Tag Archives: Exposed
WASHINGTON (Reuters) – Twitter may notify users whether they were exposed to content generated by a suspected Russian propaganda service, a company executive told U.S. lawmakers on Wednesday.
The social media company is “working to identify and inform individually” its users who saw tweets during the 2016 U.S. presidential election produced by accounts tied to the Kremlin-linked Internet Research Army, Carlos Monje, Twitter’s director of public policy, told the U.S. Senate Commerce, Science and Transportation Committee.
A Twitter spokeswoman did not immediately respond to a request for comment about plans to notify its users.
Facebook Inc in December created a portal where its users could learn whether they interacted with accounts created by the Internet Research Agency.
Both companies and Alphabet’s YouTube appeared before the Senate committee on Wednesday to answer lawmaker questions about how their efforts to combat the use of their platforms by violent extremists, such as the Islamic State.
But the hearing often turned its focus to questions of Russian propaganda, a vexing issue for internet firms who spent most of the past year responding to a backlash that they did too little to deter Russians from using their services to anonymously spread divisive messages among Americans in the run-up to the 2016 U.S. elections.
U.S. intelligence agencies concluded Russia sought to interfere in the election through a variety of cyber-enabled means to sow political discord and help President Donald Trump win. Russia has repeatedly denied the allegations.
Reporting by Dustin Volz; Editing by Nick Zieminski
As long as you know the right URL, anyone with access to the internet could retrieve all the data that was left online by marketing analytics company Alteryx. This is the second major exposure of data stored and improperly managed in the Amazon Web Services S3 storage service.
In the Alteryx case, it was apparent that the firm had purchased the information from Experian, as part of a data set called ConsumerView. Alteryx uses this data to provide marketing and analytics services. It put the data in AWS S3—and forgot to lock the door.
In November, files detailing a secret US intelligence collection program were leaked in the same manner, also stored in S3. The program, led by US Army Intelligence and Security Command, a division of the National Security Agency, was supposed to help the Pentagon get real-time information about what was happening on the ground in Afghanistan in 2013 by collecting data from US computer systems on the ground. Much as in the Alteryx case, the data was exposed by a misconfigured S3 bucket.
Here’s the deal: AWS defaults to closing access to data in S3, so in both cases someone had to configure S3 to expose the data. Indeed, S3 has the option to provide data over the web, if configured to do so. So, this is not an AWS issue, but one of stupidity, naïveté, or ignorance by people running their S3 instances.
Public cloud providers often say that they are not responsible for ineffective, or in these cases nonexistent, security configurations that leave data exposed. You can see why.
In these cases, white hat hackers informed those in charge about the exposure. But I suspect that many other such mistakes have been uncovered by people who quietly collect the data and move on into the night.
The fix for this is really common sense: Don’t actively expose data that should not be exposed. You need to learn about security configurations and processes before you bring the public cloud into your life. Otherwise, this kind of avoidable stuff will keep happening.