The G7 summit itself will take place in Bavaria’s Scholls Elmau Castle from Sunday through Tuesday. After the meeting concludes, leaders of the 30 countries in the NATO alliance will then gather for their annual summit, which is being held Wednesday through Thursday in Madrid, Spain.
Fairytale venue with dark past for G7 summit in Germany
Demonstration Alert – U.S. Consulate General Munich (June 23, 2022)
Location: Munich
Event: G7 Leaders’ Summit: security measures and possible demonstrations
The G7 Leaders’ Summit will take place from June 26-28, at Schloss Elmau near Garmisch-Partenkirchen. German authorities have implemented heightened security measures in the vicinity of the conference and in locations of expected rallies. Access areas around the meeting site will be restricted. Expect security checkpoints, road closures, and traffic disruptions in the vicinity. The Bavarian Police have information on their website (German only) about what to expect in terms of Routes between Munich city center and the airport, and the connection from Munich to Garmisch-Partenkirchen and Mittenwald may be particularly affected.
Protests and demonstrations related to the G7 Summit are expected in both downtown Munich and areas near Garmisch-Partenkirchen. Although these are intended to be peaceful, even peaceful demonstrations can turn confrontational and possibly escalate to violence. We advise U.S. citizens to take common-sense precautions and avoid areas around protests and demonstrations.
Actions to Take:
Avoid areas of demonstrations.
Exercise caution if unexpectedly in the vicinity of large gatherings or protests.
"Today's decision deprives millions of people of afundamental right, and also underscores the importance of fair and meaningful protections for data privacy. Everyone deserves to have strong controls over the collection and use of information they necessarily leave behind as they go about their normal activities, like using apps, search engine queries, posting on social media, texting friends, and so on. But those seeking, offering, or facilitating abortion access must now assume that any data they provide online or offline could be sought by law enforcement.
People should carefully review privacy settings on the services they use, turn off location services on apps that don’t need them, and use encrypted messaging services. Companies should protect users by allowing anonymous access, stopping behavioral tracking, strengthening data deletion policies, encrypting data in transit, enabling end-to-end message encryption by default, preventing location tracking, and ensuring that users get notice when their data is being sought. And state and federal policymakers must pass meaningful privacy legislation. All of these steps are needed to protect privacy, and all are long overdue."
Tools from EFF's Tech Team
PAGE
Tools from EFF's Tech Team
EFF’s team of technologists and computer scientists engineers solutions to the problems of sneaky tracking, inconsistent encryption, and more. Where users face threats to their privacy and security online, EFF’s technology tools are there to defend them.
For those with design, programming, and/or security skills, volunteering to dig into the code is an even more direct way to contribute to these projects.
Even with invaluable volunteer help, keeping EFF’s tech projects running smoothly for the millions of users who rely on them requires serious development and maintenance. Please consider making a donation to support our technology projects work:
HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
Privacy Badger is an install-and-forget browser add-on that stops advertisers and trackers from secretly tracking where you go and what pages you look at on the web.
Surveillance Self-Defense is EFF's online guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.
The Atlas of Surveillance is a searchable database and map that reveals which technologies, such as drones and automated license plate readers, are used by domestic law enforcement agencies across the United States.
Crocodile Hunter is a tool to detect and find so-called “Stingrays” or “IMSI Catchers,” devices that identify an individual mobile phone in a crowd by mimicking a cell phone tower.
"All of us seeking to defend policies that support bodily autonomy must be ready to meet them with all we have."
The Guttmacher Institute is a leading research and policy organization committed to advancing sexual and reproductive health and rights (SRHR) worldwide
Vision
The Guttmacher Institute envisions a future in which all people can realize their rights and access the resources they need to achieve sexual and reproductive health. This vision is aligned with a progressive and evidence-based definition of SRHR, grounded in human rights, which holds that sexual and reproductive health is not merely the absence of disease, dysfunction or infirmity but a state of physical, emotional, mental and social well-being in all aspects of sexuality and reproduction.
Anti-abortion ideologues on the US Supreme Court just explicitly overturned Roe v. Wade.
The decision will have enormous consequences for pregnant people across a wide swath of US states, who will now find it extremely difficult—and in many cases impossible—to get the care they want and need. Marginalized communities will be hit the hardest by this far-reaching decision.
“The US Supreme Court has taken the radical step of overturning Roe v. Wade outright, thus unleashing uncertainty and harm onto people asking for nothing more than to exercise their fundamental right to bodily autonomy.
“Roe v. Wade was under attack since the moment it was decided in 1973. While imperfect in its ability to protect reproductive rights, as evidenced by the steady erosions of these rights in many states, Roe enabled tens of millions of people in the United States to decide their own future and protect their well-being.
“Without Roe, 26 states are certain or likely to ban abortion to the fullest extent possible, including 13 states that have “trigger” laws in place that will automatically enact bans—some within days or even hours of today’s decision.
“Decades of research consistently show that abortion bans and restrictions don’t reduce unintended pregnancy or demand for abortion, and they certainly do not help people improve their health. Rather, they impose significant hurdles to obtaining care, causing stress for people in need of abortion and leading some to experience forced pregnancy and all its troubling consequences.
“Evidence also shows the disproportionate and unequal impact abortion restrictions have on people who are already marginalized and oppressed—including Black and Brown communities, other people of color, people with low incomes, young people, LGBTQ communities, immigrants and people with disabilities.
“This decision comes when the need for abortion is actually growing in the United States. The 930,000 abortions obtained across the country in 2020 represent the first sustained increase in abortion in almost three decades—and more than one in three of these abortions were obtained in states that are now certain or likely to ban abortion.
“Our hearts go out to the patients and providers seeking a path forward. We are grateful for abortion funds, practical support groups and many others who have been hard at work to help individuals needing an abortion overcome the many financial and logistical hurdles they face.
“While much has been lost today, the fight is far from over. The anti-abortion movement is already pushing for a national abortion ban.
Anti-abortion ideologues on the US Supreme Court just explicitly overturned Roe v. Wade.
The decision will have enormous consequences for pregnant people across a wide swath of US states, who will now find it extremely difficult—and in many cases impossible—to get the care they want and need. Marginalized communities will be hit the hardest by this far-reaching decision.
“The US Supreme Court has taken the radical step of overturning Roe v. Wade outright, thus unleashing uncertainty and harm onto people asking for nothing more than to exercise their fundamental right to bodily autonomy.
“Roe v. Wade was under attack since the moment it was decided in 1973. While imperfect in its ability to protect reproductive rights, as evidenced by the steady erosions of these rights in many states, Roe enabled tens of millions of people in the United States to decide their own future and protect their well-being.
“Without Roe, 26 states are certain or likely to ban abortion to the fullest extent possible, including 13 states that have “trigger” laws in place that will automatically enact bans—some within days or even hours of today’s decision.
“Decades of research consistently show that abortion bans and restrictions don’t reduce unintended pregnancy or demand for abortion, and they certainly do not help people improve their health. Rather, they impose significant hurdles to obtaining care, causing stress for people in need of abortion and leading some to experience forced pregnancy and all its troubling consequences.
“Evidence also shows the disproportionate and unequal impact abortion restrictions have on people who are already marginalized and oppressed—including Black and Brown communities, other people of color, people with low incomes, young people, LGBTQ communities, immigrants and people with disabilities.
“This decision comes when the need for abortion is actually growing in the United States. The 930,000 abortions obtained across the country in 2020 represent the first sustained increase in abortion in almost three decades—and more than one in three of these abortions were obtained in states that are now certain or likely to ban abortion.
“Our hearts go out to the patients and providers seeking a path forward. We are grateful for abortion funds, practical support groups and many others who have been hard at work to help individuals needing an abortion overcome the many financial and logistical hurdles they face.
“While much has been lost today, the fight is far from over. The anti-abortion movement is already pushing for a national abortion ban. All of us seeking to defend policies that support bodily autonomy must be ready to meet them with all we have. We must protect abortion rights and access in as many states as possible and achieve federal legislation to ensure that anyone, anywhere who needs an abortion can get one freely and with dignity.”
Anti-abortion ideologues on the US Supreme Court have overturned Roe v. Wade and there will be enormous consequences for people seeking abortion care in many states. Our experts predict that 26 states are certain or likely to ban abortion without federal protections under Roe, including 13 with laws set to be triggered quickly. New Guttmacher research also shows the need for abortion in the United States is rising just as access is about to shrink drastically
CafePress knew that it had data security problems even before the 2019 breach since, according to FTC's complaint, the company found out that some of its shopkeepers' accounts had been compromised since at least January 2018.
Instead of informing them of the incidents, CafePress closed their accounts and charged each of them a $25 account closure fee.
Several malware infections also impacted the company's network before the 2019 security breach, and CafePress, once again, failed to investigate the attacks.
When it announced the complaint in March, the FTC claimed that CafePress "misled users by using consumer email addresses for marketing despite its promises that such information would only be used to fulfill orders consumers had placed."
CafePress fined $500,000 for breach affecting 23 million users
The U.S. Federal Trade Commission (FTC) has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data.
As the consumer protection watchdog explained in a complaint from March 2022, Residual Pumpkin Entity stored its customers' Social Security numbers and password reset answers in plain text and longer than necessary.
The company also failed to apply available protections and respond to security incidents. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.
According to the finalized order, on top of paying a $500,000 fine, Residual Pumpkin and PlanetArt (CAfePress' new owner) have to implement multi-factor authentication, minimize the amount of collected and retained data, and encrypt all stored Social Security numbers
CONTEXT:
Failures to investigate attacks and report breaches
CafePress knew that it had data security problems even before the 2019 breach since, according to FTC's complaint, the company found out that some of its shopkeepers' accounts had been compromised since at least January 2018.
> Instead of informing them of the incidents, CafePress closed their accounts and charged each of them a $25 account closure fee.
Several malware infections also impacted the company's network before the 2019 security breach, and CafePress, once again, failed to investigate ...
After a February 2019 breach of CafePress' servers, unknown attackers gained access to, exfiltrated, and later put up for sale on the dark web personal information belonging to 23,205,290 CafePress users, including:
millions of email addresses and passwords with weak encryption;
millions of unencrypted names, physical addresses, and security questions and answers;
more than 180,000 unencrypted Social Security numbers;
and tens of thousands of partial payment card numbers and expiration dates.
> CafePress allegedly tried to cover up this massive data breach and didn't notify any affected individuals until September 2019, one month after BleepingComputer reported the breach. However, some users were made aware of the incident after receiving notifications from Troy Hunt's Have I Been Pwned service.
At the time, CafePress did not reply when BleepingComputer reached out for more information and did not issue a statement regarding the breach.
The only sign that something was wrong was that its users were forced to reset their password when logging in (with no mention of the data breach). . ."
Cyber threats to critical infrastructure represent a significant economic challenge. Although cyber incident costs are paid in part by the private cyber insurance market, growing cyber threats have created uncertainty in this evolving market.
Businesses risk ‘catastrophic financial loss’ from cyberattacks, US watchdog warns. . . Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks
The Further Consolidated Appropriations Act, 2020, includes a provision for GAO to study cyber risks to U.S. critical infrastructure and available insurance for these risks. This report examines the extent to which
(1) cyber risks for critical infrastructure exist;
(2) private insurance covers catastrophic cyber losses and Terrorism Risk Insurance Program -TRIP - provides a backstop for such losses; and (3) cognizant federal agencies have assessed a potential federal response for cyberattacks.
Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks
GAO-22-104256 Published: Jun 21, 2022. Publicly Released: Jun 21, 2022.
The US defence contractor L3Harris is in talks to take over NSO Group’s surveillance technology, in a possible deal that would give an American company control over one of the world’s most sophisticated and controversial hacking tools.
Multiple sources confirmed that discussions were centred on a sale of the Israeli company’s core technology – or code – as well as a possible transfer of NSO personnel to L3Harris.
If anyone has any objections, speak now or forever… well, actually there are already objections.
The US federal government has some, namely the sanctions it placed on NSO Group (and competitor Candiru) last November.
In a statement, a senior White House official said: “Such a transaction, if it were to take place, raises serious counterintelligence and security concerns for the US government.”
Those are still in place and that would seem to suggest L3Harris (the company resulting from the merger of Stingray manufacturer Harris Corporation and defense contractor L3 Technologies) can’t actually make this purchase.
Unfortunately, the statement given to the Guardian suggests the White House may not actually be able to stop the purchase from taking place.
In an email to Gizmodo, a senior White House official said that the government “opposes” the circumvention of U.S. sanctions. “The U.S. Government, and the White House specifically, has not been involved in any way in this reported potential transaction,” said the official. “While we can’t speak to this particular report, the U.S. Government opposes efforts by foreign companies to circumvent U.S. export control measures or sanctions, including placement on the U.S. Department of Commerce’s Entity List for malicious cyber activity.”
The White House will oppose this acquisition but there might be an exploitable loophole in the sanctions. Being acquired by an American company won’t remove NSO from the sanctions list, but it would force the federal government to jump through a bunch of hoops (and, presumably, face litigation) to ensure its sanctions are valid and address actual threats to US entities, including other defense contractors whose offerings might be targeted by foreign purchasers of NSO malware.
What might make it less objectionable (and more likely to result in lifted sanctions) is L3Harris’s customer list, which is largely composed of countries and government entities the US government likes, rather than the sprawling list of human rights violators NSO sold to.
Depending on the make and model, stingrays may be used just to track cell phone locations, or they may also intercept live phone calls, read outgoing text messages, or scramble nearby cell phone signals. Stingrays vary in size, are often referred to as roughly the size of a suitcase, and are often carted along in either the trunks of police cars or, as is the case with the U.S. Marshals service, flown in planes to search for individual phones. And they’re everywhere. Almost by definition, it’s impossible paint a comprehensive look at stingrays in the U.S. That’s largely due to the fact that, as the FBI has testified in an affidavit, the devices came with nondisclosure agreements and police departments and agencies often promise the FBI to never admit they have such devices. According to a 2014 memo uncovered by the investigative journalism nonprofit Oklahoma Watch, the FBI has instructed local police to use stingrays for “LEAD PURPOSES ONLY,” and states that they “may not be used as primary evidence in any affidavits, hearings or trials.” “The big concern with stingrays is we still don’t know exactly how they’re used and where they’re used,”Jennifer Lynch, an attorney at the Electronic Frontier Foundation who specializes in privacy and civil liberties, told Vocativ.That secrecy means it’s impossible for the public to know, at the moment, exactly how many stingrays are out there.
But thanks to law enforcement purchase orders unveiled by Freedom of Information Act requests from the ACLU,FOIA journalism nonprofit MuckRock, and the Center for Human Rights and Privacy, as well as news reports from investigative reports at local news outlets around the country, Vocativ compiled all known stingray purchase orders across the country. The result is that state, county, and local police departments have acquired, between 2001 and 2015, a minimum of 124 stingrays (Additional stingrays are owned by federal agencies, more on that later). We’ve made the raw data available here.
The Florida-based Harris corporation, which creates the vast majority of known law enforcement stingrays, trademarked its original StingRay device in 2003. But it wasn’t until after the 2007 or 2008 release of the StingRay II, which included a GPS antennae to upgrade its phone location tracking, that the devices began really spreading across the country. More information how these networks work [about 30 minutes]
There’s little doubt that the number of stingrays is only going to increase. Thanks to a major report ordered by the House Oversight Committee and released in December, the public now has insight into how many stingrays have been purchased by federal agencies. In total, there were 347, with the FBI purchasing 194 between 2011 and 2014 alone. ========================================================================
That could be something that allows the acquisition to take place with the federal government’s tentative blessing, if the company agrees to trim its customers list down to the US government’s preferred customer list.
Even if it may somewhat whitewash NSO’s reputation, this merger shouldn’t be welcomed by anyone. It adds the abuses of cell tower simulator technology to the abuses of powerful cell phone-compromising exploits. When a single product can force phones to connect with it in order to deploy malware, the abuses observed to date are going to look pretty mild.
Beyond the theoretical combinations of phone-targeting tech, there’s no reason an American company should willingly get in bed with a company currently facing sanctions from the US government. But NSO’s powerful malware may be too tempting to ignore, especially when Harris has played fast and loose with export regulations in the past. Hopefully, this acquisition will remain what it is now: merely one of several possible outcomes."
NOTE: For now, Israel's state services and citizens that use them appear enslaved to this rogue operation and unable to find an easy way to stop it. The state should have ensured the security of the online platform before launching it.
According to Akamai, that has been following the situation, the fertile ground for the bot was created by a backlog of over 700,000 passport applications on the Ministry of the Interior, resulting from the lifting of travel restrictions to allow a post-pandemic travel boom. . .
Scalper bots out of control in Israel, selling state appointments
Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.
The bot's operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company. . .
As the bot was made publicly available for everyone to benefit, malicious actors grabbed it and modified its functions to scalp all the available appointments.
The unethical individuals who operated the rogue bot set up a Telegram group and offered "instant appointments," even giving special discounts for those who bought two.
Bot's Telegram (Akamai)
Discussion with bot's support agent(Akamai)
The sellers of the appointments present themselves as well-meaning developers who want to help people, but in reality, they are making it even harder for people to get appointments that are meant to be free.
Hard to stop
Putting the genie back in the bottle isn't straightforward now, as the state would have to scrap the current online platform, cancel many legitimate appointments, and generally create a highly problematic situation.
MyVisit attempted to stop the scalpers by adding CAPTCHA on the booking page, but the bot developers bypassed this step in a couple of days by adding CAPTCHA solving functionality.
"To beat today's modern bots, much more advanced measures are utilized by bot management products," comments Akamai.
"Device fingerprinting and behavioral analysis are combined with machine learning models, fed with billions of daily requests to detect trends and anomalies."
. . .If you live in the country, note that purchasing appointments via this illegal channel gives the operators an incentive to continue and even expand to more critical areas like hospital appointments, for example.
/cdn.vox-cdn.com/uploads/chorus_image/image/71008172/akrales_220309_4977_0079.0.jpg)
