Follow ISA on LinkedIn to get notified of the latest cybersecurity news.
WhatsApp privacy announcement uproar
WhatsApp currently shares a wealth of data with the Facebook family of applications, including the user’s phone number, WhatsApp usage logs, transaction and payment data, location information, and device details like IP address, operating system, browser details, battery health information, app version, mobile network, language and time zone.
It is notable that users in the European Union did not see the same notification pop-up as WhatsApp subscribers elsewhere in the world. The general warning message says:
– WhatsApp’s service and how we process your data
– How businesses can use Facebook hosted services to store and manage their WhatsApp chats
– How we partner with Facebook to offer integrations across the Facebook Company Products.”
The third bullet on the notification regarding Facebook integrations was not included in the E.U. messaging; due to stronger privacy regulations, WhatsApp does not share data with other Facebook companies in Europe. Though the United Kingdom is leaving the European Union, the restriction will continue to apply to the U.K. at least in the short term.
User privacy concerns are somewhat mitigated by the fact that WhatsApp still offer end-to-end encryption for communications on the system, meaning all content shared through the app is still private to the individuals sharing the data.
Though they can no longer change the setting, long-time users of WhatsApp can determine whether they opted out back in 2016 by checking “Settings > Account > Request account info” in WhatsApp. An account report will be generated within a few days.
Krebs and Stamos form cybersecurity consulting group – SolarWinds becomes their first client
Former CISA director Christopher Krebs and former Facebook CSO Alex Stamos have joined forces to create a new cybersecurity consulting group. The new firm – called simply Krebs Stamos Group – has already signed their first client: the embattled network management software company SolarWinds.
Krebs and Stamos bring impressive resumes and controversial exits from previous employers. On November 17, 2020, Krebs was fired by U.S. President Donald Trump after Krebs rejected Trump’s repeated claims of widespread voter fraud in the November elections. Meanwhile, Stamos left his post at Facebook on August 17, 2018 for a position at Stanford University amid controversy around the handling of Cambridge Analytica/Russian disinformation campaign scandal at Facebook.
SolarWinds is dealing with its own controversy, after the massive supply chain malware hacking incident that was disclosed in December 2020. New SolarWinds CEO Sudhakar Ramakrishna is anxious to change the perceptions of his company, and the hiring of the high-profile consulting firm is part of that strategy. According to a SolarWinds spokesperson, “Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry–leading secure software development company”.
DDoSecrets publicizes stolen ransomware data
According to a report in Wired, the Distributed Denial of Secrets (DDoSecrets) activist group has just published almost one terabyte of data originally leaked to dark web sites by ransomware operators when their victims refused to pay ransoms.
DDoSecrets also has plans to publish terabytes of additional stolen emails, documents, and photos, previously only available on the dark web. Victimized organizations include those in the financial, pharmaceutical, software, retail, real estate, oil and gas, and manufacturing sectors. DDoSecrets has also indicated that they are privately releasing an additional 1.9 terabytes of stolen data strictly to journalists and academic researchers.
Founded in late 2018, the activist group has come under frequent criticism for publishing the fruits of criminal activities, but they insist that they are doing nothing wrong. Defending their position on their website, they write, “[I]t’s worth noting that DDoSecrets is not receiving or publishing previously unreleased ransomware datasets. All datasets have been previously released on the dark web in one form or another by the hackers. DDoSecrets is simply preserving and making that information available to journalists, researchers and the public.”