Infosec Round-Up Nov 5th

Labour Data Breach, NSO Ban & Facebook Ends Facial Recognition

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Labour Party Data Breach

The UK’s Labour Party has announced to members that some of their information has been breached following a suspected ransomware attack against a third-party data handler.

Alerting members via a breach notice on the political party’s website, information belonging to members, registered and affiliated supporters, and “other individuals who have provided their information to the Party” is believed to have been affected.

Having been alerted to the breach on the 29th of October, the extent of the data breach has yet to be confirmed, though the party has noted it is working closely with the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) to investigate the incident.

In the official statement, the party also noted they are “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident.”

Adding, “The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident”.

Facebook to End Facial Recognition

The Facebook platform has announced that it will be discontinuing the use of its facial recognition software and deleting 1 billion existing facial profiles, or faceprints, used to automatically recognise individuals in photos and videos.

Closely following the parent company’s rebranding to ‘Meta’, Facebook announced the end to the controversial technology citing the need to balance the use of such systems against “growing societal concerns”, as well as a lack of clear guidance from regulators.

The development also comes only months after the settlement of a long-running Illinois-based class action lawsuit in which the company agreed to pay out $650 million to users who argued its facial recognition tool was in violation of the state's privacy laws.

Jerome Pesenti, VP of Artificial Intelligence stated on the decision, “There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use… Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”

US Sanctions NSO Group

The controversial Israeli company behind the surveillance software Pegasus has this week been added to a US trade blacklist.

Added to the Commerce Department's Bureau of Industry and Security’s Entity List, preventing the export, reexport, or transfer of the company’s products or services, the creators of the so-called ‘military-grade spyware’ are said to be “dismayed” at the decision.

Having faced significant criticism for its involvement in the surveillance of murdered Saudi journalist Jamal Khashoggi, as well as being accused of selling its services to other authoritarian regimes, NSO Group continues to insist upon its “rigorous compliance and human rights programs”.

The US Commerce Department stated on the decision: “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.