We round up the week’s most important cybersecurity news.
- In Russia, the main Tor site has been blocked and access to the network is restricted.
- Julian Assange, founder of WikiLeaks, could still be extradited to the United States.
- A bill to scrap remote electronic voting was submitted to the State Duma.
In Russia, the main Tor site was blocked and access to the network continued to be restricted
Since early December, researchers and users have been reporting issues accessing the Tor network within Russia. According to experts, the blocking is carried out by internet service providers and mobile operators, using equipment ТСПУ.
Later Roskomnadzor sent a letter to the Tor Project, which runs the Tor network, demanding the removal of certain information on the main page of torproject.org that is prohibited in Russia. The agency did not specify what information.
Subsequently the site was added to the register of prohibited sites on the basis of a 2017 Saratov court ruling.
The Tor Project team, in response to the blocks, urged the use of ‘bridges’. According to project representatives, residents of Russia account for 15% of all users.
On December 9, Roskomsvoboda specialists reported a temporary halt to the blocks, but they were later resumed.
A UK court has granted the extradition of Julian Assange to the United States
The BBC reports that a UK court has granted the extradition of WikiLeaks founder Julian Assange to the United States.
The case was returned to the Westminster Magistrates’ Court, which had originally considered extradition.
Earlier the United States declined the extradition request due to concerns about the potential suicide risk for the WikiLeaks founder if held in harsh prison conditions. The American side has since convinced the court that the confinement terms would not be harsh.
The defence plans to appeal the decision.
Life360 location-tracking app accused of selling data
Former Life360 employees said the service sells collected data “to virtually anyone who wants to buy it.” The Markup reported this.
Life360’s user base numbers more than 33 million users. The service is most commonly used by parents to track their children’s whereabouts.
According to former employees, the company is one of the largest data sources for brokers who resell geolocation information to clients. Before selling, Life360 removed only some user information, such as names, but the shared data could reveal identities, according to The Markup’s investigation.
Life360 CEO Chris Hulls said the company could not confirm or deny the investigation’s findings.
NSO Group spyware hack of US State Department phones
An unknown hacker hacked the iPhones of at least nine US State Department staff using spyware from the Israeli company NSO Group, Reuters reports.
The targets included American officials working in Uganda.
NSO Group said it would investigate the incident. If confirmed, the company would terminate its engagement with the client that used the spyware.
Earlier reports by several media outlets in July indicated that Pegasus spyware from NSO Group had been used to surveil human rights defenders, journalists, and politicians worldwide by hacking iPhone and Android devices.
In November Apple filed suit against the company and sought to bar its products from accessing its devices.
In Russia, a bill to scrap remote electronic voting was introduced
Communist Party deputies submitted to the State Duma a bill proposing to scrap remote electronic voting (DEG) in Russia.
Authors of the initiative note that many experts cited during the use of DEG in the September State Duma elections numerous ‘ballot stuffing’ incidents, technical glitches, lack of access to the data server, and the fact that the keys to the DEG system were held only by officials of the executive authorities.
In the explanatory note to the bill, it also states that the DEG electoral commission has lost control over the voting, had no ability to verify the legality of ballot issuance or the accuracy of the vote count:
“Members of the commission could not determine that the messages recorded on the blockchain were exactly those coming from voters. They lacked the resources to assess the correctness of decrypting voters’ will, the accuracy of the tally, and to determine how voters use the deferred voting feature.”
As reported, during the September State Duma elections two blockchain systems were used. In Sevastopol, Kursk, Nizhny Novgorod, Yaroslavl, Murmansk and Rostov regions online voting was conducted on platforms from Rostelecom and Waves Enterprise by order of the Central Election Commission (CEC); in Moscow—on a platform from DIT. The latter had previously been criticised by experts.
Mitto co-founder suspected of selling data for surveillance
Co-founder and chief operating officer Ilya Gorelik of Swiss firm Mitto sold access to Mitto’s networks to technology firms specializing in surveillance and providing services to government agencies in several countries, Bloomberg and the Bureau of Investigative Journalism report, citing former employees.
Mitto is a major provider of automated text messages, including security codes for logging into platforms and passwords.
According to Bloomberg and the Bureau, surveillance of people was carried out through a vulnerability in the SS7 telecommunications protocol.
In response to the publication, Swiss authorities began an investigation into the company.
Also on ForkLog:
- Hackers drained more than $150 million from BitMart hot wallets.
- Google accused two Russians of creating a botnet for covert cryptocurrency mining.
What to read this weekend?
In 2021, Russia enacted a law obliging social networks to identify and block content containing information illegal on Russian soil. Lawyers told ForkLog what counts as such information and how this law changes things.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.