At a glance.
- Ocean Lotus and surveillance of Vietnamese dissidents.
- Avast describes "unethical stalkerware."
- NHS's Palantir contract receives scrutiny.
Ocean Lotus targets Vietnamese dissidents with spyware.
As the CyberWire noted yesterday, Amnesty International’s tech arm has discovered that Ocean Lotus (also known as APT-C-00 and APT32), a threat group allegedly connected to the Vietnamese government, has been targeting Vietnamese human rights activists with a spyware operation since 2018. Two individual victims have been identified: activist Bui Thanh Hieu, who was so harassed by Vietnamese authorities that he sought sanctuary in Germany in 2013, and a pro-democracy blogger who is maintaining his anonymity to preserve his safety. Vietnamese Overseas Initiative for Conscience Empowerment, a nonprofit based in the Philippines that supports Vietnamese refugees, was also hit in April of last year. The victims received phishing emails containing “important documents” that, when opened, were revealed to contain a malicious file loaded with spyware. When analyzed, the techniques and tools utilized matched the modus operandi of Ocean Lotus. In the official report, Amnesty Tech recommends that Vietnamese authorities open an independent investigation to determine Ocean Lotus’s ties to government organizations and execute a human rights framework to regulate surveillance technology.
Every teenager’s nightmare: spyware apps in loco parentis?
Digital privacy leader Avast found that the top nine stalkerware apps have been employing marketing messaging to intentionally attract parents who wish to spy on their children, PR Newswire reports. The apps offer services that would allow parents to engage in remote surveillance like monitoring texts and calls, accessing pictures and videos, remotely blocking apps, and tracking their children’s location. While stalkerware has long been popular with jealous spouses and suspicious employers, the platforms are now using psychological techniques in their advertising to present the apps as a means for parents to keep tabs on their children in the pursuit of “safety.” They even feature user reviews that are clearly fraudulent, as the same comments were attributed to different reviewers and used across multiple platforms. Avast considers any type of stalkerware unethical, but even more so when children are in the crosshairs. As Avast CISO Jaya Baloo told PR Newswire, “Children have a fundamental right to privacy and independence as well and staying informed about your child's online activities is important and requires consent.”
NHS England faces lawsuit over Palantir contract.
Global media group Open Democracy is suing England’s National Health Service (NHS England) over its £23.5 million contract with US data mining company Palantir Technologies, reports Computing. Palantir, a data firm founded in 2003 with links to the CIA, was granted a two-year contract with NHS England for public health data analysis related to COVID-19. Open Democracy alleges that the contract will allow Palantir access to information beyond health data, and could impact business dealings and other government operations like Brexit. Nonprofit Foxglove, which is managing the case for Open Democracy, says that an impact assessment should have been conducted and the general public consulted before the deal was finalized. As Open Democracy stated, “We believe that we, the public, should have a say about these lucrative deals before they happen, not after.”