New Year's Tech with Dave Hatter - SPONSORED BY INTRUST IT


Apple's latest move is a huge boon for privacy:

  • Apple’s mandatory privacy consent requirements are expected launch in early 2021 and they threaten to completely upend the surveillance capitalism model that powers much of the Internet
  • For many years, "free" apps and services have meant that if you're not paying with money, you're paying with data, you are the product, NOT the customer
  • Apple wrote "The App Store is designed to be a safe and trusted place for users to discover apps created by talented developers around the world. Apps on the App Store are held to a high standard for privacy, security, and content because nothing is more important than maintaining users’ trust. Later this year, you’ll be required to provide information about some of your app’s data collection practices on your product page. And with iOS 14, iPadOS 14, and tvOS 14, you will need to ask users for their permission to track them across apps and websites owned by other companies."
  • Revenue derived from user tracking is expected to take a major hit once the App Tracking Transparency (ATT) framework is fully implemented
  • Apple’s senior vice president of software engineering, Craig Federighi has clearly indicated that those who do not comply with the ATT will be removed from the app store
  • The ATT essentially has two phases. In the first, app developers must provide Apple with accurate information that tells a potential user how the app tracks user data across properties owned by other companies as well as what their information is potentially linked to. The mandatory labels that are displayed prior to app download allows users to make an informed choice about the app
  • Phase one has recently been implemented and while app developers don't love it, the coming second phase has caused quite an uproar
  • In 2021 Apple will require apps to display a mandatory privacy consent notice that allows users to opt out of the use of the unique device ID to track them
  • It's the unique device ID that makes the tracking possible on Apple devices, and an app must allow usage even if the user opts out of user tracking
  • Without a user's affirmative consent, the app must continue to function but will return only zeros for the users unique ID
  • Apple is estimated at 30% of the global mobile phone market and as much as 50% in some countries including the United States). It's estimated that Apple devices generate two times more ad revenue so getting banned from the Apple store could be a death blow to many developers
  • Assuming that most users will opt out, the digital advertising marketing could disappear overnight
  • There are some exceptions, apps are allowed to track a user without notice if the data is anonymized before leaving the device, or if it is used solely for security purposes that protect the end user
  • Apple also explicitly banned the implementation of workarounds for tracking based on device fingerprinting
  • Developers are permitted to explain why permission to track is being sought, but can't use dark patterns or incentives to con the user into allowing tracking. Such actions could get the app banned
  • In what some consider a move designed to boost Apple Search ads, the notification requirements do not apply to Apple’s own internal tracking
  • As a result, there are ongoing antitrust probes in both the EU and US and companies such as Google and Facebook, who make much if not most of their money from surveillance capitalism, have expressed strong opposition to the change
  • One likely upshot of this move is that "free" apps supported by ads may begin to disappear from the Apple store and developers will need to find new ways to monetize their apps, which could include charging for the app
  • This is yet another reason to switch to Apple if you haven't already
  • Learn more about Apple's Privacy Consent Framework here:https://developer.apple.com/app-store/user-privacy-and-data-use/

Why China steals U.S. data for use in the U.S.-China cold war:

  • In 2013, the CIA noticed that operatives in Africa and Europe were being identified very quickly
  • U.S. officials were alarmed and puzzled that CIA operatives were not only exposed, but exposed very quickly
  • CIA officials believe that ongoing Chinese cyberespionage efforts were largely to blame
  • The surveillance capitalism model of today's world creates massive troves of information ready for the taking
  • In many cases, Americans are willing share information with Chinese companies known for privacy and security issues such as TikTok and Zoom
  • In other cases, Chinese companies make hardware and software that could be compromised with backdoors, see the recent TCL smart TV story
  • All of this data is being used by the Chinese Communist Party (CCP) for a wide variety of purposes such as supporting CCP backed companies as well as identifying U.S. intelligence operatives
  • "The battle over data—who controls it, who secures it, who can steal it, and how it can be used for economic and security objectives—is defining the global conflict between Washington and Beijing." - Zach Dorfman
  • According to William Evanina, the United States’ top counterintelligence official, China is "one of the leading collectors of bulk personal data around the globe, using both illegal and legal means"
  • One prime example of CCP cyberespionage is the Office of Personnel Management (OPM) breach
  • Chinese hackers stole sensitive personnel data from 21.5 million current and former U.S. officials, their spouses, and job applicants
  • The data included sensitive PII and PHI including health, residency, employment, fingerprint, and financial data.
  • Even worse, some of this data contained details from security clearance investigations. Information not only useful for identifying U.S. operatives, but also useful for blackmail and identity theft
  • Some in the intelligence community worried that the CCP hackers could have surreptitiously altered OPM data to recruit, blackmail or frame U.S. operatives
  • This information also shed light into what the U.S. government looked for in background checks, making it easier for CCP operatives to infiltrate U.S.agencies
  • Your data is valuable in ways you can't imagine, you need to protect it
  • Stop using "free" apps in general and especially anything from China
  • Do not purchase technology from China whenever possible
  • Foreign Policy is running a series named "Into The Breach: How Data Is Driving the new U.S.-China Cold War". Read the first part of the series here:https://foreignpolicy.com/2020/12/21/china-stolen-us-data-exposed-cia-operatives-spy-networks/

Ransomware is a huge threat and may get worse before it gets better:

  • Ransomware is a form of malware that infects devices and encrypts the data they contain. When the process is complete, a ransom is demanded to decrypt the data. Some newer variants may also exfiltrate the data so that the attackers can use the threat of exposing the data for additional leverage
  • Ransomwareattacks surged 40% globally to reach 199.7 million in Q3 2020 according to SonicWal
  • Ransomwareincidents have accounted for 41% of cyber insurance claims filed in the first half of 2020 according to Coalition, one of North America's the largest cyber insurance providers
  • At the end of 2016, a business was hit withransomwareevery 40 seconds, it's estimated to be every 11 seconds by 2021
  • The first known death due toransomwareoccurred in a German hospital this year. Theransomwarecaused a critically ill patient to be routed a different hospital and sadly the patient did not survive
  • CrowdStrike indicated that the growing availability ofransomware-as-a-service RaaS is leading to more attacks, and ransoms have risen substantially
  • Ransomwareclaims have ranged in size from $1,000 to over $2,000,000 per incident and continue to grow. In some of the recent hospital based attacks ransoms as large as $10,000,000 have been demanded
  • "From a financially motivated criminal's perspective, ransomware remains the most lucrative type of cyberattack, especially when the victims are high-value enterprises. In late 2020, cyber criminals are intensifying their attacks to maximise their financial gains and increase the odds of getting paid" - Anna Chung, Unit 42 cybersecurity analyst at Palo Alto Networks
  • Ransomware continues to be successful because many victims pay the ransom and the attackers are rarely prosecuted
  • The FBI recommends against paying a ransom and in some cases, paying a ransom can lead to legal issues if the ransom payments goes to certain countries
  • A good, recent backup stored offline is the best defense if you are hit with ransomware
  • Free decryption keys for some ransomware and well as good advice can be found here:https://www.nomoreransom.org/en/index.html
  • Other things you can do to be more secure:
  • Install Software patches & firmware updates regularly
  • Enable Multi-Factor Authentication (MFA) everywhere
  • Use Anti-Malware / Endpoint protection
  • Use a strong, unique password for each account
  • Use a Password Manager to manage strong, unique passwords for each account
  • Use a firewall
  • Change the default settings on devices, especially the default password
  • Don't download "free" software you have not vetted
  • Use Encryption (at rest and in motion)
  • SETA (Security Education, Training and Awareness)
  • Be skeptical