FEATURED STORY            

MONDAY, JULY 22, 2019


An unknown hacker or hackers stole the personal and financial information of as many as five million Bulgarians--nearly every adult resident--from the country’s tax agency. 


Authorities are in the early stages of an investigation into the breach, which reportedly occurred in June but only became public last week. They have arrested a 20-year-old cybersecurity expert, Kristian Boykov, for his alleged involvement. A lawyer for Boykov rejected the allegations, but Boykov has been linked to “white hat” hacking in the past, exposing flaws in the education ministry's website in 2017.

Meanwhile, some officials speculated that Russia might be behind the hack, retaliating for Bulgaria’s recent $1.3 billion purchase of U.S. fighter jets. It’s Bulgaria’s largest foreign military purchase since the end of the Cold War. (NYT, Reuters, NPR)


FaceApp: An immensely popular new feature of the photo-editing app that allows users to see what they might look like decades into the future is alarming some digital privacy watchers, who warn that the Russian company behind it could abuse its growing database of facial imagery. However, experts say that it’s unlikely it would use the data to train algorithms to identify faces. (MIT Tech Review)


Real Estate: Hackers are increasingly targeting real-estate professionals, title agents, and lawyers involved in buying and selling homes. After scanning private correspondence, they can customize scams and steal hundreds of thousands of dollars at a time. The FBI says that Real-estate wire fraud hit 11,300 people in 2018, leading to more than $149 million in losses. That’s up from 9,645 victims in 2017 who lost more than $56 million. (WSJ)

Web Browsers: Popular Chrome and Firefox browser extensions reportedly scraped and sold the data of more than 4 million people to a firm called Nacho Analytics, until a researcher informed the companies. Nacho Analytics reportedly marketed itself to businesses as providing a “god mode for the internet” and uses the tagline “See Anyone’s Analytics Account.” (Ars Technica)


Equifax: The credit reporting company is said to be nearing a $700 million settlement with state and federal authorities investigating the 2017 data breach that exposed the records of 150 million Americans. The settlement, which could be announced as early as today, would establish a fund to compensate consumers for harm suffered as a result of the breach. (WSJ)

  ON THE HILL                                    

Huawei: White House economic adviser Larry Kudlow and Treasury Secretary Mnuchin are expected to host a meeting with U.S. semiconductor and software executives today to discuss the Trump administration’s ban on sales to Huawei. (Reuters)

Cyberbulling: A new study by the Department of Education found that online bullying is becoming more prevalent among middle and high school students, while bullying overall has remained steady. Young girls are the most victimized. (WaPo)


Chinese Cameras: Surveillance cameras made by Chinese companies like Hikvision and Hytera are still keeping watch over U.S. military bases and embassies despite the federal ban that’s set to come into force in the coming weeks. Hikvision is 42 percent owned by the Chinese government. (FT)

Cloud Contract: President Trump said he may review the $10 billion Pentagon computing contract for which Amazon and Microsoft have been named finalists, casting uncertainty over any outcome. The president has repeatedly lashed out at Amazon, criticizing the company for its contract with the postal service and threatening antitrust action. (Bloomberg, FT)

  PRIVATE SECTOR                             

NSO: In its sales pitch to buyers, which includes intelligence agencies, the Israeli company says that its Pegasus spyware can scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon, and Microsoft. NSO says it only sells to responsible governments, however some allege its products have been used by repressive regimes. (FT)

Microsoft: The company said it will give away encryption software designed to improve the security of U.S. voting machines. Microsoft is working with vendors and local governments to deploy the system in a pilot program for the 2020 election. (NBC)

  THE WORLD                                     

Vietnam: While the communist country might seem to be a natural customer for Huawei, sources say that its top mobile carriers appear to be quietly keeping the Chinese telecom at arm’s length as they explore collaborations with Ericsson and Nokia. (NYT)

Japan: In an effort to curb money laundering, the government is leading a push to set up an international network for cryptocurrency payments, similar to the SWIFT network used by banks. Japan has been at the forefront of the global digital currency movement, becoming the first country to regulate cryptocurrency exchanges at a national level in 2017. (Reuters)


Private Surveillance Is a Lethal Weapon Anyone Can Buy: “While other kinds of weapons are subjected to stringent international regimes and norms — even if these are often broken — the trade in spy technology is barely regulated...allowing this sort of technology to fall into the wrong hands can have the same impact as selling a lethal weapon,” writes Sharon Weinberger in the New York Times.


The New Ways Your Boss Is Spying on You: “To be an employee of a large company in the U.S. now often means becoming a workforce data generator—from the first email sent from bed in the morning to the Wi-Fi hotspot used during lunch to the new business contact added before going home. Employers are parsing those interactions to learn who is influential, which teams are most productive and who is a flight risk. Companies, which have wide legal latitude in the U.S. to monitor workers, don’t always tell them what they are tracking,” writes Sarah Krouse in the Wall Street Journal.

Inside the Secret World of Stalking Apps: “Apps such as mSpy, TheTruthSpy and FlexiSpy allow users to monitor someone else’s phone activity, including their call logs, the contents of text and chat messages, GPS data and photos. Often billed as “parental control” or “employee monitoring” tools, many stalkerware apps also advertise themselves as a way to catch cheating partners — and note they can be installed invisibly on a target’s phone,” writes Camilla Hodgson in the Financial Times




Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2019 Center on National Security, All rights reserved.