Pete Recommends – Weekly highlights on cyber security issues, January 21, 2023

Subject: Will Europe’s Privacy Bill of Rights Ever Truly Be Enforced? A conversation with Tanya O’Carroll
Source: The Markup via Mastodon network

Europe’s landmark privacy law GDPR looks good on paper but has been spottily enforced — particularly the part about getting users consent for being profiled.That’s why activist Tanya O’Carroll is suing Meta in a UK court seeking to exercise her GDPR right to object to how here data is being used.

I interviewed her about her case in this week’s newsletter:

Subject: Another outlet for the weekly summary
Source: Mastodon network

Recently I’ve been cross-tooting (posting)(*) on my Mastodon account weekly edited summaries of SECAWARE (thank you, Sabrina) called Pete Recommends – Weekly highlights on cyber security issues using a new #hashtag for the Mastodon site #LLRX (which is my reference to the host site for the original weekly summaries and much more)

Here’s last week’s:

My edited summaries will be starting their sixth year in about three weeks.

Subject: Week in review: ChatGPT as an infosec assistant, Google offers help to EU cybersecurity startups
Source: Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Google is calling EU cybersecurity founders – Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies.
Rackspace ransomware attack was executed by using previously unknown security exploit – The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.[lots more … ]


Subject: How ChatGPT Hijacks Democracy
Source: NYT

The New York Times: (*) “Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to human. But for all the consternation over the potential for humans to be replaced by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligence replacing humans in the democratic processes — not through voting, but through lobbying. ChatGPT could automatically compose comments submitted in regulatory processes. It could write letters to the editor for publication in local newspapers. It could comment on news articles, blog entries and social media posts millions of times every day. It could mimic the work that the Russian Internet Research Agency did in its attempt to influence our 2016 elections, but without the agency’s reported multimillion-dollar budget and hundreds of employees. Automatically generated comments aren’t a new problem. …

Subject: Cops Hacked Thousands of Phones. Was It Legal?
Source: WIRED

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.For a week in October 2020, Christian Lödden’s potential clients wanted to talk about only one thing. Every person whom the German criminal defense lawyer spoke to had been using the encrypted phone network EncroChat and was worried their devices had been hacked, potentially exposing crimes they may have committed. “I had 20 meetings like this,” Lödden says. “Then I realized—oh my gosh—the flood is coming.”

Months earlier, police across Europe, led by French and Dutch forces, revealed they had compromised the EncroChat network. Malware the police secretly planted into the encrypted system siphoned off more than 100 million messages, laying bare the inner workings of the criminal underground. People openly talked about drug deals, organized kidnappings, planned murders, and worse.

However, a growing number of legal challenges are questioning the hacking operation.

Posted in: AI, Cybercrime, Cybersecurity, Legal Research, Privacy, Social Media