Tag Archive for: sues

FTC Sues Data Broker For Selling Sensitive Location Data


The Federal Trade Commission (FTC) has filed a lawsuit against an Idaho-based data broker called Kochava, alleging that its customized data feeds allow purchasers to track end users at sensitive locations like places of worship and addiction recovery centers.

The lawsuit is the latest move by the FTC around data security and privacy policies under Lina Khan’s administration since she was sworn in as the FTC chair in June 2021. In March, the FTC cracked down on online retailer CafePress after the company allegedly covered a major data breach and failed to secure customers’ sensitive data, while in August the commission announced its intent to scrutinize the surveillance and data collection tactics of big tech and ad tech firms.

“Of the privacy cases that have come out, this is the first one that most clearly reflects Lina Khan’s administration taking a big swing,” said Ben Rossen, special counsel with Baker Botts, who is a former senior attorney at the FTC with experience handling high-profile privacy and data security investigations. He noted that Kochava’s data collection practices here “are not terribly unusual, but it does potentially cause significant harm to consumers when they’re not aware it’s going on.”

Kochava, which was founded in 2011, is a self-described “mobile measurement platform” that collects data for advertising purposes or for clients to be able to analyze foot traffic at their stores.

The company has collected geolocation data from hundreds of millions of mobile devices that is categorized to match unique mobile device identification numbers – which are assigned to consumer mobile devices to assist marketers in advertising – with timestamped latitudinal and longitudinal locations, alleges the FTC. The company has sold this access on publicly accessible online data marketplaces for a monthly subscription fee. The FTC said it examined a data sample with precise location data collected from more than 61 million unique mobile devices in the previous week, for instance.

The FTC said that these measures violate the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” The data collected by…

Source…

U of A prof sues over lifetime ban from Las Vegas hacker convention | Subscriber


During DEF CON, computer hackers from all over the world descend on Las Vegas to show off their skills in an environment where “radical viewpoints” are welcomed and rules are few.

So how did a University of Arizona professor receive a lifetime ban from such a proudly permissive conference?

Christopher Hadnagy insists he still doesn’t know.

In February, DEF CON organizers announced they had received “multiple” reports about Hadnagy for violations of the convention’s code of conduct against harassment.

“After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON,” organizers said in a statement on the convention’s website.

But Hadnagy says he was never told what he was accused of, and he denies doing anything wrong.

People are also reading…

Now the adjunct professor in the UA’s College of Applied Science and Technology is suing the convention and its founding hacker, Jeff Moss, aka the Dark Tangent.

The defamation lawsuit filed Aug. 3 in a Pennsylvania federal court accuses Moss and DEF CON of ruining Hadnagy’s reputation and damaging his security consulting business with “vague yet scathing statements” that “falsely accuse him of what could only be despicable conduct.”

Hadnagy is seeking at least $375,000, plus punitive damages and legal fees.

Moss could not be reached. His attorney did not respond to a request for comment.

When contacted by email, Hadnagy professed his innocence and made several references to his lawsuit.

“My company and I consistently deny and continue to deny any and all allegations of misconduct,” he said in an email.

He referred all further questions to his lawyers, who declined to discuss the ongoing litigation.

Not many rules

Jeff Moss was just 18 when he organized the first DEF CON in 1993 as an excuse to party in Las Vegas with a few dozen of his hacker friends.

The event has grown…

Source…

Saudi activist sues 3 former U.S. officials over hacking


RICHMOND, Va. (AP) — Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.

The nonprofit Electronic Frontier Foundation announced Thursday that it had filed a lawsuit in U.S. federal court on al-Hathloul’s behalf against former U.S. officials Marc Baier, Ryan Adams and Daniel Gericke, as well as a cybersecurity company called DarkMatter that has contracted with the United Arab Emirates.

In the lawsuit, al-Hathloul alleges that the trio oversaw a project for DarkMatter that hacked into her iPhone to track her location and steal information as part of broader surveillance efforts targeted at dissidents within the UAE and its close ally Saudi Arabia. She said the hacking of her phone led to her “arbitrary arrest by the UAE’s security services and rendition to Saudi Arabia, where she was detained, imprisoned, and tortured.”

“Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Civil Liberties Director David Greene.

DarkMatter assigned her the codename of “Purple Sword,” the lawsuit says, citing a 2019 investigation by Reuters that first detailed the hacking of al-Hathloul.

The lawsuit is the latest legal challenge to the secretive private cyber-surveillance industry, which often sells pricey hacking services to authoritarian governments that are used to secretly break into phones and other devices of activists, journalists, political opponents and others. Tech giant Apple filed a lawsuit last month against Israel’s NSO Group seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.

Baier, Adams and Gericke admitted in September to providing sophisticated computer hacking technology to the UAE and agreed to pay nearly $1.7 million to resolve criminal charges in a deferred prosecution agreement the Justice Department described as the first of its kind. The…

Source…

Google sues two Russian nationals for allegedly hacking computers


Google is suing two Russian nationals it claims are part of a criminal enterprise that has silently infiltrated more than a million computers and devices around the world, creating “a modern technological and borderless incarnation of organised crime.”

In a complaint being unsealed Tuesday in the US District Court for the Southern District of New York, Google names two defendants, Dmitry Starovikov and Alexander Filippov, as well as 15 unnamed individuals. Google claims the defendants have created a “botnet” known as Glupteba, to use for illicit purposes, including the theft and unauthorised use of Google users’ login and account information.

A botnet is a network of internet-connected devices that have been infected with malware. When summoned together, they can do the bidding of a hacker, often with the devices’ owners not realising their machines have been hijacked. A swarm of devices can jam traffic at websites, run malware to steal login credentials, sell fraudulent credit cards online and grant unauthorized access to other cyber criminals.

Botnet attack

The Glupteba botnet stands out from others because of its “technical sophistication,” using blockchain technology to protect itself from disruption, Google said in the complaint. At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack, Google said.

It’s the first time that Google is going after a botnet, a spokesperson for the Mountain View, California-based company said in an email. “We are taking this action to further protect internet users and to send a message to cyber criminals that we will not tolerate this type of activity.”

The spokesperson said the company worked with the…

Source…