Attack Can Unmask Anonymous Users on Any Major Browser | Albanian Government Hit by Cyber Attack | T-Mobile Breach Settlement

Weekly tech News - 25th July

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group


Attack Can Unmask Anonymous Users on Any Major Browser

To begin, in a new article by WIRED, they discuss how researchers from the New Jersey Institute of Technology (NJIT) are warning this week about a novel technique that attackers could use to de-anonymise website visitors.

The findings from NJIT show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data.

The hack analyses subtle features of a potential target’s browser activity to determine whether they are logged into an account for a multitude of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Importantly, the attacks work against every major browser, including the Tor Browser.

In a statement one of the study authors, Reza Curtmola, said “If you’re an average internet user, you may not think too much about your privacy when you visit a random website. But there are certain categories of internet users who may be more significantly impacted by this, like people who organize and participate in political protest, journalists, and people who network with fellow members of their minority group. And what makes these types of attacks dangerous is they’re very stealthy. You just visit the website, and you have no idea that you’ve been exposed.”

Researchers warn that it would be simple to carry out once attackers have done the prep work. It would only take a couple of seconds to potentially unmask each visitor to the malicious site—and it would be virtually impossible for an unsuspecting user to detect the hack. The researchers developed a browser extension that can thwart such attacks, and it is available for Chrome and Firefox. Vendors are trying to see if it’s worth the effort to resolve this.

Source - Anonymous Web Users Unmasked - WIRED

Source - NJIT Study

And what makes these types of attacks dangerous is they’re very stealthy. You just visit the website, and you have no idea that you’ve been exposed.
Reza Curtmola, Professor in Computer Science at NJIT

Albanian Government Hit by Cyber Attack

The websites for the Albanian Government have been taken offline following a massive cyberattack. In a statement, the government blamed the incident on a “synchronized attack from abroad.” The statement continued: “In order to not allow this attack to damage our information system, the National Agency of Information Society had temporarily shut down online services and other government websites.”

The government also emphasized that all citizens’ data stored on its website is “safe and intact.”

While they have not suggested who may have been behind the attack, there have been suggestions that Russia could be behind the attack, potentially linked to the EU opening accession talks with Albania and North Macedonia. It has also been noted that “the methods used by these malicious actors are similar to last year’s attacks observed in the international cyberspace.” The Albanian government added that it is working with experts from Microsoft and the US-based Jones Group International to solve the situation “and bring it back to normalcy.”

Source - Albanian Cyberattack - InfoSecurity Magazine

Source - Albanian Cyberattack - The Register

Source - Albanian Cyberattack - Euractiv

 

T-Mobile Breach Settlement

Finally, an update on a story which we have discussed several times since its occurrence.

In an SEC filing that was spotted last week, T-Mobile outlines a class action settlement which would split a $350 million pay-out among lawyers and, eventually, the 76.6 million customers affected by the enormous T-Mobile data breach in August 2021. If you recall, the breach included data such as full names, dates of birth, and even Social Security numbers were compromised in the attack.

T-Mobile got in touch with people affected by the data leak shortly after it came to light and offered them two free years of access to McAfee’s ID Theft Protection Service.

While the figure of the settlement may sound quite substantial, an enormous chunk of that amount will go towards paying off legal fees. The company will also spend a further $150 million, separate from the $350 million settlement, on data security technologies throughout this year and the next.

The settlement still must be approved by the court. But if it is approved, it will "resolve substantially all of the claims brought by the company’s current, former and prospective customers who were impacted by the 2021 cyberattack."

The full filing can be read below.

Source - T-Mobile Breach Settlement - Yahoo!

Source - T-Mobile Breach Settlement - CBS News

Source - T-Mobile Breach Settlement - Court Filing

If you want to get in touch then give us a shout