Connect with us

OTHER

Twitter Allowed Chinese, Indian Agents on Payroll, Privacy of Users at Risk, Whistleblower Claims

Published

on

twitter-allowed-chinese,-indian-agents-on-payroll,-privacy-of-users-at-risk,-whistleblower-claims

Twitter whistleblower Peiter “Mudge” Zatko on Tuesday alleged that the microblogging platform knowingly allowed India to add agents to the company’s roster potentially providing the country with access to sensitive data about users on the platform, while “at least one agent” from China’s intelligence service was employed by the company. In his testimony before the US Senate Committee, Zatko claimed that Twitter is putting the privacy of its users at risk, adding that the company’s leadership ignored its engineers, while their executive incentives led them to prioritise profit over security. Twitter responded to these claims saying its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures.

As per a report by the Associated Press, in his testimony, Twitter’s former security chief Peiter Zatko said that the company knowingly allowed the Indian and Chinese governments to place its agents on the company’s payroll. According to Zatko, the agents may have accessed the company’s systems and user data. The Twitter whistleblower said that weak cyber defences made the social platform vulnerable to exploitation by “teenagers, thieves and spies”, risking users’ privacy.

Zatko, while appearing before the Senate Judiciary Committee alleged that the company ignored its engineers because their “executive incentives led them to prioritise profit over security.” Zatko said Twitter’s security systems are outdated and that it runs vulnerable software on more than half of its data centre servers.

He outlined Twitter’s negligence in dealing with governments that sought to place spies in the microblogging service. He added that Twitter’s inability to track how employees accessed user accounts made it difficult for the platform to detect the potential misuse of data access on the service.

See also  Staring at Yourself During Virtual Chats Can Worsen Your Mood, Study Reveals

According to the report, Zatko, who was the head of security for Twitter until he was fired early this year said he spoke with “high confidence” about a foreign agent that the government of India placed on Twitter to “understand the negotiations” between India’s ruling party and Twitter about new social media restrictions and how well those negotiations were going.

Advertisement
free widgets for website

The whistleblower also revealed that he was told about a week before his firing that “at least one agent” from the Chinese Ministry of State Security (MSS) was “on the payroll” on Twitter.

Meanwhile, Zatko has accused his former employer of cybersecurity negligence saying it did not address “basic systemic failures” recommended by engineers. Zatko also accused Twitter CEO Parag Agrawal and other senior executives and board members of numerous violations, including making “false and misleading statements to users and the FTC about Twitter’s safety.

Twitter reportedly denied Zatko’s claims, calling his description of events “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context. In a statement to the Associated Press, the microblogging platform said its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.


OTHER

WhatsApp Reveals Critical Vulnerabilities in Older App Versions That Let Attacker Exploit Phones via Video Call

Published

on

By

whatsapp reveals-critical-vulnerabilities-in-older-app-versions-that-let-attacker-exploit-phones-via-video-call

WhatsApp, Meta’s instant messaging and calling service, has published details of a ‘critical’ vulnerability that has been patched in a newer version of the app but might still affect older installed versions that have not been updated.

The details regarding the vulnerability were revealed in a September update of WhatsApp‘s page on security advisories affecting the app and came to light on September 23.

WhatsApp, in the update, shared a detailed issue related to vulnerability CVE-2022-36934, according to which “an integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call.”

According to the details, the bug would let an attacker exploit integer overflow, after which they can get access to execute their own code on a victim’s smartphone through a specially crafted video call.

This vulnerability has been given a severity score of 9.8 out of 10 on the CVE scale.

Advertisement
free widgets for website

In the same security advisory update, WhatsApp also explained another vulnerability, CVE-2022-27492. According to the social media company, “an integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.”

This said, the bug would let attackers execute the code on the victim’s smartphone using a malicious video file. The vulnerability was scored 7.8 out of 10.

In an India-related development for the social media platform, the head of WhatsApp’s India payment business, Manesh Mahatme, has quit after more than a year with the Meta Platforms-owned company to join Amazon India, a source told Reuters on Thursday.

See also  Twitter Tightens Bans on Political Ads and Causes Ahead of 2020 US Election

Mahatme’s exit comes at a critical time for WhatsApp, which is seeking to ramp up its payments service in a highly competitive market and lock horns with more established players such as Alphabet’s Google Pay, Ant Group-backed Paytm and Walmart’s PhonePe.

During his stint at WhatsApp Pay, the company won regulatory approval to more than double its payments offering to 100 million users in India, its biggest market with more than half a billion users overall.

Advertisement
free widgets for website

Affiliate links may be automatically generated – see our ethics statement for details.

Continue Reading

OTHER

Elon Musk Seeks to End Pre-Approval of His Tweets, Calls SEC Mandate “Government-Imposed Muzzle”

Published

on

By

elon-musk-seeks-to-end-pre-approval-of-his-tweets,-calls-sec-mandate-“government-imposed-muzzle”

Elon Musk’s lawyers urged a federal appeals court to throw out a provision in his 2018 consent decree with the US Securities and Exchange Commission (SEC) requiring a Tesla lawyer to vet some of his posts on Twitter.

In a brief filed late on Tuesday with the 2nd US Circuit Court of Appeals in Manhattan, lawyers for Musk called the pre-approval mandate a “government-imposed muzzle” that inhibited and chilled his lawful speech on a broad range of topics.

They also said the requirement violated the US Constitution, and undermined public policy by running “contrary to the American principles of free speech and open debate.”

The SEC did not immediately respond to a request for comment outside market hours. It is expected to file its own brief with the appeals court.

Musk wants to overturn part of an April 27 decision by US District Judge Lewis Liman that rejected his bid to throw out the consent decree altogether.

Advertisement
free widgets for website

Liman said Musk’s arguments amounted to a “bemoaning” of requirements he no longer wanted to adhere to now that “his company has become, in his estimation, all but invincible.”

Musk, 51, is worth $259.8 billion (roughly Rs. 21,25,878 crore), nearly twice as much as anyone else, Forbes magazine said on Wednesday.

The decree resolved a lawsuit accusing Musk of defrauding investors with an August 7, 2018 tweet that he had “funding secured” to take his electric car company private, though a buyout was not close. Musk has said the tweet was truthful.

In settling, Musk agreed to let a Tesla lawyer screen tweets that might contain material information about the company.

See also  Twitter Wants Your Feedback on Its Deepfake Policy Plans

He and Tesla each also paid $20 million (roughly Rs. 163 crore) in civil fines, and Musk gave up his role as Tesla chairman.

Advertisement
free widgets for website

But the SEC later opened a probe and subpoenaed documents concerning Musk’s and Tesla’s compliance, after Musk asked his followers in a November 6, 2021 tweet whether he should sell 10 percent of his Tesla stake to cover tax bills on stock options.

In Tuesday’s filing, Musk’s lawyers said it was time to rein in the SEC.

“Under the shadow of the consent decree, the SEC has increasingly surveilled, policed, and attempted to curb Mr. Musk’s protected speech that does not touch upon the federal securities laws,” the lawyers wrote. “Any objective served by the pre-approval provision has been served.”

Musk is separately trying to abandon his April agreement to buy Twitter for $44 billion (roughly Rs. 3,37,465 crore), saying the company misled him by downplaying the number of fake accounts.

Twitter has sued Musk to force him to complete the merger at the agreed-upon price, which is 23 percent higher than where its shares closed on Tuesday. An October 17 nonjury trial is scheduled in Delaware Chancery Court.

Advertisement
free widgets for website

The case is Musk v SEC, 2nd US Circuit Court of Appeals, No. 22-1291.


Affiliate links may be automatically generated – see our ethics statement for details.

Continue Reading

OTHER

Meta Disrupts Chinese Propaganda Operation Across Facebook, Instagram Ahead of US Midterm Elections

Published

on

By

meta-disrupts-chinese-propaganda-operation-across-facebook,-instagram-ahead-of-us-midterm-elections

Meta Platforms said on Tuesday it disrupted the first known China-based influence operation focused on targeting users in the United States with political content ahead of the midterm elections in November.

The network maintained fake accounts across Meta’s social media platforms Facebook and Instagram, as well as competitor service Twitter, but was small and did not attract much of a following, Meta said in a report summarising its findings.

Still, the report noted, the discovery was significant because it suggested a shift toward more direct interference in US domestic politics compared with previous known Chinese propaganda efforts.

“The Chinese operations we’ve taken down before talked primarily about America to the world, primarily in South Asia, not to Americans about themselves,” Meta global threat intelligence lead Ben Nimmo told a press briefing.

“Essentially the message was ‘America bad, China good,’” he said of those operations, while the new operation pushed messages aimed at Americans on both sides of divisive issues like abortion and gun rights.

Advertisement
free widgets for website

Another Meta executive at the briefing said the company did not have enough evidence to say who in China was behind the activity.

Asked about Meta’s findings at a news conference, US Attorney General Merrick Garland said his office was “very concerned” about intelligence reports of election interference by foreign governments “starting back some time ago and continuing all the way into the present.”

A Twitter spokesperson said the company was aware of the information in Meta’s report and also took down the accounts.

According to Meta’s report, the Chinese fake accounts posed as liberal and conservative Americans in different states. They posted political memes and lurked in the comments of public figures’ posts since November 2021.

See also  Staring at Yourself During Virtual Chats Can Worsen Your Mood, Study Reveals

A sample screenshot showed one account commenting on a Facebook post by Republican Senator Marco Rubio, asking him to stop gun violence and using the hashtag #RubioChildrenKiller.

Advertisement
free widgets for website

The same network also set up fake accounts that posed as people in the Czech Republic criticizing the Czech government over its approach to China, according to the report.

Meta also said it had intercepted the largest and most complex Russian-based operation since the war in Ukraine began, describing it as a sprawling network of more than 60 websites impersonating legitimate news organisations, along with about 4,000 social media accounts and petitions on sites like US-based campaign group Avaaz.

That operation primarily targeted users in Germany, as well as France, Italy, Ukraine and the United Kingdom, and spent more than $100,000 (roughly Rs. 81.8 lakh) on advertisements promoting pro-Russian messages.

On a few occasions, Russian embassies in Europe and Asia amplified the content.

The Russian embassy in Washington said Meta’s move follows “the instructions of the US authorities” and is a violation of freedom of speech.

Advertisement
free widgets for website

“This suggests that American tech giants, who own the most popular Internet resources, have become servants of the US administration’s policy of suppressing dissent,” the embassy said on its Telegram channel.

© Thomson Reuters 2022


Affiliate links may be automatically generated – see our ethics statement for details.

Continue Reading

Trending