At a glance.
- Facial recognition shop Clearview AI subpoena's advocacy groups for material relevant to Clearfview's privacy case.
- Transparency and law enforcement surveillance technology.
- Conti ransomware hits European call center.
- UCSD data breach lawsuit.
- Vice Society hits United Health Centers with ransomware.
Clearview AI subpoenas critics' records.
Clearview AI, the facial recognition tech company known to provide police with scraped public images to assist with criminal investigations, has faced the scrutiny of privacy advocates questioning the legality of its operations. Politico reports that Clearview is now subpoenaing civil society coalition Open The Government and police accountability nonprofit Lucy Parsons Labs, requesting they submit information they’ve uncovered in their investigations of Clearview. Clearview's attorney Andrew J. Lichtman says this is just an effort to prepare for its defense for a privacy case in Illinois district court, but some see it as an attempt to quiet critics by tying them up in legal red tape. It’s worth noting that the Illinois case does not involve Open the Government or Lucy Parsons Labs. “To use legal process to try to silence critics — silence people that are just trying to get transparency about how our criminal justice system is operating and what tools are being used by law enforcement agencies — that's pretty problematic,” said David Brody, counsel and senior fellow for privacy and technology for Lawyers’ Committee for Civil Rights Under Law.
Transparency and police surveillance tech.
The Washington Post examines the government practice of subpoenaing tech giants like Facebook, Google, and Microsoft for data on private citizens, requests that are often accompanied by nondisclosure agreements that keep users in the dark about where their data is going and why. Facebook’s Andy Stone says Facebook received over 60,000 government requests for user data in the US in the last half of 2020, and 69% came with gag orders. “Someone cannot exercise their Fourth Amendment rights when their data has been taken in secret,” said Microsoft’s vice president of customer security and trust Tom Burt. For its part, spokesman Joshua Stueve says the Justice Department is reviewing its policies regarding these data requests, but it’s unclear what, if anything, might change.
In an effort to protect citizens from such surveillance, about twenty US cities including Oakland, California have adopted Community Control of Police Surveillance (or CCOPS) laws, intended to maximize transparency between police and the community regarding the use of surveillance tech. However, Brian Hofer, one of the creators of Oakland’s CCOPS law, is taking the city to court because police are allegedly not adhering to the regulations, Wired reports. “Police don't like to be transparent. Surveillance technology use is by design secretive, and no self-interested party is going to voluntarily highlight anything negative about their own proposal.”
Ransomware places customer call centers on hold.
A Conti ransomware attack on GSS, the Spanish and Latin America division of Covisian, leading European customer care and call center provider, has locked up its IT systems and disrupted call center operations of companies like Vodafone Spain, Madrid’s water supplier, and television stations. Details are few, but the Record by Recorded Future notes that GSS described the incident as “inevitable/unavoidable.” There’s no evidence that any customer data were compromised.
The potentially giant reach of Colossus ransomware.
The researchers at ZeroFox Threat Intelligence offer details about Colossus, a new ransomware variant that targets Microsoft Windows. Possibly associated with other ransomware-as-a-service groups, Colossus boasts features like binary packing using Themida, sandbox evasion capabilities, and a negotiation support website, has already claimed a major US automobile dealer group as a victim.
UCSD breach leads to lawsuit.
After an employee email compromise, healthcare system University of California San Diego (UCSD) Health suffered a data breach in March that potentially exposed the data of half of a million patients and employees. The San Diego Tribune reports that a class-action lawsuit is now being sought on behalf of a cancer patient that accuses UCSD of negligence, breach of contract, and violation of state laws regarding consumer privacy and medical confidentiality. San Diego Attorney Jason Hartley states, “This breach was preventable — had UC San Diego Health had the right data protection protocols in place.”
United Health Centers' ransomware incident.
The Vice Society, a criminal organization that, according to BleepingComputer, surfaced in June of this year, has begun dumping files taken during a ransomware attack against United Health Centers. United Health operates twenty-one community clinics in the California counties of Fresno, Kings, and Tulare. The data exposed appears to include "patient benefits, financial documents, patient lab results, and audits."
The Vice Society may be relatively young, but they seem to be a quick study insofar as they've learned the smugly ironic and aggressively self-righteous tone so depressingly familiar from the dump sites of such gangs. They announce themselves as "Vice Society" "With love!" and snidely refer to their victims as "Our partners." BleepingComputer emailed them to ask why they target hospitals, and received this in reply:
"They always keep our private data open. You, me and anyone else go to hospitals, give them our passports, share our health problems etc. and they don't even try to protect our data. They have billions of government money. Do they steal that money?
"USA president gave big amount to protect government networks and where is their protection? Where is our protection?
"If IT department don't want to do their job we will do ours and we don't care if it hospital or university."
May the Vice Society soon be granted a sabbatical courtesy of the Federal Bureau of Prisons or some comparable philanthropic body. They could enroll in a nice ESL course, fitting their studies in between shifts on the license plate manufacturing line.
We received some reactions from industry experts about the incident. Purandar Das, President and Co-Founder of Sotero, is dismayed by the incident:
“This is the worst-case scenario being played out in real life. As the administration and other agencies are advocating and, in some cases, making ransom payments illegal, this is a potential fallout. Organizations, while grappling with restoring their systems and dealing with loss of critical care systems also have to worry about patient data being leaked and made public. The attackers, with nothing to lose, will go to extremes to force an organization to capitulate. The long-term damage to individual customers is hard to fathom let alone estimate. Another potential fallout is cyber insurance. It is almost a given that premiums will escalate and potentially be unattainable.”
James McQuiggan, Security Awareness Advocate at KnowBe4, offers an appreciation of why healthcare organizations continue to be targets:
"While focusing on patient care, healthcare organizations struggle to secure their patient data, as there is a constant stream of attacks against them. Most of them are profit-generating organizations and are willing to pay up, which is why we see cyber criminals continue to target them.
"Not only do cyber criminals damage the infrastructure, but the attack can damage the reputation of the organization, and patients may be wary of providing sensitive data to them in fear of it being stolen.
"Healthcare organizations need to invest in their employees' education on social engineering attacks to help them spot phishing emails and reduce the risk of attacks by cyber criminals via the human element. Critical systems such as patient data need fortifying with multi-factor authentication to reduce the risk of unauthorized access by cyber criminals if they are able to get inside the network."
Tim Erlin, VP of Strategy at Tripwire, argues that effective, functioning backups, while still necessary, are no longer a sufficient defense against ransomware:
"Ensuring that you have working backups is fast becoming an insufficient strategy for dealing with ransomware. Criminals are adapting to an environment in which organizations are better prepared for ransomware by copying data in addition to encrypting it. With copied and encrypted data, they’re not only ransoming the access to your systems, but you’re also paying them not to release the sensitive data they have. This cyber-blackmail approach means that simply having backups isn’t enough to avoid the potential damage.
"Organizations should focus not only on ransomware response, but also on prevention. From the headlines, it may seem like you can’t stop ransomware from happening, but consistently employing security best practices really does reduce the likelihood of a successful attack. Ensuring that systems are configured securely, patching vulnerabilities, and phishing prevention are all very real ways to reduce risk."