How did investigators link hacks to Russia?

This report in The Intercept does a good job of explaining possible ways that evidence was collected. Keep in mind that the indictments handed out by the U.S. DoJ are literally a set of accusations – the indictments do not present the evidence. Evidence would be presented at a trial.

The indictment has a surprising amount of technical information and presents the most detailed and plausible pictures of the Russian cyberattacks so far.

Source: What Mueller’s Latest Indictment Reveals About Russian and U.S. Spycraft

There is also an argument (not presented in the story) that prosecutors know there will never be a trial. Consequently, an indictment, such as that made by the DoJ, can serve as political or propaganda tool to shape public perception. The DoJ can make accusations – which many if not most news reports are reporting as confirmation of actions. But accusations are not necessarily facts until a Court determines that the accusations are true or false based on evidence. However, since those charged are all in Russia, there will likely never be a trial. The effect is that these accusations are mutated into (unproven) facts.

The accusations may be true – or they could be false. We will never know. But we will have our opinions formed by media reports, which are already reporting on this topic as if the accusations are true.

Loyalty Cards are used to spy on  your purchases, and not just with the vendor

The story of how that Sudafed ad got to me begins at Walgreens. As I bought tissues and Afrin, I keyed in my phone number so I could get loyalty points.

Source: Facebook Really Is Spying on You, Just Not Through Your Phone’s Mic – WSJ

Stores use your loyalty card to identify you and all of your purchases. Your purchase transactions are then sold to other marketing companies. This data, in turn, can and is matched to your Facebook account and other online data using the phone number that you gave to the store and to Facebook or Google.

Think about how Facebook, Twitter and other online services are constantly pestering you to give them your phone number. Once they have your phone number, anything else you do that is linked to your phone number – such as using a loyalty card when buying stuff at Safeway or Walgreen’s is then accessible.

Everyone is also using the tracking data that Google collects on your Android phone to monitor where you are. Remember, that too is tied to your phone number. As I described on my other blog, the Facebook dossier even tracks what apps you have on  your phone and data mines that to identify potential marketing opportunities.

Google and Facebook are doing highly invasive surveillance and almost no one understands what is being done or what this means.

 

Autonomous self driving cars’ sensor arrays may be used for intensive public surveillance

Autonomous self-driving cars are continuously surveying their surroundings using an array of sensors and recording this to memory.

In the event of an accident of malfunction, this data can be retrieved for analysis.

However, this data could also be retrieved as surveillance data – even when the vehicle itself has not been in an crash.

Consider, a bike versus human driven car crash at an intersection. Two other vehicles at the intersection are autonomous vehicles and they have recorded the entire scenario, in detail, including subject and object positions and travel speeds.

All of this data is available to the police. Police agencies that today operate their own license plate readers and intersection surveillance cameras might choose to contract with autonomous vehicle companies for use as public data collection systems. When your autonomous vehicle is connected to your EV charging station, it might communicate over WiFi to upload collected data to a master database.

This is not particularly difficult or far fetched and police may already have the legal authority to pursue this collection.

Source: Why cops won’t need a warrant to pull the data off your autonomous car | Ars Technica

Verizon, AT&T said to deny sales of Huawei cell phones

Allegedly, both AT&T and Verizon have denied Huawei the opportunity to sell their Honor brand cell phones in their U.S. stores – ostensibly under orders of the U.S. government over security issues regarding China. It sounds, though, that it might actually be about Huawei not cooperating with the U.S. government to spy using Huawei technology vis a vis this item:

The US government was apparently able to negotiate these agreements even with foreign entities by leveraging existing legal regulations. In some cases, officials held up proposed business dealings using the Federal Communications Commission’s oversight of telecommunications. According to the Post, this helped government lawyers in persuading foreign companies to allow the US to maintain such extensive access. It’s unclear just how many companies the US has made these deals with, and for now, the extent of the federal government’s access remains classified.

Huawei also makes Internet switches and is a big competitor to Cisco – in other words, Huawei makes Internet backbone gear.

Source: Major internet backbones required to give US government quick access to data – The Verge

It is clear, at this point, that the U.S. government has the means to spy on everyone, 24 x 7, if they wish. Nothing we do online is secure. Period.

The primary business of the Internet is surveillance

Similar to Uber’s “God View” scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup’s passengers. One source that formerly worked with Lyft tells TechCrunch that widespread access to the company’s backend let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.”When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what drivers said about them. I never got in trouble.”

Source: Former employees say Lyft staffers spied on passengers | TechCrunch

Web site Quartz recently discovered that Google routinely logs quite a bit of information in your Location History, plus uses Bluetooth devices as an additional source of location information – even when you have Location turned off. Even on phones not having a SIM card installed.

Surveillance and privacy violations are the primary business purpose of the Internet.

#Alteryx publishes detailed data on 123M U.S. households in unsecured, online database

This cloud leak reveals the personal details of 123 million US households, revealing in-depth analysis of their finances sold by credit reporting agency Experian.

Source: Home Economics: How Life in 123 Million American Households Was Exposed Online

123 million households covers essentially everyone in the United States.

The data includes financial information such as income, home and auto loans, number of children and their ages, consumer marketing data such as whether you are a book buyer, engage in gardening, purchase various types of magazines, and many other personal interests, whether you are a do-it-yourselfer, your religious affiliation, household donations made to political groups and environmental groups. The data also includes the balance of your home and auto loans and your address – but not your name. Alteryx pretends that without your name, its not personally identifiable (Alteryx is lying).

Alteryx has not provided any way to learn if your own data has been released through their incompetence.

The CEO of Alteryx, Dean Stoecker, issued a bland statement “Third-Party Marketing Data” that obfuscates the degree of highly personal data they published online. Stoecker is an idiot.