Data Security

Social Mapper Can Trace Your Face

Posted on by Andy Miller

Trustwave’s SpiderLabs has created a new penetration testing tool that uses facial recognition to trace your face through all your social media profiles, link your name to it, and identify which organisation you work for.

Why?

According to its (ethical) creators, Trustwave’s SpiderLabs, Social Mapper has been designed to help penetration testers (those tasked with conducting simulated attacks on a computer systems to aid security) and red teamers (ethical hackers) to save time and expand target lists in the intelligence gathering phase of creating the social media phishing scenarios that are ultimately used to test an organisation’s cyber defences.

What Does It Do?

Social Mapper is an open source intelligence tool that employs facial recognition to correlate social media profiles across a number of different sites on a large scale. The software automates the process of searching the most popular social media sites for names and pictures of individuals in order to accurately detect and group a person’s presence. The results are then compiled in a report that can be quickly viewed and understood by a human operator.

How Does It Work?

Social Mapper works in 3 phases. Firstly, it is provided with names and pictures of people. e.g. via links in a csv file, images in a folder or via people registered to a company on LinkedIn.

Secondly, in a time-consuming phase, it uses a Firefox browser to log in to social media sites and search for its targets by name. When it finds the top results, it downloads profile pictures and uses facial recognition checks to try and find a match. The social media sites it searches are LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo, and Douban.

Finally, it generates a report of the results.

What’s The Report Used For?

The report is designed to give the user a starting point to target individuals on social media for phishing, link-sharing, and password-snooping attacks.

For example, a user can create fake social media profiles to ‘friend’ targets and send them links to credential capturing landing pages or downloadable malware, trick users into disclosing their emails and phone numbers e.g. using vouchers and offers to tempt them into phishing traps, create custom phishing campaigns for each social media site, or even to physically look at photos of employees to find access card badges or to study aspects of building interiors.

What Does This Mean For Your Business?

In the right hands, Social Mapper sounds as though it could ultimately help businesses to improve their online security because it helps to create much better quality and more realistic testing scenarios on a larger scale that could uncover loopholes and shortcomings that current testing may not be able to fund.

The worry, however, is that in the wrong hands it could be used by cyber-criminals to quickly gather information about a target business and its employees, thereby enabling potentially very effective phishing and password-snooping campaigns to be created. This detailed information could also be shared among and sold to other criminals which could mean that individuals could be subjected to a number of attacks over time through multiple channels.

The obvious hope is, therefore, that enough checks and security measures will be put in place by its creators thereby not allowing the software to fall into the wrong hands in the first place and be used by criminals against the businesses and organisations that it was designed to help.

Microsoft To Launch App-Testing Sandbox ‘InPrivate Desktop’ Feature

Posted on by Andy Miller

It has been reported that Microsoft is to launch InPrivate Desktop for a future version of Windows 10, a kind of throwaway sandbox that gives Admins a secure way to operate one-time tests of any untrusted apps / software.

Like A Virtual Machine

Although the new feature is still a bit hush-hush, and has actually been removed from the Windows 10 Insider programme, it is believed to act like a kind of in-box, speedy VM (virtual machine) that is then refreshed to use again after it has been used on a particular App.

Why?

The reason for the new feature in the broader sense , is that it fits with moves announced by Microsoft last June 2017 to introduce next-generation security features to Windows 10.

ATP & WDAG

Back in June 2017, Microsoft specifically mentioned the integration of Windows Defender Advanced Threat Protection (ATP) as one of the next-generation security measures. ATP, for example, was designed to isolate and contain the threat if a user on a corporate network accidentally downloaded malicious software via their browser.

A security feature that some commentators have likened InPrivate Desktop to, that was also specifically mentioned last June, was Windows Defender Application Guard (WDAG). Interestingly, WDAG isolates potential malware and exploits downloaded via a users’ browser and contains the threat using virtualisation-based security.

Spec Needed For InPrivate Desktop

Although the exact details of InPrivate Desktop are sketchy, we know that it is likely to be aimed at enterprises rather than individual users and that, as such, it is likely to need a reasonable spec to operate. It has been reported that in order to run the new feature / app at least 4GB of RAM, at least 5GB of free disk space, and two CPU cores will be needed.

When?

There is also still some speculation as to exactly when the InPrivate Desktop feature will make it to Windows 10. Some commentators have noted that it may not make it into Windows 10 ‘Redstone 5’, and looks likely to be rolled-out in a subsequent Windows 10 update which has been codenamed 19H1.

What Does This Mean For Your Business?

With support stopping for previous versions of Windows, and with all of us being forced into using Windows 10’s SaaS model, it makes sense that Microsoft adds more features to protect users, particularly businesses.

Adding malicious code to apps has been a method increasingly used by cyber-criminals to sneak under the radar, and having a secure space to test and isolate dubious / suspect apps will give Admins an extra tool to protect their organisation from evolving cyber-threats. It is extra-convenient that the testing feature / app sandbox will already be built-in to Windows 10.

IBM Makes Test Version of New Stealth AI Malware ‘DeepLocker’

Posted on by Andy Miller

IBM has announced that it has created its own stealth, ultra-evasive AI malware called ‘DeepLocker’ that can evade all traditional cyber-security protection, hide in normal applications, and only strike when it is sure it has reached its intended target.

Why?

Cyber-criminals are becoming ever-more sophisticated in their methods, and the resources available to them have increased e.g. as hackers have also worked in state-sponsored activities. Also, the world of Artificial Intelligence (AI) has come along leaps and bounds in recent years, and the fear is that cyber criminals could soon be deploying their own AI-powered malware. IBM has, therefore decided to create its own version in order to see how it works and behaves, and thereby gain valuable information which could help it to reduce risks, and find ways counter such attacks.

DeepLocker

One of the things that makes DeepLocker so different to other malware that tends to take a scattergun approach to infection is that it can hide itself and its intent until it reaches a specific target.

This is down to DeepLocker using deep neural network (DNN) AI model, a sophisticated computer system modelled on the human brain and nervous system. This DNN provides a kind of ‘black box’ that totally conceals the “trigger conditions”, and makes attack almost impossible to decipher and reverse engineer. DeepLocker’s AI can, therefore, even convert its own concealed trigger condition (which has been transformed into a deep convolutional network), into a “password” or “key” to unlock its own attack payload when it identifies its victim. In this sense, it contains three layers of attack concealment.

Hides & Identifies

According to IBM, DeepLocker can hide itself completely in normal ‘carrier’ applications such as video conference software. This enables it to fly completely under the radar and avoid detection by most antivirus and malware scanners. It also allows it to be spread widely and without providing any clues that there is a threat.

What Does This Mean For Your Business?

Malware attacks have cost businesses, organisations and whole economies vast amounts of money and untold disruption and problems in recent times. Evasive malware has been evolving for many years now as cyber-criminals try to find their way around better security measures and more sophisticated sandboxes. AI attacks using ultra-evasive, stealth methods of the nature of DeepLocker represent the next frightening wave of attack that organisations and businesses will have to face. It is a good thing, therefore, that IBM has tried to take the initiative and gain a march on cybe- criminals who will undoubtedly seek to weaponise AI, by creating its own version in order to learn lessons in advance that could provide at least some level of protection and recommendations for counter-measures.

Half of Us Will Activate Our New GDPR Rights Within A Year

Posted on by Andy Miller

The results of a new survey by analytics, business intelligence and data management firm SAS indicate that more than half of UK consumers look likely to exercise their new GDPR rights within the first year of GDPR’s introduction.

GDPR

The new General Data Protection Regulation (GDPR) that applies to those who collect, store and process the data of EU citizens came into force on 25th May this year. The Regulation replaced the EU Data Protection Directive of 1995, is part of EU privacy and human rights law, and was supposed to ensure greater consistency and harmony between data protection laws across the EU by bringing all data protection elements under one law for all countries. This meant that UK citizens appear to have been granted greater levels of protection of their personal data than before.

The Survey Results

The results of the latest post-GDPR SAS survey have been compared to a pre-GRPR survey conducted in 2017, and have shown that more people are planning to (and look more likely to) be exercising some aspect of their new GDPR rights more quickly than was thought after the first survey.

For example, the latest survey results show that 31% have already activated their rights over personal data, and 55% (compared to 42% in last year’s survey) plan to do so within a year.

The Facebook / Cambridge Analytica Scandal To Blame For Increase

The survey puts the Facebook / Cambridge Analytica scandal at the centre of the reasons why more people have already exercised their new GDPR rights. For example, 88% of UK consumers said they were aware of the scandal and, of those, 72% said it had caused them to retract data permissions, as well as planning to share less data or review how companies use their personal information.

One Mistake Enough

The SAS survey also shows that in the wake of being granted new rights and hearing about the extent of the Facebook / Cambridge Analaytica scandal, people are now much less likely to tolerate misuse and mistakes involving their personal data. For example, 45% said they would activate their data rights after only one mistake.

Social Media Companies and Retailers

According to the survey, social media companies and retailers are going to have to work the hardest to retain customer data, and can expect large numbers of requests to opt-out and to have data erased. For example, the SAS survey shows that 43% of consumers object to social media companies and retailers (41%) using their personal data for marketing. Supermarkets (37%), insurers (35%) and energy providers (34%) are the next to be least trusted with personal data.

What Does This Mean For Your Business?

Being on the end of years of annoying spam calls and emails, hearing about multiple high profile data breaches, the Facebook / Cambridge Analytica scandal, and now being granted greater control of how their data is used and shared has clearly made consumers more determined to exercise their rights, express how much value they place on their security and privacy, and take control back by opting-out. Those organisations that have been most in the spotlight for letting consumers down e.g. social media companies and retailers, look likely to face the brunt of the initial GDPR backlash.

An important message that businesses need to take from the results of the SAS survey(s) is that they need to respect their customers and their data or risk losing both, which could, in turn, damage their competitive advantage and hit profits. Yes, compliance with GDPR as a law is an important ongoing goal, but businesses should also remember that transparent data management and analytics are important to provide the kind of personalised customer experiences that make consumers more willing to share their data.

10 Million Affected by Dixons Carphone Data Breach

Posted on by Andy Miller

Dixons Carphone has announced that, after a review following a hack of its customers’ data, 10 million customers rather than the original estimate of 1.2 million have actually been affected.

What Happened?

Back in June, Dixons Carphone announced that a hacking attempt, which had actually taken place in July 2017, had been made on one of the processing systems of Currys PC World and Dixons Travel stores. The original announcement put the figures at an attempted theft of the details of 5.9 million credit and debit cards, with only 105,000 cards without chip-and-pin protection being leaked, and an estimated 1.2 million personal data records being accessed / compromised.

Millions More

This latest shocking announcement puts the number of customers thought to be affected at 10 million!

Dixons Carphone has apologised to customers, and has offered an assurance that the company is fully committed to making their personal data safe.

No Bank Details & No Fraud

Despite the large numbers of customers affected by the breach, Dixons Carphone has been quick to point out that no bank details were taken, and it has found no evidence that fraud had resulted from the breach.

Working With Cyber-Security Experts

The company has stated that it has been working hard with cyber-security experts since the breach and has put in further security measures to keep customer data safe in future.

The updated security measures taken have been reported to include closing off the unauthorised access, adding new (unspecified) security measures, and launching an immediate investigation.

Also, Dixons Carphone is reported to be in the process contacting all of its customers to apologise and advise on what steps they can take to protect themselves.

Other Woes

The massive data breach is one of many woes that the company has been experiencing in recent times. Back in May, it was announced that Dixons Carphone highlighted people not renewing their handsets as frequently and a declining market for long-term mobile contracts as 2 main reasons for the planned closure of 92 of its 700 stores. The company was forced to act after a warning that the next year’s profits could be down £82 million led to shares in the company falling 20.7%. Share values had already fallen by 30% over the previous 12 months,

Market commentators have noted that a fall in the value of the pound (in the wake of Brexit) has made mobile handsets more expensive. Also, technical innovation has slowed, giving shoppers less reason to update their phones, meaning that they have been hanging onto their current handsets for longer.

What Does This Mean For Your Business?

We’re getting so used to hearing about data breaches where millions of people have been affected that we’re in danger of accepting it as normal. It’s important to remember that all companies, particularly with GDPR now in place, have at least a legal responsibility to protect the personal data of their stakeholders to the best of their abilities.

All businesses must surely be aware that cyber-criminals are now using sophisticated and multi-level methods to find their way into whatever weaknesses they can find on a daily basis, and large, well-known companies with millions of customers (and millions of valuable customer details) are obviously going to be prime targets. We should be thinking, therefore, that a large company that is, no doubt, aware of the cyber threats in the business environment, allowing the details of over 10 million customers to be taken, and customers only finding out and receiving an apology a year later isn’t acceptable.

Data protection should now be a priority issue in the boardroom, and even though some companies may be going through difficult times financially, data protection is not an area where they can really afford to let their guard down. The damage to reputations, the loss of customers, and fines from the ICO can now be enough to threaten the existence of a business, and even without the moral and ethical perspective, this should be enough of a motivator to keep businesses pushing to stay at least one step ahead of today’s known cyber threats.

Fake News Crowding Threat Outlined

Posted on by Andy Miller

UK MPs in the Digital, Culture, Media and Sport Committee (DCMSC) have been investigating the challenges and potential threat to democracy posed by ‘fake news’ crowding out real news, and have published their findings in a “Disinformation and ‘fake news’: Interim Report”.

Difficult To Identify & ‘Crowding Out’ Real News

Tory MP Damian Collins made the news this week by highlighting one of the main challenges which is that people struggle to identify “fake news”, and the DCMSC reports focused on how this challenge has been capitalised on by those seeking to influence elections.

The government is also concerned that the sheer volume of disseminated misinformation / fake news is beginning to crowd our real news.

UK Legal Framework Not Fit To Cope

The main points of the report are that fake news poses a threat to democracy, that the UK legal framework is not currently fit to cope with it, and that action needs to be taken by the Government and other regulatory agencies to build resilience against misinformation and disinformation.

The DCMSC Report

The 89 page report which has been published online here https://publications.parliament.uk/pa/cm201719/cmselect/cmcumeds/363/363.pdf covers the issues of the definition, role and legal responsibilities of tech companies, data targeting, based around the Facebook, GSR and Cambridge Analytica allegations, Russian influence in political campaigns, SCL influence in foreign elections, and digital literacy (and how it should be made the fourth pillar of digital education alongside reading, writing and maths).

Background

Some of the more worrying examples of the influence of fake news and the interests of some of the players considered by the government committee included:

– Facebook and Cambridge Analytica’s harvesting and sharing of the personal data of 87 million people to influence the outcome of the US 2016 presidential election and the UK Brexit referendum.

-Political donor Arron Banks being accused of misleading MPs about his meetings with the Russian Embassy, and his walking out of an evidence session to avoid scrutiny on the topic.

-Facebook’s deployment of ‘Free Service’ in Burma (data-free Facebook access) which was found by the United Nations to have played a key role in stirring up hatred against the Rohingya Muslim minority in Rakhine State, partly because people could only access news and content via Facebook.

Social Media Companies Made Liable?

The report also contains a recommendation that social media companies should be defined by a new category i.e. not just a ‘platform’ nor a ‘publisher’, and should be made liable to act against harmful or illegal content appearing on their platforms.

Other Recommendations

Other recommendations made in the report include the need to update electoral law, a new tax on social networks could pay for digital literacy programmes in schools, the setting up of a code for political advertising on social media, greater transparency around online advertising, and a “digital Atlantic charter” to protect personal information and rights.

What Does This Mean For Your Business?

The business world is influenced by the political world, and vice versa. It is in the interests of businesses and governments that truly fake news is kept to a minimum and that certain parties (e.g. other nation states) aren’t allowed to exert significant influence on elections and referendums.

That said, states / governments around the world have for many years seen social media as a threat. Some governments have opted for a blanket blocking of social media whereas others have sought ways gain some control over it by focusing on its negative aspects and / or by seeking regulation or even back-door access to users. It seems, however, that some international actors have seen social media as an opportunity for influence (e.g. alleged Russian use of Facebook to influence the US election) and this, in turn, has now helped those governments who feel threatened by it e.g. by enabling them to discredit it as a legitimate news source, and thereby boost the credibility of their own state media.

Facebook has, after its involvement in the Cambridge Analytica scandal and the ‘Vote Leave’ campaign, played into the hands of those who would like to see it operated with greater regulation and control. Scandals like these have even helped the cause of world leaders such as President Trump, who appears able to simply say the phrase ‘fake news’ to counter any stories that could show him in a bad light, whether true or not.

Even our ‘real’ news is slanted in newspapers to reflect the views and allegiances of the owner newspaper, and it is commonplace, but accepted, that newspapers print some stories that are false / contain false information that they later simply issue an apology for, and carry on as normal.

Truth and trust are the victims of fake news, and just as governments are happy to focus on it as a threat and as a means to apply pressure to popular media that they can’t overtly control, they can also now see what a powerful tool and opportunity it can be as another tool for influence.

Facebook Favours Free Speech Over Fake News Removal

Posted on by Andy Miller

In a recent Facebook media presentation in Manhattan, and despite the threat of social media regulation e.g. from Ofcom, Facebook said that removing fabricated posts would be “contrary to the basic principles of free speech”.

Fake News

The term ‘fake news’ has become synonymous with the 2016 US general election and accusations that Facebook was a platform for fake political news to be spread e.g. by Russia. Also, fake news is a term that has become synonymous with President Trump, who frequently uses the term, often (some would say) to act as a catch-all term to discredit/counter critical stories in the media.

In essence, fake news refers to deliberate misinformation or hoaxes, manipulated to resemble credible journalism and attract maximum attention, and it is spread mainly by social media. Facebook has tried to be seen to flag up and clean up obvious fake news ever since its reputation was tarnished by the election news scandals.

What About InfoWars?

The point was made to Facebook at the media presentation by a CNN reporter that the fact that InfoWars, a site having been known to have published false information and conspiracy theories, has been allowed to remain on the platform may be evidence that Facebook is not tackling fake news as well as it could.

A Matter of Perspective

To counter this and other similar accusations, Facebook has stated that it sees pages on both the left and the right side of politics distributing what they consider to be opinion or analysis but what others, from a different perspective, may call fake news.

Facebook also tweeted that banning those kinds of pages e.g. InfoWars, would be contrary to the basic principles of free speech.

A Matter of Trust

Ofcom research has suggested that people have relatively little trust in what they read in social media content anyway. The research showed that only 39% consider social media to be a trustworthy news source, compared to 63% for newspapers and 70% for TV.

Age Plays A Part

Other research from Stanford’s Graduate School of Education, involving more than 7,800 responses from middle school, high school and college students in 12 US states focused on their ability to assess information sources. The results showed a shocking lack of ability to evaluate information at even as basic a level as distinguishing advertisements from articles. When you consider that many young people get their news from social media, this shows that they may be more vulnerable and receptive to fake stories, and their wide networks of friends could mean that fake stories could be quickly and widely spread among other potentially vulnerable recipients.

Although Facebook is known to have an older demographic now, many young people still use it, Facebook has tried to launch a kind of Facebook for children to attract more young users, and Facebook owns Instagram, partly as a means to try and mop up young users who leave Facebook. It could be argued, therefore, that Facebook, and other social media platforms have a responsibility to regulate some content in order to protect users.

What Does This Mean For Your Business?

Fake news stories are not exclusive to social media platforms as the number of retractions and apologies in newspapers over the years are a testament. The real concern has arisen about social media, and Facebook particularly, because of what appears (allegedly) to have been the ability of actors from a foreign power being able to use fake news on Facebook to actually influence the election of a President. Which party and President is in power in the US can, in turn, have a dramatic effect on businesses and markets around the world, and the opportunities that other foreign powers think they have.

Facebook is also busy fighting another crisis in trust that has arisen from news of its sharing of users’ personal data with Cambridge Analytica, and the company is focusing much of its PR effort not on talking specifically about fake news, but about how Facebook has changed, why we should trust it again, and how much it cares about our privacy.

Meanwhile in the UK, Ofcom chief executive Sharon White, has clearly stated that she believes that media platforms need to be “more accountable” in their policing of content. While this may be understandable, many rights and privacy campaigners would not like the idea that free speech could be influenced and curbed by governments, perhaps to suit their own agenda. The arguments continue.

Google Chrome’s New ‘Site Location’ Security Feature Activated

Posted on by Andy Miller

The new ‘Site Isolation’ security feature for Google’s Chrome browser has been switched on, and could protect users from log-in credentials theft.

Decade-Long History

The newly switched-on feature actually has a decade-long history in the making. It has been reported that Google invested those engineer-years, mostly in the last 6 years, and a lot of money in producing a DiD (defence-in-depth) feature, and what is a now essential defence against a prolific class of attack.

What Does Site Isolation Do?

It has recently been discovered that all modern chips / processors have security vulnerabilities in them that can contribute to the success of ‘data leakage’ attacks. These vulnerabilities, dubbed Spectre and Meltdown (Meltdown only on Intel chips), can be used by hackers to steal passwords or other confidential data from computers and mobile devices through popular web browsers like Chrome, Internet Explorer, Firefox, and Safari for Macs or iOS.

With Site Isolation enabled, each renderer process contains documents from a maximum of one site which means that all navigations to cross-site documents cause a switch in processes, and all cross-site iframes are put into a different process than their parent frame. This ‘isolation’ of the processes provides effective detection against data leakage attacks like Spectre, which means that the vast majority of Chrome users are now theoretically safer from this one kind of attack. It has also been reported that work is underway to protect against attacks from compromised renderers.

It Does Sap Some Memory

One of the trade-offs that Google has had to make to in order to make this feature effective is greater resource consumption. With Site Isolation on, there is a 10-13% total memory overhead in real workloads due to the larger number of processes. Google is reported to be working on trying to reduce the memory burden.

Even 10-13% is good compared to the 20% memory overhead that was being used when Chrome 63 debuted with Site Isolation.

Not Android Yet – But Soon

Site Isolation is scheduled to be included in Chrome 68 for Android but reports indicate that Google is still working on resource consumption issues before that can be rolled out.

What Does This Mean For Your Business?

The switching on of this feature is, of course, good news for businesses, as it is an additional, free way to strengthen cyber resilience against a popular kind of attack that could have serious consequences. This is of particular importance when businesses are trying to do everything possible to achieve and maintain compliance with GDPR.

Up until now, all businesses have heard is that all modern processors have security flaws in them, and that software patching is the only real answer. Back in May, another 8 flaws, in addition to Spectre and Meltdown, were discovered in processors, dubbed Spectre Next Generation (Spectre NB). At least the switching-on of this Chrome feature is one tangible step in the journey to patch these vulnerabilities before cyber-criminals manage to exploit them all. Hopefully, more, similar features will be introduced across other browsers in the near future.

Cambridge Analytica Re-Born

Posted on by Andy Miller

A new offshoot of Cambridge Analytica, the disgraced data analysis company at the heart of the Facebook personal data sharing scandal, has been set up by former members of staff under the name ‘Auspex’.

Old Version Shut Down

After news of the scandal, which saw the details of an estimated 87 million Facebook users (mostly in the US) being shared with CA, and then used by CA to target people with political messages in relation to the last US presidential elections, CA was shut down by its parent company SCL Elections. CA is widely reported to have ceased operations and filed for bankruptcy in the wake of the scandal.

Ethical This Time

Auspex, which (it should be stressed) is not just another version of CA, but is likely to carry on the same kind of data analysis work, has been set up by Ahmed Al-Khatib, a former director of Emerdata which was also set up after the Cambridge Analytica scandal. Mr Al-Khatib has been reported as saying that Auspex will use ethically based, data-driven communications with a focus on improving the lives of people in the developing world.

Middle East and Africa

The markets in the developing world that Auspex will initially be focusing on are the Middle East and Africa, and the kinds of ethical work that it will be doing, according Auspex’s own communications, are health campaigning and tackling the spread of extremist ideology among a disenfranchised youth.

Compliant

Auspex has been quick to state that it has made changes and that it will be fully compliant from the outset, thereby hoping to further distance itself from its murky origins in CA.

Personnel

One thing that is likely to attract the attention of critics is that, not only is Mark Turnbull, the former head of CA’s political division the new Auspex Managing Director, but that the listed directors of the new company include Alastair Harris, who is reported to have worked at CA, and Omar Al-Khatib is listed as a citizen of the Seychelles.

What Does This Mean For Your Business?

The Cambridge Analytica and Facebook scandal is relatively recent, and the ICO have only just presented their report about the incident. For many people, it may not feel right that personnel from Cambridge Analytica can appear to simply set up under another name and start again. Critics can be forgiven for perhaps not trusting statements about a new ethical approach, especially since Mark Turnbull appeared alongside former CA chief executive Alexander Nix in an undercover film by Channel 4, where Nix gave examples of how his company could discredit politicians e.g. by setting up encounters with prostitutes.

The introduction of GDPR has brought the matters of data security and privacy into sharp focus for businesses in the UK, and businesses will be all too aware of the possible penalties if they get on the wrong side of the ICO.

In the case of the Facebook / Cambridge Analytica scandal, the ICO has recently announced that Facebook will be fined £500,000 for data breaches, and that it is still considering taking legal action against CA’s company’s directors. If successful, a prosecution of this kind could result in convictions and an unlimited fine.

12 Russian Intelligence Officers Charged With Election Hacking

Posted on by Andy Miller

Even though, in an interview this week, President Trump appeared to absolve Russia of election interference (since retracted), the US Department of Justice has now charged 12 Russian intelligence officers with hacking Democratic officials in the 2016 US elections.

The Allegations

It is alleged by the US Justice Department that, back in March 2016, on the run-up to the presidential election campaign which saw Republican Donald Trump elected as president, the Russian intelligence officers were responsible for cyber-attacks on the email accounts of staff for Hillary Clinton’s Democrat presidential campaign.

Also, the Justice Department alleges that the accused Russians corresponded with several Americans (but not in a conspiratorial way), used fictitious online personas, released thousands of stolen emails (beginning in June 2016), and even plotted to hack into the computers of state boards of elections, secretaries of state, and voter software.

No Evidence Says Kremlin

The Kremlin is reported to have said that it believes there is no evidence for the US allegations, describing the story as an “old duck” and a conspiracy theory.

32, So Far

The latest allegations are all part of the investigation, led by Special Counsel Robert Meuller, into US intelligence findings that the Russians allegedly conspired in favour of Trump, and that some of his campaign aides may have colluded.
So far, 32 people (mostly Russians) have been indicted. 3 companies and 4 former Trump advisers have also been implicated.

Trump Says…

President Trump has dismissed allegations that the Russians help put him in the White House as a “rigged witch hunt” and “pure stupidity”.

In a press conference after his meeting with Russian President, Vladimir Putin in Helsinki, President Trump, however, caused shock and disbelief when asked whether he thought Russia had been involved in US election interference, he said “I don’t see any reason why it would be”.

He has since appeared to backtrack by saying that he meant to say “wouldn’t” rather than “would”, and that he accepts his own intelligence agency’s findings that Russia interfered in the 2016 election, and that other players may have been involved too.

What Does This Mean For Your Business?

Part of the fallout of constant struggle between states and super-powers are the cyber attacks that end up affecting many businesses in the UK. Also, if there has been interference in an election favouring one party, this, in turn, affects the political and economic decisions made in that country, and its foreign policy. These have a knock-on effect on markets, businesses and trade around the world, particularly for those businesses that export to, import from, or have other business interests in the US. Even though, in the US, one of the main results of the alleged electoral interference scandal appears to have been damaged reputations and disrupted politics, the wider effects have been felt in businesses around the world.

These matters and the links to Facebook and Cambridge Analytica have also raised awareness among the public about their data security and privacy, whether they can actually trust corporations with it, and how they could be targeted with political messages which could influence their own beliefs.