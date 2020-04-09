How the world has changed in a few weeks. With the spread of the coronavirus in more than 209 countries and territories around the world, governments have instituted bans in many areas to try to stop the spread of Covid-19. Workers have set up home offices where possible, juggling child care and office responsibilities. Zoom evenings have replaced dinners. Bingo has been posted on Facebook, while artists broadcast quarantine concerts directly from their living rooms to their fans.

It can be a little comfort to know that there are things that never change. Less comforting is the sad reality that we still need to be on our guard against privacy breaches, fraud and software that can reveal more to us than we think.

The global pandemic that changes one person’s life is a business opportunity for another. This has never been more true than for scammers, who have been busy taking advantage of the current coronavirus pandemic.

One of the first scams was simply an adaptation of an older attempt. “I know every dirty little secret in your life,” said the email before “proving” it by revealing a password and threatening to give everyone a coronavirus unless payment is made. made to a designated Bitcoin account.

Seems familiar? It was a widespread extortion scam that circulated in 2018 and 2019, threatening to send explicit photographs to their families instead of the coronavirus, but the bottom line is the same. The password is an old one, gleaned from a previous security breach involving your email address, and the scammers hope to deceive those who might re-use their passwords or not change them regularly.

bank details

While the threat of giving someone a coronavirus does not deceive too many people, it is by no means the only threat that exists.

The lockout was barely a week since members of the public were notified of a scam that attempted to trick them into giving their bank details over the phone. Pretending to belong to the Ministry of Employment and Social Protection, fraudsters called people who had lost their jobs due to the epidemic to ask for bank details to process the payments.

However, the ministry never requests bank details from customers over the phone or on social media; it only accepts them through a written request.

Other email scams have come up with links that purported to ask people to click on links in emails purporting to contain public health information. However, when people clicked on these links, malware was spread to laptops or other devices to extract usernames and passwords from email and bank accounts.

Some scammers have exploited the demand for protective gear, with bogus websites offering protective masks and hand sanitizers that never existed; others have fraudulently solicited donations from the public to help fund Covid-19’s efforts.

There are no exact figures on how much it cost the Irish victims of fraud, but experts in the UK estimate that some £ 1.6 million was obtained by fraudulent means. A report from Internet security company Sophos found that 2% of all spam is now linked to Covid-19, which implies that a wave of new scams are coming directly to us.

Video conference

Our brave new world means that we are all striving to find ways to stay in touch with friends and family, and to work from home if possible.

This has led to a massive increase in the number of people using video conferencing software, for example, and it has become very clear that none of us were prepared for this.

Take Zoom, for example. The American company found itself in a very uncomfortable light. The videoconferencing company seemed to be one of the ones thriving in today’s lockdown, increasing its user numbers almost overnight as people searched for others. ways to stay in touch, do business or just stay in business.

But then came the issue of privacy, security researchers calling it “a privacy disaster” and “fundamentally corrupt”, and hackers staging “Zoombombings”.

A Zoombombing, if you don’t already have questionable fun, is where an uninvited person uses the service’s own features – virtual backgrounds, sharing their screen or annotation – to share objectionable material. In one incident, the authors used the annotation feature to jot down racist words on the screen. Another took advantage of the virtual backgrounds feature to display an offensive image to other meeting attendees.

Closer to home, the GAA warned its clubs about the use of the platform after an incident in which a training session for children was hijacked by a person who shared explicit images of the session.

Zoom followed up on some of the complaints. Since April 5, the company has made meeting waiting rooms and meeting passwords an automatically activated setting, keeping unwanted users away and allowing hosts to filter out those waiting for unwanted guests. . There are also ways to disable certain features, as the meeting host may prohibit the use of virtual backgrounds and block the ability for participants to share their screen during the meeting.

Access and encryption

The company also released an update for its Mac software after it appeared that the installer was using a trick closer to malware, mimicking Apple’s security prompt.

But there are still things people should be aware of. Meetings are not end-to-end encrypted, so someone can access the stream.

Meetings can be recorded by the host, but the default naming system for Zoom sessions means that files uploaded to open online storage services can be easily found.

The HSE indicates that a contact search application is being developed, but concerns are raised as to what this will mean in terms of data confidentiality.

The meeting chat system, which allows participants to send a message to the entire meeting or speak directly to another participant, is also included in the transcription of a session, regardless of the recipient of the message. This means that the host can see all the messages sent during the session at the end of the meeting, so you have to be careful what you say.

Another setting – now disabled – measured attendee attention and alerted hosts if their attendees did not have the Zoom meeting window active for the entire session.

The zoom isn’t the only one asking him uncomfortable questions. The Houseparty social networking app (which aims to act as a virtual restart of the standard house party dynamic – you can join friends for a chat when they are in “rooms” with other people, by example) has been the subject of claims that it was used to access independent third-party accounts. Houseparty, who belongs to the gaming company Epic, said he was investigating the possibility that he was part of a commercial smear campaign and offered a $ 1 million bonus to anyone who could provide evidence. to prove it.

Applications against Covid-19

Social distancing is difficult. Humans are not supposed to be lonely – well, most of us anyway. Thus, the new measures designed to keep us safe may seem a bit restrictive, especially when we don’t really know when they will end.

But surely there is a way that technology can help this? Developers worked on ways to use technology to fight the Covid-19 epidemic, although not everyone is comfortable with using apps to report their health .

The European Union is involved here, with a toolbox for a pan-European approach on the use of mobile applications to follow the spread of the coronavirus. Reuters has reported the decision, which follows the deployment by several EU countries of mobile applications that have been criticized by some data protection activists who fear that they will become permanent after the coronavirus crisis finished.

“A fragmented and uncoordinated approach risks undermining the effectiveness of measures to tackle the COVID-19 crisis, while seriously undermining the single market and fundamental rights and freedoms,” said the document. “It is therefore necessary to develop a common approach to the use of digital technologies and data in response to the current crisis.”

The EU will monitor and assess the effectiveness of mobile applications, their interoperability and their cross-border implications, and whether they comply with security, privacy and data protection rules. And there will be a strict limit on the processing of personal data, which will be destroyed when the virus crisis is under control, according to the Commission document.

The HSE, meanwhile, said that a contact tracking application is underway, but concerns have already been expressed as to what this would entail. We do not yet know what form it will take or what data it will collect, but it must nonetheless comply with data protection laws, namely the GDPR. The regulations grant special protection to health data, which is considered to be particularly sensitive.

This will limit exactly what can be legally done with such apps here. According to the prosecutor and data confidentiality expert, Fred Logue, any use of the data must be necessary and proportionate, so as to have the least possible impact on the rights of individuals.

“You cannot use a hammer to break a nut. The measures put in place to achieve your goal cannot be so damaging that they are in fact worse than the problem they are trying to solve or create problems that are worse, “he said.

Data protection

Part of the process should be a “data protection impact assessment,” said Logue, which is a form of risk assessment. They should consult with NGOs and individuals and the public and they should be transparent about it because it is the lack of transparency that is starting to give rise to conspiracy theories. “

The HSE app has not yet been released, but similar apps are already in use in other countries, mainly in East Asia, where government-approved tracking apps cover everything from contact tracing collecting data on the spread of the virus, applying quarantine rules and controlling movements. in public transport and neighborhoods.

Large-scale monitoring of the population and the indiscriminate use of location data are prohibited by European law. A case brought by Digital Rights Ireland to the European Court of Justice invalidated the EU data retention directive in 2014 and led to the adoption of more stringent protections for the storage of personal data.

One way to track contacts without compromising user privacy is to use Bluetooth, which is based on proximity rather than location data.

The key thing that the Irish app must guarantee is transparency, said Logue, otherwise the government risks creating an ineffective app because people just won’t use it.

“Starting and building it without doing it from the start – transparency, consultation – means that they risk wasting a lot of time and resources, building something that could be illegal, and in any case does not won’t be used or people won’t gain confidence. If they don’t do it right, it’s going to waste a lot more time than it takes to do due diligence from the start – it’s a bit wise, stupid. “