All Posts By

avery@greymarketlabs.com

Consumer’s Trust in Data Protection

By | Social Networking | No Comments

The practice of buying Americans’ data has become routine, effectively hollowing out both Carpenter v. United States and privacy safeguards enacted by Congress.  Any company or government can go out and purchase customers’ data that the company has collected.  Just last year, Avast was caught selling their customers’ data for the second time1.  Their customers use their service to protect their information and prevent it from being sold, but Avast decided it was more profitable to sell that data rather than protect it.

Businesses have determined that it is more profitable to sell their customer’s data rather than protect it.  Laws like GDPR and CCPA provide the legal framework for consumer protection but more needs to be done for the business community. We need to expect more from our Technology Providers.  Customer data should be protected and should be at the core of any cybersecurity product.  The monetary value gained from selling customer’s data isn’t worth the trust that is lost once that data has been sold.  As a Public Benefit Corporation, Grey Market Labs believes protecting individual activity and organizational data is the foundation of trustworthy companies. As organizations look for companies to protect them, Public Benefit Corporations should be the first to consider, ensuring your information is kept private.

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers’ work, online.

Contact us to see how we can work together.

Ransomware Attacks from Critical Infrastructure to Police Departments

By | Data Protection, Information Security, Risk and Liability | No Comments

Ransomware attacks have been growing over the past three years and in just the past 2 weeks have shown how public these attacks have become.  The first attack on Washington DC (Metropolitan) Police resulted in a massive leak of internal information because they did not meet the blackmail demands1.  The second major attack was on the Colonial Pipeline, which shut down the pipeline, resulting in fuel shortages up and down the East Coast.  The Colonial Pipeline operators decided to pay the ransom of 75 Bitcoin or nearly $5 million USD2.  Government organizations can’t pay ransom per longstanding practices, but commercial groups decide to pay or not based almost purely on cost and impact to their bottom line. The latter could encourage more ransomware attacks since they are so lucrative, but there is very little to guarantee that systems or data are completely “released” once ransom payments are made. We need a better way.

Ransomware can infiltrate an organization through hacking or in the ways that a computer virus might spread. Once executed, the ransomware essentially holds your data and systems hostage. It’s rather effective because rather than attempting to steal all your data, it typically will encrypt all your data and make your systems unusable and unreadable until a ransom is paid for the decryption key.

Ransomware with the release of the Executive Order on Improving the Nation’s Cybersecurity has become a top priority of the White House. Previous attacks against police departments have resulted in cases being dropped due to the offices being locked out of their computers3.  Police departments need to protect sensitive data such as background check files by keeping them separate and ensuring that they can recover the data if they are locked out.

It’s impossible to prevent all forms of hacking. Therefore, one must also develop a strategy to mitigate the effects of an attack. As referenced in the recent Executive Order, Zero Trust is a framework that assumes you and your organization has or will be compromised is a tremendous step forward in changing how computing systems are built and how truly resilient they can be. This involves the same strategies one would implement for a disaster recovery plan, which includes taking regular backups of all the data and rebuilding the infrastructure supporting that data in a short amount of time. Isolated Secure Enclaves, provided by Grey Market Labs, are one possible solution to the problem that police departments face when trying to keep information protected, allowing sensitive forensics (e.g., exploitation reviews) to take place on modern technology and providing increased access for officers while increasing the security of all their digital work.

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.

Pattern-of-Life through Electricity Monitoring

By | Data Privacy, Information Security, Risk and Liability | No Comments

Household electricity monitoring provides insight into the usage of electronics in the home. Monitoring can be accomplished through commercial products (e.g. those described here https://www.bobvila.com/articles/best-home-energy-monitor) or through a utility provider’s service (such as the Duke Home Energy Report). These insights can help pinpoint which devices are wasting energy to help the homeowner save money. The analysis of electricity by these products or providers is so in-depth that they extract exact brand information on individual devices based on how much electricity that device is using and the unique electrical signature it produces

This information can also be used for Pattern-of-life analysis to expose the daily activities inside the home – which could be used for anything from targeted advertising to exploiting security weaknesses. It is important for homeowners to be aware of how this data is being used and what rights they have over it in order to make informed decisions when managing risk and participating in politics.

#GREYdient Score: 3/10

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.

Protecting Investigators

By | Data Privacy, Data Protection | No Comments

Private, federal, and state investigators are increasing their online presence because more of their work is going online.  For the most part, investigators are not trained in cybersecurity practices.  So, when they are online looking for criminals, there is a high chance that those same criminals are looking back at them.  This puts their organization, investigation, friends, and family at risk.  Most investigators try to separate their work life from their personal life, but the internet blurs the line between personal and work.

For example, in 2018, investigators were researching sex traffickers, specifically massage parlors in Manhattan, using VPNs; however, real estate agents were still able to track down their information and call those investigators on their personal cellphones.  These investigators suddenly became aware that their online presence was able to be tied to their personal lives even with cybersecurity practices.

The separation of work and personal is key, but investigators still need to access the tools and data needed for their job.  The undercover tradecraft needs to be applied to this field to protect legal and legitimate investigations.  So how do we protect investigators?

1st: Investigators need the tradecraft and training in cybersecurity to ensure they can protect themselves.  They also need to understand what will expose them to the digital world.

2nd: They need comprehensive tools to ensure they are not exposed at the seams.  Investigators are currently using multiple tools that are not designed to work cohesively together (VPNs, burner phones, anonymous browsers).  These individual products have a marginal benefit that leaves open cracks which criminals can exploit.  There needs to be a comprehensive solution/product that can combine these disparate tools in a seamless manner and seal the current gaps.

To work towards eliminating these gaps, check out opaque.ai for more information.

Activity Tracking

By | Data Protection, Social Networking | No Comments

The concept of privacy is multifaceted and complex, a concept that has evolved over time with emerging technologies, across societies and cultures, and redefined as new domains are discovered and explored. A subset of privacy, information or data privacy, focuses on control over the collection, usage, and dissemination of people’s personal information. Boundaries for data privacy and data protection are often determined by analyzing a plurality of factors such as legal, policy, ethical, and economic considerations. Regardless of factors, the pervasiveness of data privacy-compromising methods and tools is overwhelming.

A common means of collecting personal information is through online tracking. There are numerous types of identifiers and attributes online trackers utilize. They work transparently in most cases, and their scope permeates throughout digital mediums and across sectors [1]. Each item in the list below relies on software and hardware-based methods for activity tracking:

  • Websites use browser provided information to identify and track users
  • Mobile devices have unique identifiers and numerous sensors that online trackers rely on [2]
  • Smart televisions can not only collect and disseminate what we watch, but they potentially open an attack vector for malicious actors [3]
  • Vehicles can use numerous sensors to record data on vehicle location, driver and driving characteristics, cabin environment, etc. [4]
  • Flight tracking services managed to predict significant business deals by monitoring the routes of company jets [5]

The wealth of collected data is used to build comprehensive profiles and generate insights. These profiles “can reveal our political affiliation, religious beliefs, sexual identity and activity, race and ethnicity, education level, income bracket, purchasing habits, and physical and mental health” [6]. This collected data is potentially shared and further enhanced, in some cases revealing the identity of the individuals behind the profile. Protecting life online requires a multifaceted data protection approach. To handle this evolving environment, Opaque is adaptable with security and privacy designed into its core.