mSpy surveillance service hacked
In a somewhat ironic turn of events, mSpy, a provider of software allowing people to track others such as their children or spouses, has admitted to suffering a data breach. The news emerged through the Krebs on Security blog by security expert Brian Krebs, who was anonymously directed to the data which had been dumped on the dark web. The company claims that 80,000 customers are affected while initial reports had claimed a much higher figure of 400,000. It also emerged that the company is under investigation by the UK Independent Commissioner’s Office for possible data protection breaches. US officials have also likened the software to ‘stalking’ and are carrying out their own investigations.
Friend Finder service suffers breach
Adult Friend Finder, a service allowing adults to connect for casual dating purposes, has also admitted a recent breach. It’s been reported that the data of up to 3.9 million users has been stolen, including their email addresses and sexual preferences. The company itself has released very few details but have employed digital forensic service Mandiant to carry out an investigation.
US upcoming cyber security acts
Following the aftermath of the Sony Pictures hack and Obama’s executive orders, we’re starting to see some of the measures gradually being put in place. Recently the contentious CISA legislation was approved and this week two House bills, Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 are scheduled to be voted on later this week. These mainly cover the practicalities of intelligence sharing between government and businesses. We’ve also seen Congress approve funding to develop the capabilities of the National Cybersecurity and Communications Integration Center. We would anticipate further news and development on this in the coming months to stay tuned.
New Pew Research report on American attitudes to security
A new report from Pew Research has investigated the opinions of the American public when it comes to security, privacy and data collection. Findings show the American citizens feel that they are generally under surveillance when in public and also that they have a lack of control over the data collected about themselves and its uses. This confirms earlier findings by the same institute and shows that the low levels of confidence people have in the privacy and security of their data is on the increase. There is no doubt that the wealth of hacks and data thefts over the past couple of years have been a factor in this, e.g Target and Anthem insurance. It was also found that few are taking steps to enhance their privacy, while they do hold the agencies who hold such data responsible, expecting them to limit the length of time they retain such records. The overall response also expressed that Americans believe there should be greater limits on government surveillance programs and that it ought to be possible to preserve the possibility to remain anonymous for certain online activities.
Russia and China sign a Cyber Security pact
Last week Russia and China signed an agreement that neither would launch a cyber attack against the other, and to pool information, law enforcement and technology resources to better equip themselves against any incoming attack that may attempt to ‘destabilize the internal political and socio-economic atmosphere’, ‘disturb public order’ or ‘interfere with the internal affairs of the state’. This doesn’t mean that neither will keep an eye on the other but it does signify a strengthening of cyber defenses for both parties and a freeing up of their resources to pursue other targets. On a political level, Russia is likely getting closer to China since relations with the West took a hit when they invaded Ukraine and since Russia and China represent the two largest national sources of cyber attacks, other countries should definitely be a little nervous.
Watchdogs in 29 countries to review websites aimed at children
A collective of watchdogs from 29 countries is set to review how websites and apps which are aimed at children collect and protect information and whether they comply with data protection laws. The ICO will be the UK agency involved and have not ruled out taking action where the laws are being breached; they have the authority to issue up to a £500,000.00 fine. The ICO said ‘These principles are true whatever the audience, but they are especially true where children are concerned. This research should give us a valuable insight into whether companies in the UK are operating compliantly, as well as how that fits with what is happening around the world.’