Posts

US Cyber Command now has teams around the world tracking hackers from Russia, China, Iran, N. Korea and more


The U.S. Cyber Command has sent teams to Europe, the Middle East, and Asia as part of increased U.S. efforts to track down Russian, Iranian, Chinese, and North Korean hacking groups ahead of election day.

Military officials told the New York Times that Cyber Command, which runs the military’s offensive and defensive cyber operations, has expanded on efforts it began in 2018 to track foreign hacking operations and identify the methods they were using to break into computer networks.

2018 efforts primarily focused on counteracting Russian cybersecurity threats, but have expanded with cyber teams being sent to the Middle East and Asia. A U.S. intelligence report in August warned of Russian efforts to denigrate Democratic presidential candidate Joe Biden, and Chinese and Iranian efforts to undermine President Donald Trump.

“Since 2018, we have expanded our hunt forward operations to all major adversaries,” Lt. Gen. Charles L. Moore Jr., the deputy head of Cyber Command, told the New York Times in an interview at Fort Meade, Maryland.

Cyber Command refers to its efforts to proactively find hacker groups as “Hunt forward operations.” Cyber Command efforts are reportedly aimed at getting close to foreign hacker groups to identify and potentially stop cyberattacks against the U.S.

Moore described the Cyber Command actions as a proactive effort to defend against hackers. He told the New York Times, “We want to take down the archer rather than dodge the arrows.”

Cyber Command continued to assist in operations against potential cyber-attacks following the 2018 election and Moore said the anti-hacking past Election Day in 2020.

“We are not stopping or thinking about our operations slacking off on Nov. 3,” Moore told the New York Times. “Defending the election is now a persistent and ongoing campaign for Cyber Command.”

In 2018 Cyber Command reportedly sent teams to North Macedonia, Montenegro and other countries to learn more about Russian operations. Cyber Command also sent warnings to potential Russian trolls and reportedly worked to keep at least one Russian troll-farm offline on election day during the 2018 U.S. midterm elections.

Cyber Command also…

Source…

Google Location Tracking Lambasted in Arizona Lawsuit

The lawsuit, filed against Google by Arizona’s Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data.
Mobile Security – Threatpost

It’s Impossible To Opt Out Of Android’s Ad Tracking; Max Schrems Aims To Change That

Most of the world has been under some form of lockdown for weeks, but that clearly hasn’t stopped the indefatigable Austrian privacy expert Max Schrems from working on his next legal action under the EU’s GDPR. Last year, he lodged a complaint with the French Data Protection Authority (CNIL) over what he called the “fake consent” that people must give to “cookie banners” in order to access sites. Now he has set his sights on Google’s Android Advertising ID, which is present on every Android phone. It builds on research carried out by the Norwegian Consumer Council, published in the report “Out of control”.

Today noyb.eu filed a formal GDPR complaint against Google for tracking users through an “Android Advertising ID” without a valid legal basis. The data collected with this unique tracking ID is passed on to countless third parties in the advertising ecosystem. The user has no real control over it: Google does not allow to delete an ID, just to create a new one.

The Android Advertising ID (AAID) is central to Google’s advertising system. It allows advertisers to track users as they move around the Internet, and to build profiles of their interests. Google claims that this “gives users better controls”, which is true if people want to receive highly-targeted advertising. But if they wish to opt out of this constant tracking, there is a problem. Although Google allows you to change your AAID, it is not possible to do without it completely: the best you can manage is to get a new one. And as the detailed legal complaint to the Austrian Data Protection Authority (pdf) from Schrems points out, there are multiple ways to link old AAIDs with new ones:

Studies and official investigations have proved that the AAID is stored, shared and, where needed, linked with old values via countless other identifiers such as IP addresses, IMEI codes and GPS coordinates, social media handles, email addresses or phone number, de facto allowing a persistent tracking of Android users.

Schrems’ organization None of Your Business (noyb.eu) claims that’s unacceptable under the GDPR:

EU Law requires user choice. Under GDPR, the strict European privacy law, users must consent to being tracked. Google does not collect valid “opt-in” consent before generating the tracking ID, but seems to generate these IDs without user consent.

Google’s position is weakened by the fact that Apple gives users of its smartphones the ability to opt out of targeted ads; for those using iOS 10 or later, the advertising identifier is replaced with an untrackable string of zeros:

If you choose to enable Limit Ad Tracking, Apple’s advertising platform will opt your Apple ID out of receiving ads targeted to your interests, regardless of what device you are using. Apps or advertisers that do not use Apple’s advertising platform but do use Apple’s Advertising Identifier are required to check the Limit Ad Tracking setting and are not permitted by Apple’s guidelines to serve you targeted ads if you have Limit Ad Tracking enabled. When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking.

The formal legal complaint was filed on behalf of an Austrian citizen, requesting that the AAID should be deleted permanently. If the action succeeds, that would allow anyone in the EU — and probably elsewhere — to do the same. In addition, the complaint points out that under the GDPR, the maximum possible fine, based on 4% of Google’s worldwide revenue, would be about €5.94 billion. There’s no chance such an unprecedented sum would be imposed, but the fact that every Android user in the EU is forced to use Google’s AAID could lead to a fairly hefty fine if Schrems succeeds with his latest legal defense of privacy.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Techdirt.