Finnish authorities board a ship in the Baltic Sea that the West suspects is linked to Russia, a day after an underwater Finland-Estonia electricity cable was cut and several telecom fiber optic cables were damaged.

Lloyd’s List on-line magazine claims that Russia-linked cable-cutting tanker seized by Finland ‘was loaded with spying equipment’

The incident has intensified fears in Europe over a Russian hybrid war targeting critical infrastructure in the Baltic and beyond. Estonia navy to protect undersea power link after main cable damaged.

Sources:
https://www.lloydslist.com/LL1151955/Russia-linked-cable-cutting-tanker-seized-by-Finland-was-loaded-with-spying-equipment
https://www.nytimes.com/2024/12/26/world/europe/finland-estonia-cables-russia.html
https://www.theguardian.com/world/2024/dec/25/finland-estonia-power-cable-hit-in-latest-baltic-sea-incident
https://yle.fi/a/74-20133531
https://www.bbc.com/news/articles/c1elq7lx9qdo
https://www.aljazeera.com/news/2024/12/27/did-a-russian-shadow-ship-cut-the-finland-estonia-undersea-baltic-cable

Little is known about stingrays that exploit flaws in the way that cell phones connect to 2G cell networks, because they are deliberately shrouded in secrecy.

Most of those flaws are fixed in the 4G networks, though not all. Newer cell site simulators, called “Hailstorm” devices, take advantage of similar flaws in 4G that let police snoop on newer phones and devices. Researchers at the Electronic Frontier Foundation have discovered a new technique that can detect Hailstorm devices

Read more:

https://techcrunch.com/2020/08/05/crocodile-hunter-4g-stingray-cell/?tpcc=ECFB2020

This morning, a report from the
New York Times warns that smartphone apps do that also for profit: More than 1,000 popular apps contain location-sharing code.

PRIVACY TIP: You can deny apps access your location by going into your Settings and revoking permissions.

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret

https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html?smid=tw-share

Dozens of companies use smartphone locations to help advertisers and even hedge funds. They say it’s anonymous, but the data shows how personal it is.

People across the world are learning what they need to do to comply with the EU General Data Protection Regulation, and many are finding themselves wishing they had involved themselves in the debate when the law was decided more than two years ago. It seem that wide public debate was happening too late.

GDPR details have caused a lots of work and are in many details annoying (remember all kinds of “agree” pages and e-mails popping everywhere), but in general the aim for demanding companies to keep better record data of people is a good thing. So it seems that GDPR is generally good, but somewhat annoying.

In stark contrast to the GDPR, experts near-unanimously agree that the copyright reform law, as it stands now, is really bad. Their latest proposal would still force internet platforms to implement censorship machines – and makes a total mess out of the planned extra copyright for news sites by allowing each member state to implement it differently.

On the topic of copyright, you NOW have the chance to have an influence – a chance that will be long lost in two years, when we’ll all be “suddenly” faced with the challenge of having to implement upload filters and the “link tax” – or running into new limits on what we can do using the web services we rely on. If you are opposed to these ideas, please raise your voice now.

Another week and another privacy disaster.

Now a company that collects the real-time location data on millions of cell phone customers across North America had a bug in its website that may have exposed nearly every cell phone customer in the US and Canada, some 200 million customers.

The LocationSmart page required explicit consent from the user before their location data can be used, but that website had a bug that allowed anyone to track someone’s location silently without their permission.

It’s Not Just Facebook That Knows A Horrifying Amount Of Stuff About You. Following the recent Cambridge Analytica scandal, many people are expressing concern about Facebook and how much it knows about them.

“If the product is free, you are the product. If they’re making money, they probably have a lot of your data to sell.”

Google is pretty much the master of collecting and monetizing big data. Apple knows a lot about you too.

TomTom obviously has a lot of data on where you’ve traveled. Amazon Alexa is always listening with microphones in Echo always on.

Twitter last year they updated their privacy policy in order to collect more data.

Somebody else than just your mobile operator gets to know where you are:

According to an old Chinese proverb: “When a wise man points at the Moon, an idiot looks at his finger.” Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send location data to Google without you even knowing it.

If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you’re not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors’ keystrokes, mouse movements, and scrolling behavior in real time…

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems.
BothanSpy implant is for Microsoft Windows Xshell client. Gyrfalcon targets the OpenSSH client on various distributions of Linux OS: CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.
Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server.

Wikileaks has published fresh documents that deal with the CIA’s hacking and spying on Linux machines using a malware strain called OutlawCountry. This tool consists of a kernel module that creates invisible netfilter table for creating new rules with iptables command. Those rules can modify and redirect the network traffic.
The OutlawCountry’s prerequisites for operation are a compatible 64-bit CentOS/RHEL 6.x operating system (Linux 2.6 kernel), shell access and root access to the target. The target must have a “nat” netfilter table.

You can read further details about OutlawCountry in this user manual.