Yazılar

Hacker Claims Breach of US Location Tracking Company Gravy Analytics

/in /tarafından

An unknown hacker is claiming responsibility for a breach at U.S. location tracking company Gravy Analytics, with screenshots of the boast circulating online. The breach details remain unclear, but a Russian-language post and screenshots uploaded early Sunday to XSS, a site frequented by cybercriminals, allege that the company was hacked, and large volumes of data were stolen.

Gravy Analytics, which merged with Unacast in 2023, has not commented on the situation. Attempts to contact both Gravy and Unacast were unsuccessful, and Gravy’s website was down on Wednesday. The leaked data, around 1.4 gigabytes, has been reviewed by experts who have confirmed its authenticity, raising concerns that the breach is legitimate.

This hack follows recent scrutiny from the U.S. government over companies, including Gravy, that collect and sell highly detailed location data. The Federal Trade Commission (FTC) had previously settled with Gravy Analytics and another broker, Mobilewalla, over deceptive practices in gathering location data without proper consent. The FTC has raised alarms over the vulnerability of Americans’ sensitive data, especially in the context of targeted advertising and surveillance.

 

US Judge Finds Israel’s NSO Group Liable for Hacking in WhatsApp Lawsuit

/in /tarafından

A U.S. judge has ruled in favor of Meta Platforms’ WhatsApp in a lawsuit against Israel’s NSO Group, finding the company liable for exploiting a vulnerability in WhatsApp’s messaging app to install spyware, enabling unauthorized surveillance. U.S. District Judge Phyllis Hamilton of Oakland, California, granted WhatsApp’s motion and found NSO liable for hacking and breach of contract. The case will now proceed to trial, but only to determine the amount of damages.

WhatsApp’s head, Will Cathcart, hailed the ruling as a victory for privacy, stating that spyware companies could no longer hide behind immunity or avoid accountability for unlawful actions. A spokesperson for WhatsApp expressed their gratitude for the decision, reaffirming the company’s commitment to protecting users’ private communications.

Cybersecurity experts, including John Scott-Railton from Citizen Lab, welcomed the ruling as a landmark decision with significant consequences for the spyware industry. He noted that the ruling clarifies that NSO Group is responsible for violating numerous laws, as the company could no longer evade accountability for its actions.

WhatsApp sued NSO in 2019, accusing it of using a vulnerability to access WhatsApp’s servers and install Pegasus spyware on users’ devices. The lawsuit claimed the intrusion enabled the surveillance of 1,400 individuals, including journalists, human rights activists, and dissidents. NSO had defended itself by arguing that its technology was intended to help law enforcement and intelligence agencies combat crime and terrorism.

Despite this defense, NSO failed in its attempt to secure “conduct-based immunity,” which protects foreign officials acting in their official capacity. The 9th U.S. Circuit Court of Appeals upheld the decision in 2021, and the U.S. Supreme Court declined to hear NSO’s appeal, allowing the lawsuit to move forward.

China’s Dahua Technology to Exit Projects in Xinjiang

/in /tarafından

Zhejiang Dahua Technology (002236.SZ), a major Chinese video surveillance equipment maker, announced on Monday that it and its subsidiaries will terminate or exit five projects in China’s Xinjiang region. The projects, which were awarded between 2016 and 2017, include both terminated contracts and those still in operation, according to a filing with the Shenzhen stock exchange. Dahua confirmed it would cease operating the projects and initiate asset disposal and debt resolution procedures, but did not provide a specific reason for the withdrawal.

This move follows a similar decision by Hikvision (002415.SZ), another Chinese surveillance camera manufacturer, which also exited contracts with five Xinjiang local governments earlier this month, without disclosing the reasons.

Dahua’s exit comes amid heightened international scrutiny. The U.S. government added Dahua to its trade blacklist in 2019, accusing the company of involvement in “repression and high-tech surveillance” against Uyghur Muslims and other minority groups in Xinjiang. Dahua has consistently denied these allegations, arguing that the U.S. decision was not based on factual evidence. The Chinese government has also rejected claims of human rights abuses in the region and criticized companies that sever ties with firms operating there.