Navigating the Shadows: Unravelling Data Theft and Exploitation in the Digital Age (Part 1)

Introduction 

‍

In an era dominated by technology, our lives have become intricately interconnected with data. The digital landscape, led by the influential Big 5 corporate giants, known as FAAMG, has ushered us into an era of convenience, connectivity, and unparalleled innovation. However, as we revel in the benefits of this digital revolution, a shadowy underbelly emerges, one characterized by the alarming potential for data theft and exploitation. As we delve into the complex tapestry of data security, this article uncovers the historical trajectory of data exploitation's evolution, from its origins to its contemporary manifestations within the sanctioned and legitimatized realms of the shadow data economy. From questions about whether our phones are eavesdropping to the remarkable technological feats like AI-driven attention tracking in China, we explore the intricate interplay between technology, privacy, and the ever-expanding frontier of data theft and exploitation. With AI now capable of recording our voices and registering our behaviours, the very essence of our digital lives hangs in the balance, a constant negotiation between the allure of innovation and the imperative to safeguard our most personal information.

‍

FAAMG and the biggest data breaches in history (by Azraiel)

‍

When we talk about Data Exploitation we cannot help but mention FAAMG, which is an acronym that refers to a group of five American technology stocks, representing some of the largest and most influential technology corporations in the world: Facebook, Apple, Amazon, Microsoft, and Google. While they have revolutionized industries and brought numerous benefits to users, their massive data collection practices have also raised concerns about data exploitation and privacy breaches. 

‍

• Facebook: Known for its social media platform and various acquisitions, Facebook collects user data for targeted advertising and other purposes.
• Amazon: As a major e-commerce and cloud computing company, Amazon gathers data on customer shopping habits and usage of its services.
• Apple: Renowned for its hardware and software products, Apple collects user data from devices and services for personalization and security features.
• ‍Microsoft: A leading software and cloud services provider, Microsoft collects data through its operating systems, productivity tools, and cloud offerings.
• Google: Google dominates the search engine and online advertising landscape, collecting vast amounts of user data to enhance its services.

These companies have been subject to review for their data collection practices and their roles in the broader data privacy and security landscape. The implications in data exploitation and theft include: Data Collection for Personalization and Targeted Advertising, User Profiling, Data Breaches and Unauthorised Access, Third-Party Data Sharing, Unauthorised Monetization of User Data, as well as Ethical Considerations. 

‍

Here below, some examples of the biggest data breaches in history targeted retail user’s data:

1 )Yahoo! Date: 2013-2016. … 3 billion users globally

2 ) Microsoft. Date: January 2021. …  60,000 companies globally

3 ) First American Financial Corp. Date: May 2019. …   885 million file records leaked

4 ) Facebook. Date: April 2021. … 530 million users exposed

5 ) LinkedIn. Date: June 2021. … 700 million users exposed

Recent revelations from the analysis conducted by the Security.org team shed light on the extent to which big corporate structures exploit user data for their own gains. Out of all the companies mentioned above, Google actually collects and stores most of your information by far. 

Here below you can see the types of personal information obtained (graphic A) and (graphic B)  how they extend the theft to multiple parties. 

‍

A. Personal Information Obtained

B. Data Theft Gateways

A Study linked below by WhoTracks.Me found that approximately 83% of web traffic contains third-party scripts by Google with half being confirmed to be tracking unsuspected users. That’s more than 40% of web traffic being tracked by Google alone.

Big companies like CBS make it part of their business to extract data from people, leading to corporates misusing it for lead and profit generation. This makes us wonder about finding a balance between creating tailor made structures and keeping our privacy within a secure parameter outside prying eyes.

‍

How Our Data Is Exposed Even in Telecommunication: Privacy and Security at Risk (By beautyqueenamara)

‍

“A 10s disclaimer that it gets recorded means you waive away all rights. Allowing 100s of other companies to listen in real time. This started in the US by tapping the phone lines causing electronic infrastructure exploits. These exploits were enabled by critical partnerships between corporate phone companies and infrastructure builders like AT&T and Horizon.” (Malte Christensen)‍

Inserting a sim card is like opening a door to let companies listen in on your private talks without you even realizing it. Monitoring calls jeopardises your privacy and personal information.

Initially Telegraph messages were monitored and phone lines tapped with court permission. Today, what's obtained illegally might not be accepted as proof in court. However the path of evidence taken, where it originated from, can hardly be distinguished now. 

Advanced tech like tiny gadgets and lasers have made eavesdropping even more hidden and secretive. Devices can be as small as a lego piece, making them incredibly hard to discover, these “recorders” are often built in and even advertised within the manual of the purchased gadget. Even listed within the inventory of seemingly trivial household items. Electronic eavesdropping remains a complicated mix of technology, worries about personal privacy, and legal concerns that can raise eyebrows and send chills down your spine.

‍

History of Wiretapping

The start of this problem goes back to the United States. Wire-tapping got its start in New York in 1895 when a former telephone worker who had joined the city police suggested that it might be a good idea to listen in on wires used by criminals. Back then, weak spots in the technology that helps us communicate were taken advantage of. This made it clear how easily our private talks can be spied on with the help of these companies.

‍

Big Telecom's Data Breaches: Millions of Custumers’ Records Exposed

Two major phone companies, Verizon and AT&T, recently faced big problems with customer information. In one case, 6 million records were exposed due to a mistake by a partner. Another case saw around 9 million customers' data exposed by a vendor's system.

‍For Verizon, personal details like names, phone numbers, and more of 6 million customer accounts were accessed by people who shouldn't have had access. An unprotected server caused this problem.

AT&T's situation exposed names, phone numbers, and email addresses  of the 9 million customer accounts. This happened because of a problem with a vendor's setup. While no financial info was exposed, basic personal details were.

These breaches highlight the need to be careful with our personal information online and for companies to make sure their systems are secure.

In today's world, we increasingly use technology to talk to each other. But we need to use our own VPNs to make sure our talks stay private. Companies should tell us clearly if they're listening and get our permission fair and square. It’s the government’s job to make enforceable rules and stop companies from invading our privacy. Our private chats might not be as private as we think. Talking over devices almost always means companies are listening in on us. This puts our privacy and information at risk.

‍

Does My Phone Listen?! (by Afrocal12)

‍

It started with phone companies recording and sharing data from calls, and has evolved to the very same phones doing the dirty deeds on their own citation, rapidly expanded to include theft of data as seemingly trivial as emoji usage demographics, telephone metadata and web browsing interest all signed away with the click of a button to access 3rd party services. 

The recent Presidential election that happened in Nigeria February 25th 2023 revealed a leaked phone conversation between a prominent Servant of God and one of the Presidential candidates. This shows that every phone conversation is monitored and Service providers are selling important data to information seekers. 

Our smartphones employ voice assistant apps like Siri and "Hey Google" to provide virtual assistance by listening to our conversations. This extends beyond assisting to include tailoring personalised advertisements based on these conversations. These targeted ads are not coincidental; they directly align with recent phone conversations.

Similar to how search engines monitor our online activities to offer pertinent search results and ads, smartphones can be likened to verbal search engines. These devices, along with their applications, possess the ability to track our internet behavior, contributing to a broader picture of our interests and preferences.

When you activate "Hey Google" or Siri, it's like asking to open a virtual browser window. This action comes with the potential for data collection, often utilised for advertising and marketing objectives.

In late 2021 Apple was battling their own data nightmare, a “data exploiting bug” was associated with Mac and iPhone or iPad products posing the opportunity for users to have “their audio accessories hacked when using apps associated with audio due to the app needing microphone access, or showing that it was using the microphone,” Apple Insider said.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo. During testing, Rambo found that the tool intercepted audio data from the AirPods while he used Siri, and it didn't require microphone permission from the system.

‍

Stay tuned for Part 2 by our admins Samuel, Erlyn Joy and Ipek, and their take on the Shadow Data Economy, China's Point System 2.0 and Digital Personalities in the 21st Century.

‍
Sources:

1. https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html
2.  https://firewalltimes.com/microsoft-data-breach-timeline/
3. https://www.bankinfosecurity.com/first-american-settles-sec-over-data-beach-for-488k-a-16912
4. https://firewalltimes.com/facebook-data-breach-timeline/
5. https://www.forbes.com/sites/leemathews/2021/06/29/details-on-700-million-linkedin-users-for-sale-on-notorious-hacking-forum/?sh=bc4180b34a46
6.  https://www.security.org/resources/data-tech-companies-have/
7. https://arxiv.org/pdf/1804.08959.pdf
8. https://cbscreening.co.uk/news/post/your-personal-data-and-how-companies-use-it
9. https://queue.acm.org/detail.cfm?id=1613130
10. https://www.britannica.com/technology/electronic-eavesdropping
11. https://www.newyorker.com/magazine/1938/06/18/tapping-the-wires
12. https://www.theverge.com/2017/7/12/15962520/verizon-nice-systems-data-breach-exposes-millions-customer-records
13. https://resources.infosecinstitute.com/topics/news/massive-att-data-breach-and-fake-jobs-targeting-security-researchers/
14. https://guardian.ng/news/obis-leaked-phone-call-with-oyedepo-raises-dust/

‍

—-----------------
The DAO Labs Community relies on your feedback. Follow us on these social media: 

‍Telegram: https://t.me/DaoLabs

‍Twitter: https://twitter.com/TheDaoLabs

‍Reddit: https://www.reddit.com/r/DAOLabs/

‍DAO Labs Medium: https://medium.com/dao-labs

‍YouTube: https://bit.ly/3Jy3eW2

‍TikTok https://vm.tiktok.com/ZML4VuhGq/

‍