Android Users Sue Google Over Alleged Security Flaw Exposing COVID-19 Contact-Tracing Data

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Screenshot of CA Notify website. A proposed class action is asking a federal court to order Google to fix an alleged security threat that makes the company’s COVID-19 contact-tracing system developed with Apple less “privacy-preserving” than the tech giants claimed.

Nearly 40 countries and dozens of U.S. states, including California, use the Google-Apple Exposure Notification System (GAEN) for their coronavirus contact-tracing apps. The system leverages Bluetooth technology and deploys safeguards such as randomized identifiers, called rolling proximity identifiers or RPIs, and decentralized storage on devices to protect users’ privacy.

In a complaint filed Wednesday in the U.S. District Court for the Northern District of California, attorneys from Lieff Cabraser Heimann & Bernstein assert that dozens of third parties might have access to the system’s stored data on mobile devices, including personally identifiable information and potential COVID-19 exposure results.


Homecoming Queen (and Her Mom) Arrested for Alleged Vote Hacking

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

This week saw new revelations of election interference, both big and small: On one end of the spectrum, an alleged mother-daughter conspiracy to digitally rig a Florida high school’s vote for homecoming queen. On the other, Russia’s influence operations designed to bolster Trump and sabotage Biden in the 2020 presidential election. News of this insidious scheme has raised questions about the fundamental resilience of American democracy—and the thing with the Kremlin is pretty bad too.

On Tuesday, a newly declassified report from the Office of the Director of National Intelligence shed light on how Russian intelligence agencies sought to influence the 2020 presidential election and swing it towards Trump—though without the same kind of disruptive hacking that plagued the 2016 election. In other Russia news, Apple caved to Moscow’s demands that it prompt users to preload Russian-made apps on its iPhone there, opening the door to similar demands from other countries.

In the UK, police and internet service providers are testing a new surveillance system to log users’ online histories, following the country’s passage in 2016 of a law that’s come to be known as the “Snooper’s Charter.” And in better news for the security of the internet, Facebook has built a so-called “Red Team X” of hackers who seek out vulnerabilities in not only Facebook’s own software, but all the software Facebook uses—and in the process making that software more secure for everyone.

Toward the end of the week, a SpaceX engineer pleaded guilty to conspiracy to commit securities fraud. The SEC filed a complaint as well, marking the first time the agency has pursued charges related to dark web activity.

And there’s more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

Last fall, election software maker Election Runner contacted school administrators at J. M. Tate High School to alert them to something fishy about their recent vote for homecoming queen. As the Florida Department of Law Enforcement would later write in charging documents, 117 votes had been cast from a single IP address, all for a single 17-year-old girl, the…


Hushpuppi, alleged internet fraudster, named among North Korean bank hackers

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Ramon Olorunwa Abbas popular known as Hushpuppi has been linked to North Korean hackers, who have been described as the biggest bank robbers in the world.

The Instagram celebrity was linked to the North Korean hackers by The Federal Bureau of Investigation, (FBI.).

The Justice Department in a detailed statement released on Friday, February 19, alleged that Hushpuppi took part in a “North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019.”

According to the statement, his role was as a collaborator with a North Korean money launderer, Ghaleb Alaumary, 37, based in Mississauga, Ontario, Canada.

“Alaumary agreed to plead guilty to the charge, which was filed in the U.S. District Court in Los Angeles on Nov. 17, 2020.

“Alaumary was a prolific money launderer for hackers engaged in ATM cash-out schemes, cyber-enabled bank heists, business email compromise (BEC) schemes, and other online fraud schemes. Alaumary is also being prosecuted for his involvement in a separate BEC scheme by the U.S. Attorney’s Office for the Southern District of Georgia.

“With respect to the North Korean co-conspirators’ activities, Alaumary organized teams of co-conspirators in the United States and Canada to launder millions of dollars obtained through ATM cash-out operations, including from BankIslami and a bank in India in 2018.

“Alaumary also conspired with Ramon Olorunwa Abbas, aka “Ray Hushpuppi,” and others to launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019” the statement read

Hushpuppi was arrested in Dubai in June 2020, and extradited to the US where he is being charged by the United States Attorney’s Office in Los Angeles with conspiring to launder hundreds of millions of dollars from “business email compromise” (BEC) frauds and other scams.

His trial was to have commenced late last year, however, it was delayed by the COVID-19 pandemic.

Read the full US Justice Department statement on Hushpuppi’s alleged involvement with the three North Korean military hackers.

“A federal indictment unsealed today charges three North Korean computer programmers with participating in a wide-ranging…


Southwest Leverages the Lanham Act Against Alleged Scraper of Website Fares | Rothwell, Figg, Ernst & Manbeck, P.C.

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Website operators can consider a host of potential legal claims against entities that scrape their sites’ content without authorization, such as breach of a well-crafted terms of service agreement, copyright infringement, trespass, conversion, common law misappropriation, unfair competition, violations of the Computer Fraud and Abuse Act, misappropriation of trade secrets, and trademark infringement, among others.  Each type of claim has its limits, and multiple claims may intersect or overlap in significant ways, particularly when it comes to preemption or remedies.  Accordingly, the nature and context of both the unauthorized web scraping activities and the scraped content should be carefully evaluated to determine an appropriate response.

For example, a recent complaint filed by Southwest against Kiwi illustrates how a data scrape may lead to potential violations of the Lanham Act where the material scraped includes or is used with protected logos and branding.  In its complaint, Southwest alleges that Kiwi scraped its airline fares, and displays Southwest’s protected “Heart” mark in conjunction with promoting and re-selling Southwest’s fares on Kiwi’s online travel agency site.  Southwest alleges that Kiwi is using its Heart mark in a manner that is likely to cause confusion, or to cause mistake, or to deceive as to the affiliation, connection or association of Kiwi with Southwest, or as to the origin, sponsorship or approval of Kiwi’s goods and services by Southwest in violation of Section 32 of the Lanham Act, 15 U.S.C. § 1114.  Southwest has also alleged claims of false designation of origin and trademark dilution under the Lanham Act.

Southwest has also asserted claims of breach of its website Terms & Conditions, violation of the Computer Fraud and Abuse Act, violation of Texas Penal Code § 33.02 (Breach of Computer Security), and common law unjust enrichment.  The case is Southwest Airlines Co. v., Inc. et al., 3:21-cv-00098, pending in the Northern District of Texas.