Quote:Google ADMITS employees listen to conversations recorded by Google Assistant even without a user’s ‘Hey Google’ trigger(More in link.) Archived Sun Source:
'Google allegedly admitted to listening to conversations recorded by Google Assistant even without a user's "Hey Google" trigger.
The tech giant made the admission during a closed-door meeting with Indian government officials, according to a report, though
Google has attempted to clarify the claims.
Sources also told IndiaToday the company admitted that its AI assistant will at times record audio on a smartphone or smart speaker
even when it hasn't been summoned. Google clarified how the assistant system works in a statement to Android Authority.
"In standby mode, the device processes short snippets of audio (a few seconds) to detect an activation -- like when you say, 'Hey Google.'
"If no activation is detected, then those audio snippets won't be sent or saved to Google."
The statement also noted that when the Assistant detects its wake word, "the recording can include a few seconds before you activate
your Assistant to catch your request at the right time."
Google has previously admitted that employees listen to short recordings to improve language comprehension in its products...'
Quote:Revealed: leak uncovers global abuse of cyber-surveillance weapon(More in link) Archived Guardian Article:
Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests
'Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments
using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a
massive data leak.
The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse
of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and
terrorists.
Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages,
photos and emails, record calls and secretly activate microphones.
The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people
of interest by clients of NSO since 2016. Forbidden Stories, a Paris-based nonprofit media organisation, and Amnesty
International initially had access to the leaked list and shared access with media partners as part of the Pegasus project,
a reporting consortium.
The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to
an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government
clients identified in advance of possible surveillance attempts.
What is in the Pegasus project data?
What is in the data leak?
The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those
of people of interest by government clients of NSO Group, which sells surveillance software. The data also contains the
time and date that numbers were selected, or entered on to a system.
Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International initially had access to the
list and shared access with 16 media organisations including the Guardian. More than 80 journalists have worked together
over several months as part of the Pegasus project.
Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses.
What does the leak indicate?
The consortium believes the data indicates the potential targets NSO’s government clients identified in advance of possible
surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was
an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any
attempt succeeded.
The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible”
to access with its tools, reveals some targets were selected by NSO clients even though they could not be infected with
Pegasus.
However, forensic examinations of a small sample of mobile phones with numbers on the list found tight correlations between
the time and date of a number in the data and the start of Pegasus activity – in some cases as little as a few seconds...'
Quote:China accused of cyber-attack on Microsoft Exchange servers(More in link) Archived BBC Article:
'The UK, US and EU have accused China of carrying out a major cyber-attack earlier this year.
The attack targeted Microsoft Exchange servers, affecting at least 30,000 organisations globally.
Western security services believe it signals a shift from a targeted espionage campaign to a smash-and-grab raid,
leading to concerns Chinese cyber-behaviour is escalating. The Chinese Ministry of State Security (MSS) has also
been accused of wider espionage activity and a broader pattern of "reckless" behaviour.
China has previously denied allegations of hacking and says it opposes all forms of cyber-crime.
The unified call-out of Beijing shows the gravity with which this case has been taken. Western intelligence officials say
aspects are markedly more serious than anything they have seen before.
It began in January when hackers from a Chinese-linked group known as Hafnium began exploiting a vulnerability in
Microsoft Exchange. They used the vulnerability to insert backdoors into systems which they could return to later.
The UK said the attack was likely to enable large-scale espionage, including the acquisition of personal information
and intellectual property. It was mainly carried out against specific systems which aligned with Hafnium's previous targets,
such as defence contractors, think tanks and universities.
"We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability
in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain," a security
source told the BBC.
If this had been all, it would have been just another espionage operation. But in late February something significant changed.
The targeted attack became a mass pile-in when other China-based groups began to exploit the vulnerability. The targets
scaled up to encompass key industries and governments worldwide.
It had turned from targeted espionage to a massive smash-and-grab raid.
Western security sources believe Hafnium obtained advance knowledge that Microsoft intended to patch or close the vulnerability,
and so shared it with other China-based groups to maximise the benefit before it became obsolete. It was the recklessness of the
decision to spread the vulnerability that helped drive the decision to call out the Chinese publicly, officials say.
The UK is also understood to have raised the issue of Chinese cyber-activity in private with Beijing over an extended period, including
handing over dossiers of evidence. Microsoft went public about the vulnerability on 2 March and offered a patch to close it. At this point,
more hackers around the world had realised its value and piled in.
Around a quarter of a million systems globally were left exposed - often small or medium-sized businesses and organisations - and at
least 30,000 were compromised...'
Edith Head Gives Good Wardrobe.