The Wiretap is your weekly digest of cybersecurity, internet privacy, and surveillance news. To receive it in your inbox, subscribe here.
Free VPN apps endanger children’s privacy, researchers say.
Getty
Virtual private networks, or VPNs, are used by Internet users around the world to encrypt their web traffic and hide their IP addresses. Often they are completely benign tools that promise an extra layer of privacy.
But some VPNs, often ones that don’t cost a cent, actually undermine users’ privacy. ForbesEmily Baker-White reported earlier this week that children are increasingly using free VPNs to circumvent their school’s attempts to prevent them from visiting porn or other inappropriate websites.
Research shared with US lawmakers this week shows that some of these VPNs have ties to China and may be sharing children’s data with the Chinese government.
Last week, a Chinese national was indicted for allegedly linking malware to free VPNs to hack as many as 19 million computers, creating a botnet used by cybercriminals to hide their tracks and generate more than $8 billion in fraudulent revenue to acquire.
Experts recommend paid VPNs from reputable vendors, such as F-Secure or Proton, which typically pose fewer risks and promise real privacy improvements.
Google’s privacy chief is out of office with no plans to replace him
Google’s Chief Privacy Officer is leaving amid broader layoffs at the tech giant. (Photo by Jaap Arriens/NurPhoto via Getty Images)
NurPhoto via Getty Images
Keith Enright is leaving Google after thirteen years with the company as part of a broad restructuring. Forbes has learned. Matthew Bye, a fifteen-year veteran and director of competition law, is also leaving.
Stories you need to read today
Today Forbes launched the Midas List, our annual ranking of the world’s top venture capitalists. Highlights from a privacy/security perspective include Shardul Shah, who has invested in Datadog and Wiz; Scott Sandell, who backs CloudFlare; and Trae Stephens, whose investments in the space include Anduril.
A TikTok exploit, which only requires the victim to open a DM, is leading to accounts of major celebrities and companies being hacked. CNN and Sony are two victims. TikTok says it’s fixing the problem.
Ticketmaster was hacked, owner LiveNation confirmed, after a hacker known as ShinyHunters claimed they had stolen 560 million customer data. The source of the breach was traced to a wave of account hacks at cloud and analytics provider Snowflake. Following a joint investigation with Google’s Mandiant and security giant CrowdStrike, Snowflake said cybercriminals had used stolen credentials obtained by password-stealing malware and targeted accounts without multi-factor authentication.
404 Media had an internal Google database detailing thousands of security and privacy incidents dating back to 2016. These included an event where the company accidentally recorded children’s voices and another where Street View collected license plate numbers.
Winner of the week
Europol announced a successful takedown of a number of malware families, claiming it was “the largest ever operation against botnets.” Law enforcement agencies around the world took part in the investigation, dubbed Operation Endgame, which led to the shutdown of more than 100 servers and four arrests, one in Armenia and three in Ukraine. The operation focused on ‘droppers’, malicious code ‘designed to install other malware on a target system’.
Loser of the week
A former US Marine and police officer, John Mark Dougan, has been linked to more than 150 fake local news sites spreading disinformation, according to research by disinformation monitor NewsGuard. The sites mimic local publications with names like Boston Times and New York News Daily and have spread false information about the war in Ukraine. Duggan currently lives in Moscow, where he was granted asylum after fleeing accusations that he was a hacker who published sensitive information about thousands of police officers, judges and local officials in Florida. He denied these allegations and claimed in comments to NBC News that he had no knowledge of the fake news sites.
More about Forbes