Privacy & Security UK

190 readers
1 users here now

A place to talk online privacy and security. From Personal VPNs to data breaches and everything in between, there should be something for everyone. No matter if you are a seasoned professional, believe you should control your own data or just wanting to know more, let chat.

Rules

The rules are simple:

Other privacy communities

founded 1 year ago
MODERATORS
1
 
 

Police and private companies in the UK are increasingly using facial recognition technology to monitor, categorise and track us. The technology works by creating a 'faceprint' of everyone who passes in front of camera — processing biometric data as sensitive as a fingerprint, often without our knowledge or consent. This dangerously authoritarian surveillance is a threat to our privacy and freedoms — it has no place on the streets of Britain.

We've just launched legal action against police and shops' use of live facial recognition surveillance.

We’re crowdfunding to grow the biggest possible campaign of resistance to an unprecedented Government and retail expansion of facial recognition surveillance in the UK. With your support, we can:

  • Take groundbreaking legal action against police and shops' use of facial recognition

  • Demand politicians roll back live facial recognition

  • Give legal advice & support to people affected by live facial recognition

  • Work with groups around the world fighting live facial recognition surveillance...

2
 
 

Palantir, a controversial US tech firm founded by billionaire Peter Thiel, has secured its first contract with a UK police force, Leicestershire Police, to provide a 'police intelligence and investigation platform,' raising ongoing concerns about data privacy...

Palantir is a controversial choice, as some community leaders, campaign groups and members of Parliament have raised concerns about giving the company access to public data. Aasiya Bora, a former Green party police and crime commissioner candidate, expressed serious concerns: “The idea that Palantir is now extending their reach into police data has to concern us. How will the data be used? Who will keep them accountable?”

... Palantir's tech is already in use in US police forces and has been accused of creating ‘racist’ feedback loops. According to experts, the technology has led to people in already over-policed neighbourhoods becoming targets for police abuse. Palantir has previously refused to comment on software it has provided to US police forces. There is no indication that this is the same tech in use at Leicestershire Police.

The company recently faced criticism over a multi-million pound NHS deal to join patient data between different NHS trusts, and was awarded several contracts during the pandemic without tender. Palantir's lack of track record in healthcare and murky links to US and UK spy agencies made it unfit to take on the job, according to campaigners. Palantir maintains that it has never had access to any identifiable medical records.

... More recently, leaked emails revealed that Palantir hired PR firm Topham Guerin to pay influencers to attack the Good Law Project, a not-for-profit campaign organisation, on social media. Good Law Project had been raising concerns about a £330m deal between Palantir and the government to process millions of NHS patient records. Jo Maugham, director at the Good Law Project, said “Palantir, in covertly paying influencers to smear us, ought to have disbarred itself from providing police intelligence services. If it is capable of dishonestly smearing its critics, why is it not capable of manufacturing intelligence about them?”

3
 
 

Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors.

Cryptographic analysis from ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed issue with Sync, pCloud, Icedrive, Seafile, and Tresorit services, collectively used by more than 22 million people.

The analysis was based on the threat model of an attacker controlling a malicious server that can read, modify, and inject data at will, which is realistic for nation-state actors and sophisticated hackers.

The team comments that many of the discovered flaws directly oppose the marketing promises of the platforms, which create a deceptive and false premise for customers...

4
 
 

UK ambulance services have been targeted by Russian hackers, risking disruption to their communication systems, with the potential to severely hamper Britain’s emergency services.

Intelligence material seen by i shows that over the past 12 months, a Kremlin-protected hacking network has targeted key suppliers to the UK Ambulance Services and Ministry of Defence (MoD).

This week, MI5 director Ken McCallum announced that Russia is on a “sustained mission” to create “mayhem” across Britain and Europe.

i gained rare exclusive access to a large database of previously stolen information used by hackers to identify and target a key supplier to the Ambulance Radio Programme (ARP), which connects ambulances to the NHS and other emergency responders.

The hackers, according to intelligence seen by i, were able to access email threads discussing the ARP, and details of key personnel and components involved in its security, exposing some of the inner workings of UK Ambulance Services’ secure communication systems.

The extracted information significantly increases the risk of further attacks on the ARP which could crash the system. This would have the potential to leave ambulance command centres unable to communicate with drivers and the police or fire services, or prevent them from receiving vital information about the precise location of major incidents, four UK intelligence sources told i...

5
 
 

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified.

The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail.

This campaign highlights the growing sophistication of cyber threats and the need for heightened vigilance among internet users...

6
 
 

"The wi-fi has been hacked at 19 UK railway stations to display a message about terror attacks.

Network Rail confirmed that the wi-fi systems at stations including London Euston, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Edinburgh Waverley and Glasgow Central were affected.

People reported logging on to the wi-fi at the stations on Wednesday and being met with a screen about terror attacks in Europe.

A Network Rail spokesperson confirmed the wi-fi was still down and said: "We are currently dealing with a cyber-security incident affecting the public wi-fi at Network Rail’s managed stations."

The affected stations include:

In London, London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria and Waterloo

In the South East, Reading and Guildford

In the North West, Manchester Piccadilly and Liverpool Lime Street

In the West Midlands, Birmingham New Street

In West Yorkshire, Leeds

In the West and South West, Bristol Temple Meads

In Scotland, Edinburgh Waverley and Glasgow Central

British Transport Police was investigating, Network Rail said.

The rail provider said it believed other organisations, not just railway stations, had also been affected..."

7
 
 

... Big Brother Watch slammed the new powers. Director Silkie Carlo said: "Starmer's benefits bank spying proposals sound alarmingly similar to the powers Labour fought just a few months ago in opposition. Everyone wants fraud to be dealt with, and the government already has strong powers to investigate the bank statements of suspects.

"But to force banks to constantly spy on benefits recipients without suspicion means that not only millions of disabled people, pensioners, and carers will be actively spied on but the whole population's bank accounts are likely to be monitored for no good reason."

Carlo said a "financial snoopers' charter" designed to automate suspicion of the UK's poorest people was intrusive, unjustified, and risks the kind of injustice seen during the Post Office Horizon scandal.

"This is yet another insult to pensioners, an attack on Britain's poorest people, and an assault on the presumption of innocence," she said.

8
 
 

"A 17-year-old male has been arrested as part of the investigation into a cyber security incident affecting Transport for London (TfL).

The teenager was detained in Walsall on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.

He has been questioned by officers from the National Crime Agency (NCA) and has been bailed.

TfL runs the capital's public transport network, including buses and the Tube.

It is understood some customer data was compromised, including customer names and contact details.

Some Oyster card refund data may also have been accessed. This could include bank account numbers and sort codes of around 5,000 customers.

The NCA has said it is working alongside TfL and the National Cyber Security Centre to manage the incident and minimise risk to customers..."

9
 
 

"Datacentres in the UK are to be designated as critical national infrastructure in an effort to protect them from cyber-attacks and IT blackouts, the government has said.

The buildings store much of the data generated in the UK, including photos taken on smartphones, financial information and NHS records.

The critical national infrastructure (CNI) categorisation means datacentres will be on the same footing as water, energy and emergency service systems, and therefore receive greater government support to anticipate and recover from adverse incidents such as cyber-attacks, outages or environmental disasters.

The government said the move – the first CNI designation in almost a decade – would help protect critical data infrastructure and provide businesses with reassurance to help bolster economic growth in an increasingly digital world..."

10
 
 

"A Gloucestershire council has declared a major incident and is working with GCHQ to assess the full extent of a cyber attack by “hostile actors”. Tewkesbury Borough Council shut down all of the services they provide online yesterday (Wednesday, September 4) after they identified “hostile actors” within their IT systems.

Council leaders say the full extent of the cyber security breach and the motive of the attack is currently unknown. But they are redeploying staff to towns and large villages across the Borough to ensure the most vulnerable have access to the services they rely on.

Chief Executive Alistair Cunningham said: “With all our systems shut down, our main focus is around the vulnerable people we serve in this community.

"We are currently dealing with an IT incident. Our systems have been compromised.

“We were alerted to unknown user accounts accessing our systems yesterday afternoon. We are clearly at an early stage of our investigation but as of today we are saying there is no evidence of data exfiltration from the organisation.

“Yesterday we thought data had been removed from the organisation which would be of serious concern to our residents. We have been analysing the movement of data in and out. The data leaving the system was through bonafide user accounts.”

“The accounts we have identified have not been taking data out of the organisation. That is the situation which is reassuring to ourselves and partners and clearly the public in terms of the data we hold.”

He said the authority has taken the necessary cyber response steps including informing the National Cyber Security Centre who are supporting them with their investigation..."

11
 
 

"Workers will have greater protection against being snooped on by their bosses under plans by the Government to boost employment rights.

Tracking of staff members’ computer and phone activity has increased rapidly since the pandemic, which triggered a rise in people working from home.

But ministers and unions are concerned that surveillance of workers is taking place without their consent, and could breach their privacy if used incorrectly or even be used to discriminate against some staff..."

12
 
 

"Many of us are aware that being watched is no longer an Orwellian paranoia, but a contract we’re signed into when using and consenting to digital technology. The transformation of digital technology has been widely recognised for its ability to track, document and observe trends. But what this means for us collectively is that surveillance methods are routinely seized and weaponised by those in power.

The uses of surveillance technology are spreading far and wide, from being introduced in schools without parents’ knowledge to monitor pupils and families to spying on vulnerable people in NHS mental health wards around the clock. Even group chats are being used to punish and prosecute young people. But it’s not only coming from above.

In the digital age we have all become immersed into the society of the spectacle and mutual surveillance is higher than ever. From filming strangers becoming completely normalised to everyone you know having a Ring doorbell – we have all become little brothers, and smartphones are the all seeing eye..."

13
 
 

"Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. The news was first reported by Recorded Future News, which obtained an official description of the incident report.

The description of the report was obtained under the Freedom of Information Act, it revealed that the incident follows an attack carried out by a nation-state actor on a supplier of the department’s corporate systems, and linked the security breach to Microsoft’s January announcement.

In January, Microsoft warned that some of its corporate email accounts were compromised by a Russia-linked cyberespionage group known as Midnight Blizzard. The company notified law enforcement and relevant regulatory authorities.

Microsoft also announced that the Russia-linked APT Midnight Blizzard that hit the company in late November 2023 has been targeting organizations worldwide as part of a large-scale cyberespionage campaign..."

14
 
 

"The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022.

Advanced, an IT service and hosting provider contracted by the United Kingdom's National Health Service (NHS), was compromised by threat actors on August 4, 2022.

The incident impacted hundreds of public and private entities, including NHS 111, and various healthcare products such as Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan, and eFinancials.

As a result of the breach, the personal information of nearly 83,000 people was exposed, including instructions on how to access homes for 890 people receiving care at home..."

15
 
 

"The codes look like they are part of the council's payment system, but instead lead to a phony website.

Motorists who think they have paid for their parking via a fake QR code also risk parking fines, the council added..."

16
 
 

"Social media is now undeniably a significant part of many of our lives, in the UK and around the world. We use it to connect with others and share information in public and private ways. Governments and companies have, of course, taken note and built fortunes or extended their power by exploiting the digital information we generate. But should the power to use the information we share online be unlimited, especially for governments who increasingly use that information to make material decisions about our lives?

At Privacy International (PI), we think the answer to that question is a resounding no. That is why we have been examining the use of social media monitoring by governments and companies. The practice is an increasingly prevalent one, and as this article explores, largely unregulated. That needs to change..."

17
 
 

"Civil liberties campaigners have said that a proposal made by Keir Starmer on Thursday to expand the use of live facial recognition technology would amount to the effective introduction of a national ID card system based on people’s faces.

Silkie Carlo, the director of Big Brother Watch, said it was ironic the new prime minister was suggesting a greater use of facial matching on the same day that an EU-wide law largely banning real-time surveillance technology came into force..."

18
10
submitted 3 months ago* (last edited 3 months ago) by maltfield@monero.town to c/privacysecuk
 
 

After almost 2 years, Privacy Guides has added a new Hardware Recommendations section to their website.

Thanks to Daniel Nathan Gray and others for implementing this new hardware guide

19
 
 

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: 2024-08-10 12:00 - 13:45
Where: W303 – Third Floor – LVCC West Hall

BusKill goes to DEF CON 32 (Engage)
BusKill is presenting at DEF CON 32

via @Goldfishlaser@lemmy.ml

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

What is BusKill? (Explainer Video)
Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

DEF CON Documentary
Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: Sat Aug 10 12PM – 1:45PM
Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

  1. a usb-a extension cord,
  2. a usb hard drive capable of being attached to a carabiner,
  3. a carabiner,
  4. the plastic pieces in this file,
  5. a usb female port,
  6. a usb male,
  7. 4 magnets,
  8. 4 pogo pins,
  9. 4 pogo receptors,
  10. wire,
  11. 8 screws,
  12. and BusKill software.
Image of the Golden BusKill decoupler with the case off
Golden DIY BusKill Print

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

  • ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 | 236),
  • Hacker Kareoke (Friday and Sat 20:00-21:00 | 222),
  • Goth Night (Friday: 21:00 – 02:00 | 322-324),
  • QueerCon Mixer (Saturday: 16:00-18:00 | Chillout 2),
  • EFF Trivia (Saturday: 17:30-21:30 | 307-308), and
  • Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 | 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

Image shows a collection of 3D-printed bottle openers and whistles that say "BusKill"
Come to my presentation @ DEF CON for some free BusKill swag

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

20
7
Mobile voip numbers UK? (self.privacysecuk)
submitted 1 year ago by gutter564 to c/privacysecuk
 
 

Hi. Trying to avoid giving my number out especially after i found it got pwned.

Does anyone know of cheap ways to port over to VOIP in UK? Don't think Google voice is available here yet? Also anyone know how to get multiple Voip numbers for relatively cheap.

Thanks.

21
10
You and YOUR data (self.privacysecuk)
submitted 1 year ago by lypticdna to c/privacysecuk
 
 

I have not always had an interest in data privacy. Actually, it took me moving in to being a data engineer in the marketing world to really realise the intense nature of data capture.

Like, I am sure, a large proprotion of the privacy aware population, it is not that there is anything to hide, just that privacy of data should be a right. It is one of the reasons I stepped away from most social networks, try to de-Google as much as I can and take care in my data landscape.

But, how does everyone else manage theirs? It would be good to share some useful tips, resources, tools, etc. that the wider community (as it grows) can use.

For me, I use:

  • A VPN (Mullvad in this case)
  • Firefox with 'some' hardening (don't want to totally cripple the online experience)
  • Windows OS with telemtry disabled across the system (never perfect but I am happy)
  • Simplewall (Windows App) to manage some outbound traffic
  • Random password generators (exact logic is incredibly unique to me)
  • Android (mobile) with as much telemetry disabled as possible
  • Privacy Guides, a great website to keep atop of new updates
  • Various threat landscape blogs and podcasts

Listing it out, it sounds like I do a lot but this is pretty tame. I accept that there is a balance between user experience and privacy. Yes, I could totally de-Google my phone but then a lot of useful functionality is lost. Same with Windows, I could move to Linux full-time (and would if I could) but I am a gamer and, while Linux is improving in that landscape, it ain't great just yet.