Amazon handed ring videos to police without warrant
The websites you visit can reveal (almost) everything about you. If you’re looking for health information, reading about unions, or researching details about certain types of crime, you may be revealing a huge amount of detail about yourself that a malicious person could use against you. Researchers this week described a new attack, using basic web functions, that could expose anonymous users online. The hack uses common web browser functions – included in every major browser – and CPU functions to analyze whether you are logged into services such as Twitter or Facebook and then identify you.
Elsewhere, we have described how the Russian “hacktivist” group Killnet attacks countries that support Ukraine but are not directly involved in the war. Killnet has launched DDoS attacks on official government websites and companies in Germany, the United States, Italy, Romania, Norway and Lithuania in recent months. And it is only one of the pro-Russian hacktivist groups that is causing chaos.
We also looked into a new privacy scandal in India in which donors to non-profit organizations had their data and information handed over to the police without their consent. We also looked at the new “Retbleed” attack that can steal data from Intel and AMD chips. And we took stock of the ongoing Jan. 6 committee hearings — and predicted what was to come.
But that is not everything. Each week we round up the news that we have not broken or expanded. Click on the headlines to read the full stories. And stay safe out there!
Ring, Amazon’s security camera company, has built relationships with law enforcement agencies for years. By early 2021, Amazon had formed more than 2,000 partnerships with police and fire departments across the US, building a massive surveillance network where officials could request videos to aid in investigations. In the UK, Ring is working with the police to give away cameras to local residents.
This week, Amazon admitted to handing over police footage recorded on Ring cameras without the owners’ permission. As first reported by Politico, Ring has provided footage to law enforcement officers at least 11 times this year. It is the first time the company has admitted to passing on data without permission or order. The move will raise further concerns about Ring’s cameras, which have been criticized by campaign groups and lawmakers for eroding people’s privacy and making surveillance technology ubiquitous. In response, Ring says it doesn’t give anyone “unlimited” access to customer data or video, but it can hand over data without authorization in emergency situations where there is an immediate risk of death or serious injury.
In 2017, the Vault 7 leaks revealed the CIA’s most secretive and powerful hacking tools. Files published by WikiLeaks showed how the agency could hack into Macs, your router, your TV, and a host of other devices. Investigators quickly pointed the finger at Joshua Schulte, a hacker in the CIA’s Operations Support Branch (OSB) who was responsible for finding exploits that could be used in the CIA’s missions. Schulte has now been found guilty of leaking the Vault 7 files to Wikileaks and could face several decades in prison. After a previous mistrial in 2018, Schulte was found guilty of all nine charges against him this week. Weeks before his second trial, The New Yorker published this comprehensive article about Schulte’s dark history and how the CIA’s OSB works.
Hackers linked to China, Iran and North Korea have targeted journalists and media, according to new research from security firm Proofpoint. In addition to attempts to compromise the official accounts of members of the press, multiple Iranian hacking groups have impersonated journalists and tried to trick people into handing over their online account details. The Iran-linked group Charming Kitten has sent detailed interview requests to its potential hacking targets, and they have also attempted to impersonate multiple Western news channels. “This social engineering tactic successfully taps into the human desire for recognition and is used by APT actors seeking to target academics and foreign policy experts around the world, probably in an effort to gain access to sensitive information,” says Proofpoint.
In any business or organization, items are lost from time to time. Usually these are lost phones, security passes and files that are occasionally accidentally left at bus stops. Losing any of these things can pose security risks if devices are insecure or if sensitive information is made public. Desktop computers are less likely to be lost unless you are the FBI. According to FBI data obtained by VICE’s motherboard, the agency lost 200 desktop computers between July and December 2021. Also lost or in some cases stolen pieces of body armor and night vision goggles.
Scams don’t get much more elaborate than this. This week, police in India busted a fake “Indian Premier League” cricket tournament. A group of alleged scammers set up the fake league in the western Indian state of Gujarat and hired young men to play cricket matches, posing as professional teams while live-streaming the matches that people could bet on. According to police, the group hired a fake commentator, created on-screen graphics showing real-time scores and played crowd sounds downloaded from the Internet. To hide the fact that the games took place on a farm rather than a large stadium, the video feed only showed close-ups of the action. Police said they caught the gang playing a quarter-final. Police believe the gang may have run multiple leagues and also planned to expand into a volleyball league. The match images are worth watching.
This post Amazon handed ring videos to police without warrant
was original published at “https://www.wired.com/story/amazon-ring-police-videos-security-roundup/”
