Connect with us

TECH

Polish Opposition Duo Hacked With NSO Spyware

Polish Opposition Duo Hacked With NSO Spyware
Ewa Wrzosek, a Polish prosecutor, stands outside her office holding her phone, in Warsaw, Poland, on Thursday, Dec. 16, 2021. Wrzosek, a prosecutor who is resisting a political takeover of the system of state prosecution, and an erosion of judicial independence more broadly under Poland's right-wing populist government, was the target of cellphone eavesdropping this year. She and a prominent Polish lawyer have become the first two confirmed cases involving the use of Pegasus military grade spyware against targets in Poland, where an illiberal government is eroding democratic norms. (AP Photo/Czarek Sokolowski)

The aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.

In both instances, the invader was military-grade spyware from NSO Group, the Israeli hack-for-hire outfit that the U.S. government recently blacklisted, say digital sleuths of the University of Toronto-based Citizen Lab internet watchdog.

Citizen Lab could not say who ordered the hacks and NSO does not identify its clients, beyond saying it works only with legitimate government agencies. But both victims believe Poland’s increasingly illiberal government is responsible.

A Polish state security spokesman, Stanislaw Zaryn, would neither confirm nor deny whether the government ordered the hacks or is an NSO customer.

Lawyer Roman Giertych and prosecutor Ewa Wrzosek join a list of government critics worldwide whose phones have been hacked using the company’s Pegasus product. The spyware turns a phone into an eavesdropping device and lets its operators remotely siphon off everything from messages to contacts. Confirmed victims have included Mexican and Saudi journalists, British attorneys, Palestinian human rights activists, heads of state and Uganda-based U.S. diplomats.

But word of the Poland hacking is especially notable, coming as rights groups are demanding an EU-wide ban on the spyware. The 27-nation European Union has tightened export restrictions on spyware, but critics complain that abuse of it by EU member states urgently needs to be addressed.

Citizen Lab previously detected multiple infections in Poland dating from November 2017, though it didn’t identify individual victims then. The Pegasus spyware has also been linked to Hungary, which like Poland has been denounced for anti-democratic abuses. Germany and Spain are reportedly among NSO’s customers, with Catalan separatists accusing Madrid of targeting them with Pegasus.

“Once you start aggressively targeting with Pegasus, you’ll join a fraternity of dictators and autocrats who use it against their enemies and that certainly has no place in the EU,” said senior researcher John-Scott Railton of Citizen Lab.

Former EU parliament member Marietje Schaake of the Netherlands, now international cyber policy director at Stanford University, said: “The EU cannot credibly condemn human rights violations in the rest of the world while turning a blind eye to problems at home.”

The Polish targets see the hack as evidence of a perilous erosion of democracy in the very nation where Soviet hegemony began unraveling four decades ago.

Just hours before Zaryn answered emailed questions about the hack from The Associated Press, a provincial prosecutor filed a motion seeking the arrest of Giertych, the lawyer, in a financial crimes investigation.

Zaryn did not comment on whether the two matters might be related. He said Poland conducts surveillance only after obtaining court orders.

“Suggestions that Polish services use operational methods for political struggle are unjustified,” Zaryn said.

An NSO spokesman said Monday that the company is a “software provider, the company does not operate the technology nor is the company privy to who the targets are and to the data collected by the customers.” Citizen Lab and Amnesty International researchers say, however, that NSO appears to maintain the infection infrastructure.

In July an investigation by a global media consortium found Pegasus was used in Hungary to hack at least 10 lawyers, an opposition politician and several journalists. Last month, a Hungarian governing party official acknowledged that the government had purchased Pegasus licenses.

In 2019, independent Polish broadcaster TVN found evidence the government anti-corruption agency spent more than $8 million on phone spyware. The agency denied the report but Prime Minister Mateusz Morawiecki was more ambiguous, saying all would “be clarified in due time.”

In the last four months of 2019, Giertych was hacked at least 18 times, Citizen Lab found. At the time, he was representing former Prime Minister Donald Tusk of Civic Platform, now head of the largest opposition party, and former Foreign Minister Radek Sikorski, now a European Parliament member.

The “jaw-droppingly aggressive” tempo and intensity of the targeting — day-by-day, even hour-by-hour — suggested “a desperate desire to monitor his communications,” Scott-Railton said. It was so unrelenting that the iPhone became useless and Giertych abandoned it.

“This phone was with me in my bedroom and it was with me when I went to confession. They scanned my life totally,” he said.

Most of the hacks occurred just ahead of an Oct. 13, 2019, parliamentary election that the Law and Justice party of Jaroslaw Kaczynski won by a slim margin, leading to a further erosion of judicial independence and press freedom.

Giertych was also involved representing an Austrian developer at the time who claimed that Kaczynski, Poland’s most powerful politician, stiffed him as a deal to build twin business towers in Warsaw fell apart. Revelations of that deal-gone-sour triggered a scandal because Polish law bans political parties from profit — and the towers were to be built on land owned by Kaczynski’s party.

Giertych also represented Sikorski in an illegal w iretapping case in which the former foreign minister’s conversations were recorded and published; Sikorski alleges the government failed to investigate the possible involvement of Kaczynski allies. Last year, anti-corruption officials searched Giertych’s home and office in a manner a Polish court deemed illegal and the EU called emblematic of how Poland’s government treats hostile lawyers in politically sensitive cases.

When the Lublin regional prosecutor applied for a court order Monday seeking Giertych’s arrest, it said the lawyer had refused to appear for questioning, and seemed to be “deliberately hiding from justice.”

Giertych called this absurd and said the financial wrongdoing investigation was trumped-up, that a Poznan court had already dismissed it for lack of evidence. Prosecutors say he is suspected of money laundering for legal fees he received in a Warsaw property dispute case a decade ago.

Citizen Lab was still investigating how Giertych’s phone was infected but said it expects a “zero-click” vulnerability, which wouldn’t involve user interaction. They believe Wrzosek was similarly hacked. Citizen Lab found six intrusions on her phone from June 24-Aug. 19.

Last year, Wrzosek ordered an investigation into whether presidential elections should be postponed over concerns they could threaten the health of voters and election workers. Almost immediately, she was stripped of the case and transferred to the distant provincial city of Srem with two days’ notice.

“I didn’t even know where the city was and I had nowhere to live there,” said Wrzosek, who was hacked shortly after returning to Warsaw and resuming media appearances critical of the government.

A vocal member of an independent prosecutors’ association, Wrzosek learned she’d been hacked — and tweeted about it — when Apple sent out alerts last month to scores of iPhone users across the globe targeted by NSO’s Pegasus, including 11 U.S. State Department employees in Uganda. In a lawsuit it filed the same day, Apple called NSO “amoral 21-century mercenaries.” In 2019, Facebook sued the Israeli firm for allegedly hacking its globally popular WhatsApp messenger app.

Wrzosek has filed an official complaint but doesn’t expect prompt accountability, believing “the same services that tried to break into my phone will now be conducting the proceedings, looking for perpetrators.” AP

Advertisement
Click to comment

TECH

How Big Tech Sees Big Profits in Social-Emotional Learning at School

How Big Tech Sees Big Profits in Social-Emotional Learning at School
Facebook CEO Mark Zuckerberg takes the stage after wife Dr. Priscilla Chan during announcement that the Chan Zuckerberg Initiative's next focus will by in science at the UCSF Medical Center at Mission Bay in San Francisco, Calif., on Wednesday, Sept. 21, 2016. GETTY IMAGES

In June 2021, as students and teachers were finishing up a difficult school year, Priscilla Chan, wife of Facebook founder and CEO Mark Zuckerberg, made a live virtual appearance on the “Today” show, announcing that the Chan Zuckerberg Initiative (CZI), along with its “partner” Gradient Learning, was launching Along, a new digital tool to help students and teachers create meaningful connections in the aftermath of the pandemic.

According to CZI and Gradient Learning, the science of Along shows that students who form deep connections with teachers are more likely to be successful in school and less likely to show “disruptive behaviors,” resulting in fewer suspensions and lower school dropout rates. To help form those deep connections, the Along platform offers prompts such as “What is something that you really value and why?” or “When you feel stressed out, what helps?” Then, students may, on their “own time, in a space where they feel safe,” record a video of themselves responding to these questions and upload the video to the Along program.

CZI, the LLC foundation set up by Zuckerberg and Chan to give away 99 percent of his Facebook stock, is one of many technology companies that have created software products that claim to address the social and emotional needs of children. And school districts appear to be rapidly adopting these products to help integrate the social and emotional skills of students into the school curriculum, a practice commonly called social-emotional learning (SEL).

Panorama Education—whose financial backers also include CZI as well as other Silicon Valley venture capitalists such as the Emerson Collective, founded by Laurene Powell Jobs, the widow of Apple cofounder Steve Jobs—markets a survey application for collecting data on students’ social-emotional state that is used by 23,000 schools serving a quarter of the nation’s students, according to TechCrunch.

Gaggle, which uses students’ Google and Microsoft accounts to scan for keywords and collect social-emotional-related data, has contracts with at least 1,500 school districts, Education Week reports.

Before the pandemic temporarily shuttered school buildings, the demand for tracking what students do while they’re online, and how that activity might inform schools about how to address students’ social and emotional needs, was mostly driven by desires to prevent bullying and school shootings, according to a December 2019 report by Vice.

Tech companies that make and market popular software products such as GoGuardian, Securly, and Bark claim to alert schools of any troubling social-emotional behaviors students might exhibit when they’re online so that educators can intervene, Vice reports, but “[t]here is, however, no independent research that backs up these claims.”

COVID-19 and its associated school closures led to even more concerns about students’ “anxiety, depression and other serious mental health conditions,” reports EdSource. The article points to a survey conducted from April 25 to May 1, 2020, by the American Civil Liberties Union (ACLU) of Southern California, which found that 68 percent of students said they were in need of mental health support post-pandemic.

A major focus of CZI’s investment in education is its partnership with Summit Public Schools to “co-build the Summit Learning Platform to be shared with schools across the U.S.” As Valerie Strauss reported in the Washington Post following the release of a critical research brief by the National Education Policy Center at the University of Colorado Boulder, in 2019, Summit Public Schools spun off TLP Education to manage the Summit Learning program, which includes the Summit Learning Platform, according to Summit Learning’s user agreement. TLP Education has since become Gradient Learning, which has at this point placed both the Summit Learning program and Along in 400 schools that serve 80,000 students.

Since 2015, CZI has invested more than $280 million in developing the Summit Learning program. This total includes $134 million in reported contributions revenue to Summit Public Schools 501(c)(3) from 2015 to 2018 and another $140 million in reported awards to Summit Public Schools, Gradient Learning, and TLP Education (as well as organizations that helped in their SEL tools’ development) posted since 2018; a further $8 million has been given to “partner” organizations listed on the Along website—which include GripTape, Character Lab, Black Teacher Collaborative, and others—and their evaluations by universities.

An enticement that education technology companies are using to get schools to adopt Along and other student monitoring products is to offer these products for free, at least for a trial period, or for longer terms depending on the level of service. But “free” doesn’t mean without cost.

As CZI funds and collaborates with its nonprofit partners to expand the scope of student monitoring software in schools, Facebook (aka Meta) is actively working to recruit and retain young users on its Facebook and Instagram applications.

That CZI’s success at getting schools to adopt Along might come at the cost of exploiting children was revealed when Facebook whistleblower Frances Haugen, a former employee of the company, who made tens of thousands of pages of Facebook’s internal documents public, disclosed that Facebook is highly invested in creating commercial products for younger users, including an Instagram Kids application intended for children who are under 13 years. While Facebook executives discussed the known harms of their products on “tweens,” they nevertheless forged ahead, ignoring suggestions from researchers on ways to reduce the harm. As Haugen explained, “they have put their astronomical profits before people.”

The information gathered from SEL applications such as Along will likely be used to build out the data infrastructure that generates knowledge used to make behavioral predictions. This information is valuable to corporations seeking a competitive edge in developing technology products for young users.

Schools provide a useful testing ground to experiment with ways to hold the attention of children, develop nudges, and elicit desirable behavioral responses. What these tech companies learn from students using their SEL platforms can be shared with their own product developers and other companies developing commercial products for children, including social media applications.

Yet Facebook’s own internal research confirms social media is negatively associated with teen mental health, and this association is strongest for those who are already vulnerable—such as teens with preexisting mental health conditions, those who are from socially marginalized groups, and those who have disabilities.

Although Facebook claimed it was putting the Instagram Kids app “on hold” in September 2021, a November 2021 study suggests the company continues to harvest data on children.

There are legislative restrictions governing the collection and use of student data.

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student data collected by educational institutions, and the Children’s Online Privacy Protection Rule (COPPA) requires commercial businesses to obtain parental consent to gather data from “children under 13 years of age.” Unfortunately, if a commercial contract with a school or district designates that business a “school official,” the child data can be extracted by the business, leaving the responsibility to obtain consent with the school district.

While these agreements contain information relating to “privacy,” the obfuscatory language and lack of alternative options mean the “parental consent” obtained is neither informed nor voluntary.

Although these privacy policies contain data privacy provisions, there’s a caveat: Those provisions don’t apply to “de-identified” data, i.e., personal data with “unique identifiers” (e.g., names and ID numbers) that have been removed. De-identified data information is valuable to tech corporations because it is used for research, product development, and improvement of services; however, this de-identified data is relatively easy to re-identify. “Privacy protection” just means it might be a little bit more difficult to find an individual.

What privacy protection doesn’t mean is that the privacy of children is protected from the “personalized” content delivered to them by machine algorithms. It doesn’t mean the video of a child talking about “the time I felt afraid” isn’t out there floating in the ether, feeding the machines to adjust their future.

The connections between the Along platform and corporate technology giant Facebook are a good example of how these companies can operate in schools while maintaining their right to use personal information of children for their own business purposes.

Given concerns that arose in a congressional hearing in December 2021 about Meta’s Instagram Kids application, as reported by NPR, there is reason to believe these companies will continue to skirt key questions about how they play fast and loose with children’s data and substitute a “trust us” doctrine for meaningful protections.

As schools ramp up these SEL digital tools, parents and students are increasingly concerned about how school-related data can be exploited. According to a recent survey by the Center for Democracy and Technology, 69 percent of parents are concerned about their children’s privacy and security protection, and large majorities of students want more knowledge and control of how their data is used.

Schools are commonly understood to be places where children can make mistakes and express their emotions without their actions and expressions being used for profit, and school leaders are customarily charged with the responsibility to protect children from any kind of exploitation. Digital SEL products, including Along, may be changing those expectations.


By Anna L. Noble is a doctoral student in the School of Education at the University of Colorado, Boulder.

___________________

Independent Media Institute

Continue Reading

TECH

Google, Meta face EU, UK Probes Into ad Bidding Agreement

Google, Meta face EU, UK Probes Into ad Bidding Agreement
Meta/Facebook. Credit: Chesnot/Getty Images

British and European regulators threatened to crack down on Google and Facebook parent Meta over an agreement for online display advertising services, saying Friday that the deal may breach rules on fair competition.

The fresh scrutiny in Europe, which has pioneering efforts to rein in big technology companies, strikes at the heart of Google’s business — the digital ads that generate nearly all of its revenue.

In the “ad tech” marketplace bringing together Google and a constellation of online advertisers and publishers, the company controls access to the advertisers that put ads on its dominant search platform. Google also runs the auction process for advertisers to get ads onto a publisher’s site.

The European Union’s top competition watchdog opened an antitrust investigation into a 2018 pact for Meta’s Audience Network to participate in Google’s Open Bidding program.

The European Commission, the EU’s executive arm, said the deal, which Google internally dubbed “Jedi Blue,” may be part of efforts to exclude ad tech services that compete with Google’s Open Bidding program to the detriment of publishers and consumers.

Britain’s Competition and Markets Authority announced a parallel investigation into the agreement, which is also the focus of a state-led antitrust lawsuit against Google that’s before U.S. courts.

Google said the “allegations made about the agreement are false,” calling it “a publicly documented, procompetitive agreement” enabling Facebook to participate in its Open Bidding program, along with dozens of other companies.

Meta said the “non-exclusive bidding agreement with Google, and the similar agreements we have with other bidding platforms, have helped to increase competition for ad placements.” Meta said it would cooperate with both the EU and U.K. inquiries.

EU Competition Commissioner Margrethe Vestager said that if the investigation confirms the watchdog’s suspicions, “this would restrict and distort competition in the already concentrated ad tech market, to the detriment of rival ad serving technologies, publishers and ultimately consumers.”

The European Commission said it intends to “closely cooperate” with the U.K. competition authority on the investigation.

The watchdogs are looking into both the ad bidding agreement and whether Google abused its dominant position in the online ad market.

“If one company has a stranglehold over a certain area, it can make it hard for startups and smaller businesses to break into the market — and may ultimately reduce customer choice,” the U.K. watchdog’s chief executive, Andrea Coscelli, said in a statement.

_____________

AP

Continue Reading

TECH

Russia to Brand Meta an Extremist Entity and Ban Instagram

Russia to Brand Meta an Extremist Entity and Ban Instagram
A woman holds a smartphone with Meta logo on it in front of a displayed Facebook logo. Photo illustration: Reuters

The US tech giant is reportedly now permitting posts on its platforms that call for the killing of Russian soldiers in Ukraine

The Prosecutor General of Russia has asked a court to formally designate Meta Platforms, the owner of Facebook and Instagram, as an extremist organization, Russian news agencies reported on Friday. The request came after reports that the US-based social media giant had revised its policy and is now allowing posts that call for violence against Russian citizens, amid Moscow’s military offensive in Ukraine.

Earlier, some Western media reported that Meta had decided to allow “posts on Ukraine war calling for violence against invading Russians or [for Russian President Vladimir] Putin’s death”.

The Russian embassy in Washington called on the US government to “rein in” Meta’s apparent embrace of “extremism.” Kremlin spokesman Dmitry Peskov said the news reports were “hard to believe.”

“This information actually requires very careful verification and study,” the official told journalists on Friday. “We will hope it to be not true, as otherwise a most vigorous action will be required to stop the activities of this company.”

Russian media regulator RKN said on Friday it has demanded from Meta either a formal confirmation or denial of the reports about its hate-speech policy reversal.

The Prosecutor General’s office decided not to wait for a confirmation, however. In addition to seeking a court order to label Meta an extremist entity, it ordered RKN to block access to Facebook and Instagram in Russia.

The statement said the platforms also allowed posts calling for mass rioting by Russian citizens in response to the ongoing Ukraine campaign, which also made restricting access to them necessary.

Last month, Facebook revised its policies against dangerous individuals and organizations, and it then allowed posts praising the Azov Battalion, Ukraine’s National Guards unit, which incorporates ultra-nationalist troopers, including many who openly adhere to neo-Nazi ideology and other forms of extremism.

________

AP

Continue Reading

TECH

Microsoft to Remove RT apps, ban Russian State-Owned Media Ads

Microsoft to Remove RT apps, ban Russian State-Owned Media Ads
Russian President Vladimir Putin during a visit to the RT studios | Pool photo by Yuri Kochetkov via EPA

Microsoft Corp said on Monday it would remove Russian state-owned media outlet RT’s mobile apps from the Windows App store and ban advertisements on Russian state-sponsored media, as global tech firms respond to Moscow’s invasion of Ukraine.

The company said it would not display any state-sponsored RT and Sputnik content, de-rank their search results on Bing and not place any ads from its ad network on those sites.

Western tech companies, including Facebook-owner Meta Platforms Inc and Alphabet Inc’s Google, have placed restrictions on Russia’s state-controlled media outlets in Ukraine and around the world.

Google has banned downloads of RT’s mobile app on Ukrainian territory after barring Russia’s state-owned media outlet RT and other channels from receiving money for ads on their websites, apps and YouTube videos.

Facebook is barring Russian state media from running ads or monetizing on its platform anywhere in the world.

“(We) will make ongoing adjustments to strengthen our detection and disruption mechanisms to avoid the spread of disinformation and promote instead independent and trusted content,” Microsoft said in a blog https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks.

A growing list of companies are also looking to exit Russia as sanctions from Western countries tighten. REUTERS

 

Continue Reading

TECH

China Urges US to Protect its Space Station from Satellites

China Urges US to Protect its Space Station from Satellites
n this Dec. 1, 2020, file photo, SpaceX owner and Tesla CEO Elon Musk arrives on the red carpet for the Axel Springer media award in Berlin. China is calling on the United States to protect a Chinese space station and its three-member crew after Beijing complained that satellites launched by Elon Musk’s SpaceX nearly struck the station. A foreign ministry spokesman accused Washington on Tuesday, Dec. 28, 2021, of ignoring its treaty obligations to protect the safety of the Tiangong station’s three-member crew following the July 1 and Oct. 21 incidents. (Hannibal Hanschke/Pool Photo via AP, File)

China is calling on the United States to protect a Chinese space station and its three-member crew after Beijing complained that satellites launched by Elon Musk’s SpaceX nearly struck the station.

A foreign ministry spokesman accused Washington on Tuesday of ignoring its treaty obligations to protect the safety of the Tiangong station’s three-member crew following the July 1 and Oct. 21 incidents.

The Tiangong performed “evasive maneuvers” to “prevent a potential collision” with Starlink satellites launched by Space Exploration Technologies Corp., the government said in a Dec. 6 complaint to the U.N. Committee on the Peaceful Uses of Outer Space.

The United States should “take immediate measures to prevent such incidents from happening again,” said the spokesman, Zhao Lijian.

Zhao accused Washington of failing to carry out its obligations to “protect the safety of astronauts” under a 1967 treaty on the peaceful use of space.

The American Embassy in Beijing didn’t immediately respond to a request for comment.

Musk also is chairman of electric vehicle manufacturer Tesla, Inc. The company opened its first factory outside the United States in Shanghai in 2019.

The Tiangong, however, is a prestige project for the ruling Communist Party, making it unlikely Beijing would tolerate disruption even by a major foreign investor in China.

The main module of the Tiangong was launched in April. Its first crew returned to Earth in September following a 90-day mission. The second crew of two men and one woman arrived on Oct. 16 for a six-month mission.

SpaceX plans to launch some 2,000 Starlink satellites as part of a global internet system to bring internet access to underserved areas. In its 34th and latest launch, SpaceX sent 52 satellites into orbit aboard a rocket Dec. 18. AP

Continue Reading

TECH

Russian Court slaps Google, Meta With Massive Fines

Russian Court slaps Google, Meta With Massive Fines
Meta/Facebook. Credit: Chesnot/Getty Images

A Moscow court on Friday slapped Google with a nearly $100 million fine and also fined Facebook’s parent company Meta $27 million over their failure to delete content banned by local law, as Russia seeks to step up pressure on technology giants.

The Tagansky District Court ruled that Google repeatedly neglected to remove the banned content, and ordered the company to pay an administrative fine of about 7.2 billion rubles (about $98.4 million).

Google said it would study the court documents before deciding on its next steps.

Later Friday, the court also slapped a fine of nearly 2 billion rubles ($27.2 million) on Meta for failure to remove banned content.

Russian courts had previously imposed smaller fines on Google, Facebook and Twitter this year, and Friday’s rulings marked the first time the size of the fine was calculated based on revenue.

Russian state communications watchdog Roskomnadzor said Google and Meta were specifically accused of violating the ban on distributing content that promotes extremist ideology, insults religious beliefs and encourages dangerous behavior by minors, among other things.

The agency said that Facebook and Instagram have failed to remove 2,000 items despite the courts’ requests to do so, while Google has failed to delete 2,600 such items.

It warned that they may face more revenue-based fines for failure to delete the banned content.

Russian authorities have steadily ramped up pressure on social media platforms, accusing them of failing to purge content related to drug abuse, weapons and explosives and extremist views.

Earlier this year, authorities criticized tech companies for not deleting announcements about unsanctioned protests in support of jailed Kremlin critic Alexei Navalny.

Russian authorities also have demanded that foreign tech giants store the personal data of Russian citizens on servers in Russia, threatening them with fines or possible bans if they fail to comply.

Alexander Khinshtein, head of the committee on information policies in the lower house of Russian parliament, said the massive fine should send a clear message to all IT giants.

He added that Russian law envisages other forms of punishment for failure to comply with court orders, including slowing down traffic and complete blocking. AP

Continue Reading

Other Articles

close