Cyber Security News 15 March 2019
Victor Geves, the man behind the released of the “BreedReady” and “SenseNet” databases, both of which were found in China, is a man in an interesting position. Mr. Geves is an ethical hacker, someone who finds vulnerabilities and warns their owner of them, hopefully, before they can be exploited by a malicious party. He’s uncovered and helped to patch thousands of vulnerabilities and attack vectors in the past, and he does it all without getting political or taking one side over the other. Until now. With the rise of Chinese surveillance on its own citizens, Mr. Geves has felt compelled to act in a way that breaks away from his normally apolitical behaviour. He now scours the web for the massive data caches that Chinese companies continue to leave unguarded or vulnerable and warns their owner of the weakness like he usually would and then lets the world know what kind of data is being collected. And while there is something to be said about the possibility of mistranslation in the “BreedReady” scandal, as Chinese does not translate well into English, any kind of database like that would cause quite the stir. The tracking, in any way, of someones reproductive capacity would upset modern persons. That sort of tracking is incredibly personal and unnecessary for any government to track, though it’s possible China may need to as the repercussions for their “One Child Policy” begins to hit China hard.
Source: Interview — Meet Victor Gevers, The Ethical Hacker Who Exposed ‘BreedReady’ And ‘SenseNets’
The Netherlands has unveiled a new tiered fine system for GDPR violations, ranging from €0 to €1,000,000, depending on the severity of the crime. The Penalties are broken up into 4 categories as follows: Category 1, €0 to €200,000; Category 2, €120,000 to €500,000; Category 3, €300,000 to €750,000; and Category 4, €450,000 to €1,000,000. Currently, the 4 categories are not well defined and infractions of the GDPR will be categorized based on different factors rather than strict guidelines. These factors include the duration of the infraction, as well as its severity, the organizations response and how quickly they respond, as well as the number of data subjects affected. The creation of these categories does not preclude the use of the GDPR’s ability to bring down a €20,000,000 fine or 4% of an organizations global revenue.
Source: The Netherlands premieres the first GDPR fining policy in the EU
In an unsurprising turn of events, Facebook may be facing criminal penalties for allowing companies access to user data. This information includes contacts, facebook friends, and the contents of private messages all without the consent of the user. The companies that benefited from this access include Apple, Amazon, Microsoft, and other tech companies. The case is being filed against Facebook in New York, where documents have already been subpoenaed. This follows Facebook’s outage yesterday and together these events have caused Facebook’s stock to drop 1.5% in value. It should no longer come as a surprise to anyone that Facebook is in the news for consistent overreach when it comes to its user’s data, and Facebook is rapidly running out of excuses.
Source: Facebook is reportedly under criminal investigation over deals that gave Apple, Amazon, and other companies access to user data
Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.