At a glance.
- Trends in data leaks caused by exposed databases.
- Teenagers likely behind the latest cyber-extortion trend targeting women and minors.
- Clearview AI on the future of facial recognition technology.
Trends in data leaks caused by exposed databases.
A recent report released by global cybersecurity research firm Group-IB’s Attack Surface Management team shows that 2021 saw 308,000 incidents of databases exposed to the open web. In the second half of 2021, the number of public-facing databases rose to 165,600, a 16% increase. Corporate digital assets stored in internet-facing databases that are not properly configured have led to countless data leaks in recent years, a problem that has only increased as the pandemic resulted in more employees working from home. The research team found that in the first quarter of 2021 it took an average of 170.2 days for the owner of an exposed database to secure the data, and while that average decreased gradually over the course of the year, it increased again in the first quarter of 2022. The vast majority of the exposed databases in 2021 were found on servers located in the US (93,685), followed by China (54,764), and Germany (11,177).
Teenagers likely behind the latest cyber-extortion trend targeting women and minors.
According to four federal law enforcement officials and two industry investigators (all of whom have requested anonymity), tech giants including Meta, Apple, Google, Snap, Twitter, and Discord, were scammed into handing over sensitive user data in response to fraudulent legal requests. After impersonating law enforcement officials in order to obtain the personal info, the cybercriminals then used the stolen data to blackmail specific targets, mostly women and children, into sharing sexually explicit material, or extort them for financial gain. Most disturbingly, the perpetrators are believed to be minors themselves, teenagers from the US and abroad.
Typically companies are under no legal obligation to respond to legitimate emergency data requests from law enforcement, as they usually don’t include a court order, but companies generally respond to “good faith” requests to assist authorities with investigations that could present imminent danger. The scope of these operations is difficult to measure, given that the duped organizations are often unaware that they’ve been tricked. Speaking about a faked data request received by Google last year, a company spokesperson told Bloomberg, “We quickly identified an individual who appeared to be responsible and notified law enforcement. We are actively working with law enforcement and others in the industry to detect and prevent illegitimate data requests.” A Meta spokesperson told Gizmodo that the company reviews “every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” and a Discord spokesperson says they “validate all emergency data requests by checking that they come from a genuine source and have systems in place to prevent abuse, including flagging domains known to be compromised from making requests.”
Alex Stamos, a former chief security officer at Facebook, stated, “Police departments are going to have to focus on preventing account compromises with multifactor authentication and better analysis of user behavior, and tech companies should implement a confirmation callback policy as well as push law enforcement to use their dedicated portals where they can better detect account takeovers.”
Clearview AI on the future of facial recognition technology.
Yesterday the Washington Post interviewed Hoan Ton-That, CEO of Clearview AI, the world’s largest facial recognition network. Ton-That discusses how the company’s controversial tech is being used by over three thousand government agencies around the world, including the US Federal Bureau of Investigation, the US Immigration and Customs Enforcement agency, and six agencies in Ukraine, to aid law enforcement with criminal investigations. Though some critics have said Clearview’s tech could be used to support extremist regimes, Ton-That explains, “There’s no political motivation to Clearview…There’s no left-wing way or right-wing way to help law enforcement find a pedophile or solve any kind of crimes.” He goes on to say that the tech has been used in war-torn Ukraine, where the Minister of Internal Affairs has been using Clearview to aid criminal investigations. Ton-That states, “They’ve opened over, I think 8,000 criminal proceedings in total and Clearview has been used in a lot of checkpoints.” He says the criticism the company has experienced has been the result of misconception: “I think it’s just the natural cycle that happens with any new technology where at first it can be misunderstood.”