Freezenet’s Official Podcast: July 2019: Your Security Is a Hack Magnet Drew Wilson | August 14, 2019 In this ninth episode of the Freezenet official podcast, “Your Security Is a Hack Magnet”, we check out the news and reviews for the month of July. Welcome to the public version of the ninth episode of the Freezenet official podcast for July 2019. This month’s episode is entitled “Your Security Is a Hack Magnet”. The title is inspired by the numerous security stories we’ve covered this month. This month, we cover the dramatic events taking place in Australia where authorities used the anti-encryption laws to conduct police raids on journalists. We also cover the massive hack that hit several cell phone networks. In addition, we cover the DMCA takedown notices targeting Ferry Corsten on YouTube. This month’s episode also covers all the usual game and music reviews. Also, we even mention the story about optics and Deustche Bank. All this and more in this months episode. You can check out our official podcast on Soundcloud or take a listen below: A transcript (and Easter Egg) follows: Intro Your security’s a hack magnet (your database is gonna have it) Hi, I’m your host, Drew Wilson. Welcome to the 9th episode of the Freezenet official podcast for July 2019. Here are your top 3 headlines: The Top 3 No question what was the top story this month: Australia uses anti-encryption laws to conduct police raids on journalists in the country Coming in at number 2: Hackers break into 10 cell phone networks, stealing call logs from around the world Finally in at number 3: The push for Internet censorship in Canada has been stalled Top Stories First, we gotta cover the big tech news story that has a lot of people talking. After passing the anti-encryption laws, things took a frightening turn for the worst in Australia. At first, it seemed like a big part of the story was going to be about the innovation and investment exodus happening in the country. Australian cloud computing company, Vault, is noting that foreign companies, even companies based in China and Russia, are pulling investment from the country. They say that it’s a perceived compliance burden. Multinational companies are assessing the media headline tests and moving operations offshore to sidestep the anti-encryption laws. While that is quite the dramatic account of what is happening within the country, no one could have predicted just how much worse things were going to get. Later on in the month, police conducted raids against multiple journalists in multiple properties. Pictures surfaced of authorities riffling through people’s computers and seizing documents. One of the companies targeted is the Australian Broadcast Corporation (or ABC). The reason the raid even took place in the first place is because authorities were able to side-step journalistic protections afforded to journalists. This is thanks to the anti-encryption laws. The government was after journalist’s sources that resulted in stories about politically sensitive topics. Journalism organization Reporters Without Borders slammed the developments. The organization said that the actions taken by the government pose a “grave threat” to investigative journalists and their sources. They went on to describe what happened with this description: “In a scene that might be expected in an authoritarian country but not in a democracy, six federal officers entered the ABC building this morning and began examining computers, email accounts and data storage devices under a warrant authorizing them to “add, copy, delete or alter” any content they find.” The organization went on to say that this activity needs to stop. The government, for it’s part, is not only not apologizing for their actions, but are also doubling down. Peter Dutton, the Home Affairs Minister, commented on the story, saying, “Nobody is above the law and the police have a job to do under the law” Meanwhile, News Corp and ABC said that, “the fate of our journalists remains unclear.” ABC also demanded that the actions taken against their journalists cease. Ultimately, what we are witnessing is a worst case scenario. Two months ago, the suggestion that the government would use these anti-encryption laws as a means to very publicly crack down on journalism would be considered so far fetched, that it would be difficult to even imagine. Now, we are seeing these events take place in stunning fashion. Now, turning to our second big story, hackers have systematically broken into more than 10 cell phone networks and obtained call logs on an unknown number of people. Lior Div, co-founder and chief executive of Cybereason described the hack as “massive-scale” espionage. Some people might look at this story and think, “Wow, who would have saw something this big coming?” While the size of this hack might not have been all that predictable, the fact that it happened has actually been something I’ve personally warned about for years even before Freezenet became a thing. The warning is this: if intelligence organizations are collecting personal information on a mass scale for surveillance, then it will be possible for unauthorized third parties to obtain such information as well. The reason is simply that because infrastructure is being put in place to gather such information, then hackers have a weak point they can attack. For most people, when I make that argument, the reaction is usually one of two: The first reaction I get is that this argument is weirdly out of left field and doesn’t really warrant further consideration. The other reaction is general dismissal because “authorities know what they are doing and, therefore, that is not something you have to worry about anyway.” In the years since, governments from around the world, not just in the United States, have implemented systems of collecting call records for the purpose of surveillance. Idea’s that hackers could hijack such systems barely, if ever, receive any second thought. Instead, critics simply target the idea that they are being surveilled without warrants and challenge this on a privacy level. This is not to say that this is a bad angle. In fact, it’s a perfectly reasonable angle to criticize these laws. However, it’s not the only one if you are a critic of dragnet surveillance. Sure enough, thanks to this hack, not only is this proven to be a perfectly valid argument, but it also has a very big real world example attached to it. If spy agencies see value in these call records, hackers no doubt will as well. Because of that, this issue of weakened security for the sake of easy surveillance will continue to dog warrantless wiretapping policies for years to come. Turning things over to Canada, the push for Internet censorship is facing even more roadblocks as the Industry Committee and the Heritage Committee butt heads. For those of you who are following the story of Internet censorship in Canada, some of this might ring a bell. This is actually the second attempt to push for Internet censorship in recent memory. The first attempt was through Canadian regulator, the CRTC. Lobbyists for major multinational corporations teamed up with ISPs to push for new censorship laws. The presence of ISPs really did surprise observers, but they, nevertheless, formed the FairPlay Coalition in an effort to crack down on free speech. Thankfully, the CRTC ultimately came to a logical conclusion and rejected the censorship proposal back in October of last year. Logic, of course, never stopped major record labels before, so the rejection only represented a delay in their proposed crackdown on free speech. They then relied heavily on the copyright review process to try and push for the dangerous censorship laws. The Heritage Committee set up their own consultation on the matter and almost exclusively invited lobbyists and people who support censorship. The committee then concluded that almost everyone agrees that we need to start censoring the Internet. The problem is that the Industry Committee earlier had their own consultations. Rather than cherry pick people with specific opinions on the matter, they, as Michael Geist noted, chose to hear from a broad range of stakeholders. Major record labels, studios, lawyers, digital rights advocates, law professors, and a whole bunch of others were invited to give their idea’s on what copyright should look like in the future. In response, the Committee issued their recommendations and found themselves to be cautious towards the idea of censoring the Internet. As a result, you have two different ministries butting heads over this. This is causing a bit of a bureaucratic stalemate on the issue for the time being. So, for now, Internet censorship isn’t moving forward very quickly, but you never know. Anything can happen in the copyright debates in Canada. We got a lot of other stuff happening here on Freezenet, so here are some of the other stories making news this month. Other Stories Making News This month, we brought you an exclusive report on trance DJ legend Ferry Corsten. EDM/District records issued multiple DMCA takedown notices against Corsten. The takedown notices were issued against him on YouTube for his radio show Corsten’s Countdown. Specifically, they targeted episodes 628 and 629. It’s unclear if other episodes were targetted. It’s also unclear whether or not this was an accidental takedown. Still, it does prove that anyone can be hit with a takedown notice no matter how legal, authorized, or legitimate the posting is. We reached out to Corsten for comment on the matter, but did not hear back. The UKs push to censor the Internet has hit a roadblock. Known often as the porn filter, UK ISPs would be obligated to censor any content that is seen as pornographic. After that, any website that wishes to become even remotely accessible in the country must submit to a process of managing people’s personal information. In turn, British people would have to purchase a so-called “porn pass” from a convenience store. In the process, they have to sign documents acknowledging the alleged “dangers” of accessing pornographic material. After years of attempting to implement these new laws, the government hit an embarrassing bureaucratic roadblock. The country apparently failed to inform the European Union that they were doing this. This setback means that the implementation process will take an additional 6 months to finalize. In a related story, UK digital rights organization, the Open Rights Group, has released the results of their research into Internet censorship. Data has been gathered through Blocked.org.uk, one of the organizations side-projects. That service allows users to check URLs against the censorship lists of various UK internet providers to determine if that site is censored. The organization concludes, “Blocking websites isn’t working. It’s not keeping children safe and it’s stopping vulnerable people from accessing information they need. It’s not the right approach to take on “Online Harms”.” Australia continues to prove that they are becoming a world leader in cracking down on Internet free speech. In 2014, the quest to censor the Internet started with any website which has a “primary purpose” of piracy. Those definitions then got expanded to any website with a “primary effect” of piracy. From there, fan sub websites started getting added to the censorship blacklists. After that, online conversion websites also got hit with censorship. Then, censorship started to meander into a different direction when competing retailers were being put on the censorship lists. Now, the next thing to get censored is “violent” content. With the definitions getting expanded so many times, who knows where the censorship creep will expand into next? Privacy concerns were once again raised in Canada. This in response to a proposal to convert part of Toronto into a so-called “SmartCity”. Google owned SideWalk Labs is making the proposition and saying that they will share some of the ensuing ad revenue as a result. Smart cities are known to incorporate mass surveillance with security camera’s, artificial intelligence, facial recognition software, and a whole lot more to track everyone’s movements. Often, the goal is to find new ways to advertise to people. Critics worry that their information will be tracked, but the resulting data may not be secure enough. While countries like Australia, the UK, and Germany are in various stages of the war on encryption, they are now not the only countries to do so in recent memory. The United States could be another country to join the war on encryption. Reports surfaced saying that high ranking officials in the Trump administration are discussing the idea of outlawing encryption authorities cannot break. Officials borrowed the Australian excuse of how the bad guys could be “going dark”. Australian’s have countered this, saying that if effective encryption is outlawed in the country, then those who are being targeted will simply utilize encryption from another country to circumvent the laws. This leaves only innocent civilians to suffer the consequences. The news about the US joining the war on encryption did receive pushback from various state departments and commerce sectors. DRM has once again reared its ugly head in the news. Microsoft is the latest company to announce that they will be shuttering their services, locking everyone out of their legitimately paid for material. In this case, Microsoft is shutting down its book selling services for good. As a result of this action, customers will be permanently locked out of the books they legally paid for. The only good news in all of this is the fact that Microsoft is going to be issuing refunds to customers. That will likely take some of the sting out of losing all of your purchases, but still shows why there is a danger in purchasing material encoded with DRM in the first place. There is a lot of carnage and mayhem on the security front as well this month. Social planning website eVite was hit by a data breach. In all, 10 million accounts have been potentially compromised. Hacker group MageCart claimed responsibility for that breach. MageCart wasn’t done yet. Shortly after that, food ordering service EatStreet was also hit with a data breach. In all, 6 million users were potentially compromised. Again, MageCart took responsibility for the breach. The theme of companies with green and white logo’s being hit with security incidences continued after that. Canadian insurance company Desjardins was also hit with a data breach. In all, 2.7 million customers had their information compromised. In that case, it is alleged that a disgruntled employee obtained the data on the way out the door. Dominion National also suffered from a data breach. While the exact number of people affected is unclear, the breach apparently took place for a period of a whopping 9 years. Only more recently was the breach detected. Cloud service Attunity suffered what is being described as a “keys-to-the-kingdom” data leak. In all, 1TB of data was exposed. Affected companies in this leak include Ford Motor company and TD Bank. The US Food and Drug Administration has been forced to issue a recall over insulin pumps. The medical implant devices were recalled due to an Internet of Things vulnerability. The software cannot be patched which is what led to the recall. Patients were advised to keep all devices connected to their pumps on their person at all times until the situation can be rectified. Smart Home maker SmartMate has suffered from a data leak. The leak is being blamed on an ElasticSearch server which has been leaking customer information. The National Revenue Authority, Bulgaria’s tax authority has been hacked. In all, 5 million civilians have been exposed. In a country with a population of 7 million, the hack is being considered the worst in the countries history. Not really surprising if roughly 71% of the entire population is affected by the breach. Marriott Hotels has received another fine as a result of their 2018 data breach. The breach itself saw 383 million people compromised. This month, the UK’s Information Commission Office fined the company £99 million. Marriott Hotels, for its part, said that they were disappointed by the outcome and will “vigorously defend” itself. Observers say that this fine is one of the first instances of the European General Data Protection Regulation showing its teeth. Finally, a survey conducted by Shred-It looked into how executives view data breaches and leaks. While most people have grown cynical that their information is protected, executives on the other hand, are effectively saying that they don’t know about breaches or they just don’t care. The study compliments another one where IT staff feel that the C-suite should take some responsibility over data leaks and breaches. Video Game Reviews Now, turning towards entertainment, here are this months video game reviews: Miner 2049er for the Atari 5200. Forgiving difficulty curve and decent graphics. So, this game gets a great 80%. Next up, we tried Kaboom! for the Atari 5200. A decent basic concept, but simple gameplay does hinder quality after a while. Because of this and more, this game gets a flat 58%. After that, we tried Buck Rogers: Planet Zoom for the Atari 5200. Good learning curve, though controls can be a bit awkward at times. Still, this game gets a solid 76%. Finally, we played Countermeasure for the Atari 5200. Clunky and buggy controls and unclear objectives end up hurting gameplay by quite a bit. So, this game gets a 54%. Music Reviews As for music we’ve listened to this month, we’ve got… Unit 93 – Trust No One (Full Length) Eric Clapton – Bad Love The Rolling Stones – Almost Hear You Sigh Christina Aguilera – Genie in a Bottle Midnight Oil – Blue Sky Mine Robert Plant – Hurting Kind (I’ve Got My Eyes on You) Billy Idol – Cradle of Love Bad Company – Holy Water The Qemists – Run You … and finally, DJ Eco Pres. Pacheco – Staring At The Sea (Masoud Remix) Picks of the Month So, that, leads us to our pick of the month. This month, our pick of the month belongs to The Qemists – Run You. Also, be sure to check out Miner 2049er for the Atari 5200. Oddities And in other news… A Christian group decided to put together a petition calling on Netflix to cancel the streaming show Good Omens. In response to the petition, Netflix took to Twitter and happily made a promise that they won’t produce the show anymore. Amazon Prime, the streaming service that actually produces the show, also took to Twitter and said that if Netflix cancels production of Good Omens, then they won’t produce any more episodes of Stranger Things – a Netflix produced show. The Christian group responded to the events by amending the petition to correctly identify the producer of the show after. Oops. Deusche Bank is apparently going through hard times. Pictures emerged of people leaving the bank in several offices on the day mass layoffs happened. So, some sources started saying how sad it was that those people are being laid off. As it turns out, those weren’t employees in those pictures. Those were actually tailors who were called in to fit a number of executives with $1,800 suits. Not only were the media watching, but also a number of shareholders. Sensing how bad the optics were in all of this, Christian Sewing, the CEO of the company said that those executives were reprimanded for their actions. Apparently, optics are a thing still. This next story could be summed up with some slightly long-winded advice. Don’t be a drug mule. If you do become a drug mule, don’t transport $200 million worth of meth packed into a van. If you do decide to transport meth in your van, don’t break any traffic laws. If you do break traffic laws in your meth van, don’t crash said van into a parked police cruiser. If you do crash your meth van into a parked police cruiser, don’t just randomly go driving around in a residential zone for an hour waiting to be picked up by police. If you do decide to drive your damaged meth van for an hour in a residential zone, at least have the sense to ditch the drugs somewhere along the line so police don’t have multiple reasons to arrest you. Now, one last story out of Omaha. Most people know that America is suffering from a heatwave. So, in order to highlight just how hot it was, the Weather Services left a parked car out in the sun. The temperature that day was about 99 degrees Fahrenheit (or about 37 degrees Celsius). Inside the car, however, temperatures soared to 175.2 degrees Fahrenheit (or about 80 degrees Celsius) after only an hour. It was so hot, they decided to bake some biscuits in the back window. In four hours, the biscuits were described as golden colour. After 8 hours, the service said that the outside of the biscuits were edible with only the inside being “still pretty doughy”. While they didn’t reportedly say it, it’s an excellent reminder: do not leave living things inside parked cars out in the sun. Outro Before we close out this months show, we got a very minor announcement to make. I was able to install some hardware on my computer. After some testing, it looks like all systems are go to roll out a new feature. Chances are, by the time you hear this, you’ll know what this feature is. Let’s just say it nicely compliments this monthly podcast and I’m very excited to try something new. Also, shout out to Nolan for providing mixing and recording services. Thank you so much for your help! If you’d like to get your hands on some behind the scenes stuff, exclusive content, and early access material, you can check out our Patreon page at Patreon.com/freezenet. Through this, you can help make Freezenet just that much better all the while getting some pretty cool stuff in the process. That’s Patreon.com/freezenet! …and that’s this months episode for July, 2019, I’m Drew Wilson for Freezenet. Be sure to check out our website at freezenet.ca for all the latest in news and reviews. You can also like us on Facebook and follow us on Twitter @freezenetca. Thank you for listening and see you next month. (Easter egg not in podcast) Your security’s a hack magnet Your database is gonna have it Leak’s hot server’s stopped Upped on Tor spreadin’ lots Tip the news, they’ll ring the bell People scream, “what the hell?” Zero day, website’s down Lawsuits will make you frown CEO’s actin’ tough Threats will ultimately fuck ’em up No one really knows, if an exploit got you boned Or if it’s negligence back at their place Hacker shakes his ass His posts got you beat He even mocks your hair Reputation kicked in teeth Encryption’s stripped down Policy’s naughty to the end You know what this is No doubt about it It’s bad bad security Drew Wilson on Twitter: @icecube85 and Facebook.