December 29, 2021

8390

0

Author: Matthew Turner

The Best-Known Cybersecurity Fails in 2021

The year 2021 is coming to an end, which means that it is already possible to sum up both offline and online life for the year gone by.

Let’s agree that the past year has brought not only joy but also large cybersecurity fails.

Previously, we’ve already selected large fails of popular messengers in 2021. You can find it here.

However, today, we will look at the most significant worldwide cybersecurity fails in 2021.

Note: Do not forget that using Utopia P2P will save you from the possible risks of messenger files, emails, browsers, and the internet in general.

Learn more about Utopia’s benefits here.

The list of cybersecurity fails in 2021

#1 Pegasus spies on journalists and politicians around the world

Pegasus is an Israeli program designed to spy on dangerous criminals and terrorists and is available only to state authorities. Despite its intended use, state agencies massively monitored journalists, human rights defenders, and lawyers with the program’s help. This is stated in a joint investigation of 17 journalists led by the French Forbidden Stories.

Pegasus is a malicious program that penetrates iOS or Android devices and allows accessing chat and email messages, photos, and location data, and activates the camera and microphone without the user’s knowledge.

The list of potential targets for surveillance includes more than 50,000 people. In addition, forbidden Stories and Amnesty International have obtained a list of phone numbers that Pegasus’s government clients have allegedly selected for surveillance since 2016.

There are no names in the list, but journalists have identified the data of more than one thousand people from 50 countries of the world: among them 65 company executives, 85 human rights activists, and about 600 politicians and officials of various levels, including ministers, diplomats, military, several heads of state and prime ministers. The data of 189 journalists were also found in the list.

It is unclear from the list exactly how many devices were infected by Pegasus — and whether the authorities were monitoring their owners. At the same time, the study of 67 phones belonging to people from the list of potential surveillance targets showed that in 23 cases, they were successfully infected with Pegasus; in 14 cases, the authorities had tried to do this.

NSO (the Pegasus developer) denies misuse of its software. The states also deny that they used Pegasus to hack into individuals’ phones.

#2 ProtonMail gave out the IP address of one of its users

ProtonMail gave the French authorities the IP address of one of its users. Unfortunately, the request came from the Swiss police — the ProtonMail operator company, located in Switzerland, is obliged to obey local laws. 

According to the founder and head of ProtonMail, Andy Yen, in the case of a criminal offense some rules of the service stop working. Furthermore, Yen stressed that ProtonMail does not cooperate with France (as well as other EU member states) or Europol, which initiated the search, since in this case the request came from the Swiss authorities (and they, in turn, cooperated with the French.)

The ProtonMail user, according to Swiss law and the rules of the service itself, must be notified of the request regarding his identity. However, a clarification allows “in some cases” to postpone this notification: for example, if a criminal case is being investigated.

The Swiss court gave the go-ahead to transfer the IP to the authorities, after which the user who was hiding behind the address jmm18@protonmail.com, was identified and detained. At the same time, the authorities have no access to the content of the messages: they are encrypted and accessible only to the user.

Choose the most secure email services here.

#3 Google provides users’ search queries to the authorities

The U.S. authorities forced Google to track and provide data on users’ search queries by keywords.

As it became known, the U.S. government ordered the company to provide information, including account names, IP addresses, and CookieID, about everyone who entered certain search queries. This was done to facilitate the work of law enforcement agencies.

The police and investigative agencies used the so-called “keyword warrant” for their purposes. For example, law enforcement officers sent requests to Google to find information about alleged criminals involved in human trafficking and violence against minors.

Only two such warrants have been made public in recent years. However, experts say this practice raises concerns since innocent users may be pulled into a criminal investigation.

In 2017, a Philadelphia court ordered Google, in the presence of a court order, to transfer to the American authorities the correspondence of users of the Gmail service stored on servers outside the United States. The company decided not to speak out on the results of the trials.

Google is not a secure and private place. Stop using it. Here are all details.

#4 Popular VPNs do not save users from surveillance

The vast majority of modern VPN services could not provide users with the declared level of security. For example, many people talk about 100 percent anonymity by hiding the IP address, but they are silent about other surveillance capabilities, against which a VPN will not protect. Also, the vast majority of them cannot secure user data in the event of a VPN connection interruption.

In 2021, Consumer Reports and Digital Lab conducted a detailed comparative analysis of 16 VPN services, out of an initial field of 51, most of which did not pass the preliminary verification stage.

As stated in the report, VPN services really do help hide the IP address. However, as the companies themselves will know, the protection they provide no longer corresponds to the statements of the services about the complete anonymity of users.

In addition, there are many other tracking tools on the modern internet that do not require an IP address. Experts say sites can request data about the Wi-Fi network through which the user accessed the internet, the GPS coordinates of the mobile device, and the parameters of cell towers if the web surfing is carried out via the mobile internet. As a result, the probability of detecting a user and finding out their real location increases dramatically.

Learn more about VPN privacy here.

#5 Tor nodes are used to deanonymize users

Since 2017, a mysterious attacker (or group), known by cybersecurity experts as KAX17, has been adding malicious servers to the Tor network, acting as input, intermediary, and output nodes. According to a security researcher using the pseudonym Nusenu, the campaign’s purpose was to deanonymize users.

Nusenu, who is himself the operator of the Tor node, discovered malicious activity in 2019, but according to him, KAX17 has been active since at least 2017. According to Nusenu, malicious servers without contact information were added to the Tor network on an ongoing basis, and they numbered in the hundreds. At its peak, the network included more than 900 malicious servers.

As a rule, servers added to the Tor network must contain contact information (for example, an email address) so that Tor administrators or law enforcement agencies can contact node operators in case of incorrect configuration or reports of abuse. Despite this rule, servers without contact information are often added to the network, maintaining a mostly steady number.

In October and November 2021, the Tor Project removed hundreds of KAX17 servers. However, neither Nusenu nor the Tor Project is yet speculating about who exactly is behind KAX17.

What’s wrong with Tor, and why should you choose a more secure tool for internet work? Read more in the article.