A destabilizing penetration and leakage operation hits Moldova

she was A truly busy week for the tech industry as new details emerged about the collapse of cryptocurrency exchange FTX and Elon Musk fired a growing number of Twitter employees from the company. Cryptocurrency trackers have been scrambling to make sense of what happened to the nearly half a billion dollars in cryptocurrency that was pulled from FTX last weekend. It seems that some of it may have been seized by government authorities in the Bahamas, but the mystery is still being unraveled.

Meanwhile, the wheels were increasingly coming off the bus on Twitter. Earlier this week, for example, some users did not receive biometric two-factor authentication codes sent via SMS, and it’s unclear if the issue has been fully resolved. Short of staff and plenty of disruptions, we took a look at the implications if Twitter suffered a massive data breach or other major security attack at this perilous moment.

New research suggests that telehealth websites often put addiction patients’ data at risk, with tracking technology behind websites focused on drug use. And we have the fourth part of the “The Hunt for the Dark Web’s Biggest Kingpin” series, which chronicles the ups and downs of the AlphaBay dark web marketplace. This installment tells how law enforcement agents of the Dutch National High-Tech Crime Unit have taken over the management of the Hansa dark web marketplace and track US and Thai police as they approach AlphaBay’s leader, Alpha02, about to attempt a dramatic arrest.

But wait there’s more! Each week, we highlight news we haven’t covered ourselves in-depth. Click on the titles below to read the full stories. And stay safe there.

A major hack and leak in Moldova exposed alleged Telegram correspondence of at least two politicians, leading to scandal and allegations of corruption. The “Moldova Leaks” website also threatened to publish more data on government officials and politicians. The site has published alleged messages from Moldova’s Minister of Justice, Sergio Litvinenko, and Defense and National Security Adviser to President Doreen Resin in the past two weeks. Some conversations suggest other Moldovan officials have won fraudulent elections or been improperly installed in office, and the leaks seem specifically aimed at undermining anti-corruption officials. The pro-Russian political opposition in Moldova was quick to publish allegations based on the leaks that Litvinenko, Resyan and others should be removed from office.

Moldova’s Ministry of Justice said the leaked data had been stolen, but added that some of it had been tampered with. Litvinenko and other Moldovan government officials said Russia was behind the operation. “The purpose of this fake is to distract the public from the real problems faced by criminal groups in the Republic of Moldova and their connections with foreign services,” Litvinenko wrote on Facebook. at the end of october, Washington Post She mentioned the efforts of the Russian security agency FSB to undermine the pro-European government of Moldova.

Google will pay a total of $391.5 million to 40 US states after an investigation into the tech giant’s user location tracking practices. The investigation, a collaboration of state attorneys general, looked at whether Google deceived users and obscured its location-tracking activities. “Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers,” Oregon Attorney General Ellen Rosenblum said. Washington Post. “We settled an investigation with 40 US attorneys general based on outdated product policies that we changed years ago. In addition to the financial settlement, we will be making updates in the coming months to provide greater controls and transparency over location data,” Google wrote in a blog post about the agreement on Monday. .

Thousands of mobile apps in Google Play and the Apple App Store include code modules from a company called Pushwoosh that claims to be based in Washington, D.C., but Reuters reports is actually in Russia. The Centers for Disease Control and Prevention has integrated Pushwoosh code into seven of its public apps and removed the service after learning of the Reuters findings. The CDC said it was misled about the location of Poochoosh’s headquarters. In March, the US Army also removed an app used by soldiers at a prominent US combat training base because it contained Pushwoosh code. In US marketing materials and regulatory filings, the company claims to be based in California, Maryland, or DC, but in reality it pays taxes in Russia and is headquartered in Novosibirsk, Siberia. The company appears to have had approximately 40 employees and reported revenue of 143,270,000 rubles (about $2.4 million) in 2021. Although it is unclear whether Pushwoosh abused its position in applications distributed in the United States or in Elsewhere, the Russian government has a proven track record of conducting “software supply chain” intelligence gathering as well as devastating attacks on its enemies.

Data and privacy regulators in Norway, France and Germany have all warned that World Cup attendees should not download the Qatar World Cup apps or do so on a wiped device if necessary. Officials warn that the apps are invasive, collecting far more data than they should and more than they claim in their privacy policies. “An app collects data on whether and what number a phone call will be made,” the German Data Protection Commission said in an alert this week. “The other app is preventing the device it is installed on from going to sleep. It is also clear that the data used by the apps not only stays locally on the device but is also transmitted to a central server.” The World Cup events start this weekend.