Tag: privacy breach

  • Massive data breach: 2.2 million Pakistani citizens’ personal information for sale online

    Massive data breach: 2.2 million Pakistani citizens’ personal information for sale online

    According to a report from Geo News, the personal data of 2.2 million Pakistani citizens has been compromised and put up for sale online. This breach occurred when hackers gained unauthorised access to a private company-made database that is utilised by hundreds of restaurants. 

    The hackers have even gone so far as to display some citizens’ data as samples in their online sale advertisement. In their claim, the hackers asserted, “We have hacked the databases of over 250 restaurants,” and they listed numerous food outlets. 

    The compromised citizen data includes contact numbers and credit card details. The affected software is widely used by many restaurants across the country. Furthermore, details such as the number of transactions and the amounts paid by citizens are available for purchase online. 

    The hackers are demanding 2 Bitcoins in exchange for the compromised citizen data, which equates to approximately $54,000, considering that one Bitcoin is valued at $27,000 based on market sources. In Pakistani rupees, this amounts to over Rs15 million. 

    As of now, the Federal Investigation Agency’s (FBR) cybercrime circle has not received any complaints regarding this incident. 

    It is worth noting that the federal government recently issued a directive advising all information technology (IT) and financial institutions, including regulators, to avoid collaborating with, installing, or using Indian-origin artificial intelligence (AI) and information and communication technology (ICT) products.  

    This advisory was issued due to concerns that these products could pose a constant, concealed, and force multiplier threat to Pakistan’s critical information infrastructure (CII). 

    The government shared this cybersecurity advisory with federal and provincial ministries and sectoral regulators. The advisory highlighted that globally, AI products and services are widely employed by various industries, including the financial and banking sectors, to accelerate their growth. 

    The document also noted that the fintech sector in Pakistan, along with some banks, was engaged with Indian-origin companies that offered IT products, cybersecurity solutions, and AI solutions.  

    The use of Indian security products and solutions was considered a potential threat to Pakistan’s CII, particularly the banking sector, due to the possibility of backdoors or malware collecting logs, data traffic analysis, and personal identifiable information (PII).  

    Additionally, it pointed out the risk of direct Indian ingress into Pakistan’s CII through technical means and access control with passive monitoring capability. 

  • Social media giant X faces lawsuit for allegedly assisting Saudi Arabia in human rights abuses

    Social media giant X faces lawsuit for allegedly assisting Saudi Arabia in human rights abuses

    The social media giant formerly known as Twitter, now referred to as X, faces a revised civil lawsuit in the US that accuses it of aiding Saudi Arabia in committing severe human rights violations against its users. This includes allegations of disclosing confidential user data to Saudi authorities at a significantly higher rate than for other countries such as the US, UK, or Canada. 

    According to The Guardian, the lawsuit was originally filed in May by Areej al-Sadhan, the sister of a Saudi aid worker who was forcibly disappeared and later sentenced to 20 years in prison. The case revolves around the infiltration of Twitter by three Saudi agents, two of whom posed as Twitter employees in 2014 and 2015. This infiltration led to the arrest of al-Sadhan’s brother, Abdulrahman, and the exposure of the identities of thousands of anonymous Twitter users, some of whom were reportedly detained and tortured as part of the Saudi government’s crackdown on dissent. 

    The updated lawsuit alleges that Twitter, under the leadership of then-CEO Jack Dorsey, knowingly ignored or had knowledge of the Saudi government’s campaign to identify critics but provided assistance due to financial considerations and its close ties to the Saudi government, a major investor in the company. 

    The lawsuit highlights how Twitter was initially seen as a tool for democratic movements during the Arab Spring, which raised concerns for the Saudi government as early as 2013. 

    These allegations come shortly after Human Rights Watch criticised a Saudi court for sentencing a man to death solely based on his Twitter and YouTube activity. The convicted individual, Muhammad al-Ghamdi, had minimal online presence and was accused of having two accounts with a few followers and tweets, both containing retweets of government critics. 

    The lawsuit claims that Twitter was aware of security risks related to insider access to personal data and ignored red flags. It also alleges that Saudi authorities filed emergency disclosure requests with Twitter to obtain user identity information, often approved promptly. 

    Between July and December 2015, Twitter allegedly granted information requests to Saudi Arabia more frequently than to other countries, including Canada, the UK, Australia, and Spain. 

    Despite becoming aware of FBI concerns about Saudi infiltration, Twitter continued to engage with Saudi Arabia as a crucial regional partner. CEO Jack Dorsey even met with Mohammed bin Salman about six months after the FBI raised the issue. 

    The lawsuit ultimately seeks justice for Areej al-Sadhan’s brother, Abdulrahman, and aims to hold Twitter accountable for its alleged complicity in human rights abuses. 

  • Future of communication: Scientists use AI to translate brain activity into words

    Future of communication: Scientists use AI to translate brain activity into words

    Neuroscientists at the University of Texas in Austin have made a significant breakthrough by using artificial intelligence (AI) powered ChatGPT to translate brain activity into words. This discovery has the potential to greatly benefit patients suffering from conditions such as “locked-in” syndrome and stroke, which leave them unable to communicate effectively.

    The researchers leveraged OpenAI’s advanced chatbot technology, which has demonstrated its applications in various sectors, including healthcare. The integration of AI into our daily lives is steadily advancing, and this development showcases its potential in the field of neuroscience.

    Alexander Huth, an assistant professor of neuroscience and computer science at the University of Texas, emphasized that the term “mind reading” is inaccurate and misleading, as it implies capabilities that are beyond our current reach.

    To conduct their study, Professor Huth spent 20 hours inside an fMRI (functional magnetic resonance imaging) machine while listening to audio clips. The machine captured detailed snapshots of his brain activity, which were then analyzed by the AI system. Through this analysis, the technology was able to predict the words Professor Huth was hearing solely by monitoring his brain activity.

    The researchers utilized OpenAI’s chatGPT-1 model, which has been trained on a vast database of books and websites. They found that the AI system accurately predicted participants’ auditory and visual experiences based on their mental activity.

    While still in its early stages, this technology holds promise, particularly in assisting individuals who have lost the ability to communicate. Professor Huth explained that the true potential application lies in aiding patients with conditions such as “locked-in” syndrome and stroke, whose brains are functional but lack the ability to speak.

    Importantly, this breakthrough demonstrates the achievement of high accuracy levels without the need for invasive brain surgery. The researchers believe this marks the first step toward helping individuals regain their ability to communicate without resorting to neurosurgery.

    However, the technology’s results have also raised concerns regarding its potential use in controversial contexts. The researchers highlight the importance of obtaining consent from subjects and conducting brain scans within an fMRI machine. Additionally, the AI technology requires extensive training on an individual’s brain for accurate predictions to be made.

    Jerry Tang, the lead author of the research paper, emphasizes the need for safeguarding the privacy of brain data. He asserts that everyone’s brain data should be kept private, as our thoughts represent one of the last frontiers of personal privacy. Tang acknowledges the potential misuse of brain decoding technology and emphasizes the importance of legislators taking mental privacy seriously.

    Professor Huth clarifies that the technology can discern the general ideas and narratives individuals have in mind, effectively capturing internal storytelling. However, Tang warns against complacency, highlighting that technology is continually evolving, which could impact the accuracy of decoding methods and the extent to which an individual’s cooperation is required.

    In summary, the use of AI to translate brain activity into words has emerged as a groundbreaking discovery by neuroscientists. Although promising, further development and considerations regarding privacy and ethical use are necessary before widespread implementation can occur.

  • TikTok is being sued for misusing data of millions of children

    TikTok, which is owned by Chinese company ByteDan could face a damages claim worth billions of pounds (dollars) in London’s High Court over allegations that they have illegally harvested the private data of millions of European children, Reuters has reported.

    That case will be heard next week and affected children could receive thousands of pounds each if the claim is successful.

    “TikTok is a hugely popular social media platform that has helped children keep in touch with their friends during an incredibly difficult year. However, behind the fun songs, dance challenges and lip-sync trends lies something far more sinister,” Anne Longfield, the former Children’s Commissioner for England told BBC.

    Longfield alleged that every child that has used TikTok since May 25, 2018, may have had private personal information illegally collected by ByteDance through TikTok for the benefit of unknown third parties.

    “Parents and children have a right to know that private information, including phone numbers, physical location, and videos of their children are being illegally collected,” she added.

    Read more- 10-year-old girl dies trying TikTok’s ‘blackout challenge’

    A TikTok representative said privacy and safety were the company’s top priorities and that it had robust policies, processes and technologies in place to help protect all users, especially teenage users.

    “We believe the claims lack merit and intend to vigorously defend the action,” the representative said.

    Earlier this year in March TikTok was banned in Pakistan due to immoral content, but the ban was later lifted.

    The popular video-sharing app was banned for the first time in October last year. The Pakistan Telecommunication Authority (PTA) had blocked TikTok after the company “failed to fully comply” with its instructions for the “development of an effective mechanism for proactive moderation of unlawful online content”. Later, the ban was lifted when the TikTok management assured authorities that it will block all accounts repeatedly involved in spreading obscenity and immorality.

  • Sensitive personal information of Pakistanis leaked over the internet

    Sensitive personal information of Pakistanis leaked over the internet

    • NADRA, PTA spokespersons reject claims against their respective departments as data leak makes headlines

    In a massive breach of privacy, personal and sensitive data of millions — if not hundreds of millions of Pakistanis — has been leaked over the internet as blame game continues between the authorities concerned with none of them willing to take the fall for the divulgence.

    According to the details, multiple smartphone applications and websites, one of which is Sim Database Online, are hosting millions of Pakistani telecom users’ sensitive data such as their Computerised National Identity Card (CNIC) numbers, names and even residential addresses, all of which can be accessed by simply entering the victim’s mobile number.

    Not only does the web-based application further goes on to reveal other mobile numbers registered in the name of the privacy breach victim, but also claims to be providing services such as mobile phone tracking.

    A screen grab of ‘Sim Database Online’

    “Such applications have been around for quite some time now and most probably are the reason behind the recent spike in number of identity theft incidents in Pakistan,” sources told The Current, adding that leaks of government-held databases remain the biggest contributor to identity theft-related crimes in the country, around 50,000 of which were reported in 2019 alone.

    Some groups on Facebook are also offering information regarding driving licences, current location, call details and even criminal records associated with any CNIC numbers if you pay them, sources claimed. “You can even dig out the National Database and Registration Authority (NADRA) family trees associated with a CNIC for a few hundred rupees.”

    They went on to claim it wasn’t just Pakistanis’ confidential data that was being hosted by such web applications. “Sensitive personal information of Afghans and Indians can also easily be accessed through these websites, but there appears to be no urgency among authorities of the three countries to protect their citizens,” they claimed.

    When asked if NADRA or the Pakistan Telecommunication Authority (PTA) were to be held responsible for the leak, they blamed the latter, saying the watchdog had failed to keep an eye on what the country’s telecommunication companies were doing with sensitive data of their customers.

    “How else do you the inboxes of so many people get flooded with text advertisements?” sources questioned, alleging that a data archive of registered telecom users was leaked online in August 2017.

    “The archive contains information about registered mobiles users of Pakistan categorised by their telecom companies. It is publicly available and contains personal information recorded to verify SIM cards. Despite the leaked information being brought to light by many, the data remains available.”

    Speaking to The Current, an information technology (IT) expert said that e-governance came with a set of standards across the world. “If you give access to someone, you have to follow these standards and maintain a certain security level. But unlike the rest of the world… where they have emergency response teams to investigate such issues, Pakistan has had no such probes I know of.”

    “Instead of having teams that react to such incidents, we need certain proactive measures,” the IT expert said, adding that privacy over the internet was a right of the users, and most identity theft-related crimes could be linked to data leaks associated with government bodies over the years.

    NADRA & PTA:

    When approached, NADRA spokesperson Faik Ali told The Current that there was no truth to the claims being made regarding the role of the authority in the data leak as it very carefully managed the sensitive registration database of all citizens.

    “NADRA has nothing to do with it,” he said and also rubbished claims regarding a data breach from two years ago.

    “We had in 2018 also denied accusations of leakage of voters’ data ahead of the general election,” he said, adding that it was also clarified by the authority in a letter to the Election Commission of Pakistan (ECP). “There has never been a data breach in the history of NADRA and we have never shared any citizen’s data with anyone.”

    Faik also reiterated NADRA’s commitment to protect sensitive data of all citizens come what may.

    PTA Public Relations Director Khurram Mehran, on the other hand, rejected all claims regarding the watchdog’s alleged inability to protect the data of telecom networks’ customers, saying that no telecommunication companies were involved in releasing confidential information of their customers.

    He, however, said that action would be taken against any company if evidence to support such claims is there.

    To a query, the PTA spokesperson further said if there were any such cases, they were to be dealt under the Prevention of Electronic Crimes Act (PECA) provisions by the agency concerned, as they were cybercrime cases.

    Repeated attempts were made to contact the chairperson of Senate Standing Committee on IT and Telecommunication, Rubina Khalid, but she was unavailable.