You’re sitting there minding your own business, sipping on your morning coffee, scrolling the news, and suddenly you see your name in one of the headlines.
Apparently, someone has accessed your location data from one of the apps on your phone and posted an article outing your deepest, darkest secret.
Weaponizing App Data
This may sound far-fetched or even impossible, but this type of thing happens more than you would realize. The most famous example (so far) comes from last summer, when a prominent Catholic priest was outed by a Catholic-focused news publication, The Pillar.
The Pillar contracted an independent data firm to access Msgr. Jeffrey Burrill’s, the general secretary of the U.S. bishops’ conference (USCCB), phone location data from the location-based hookup app Grindr to “correlate” and confirm frequent visits to gay bars and nightclubs. The resulting scandal ended in Burrill’s resignation.
Though shocking, this kind of malicious targeting isn’t uncommon. Even apps like plagiarism checkers are not secure for all users.
We all know that companies share our data with government agencies and we know many companies don’t value our digital security, but how far will data brokers and big tech companies go? And what can we, the people, do to protect ourselves?
Everybody’s favorite post-pandemic video conferencing app, Zoom, was slapped with a class-action lawsuit last spring for overstating and not disclosing privacy concerns.
The company was hit with allegations of failing to disclose that its service is not end-to-end encrypted and that they shared personal data with other companies like Facebook, Google, and LinkedIn. Not only that, the service was struggling with the issue of uninvited hackers joining private calls and video meetings, aka “zoombombing”.
Most businesses were, in some capacity, forced online due to the pandemic. Imagine, you’re one of the many workers who find themselves communicating via Zoom, and suddenly, some unknown person pops into your meeting.
They can see and hear everything. In larger meetings, these “zoombombers” may even go completely unnoticed. The information you share is wide open to the world.
Zoom eventually settled the lawsuit, cutting a deal in a preliminary lawsuit, ultimately paying $85 million in damages.
Pegasus sounds like something from a spy movie, but it certainly does exist and it made its world debut in mid-2021. Pegasus is a surveillance software, or spyware, created by the private Israeli company NSO Group. The program was initially developed to be marketed to government clients.
The software has the capacity to turn any phone, iOS or Android, without the user noticing, into a 24-hour surveillance device. Early versions of the spyware infect phones through what is called spear-phishing, using text messages or emails that trick the intended target into clicking a malicious link.
Pegasus has the capability to film through a target’s phone camera, activate phone microphones and record conversations, read and copy messages, and collect and save photos. The biggest worry with Pegasus is who is using it and who they are targeting.
Many outlets report that Pegasus has been used by governments to target activists. The amount of breaches still being reported as a result of the Pegasus is astounding.
Hacking For Good?
Not all hackers are created equal. In reality, hackers and cybercriminals have various motivations. Not all are malicious, but all violate privacy rights, even if those ends may be used to justify the means.
A wave of “hacktivism” has been sweeping through far-right organizations and online platforms throughout 2021. Anonymous, a group of so-called “ethical hackers” compromised Epik, a web platform that hosted websites maintained by groups like the Proud Boys and QAnon. Resulting from a September 13th cyberattack, around 15 million names, phone numbers, and email addresses were leaked.
In the aftermath of the January 6th attack on the Capital, numerous right-wing groups have been targeted by hackers.
Much of the information stolen has been shared with the media and individuals’ places of work. Some of the targeted individuals have even lost their jobs due to the exposure of certain comments or posts.
The Current State of Online Privacy
Listed above are just a few of the major online privacy stories from 2021, but they are just the tip of the iceberg. All in all, 2021 was a record-breaking year for data breaches.
According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through the end of September had already exceeded the total number of events in 2020 by 17%. The Cyber Risk Analytics Research Team stated at least 18.8 billion records were exposed over the course of 2021.
Cybercriminal and online attacks are here to stay, and you can expect plenty more bad news throughout 2022. How governments, companies, and private citizens respond to the numerous privacy challenges we all face will impact the virtual landscape forever.
The internet can be a crazy place. Only by implementing safe online strategies and choosing to encrypt your sensitive information with Internxt, will the individual stand a chance at keeping their privacy firmly in their own hands.