 2020].
Burgess, M., 2020. Co-Op Is Using Facial Recognition Tech To Scan And Track Shoppers. [online] WIRED UK. Available at: <https://www.wired.co.uk/article/coop-facial-recognition> [Accessed 10 December 2020].

Swiss Data Protection? What if this is just another lie?..

Reading Time: 3 minutes

‘Europe demands different’ says pCloud CEO

PCloud is your personal cloud space where you can store all your files and folders. Based in Switzerland, it has a user-friendly interface that clearly shows where everything is located and what it does. The software is available for almost all devices and platforms – iOS and Android devices, MacOSX, Windows OS, and all Linux distributions. All your devices are instantly synchronized and you have direct file access to any update you make. Generally speaking, pCloud is the European analogue of well-known US iCloud or Google Drive.

PCloud has seen a 500% growth in just four years. Today it is over 10.5 million users strong and growing rapidly. It has become famous for their security standard, which has taken all the necessary steps to meet full GDPR compliance.

What is GDPR? Europe’s General Data Protection Regulation, brought by the European Parliament, is a set of measures to enhance EU user privacy rights (from May 25, 2018). It imposes strict regulations on how organizations operating in the EU collect, store and manage personal information.

What is more, pCloud offers not only reasonable prices but also lifetime plan/ lifetime subscription.

It all sounds great, does not it? But there are nuances.

 Firstly, to guarantee your files’ safety, pCloud uses TLS/SSL encryption, applied when information is being transferred from your device to the pCloud servers. Optionally, you can subscribe for pCloud Crypto and have your most important files encrypted and password protected. Without additional encryption, pCloud is able to get access to your data at any time, as the keys for file decryption are stored on their servers.

Secondly, the company reserves the right to cooperate with law enforcement agencies by disclosing your personal information, or to review your files at its sole discretion to make sure that nothing violates their rules. Such conditions immediately make it clear that behind loud slogans about guarantees of absolute confidentiality of stored files will be observed only if additional paid services are used. Neither pCloud as a service provider, nor any authority or service will ever have access to your encrypted files. They do not store your Crypto Pass on servers, which means that you are the one in charge.

Personal data will be stored in pCloud for the period set by EU and US laws (depending on the servers where your files are stored). Personal data may be stored for longer if the company deems it necessary or if it does not violate the law. PCloud also collects information about you while you are using the service, including your IP address, browser type, information about your operating system, your time, phone number, location data, session duration, viewed sections, folders, pages, and etc.

Nothing is free; everything has a price. In this particular case you pay company with money or, otherwise, with your data.

 

 

Sources:

https://www.pcloud.com/eu

https://techcrunch.com/sponsor/pcloud/europe-demands-different-from-us-tech-giants-says-pcloud-ceo/

https://medium.com/@nnm_club/%D0%BF%D0%BE%D1%87%D0%B5%D0%BC%D1%83-pcloud-%D0%BD%D0%B5-%D1%81%D1%82%D0%BE%D0%B8%D1%82-%D1%80%D0%B0%D1%81%D1%81%D0%BC%D0%B0%D1%82%D1%80%D0%B8%D0%B2%D0%B0%D1%82%D1%8C-%D0%BA%D0%B0%D0%BA-%D0%B0%D0%BB%D1%8C%D1%82%D0%B5%D1%80%D0%BD%D0%B0%D1%82%D0%B8%D0%B2%D1%83-google-drive-d9d4d02cb454

Microsoft Teams phishing campaign attack on O365 Users

Reading Time: 3 minutes
Image shows capabilities of Microsoft teams- a Network of sharing files, calendar, emotions, statics, comment, and mails.

© Image inserted from Microsoft News – news.microsoft.com

 

Due to the COVID-19 situation many Governments, Organisations, and businesses transform into online communication platforms or integrate into their system and use it as a primary communication channel. Universities and academic institutions all around the world also decide for a sudden shift to online learning in a short period of time.

According to the New York Times analysis of internet usage in the US and special services that allow us to work and learn from home increasing continuously.

 

© Image Screenshot from NY Times – App popularity according to iOS App Store rankings on March 16-18. · Source: Apptopia

 

At Kozminski our main communication channel is Microsoft Teams, MS Teams is one of the products of O365, and a very popular subscription services that MS offer academic institutions among Google G Suite, Zoom for Education, and many more.

Cloud-based communication platform security is a huge threat that we as a student, employer, and user-facing threats daily, it’s clear to us there is no perfection in SaaS. Startup, Footprint, Runtime, Responsiveness, Hangs, rendering, and so many more that we use to hear as BUGS, but Security Bugs is one of the scariest to end user because makes us a vulnerable and the main target.

Abnormal Security researchers warn of a phishing campaign that pretends to be an automated message from MS teams, but actually aims to steal the credentials of O365 recipients.

Phishing is a fraudulent attempt to obtain sensitive information or data, it’s a very popular and old technique of attack. This campaign attack was sent to 15,000 – 50,000 O365 users according to researchers with Abnormal Security

“Because Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification,” said researchers in a Thursday analysis.

The phishing Email displays the name “There’s new activity in teams”, making look like it’s an automatic notification from Microsoft Teams.

As can be seen in the picture below, the email tells the recipient that his teammates are trying to reach him, warns him that he has missed the MS Teams Chat and shows an example of a teammate chat where he is asked to submit something.

 

Email Attack: The email is sent from the display name, ‘There’s new activity in Teams’, making it appear like an automated notification from Microsoft Teams.

© Image inserted from Abnormal Security

 

It’s certain that Using 2FA or Multi-FA will make an important additional layer, low coast solution In many cases, it does stop phishing attacks from succeeding but it doesn’t mean your are immune to attacks. Also according to MS365 administration official documentation first task is to “Set up multi-factor authentication” and apply to the user as required widely within the organization and the Second task “Train your users” Also Microsoft recommended The Harvard Kennedy School Cybersecurity Campaign Handbook guidance.

In my opinion, due to rapid changes and system integration, most IT Teams can not feed their users enough information and updates, and it’s time for us as the end-user to watch tutorials to familiarises ourselves and read more informations about our daily software/tools.

And here is to learn more about how to set up 2FA on your Microsoft account Step by Step

The Image show steps, how 2FA works on clients point of view.

© Image inserted from ZUKO TECH – Two-factor authentication (2FA)

 

Resource: Abnomal Security

MS = Microsoft Teams   –   O365 = Office 365   –   2FA = Two-Factor Authentication

Tagged , , ,