Facebook accounts chopped, bad Android apps and home surveillance cameras may tip off criminals you’re not home
Welcome to Cyber Security Today. It’s Friday July 10th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Someone has been creating real and fake Facebook accounts in Canada and Ecuador to influence politics in six South American countries. Facebook made the claim this week as it closed hundred of Facebook and Instagram accounts for misleading people about who they are and what they are doing. That included shutting 54 Facebook accounts in the U.S. that were pretending to be residents of Florida. Some pages created by these accounts had links to a banned hate group. They also posted about Florida politics. These accounts had about 260,000 followers. In the case of the South American activity Facebook found some links to a Canadian-based public relations firm as well as to political consultants and former government employees from Ecuador. Facebook has been trying for several years to crack down on what it calls co-ordinated inauthentic behaviour, some of which involves disinformation and some to hate speech in advertising. A growing number of advertisers have temporarily pulled their advertising from the platform this month to make their concerns felt about the lack of progress. In response Facebook CEO Mark Zuckerberg said the company will prohibit hate speech in ads. Meanwhile in Germany parliament recently passed new measures to fight far-right extremism and online hatred. Germany already has a law obliging social networks to delete or block obviously criminal content within 24 hours of receiving a complaint. Around the world Facebook has about 15,000 employees screening content.
Despite Google’s efforts to scrutinize mobile apps allowed into the Play store criminals are finding ways to evade detection. Check Point Software reported this week it discovered updated versions of what’s called the Joker spyware hiding in 11 applications including colourful wallpaper. The goal of this particular strain of malware is to quietly subscribe Android users to premium mobile services they have to pay for without their knowledge. These bad apps have now been removed from the Play store. But the report again emphasizes that just because an app is in a reputable store doesn’t mean it’s safe. Utilities and games from unknown developers should be treated with caution.
There are an estimated 15 billion stolen usernames and passwords for sale on criminal hacker forums thanks to years of data breaches. That’s according to a new study by a security firm called Digital Shadows. The study also points out that some credentials are more valuable than others. To buy the stolen credentials of a computer network administrator of a large corporation of government may cost up to $140,000. Stolen credentials can go for as little as a few bucks for a video game account $500 for a confirmed password to a bank account. Criminals also have the choice of renting stolen passwords for a set period of time, or getting some for free in exchange for things like access to streaming music or video services. Your defences are two-factor and multi-factor authentication for logins. Check if your email, bank accounts and social media offer them.
Finally, another warning to be cautious about Internet-connected home video surveillance systems has come from British and Chinese academic researchers. In a study released this week they found a hacker could infer if you’re home or not just by looking at the data flow from the cameras. That’s right, a hacker wouldn’t have to see the video. Just by looking at the data stream, it could make a reasonable guess when you’re not around. That’s because some systems will activate video recording if motion is sensed, like if someone is in the back yard. If the camera isn’t transmitting data, it could mean there’s no one in the back or front yard, so no one is home. As a result of their research the authors say they can propose ways to protect user privacy.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.