At a glance.
- Whistleblower provides evidence of possible Saudi surveillance campaign.
- Maze gang claims to have infected insurer Chubb with ransomware.
- Zoom addresses privacy issues.
- Georgian national voter database posted online.
Possible Saudi surveillance of KSA subjects traveling in the US.
An unnamed whistleblower has provided the Guardian with information that suggests Saudi Arabia has been engaged in extensive surveillance of Saudi citizens in the US. The three major Saudi mobile operators (Saudi Telecom, Mobily, and Zain) sent a US mobile carrier a combined monthly average of 2.3 million tracking requests—Provide Subscriber Information (PSI) messages over the global SS7 message system—from 1 November 2019 to 1 March 2020. Many of the PSIs were blocked by US carriers.
The SS7 protocol—"Signalling System 7”—enables calls to be routed among different carriers’ networks, and PSIs have legitimate uses (like ensuring proper billing) but as TechCrunch points out, the high rate of Saudi PSIs far exceeds anything one might expect from such legitimate use. Members of Congress complain that the apparent surveillance was enabled by the US Federal Communications Commission’s inaction on cleaning up known issues with SS7. TechCrunch quotes Senator Ron Wyden (Democrat of Oregon) expressing his displeasure with FCC chair Ajit Pai, saying, "If this report is true, an authoritarian government may be reaching into American wireless networks to track people inside our country."
Maze claims to have compromised insurance company.
Insurance company Chubb, a prominent underwriter of cyber risk, continues to investigate the cyberattack it sustained last week. In the meantime, according to Infosecurity Magazine, the operators of Maze have posted to their “News” site the claim that they had successfully infected Chubb with ransomware. Insurance Journal quotes Chubb as saying that so far, at least, it seems that the company’s networks were unaffected. Should the Maze claim eventually be substantiated, the prospect that the incident included a data breach can't be discounted.
Zoom addresses privacy issues.
Zoom, a major provider of useful telework capability, has addressed some issues that came to general attention as the service has seen heavy use during the pandemic emergency. First, it’s removed the code that Motherboard reported was sharing analytical data with Facebook. This is the sort of behavior that’s been found objectionable in other applications when they've been found to engage in it.
Second, the vulnerabilities that Check Point last week reported finding in Zoom, vulnerabilities whose exploitation could render Zoom sessions susceptible to eavesdropping, turn out to have been patched, so those particular issues should by now have been addressed in all up-to-date instances. Check Point late last week published some advice on how to use Zoom safely.
Finally, the regrettable "Zoombombing" that's infested some telework sessions can be controlled, but it will take some attention to your settings. The Verge offers instructions on how to keep the trolls out. (Zoombombing involves trolls intruding into Zoom sessions to post pornographic or other objectionable content as shared screens.)
From the Caucasus: database of Georgia voters posted to hacker forum.
A database containing information on, essentially, all the registered voters in the country of Georgia, all 4,934,863 of them, appeared in a hacker forum over the weekend, ZDNet reports. Georgia’s Central Election Commission says that the database contains information it doesn’t normally collect, and that it doesn’t have any evidence that it sustained a cyberattack. The Central Election Commission suggests that the data might have come from, or been assembled from, another source. Investigation continues.