Cyber Blurbs: Biden Goes After TikTok

In this week’s Cyber Blurbs Roundup, we cover Apple’s newest privacy-focused iOS feature, the White House’s latest tactic against TikTok, some bad news for a popular video game company, and good news for cybersecurity professionals.

Apple Announces Mail Privacy Protection

Apple announced the latest chapter of its journey to establish a more privacy-focused world for consumer tech, unveiling plans for Mail Privacy Protection. The latest privacy feature was announced on June 7 at the 2021 Apple Worldwide Developers Conference, and will roll out as part of iOS 15. 

“Mail Privacy Protection stops senders from using invisible pixels to collect information about the user,” the company stated. “The new feature helps users prevent senders from knowing when they open an email, and masks their IP addresses so it can’t be linked to other online activity or used to determine their location.” 

The feature is set to be released just a few months after Apple delivered on App Tracking Transparency, which “controversially” allowed users to deny applications from tracking their usage habits across other applications on the device. Opt-in rates for tracking have varied depending on the study conducted, but they’ve ranged from “uh oh” to “CODE RED” for companies that relied on the intrusive business tactics.

App Tracking Transparency was criticized for the potential impact it would have on small businesses that benefited from being able to issue targeted advertisements on the web. Mail Privacy Protection will likely receive a fair bit of backlash from publications and businesses that benefit from a metric known as the “open rate” — which, as you may have guessed, is the rate at which users open emails and how they respond. It’s a critical part of the newsletter model, allowing publications and companies to determine just how their strategies are being received by their user bases. 

...but that doesn’t make the practice any less intrusive than Apple is making it out to be. 

Is tracking a user’s email usage intrusive to said user? Yes. Absolutely. But is it a useful way to determine the effectiveness of a company’s marketing strategy? Also yes. 

Mail Privacy Protection is due out this fall, although it should be mentioned that Apple provided companies with extra time to plan for ATT last year. There’s no word on whether companies will have more time to plan this time around.  

DOJ Recovers Chunk of Colonial Pipeline Ransomware Payout

Notch one for the good guys. 

The Department of Justice announced on June 7 that it had seized 63.7 bitcoins (AKA about 2.3 million big ones) originally paid out by Colonial Pipeline in response to its ransomware attack. 

“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”

In all, Colonial said it paid about $4.4 million to DarkSide, with the hacking group losing out on $2.1 million thanks to the DOJ’s interception. 

News of the payout recovery comes just a few days after the DOJ announced it would begin providing ransomware attacks with the same level of priority as terrorism. It also follows an announcement from the Department of Homeland Security, which stated that pipeline cybersecurity would now be regulated by the federal government

Big Game Developer Suffers Data Leak

Electronic Arts, one of the video gaming community’s biggest developers better known for its acronym (EA), has suffered a data breach. Originally reported by Motherboard, the company responsible for annual titles like Madden and FIFA has had source code stolen and put up for sale, with reportedly 780 gigabytes of source code hanging in the balance. 

EA’s misfortune marks the second time that we’ve seen a major video game company suffer a data breach this year. Cyberpunk 2077’s CD Projekt Red was first hit with an attack in February. This also comes a year after Nintendo watched a good chunk of its legacy code hit the web last summer.

The company confirmed to BleepingComputer that “a limited amount of game source code and related tools” had been stolen, but did not specify the amount. Other outlets have claimed the total to be 780 GB worth of source code, with BleepingComputer stating that the hackers are looking for $28 million. EA says it does not expect the incident to impact its games or business, but will make improvements to its security practices to prevent future incidents from taking place. 

Biden Goes After TikTok

We couldn’t end this week’s blog without talking about TikTok. The popular, Gen-Z friendly social media platform was back in the news last week after US President Joe Biden announced the next chapter in White House v. TikTok (not a real thing — don’t look it up). Biden revoked former President Donald Trump’s TikTok bans and started a new process to establish “clear intelligible criteria” to determine the national security risks posed by software applications linked to foreign governments. 

As you might recall, Trump attempted to outright ban TikTok from US soil, only to see his goal challenged in federal court. According to the New York Times, analysts expect Biden’s executive order to fare a bit better from a legal standpoint (we won’t go into whether or not that’s just politics though). 

TikTok is seen by many as a national security risk because of its parent company, ByteDance, which has roots in mainland China. Chinese law could potentially allow the country to request user data from any company under its jurisdiction, although ByteDance says American users should not be concerned because that data is stored on servers in the US. Couple that with TikTok’s notorious ability to gather lots of user data, and you have yourself a potential problem.

RECENT POSTS