In this week’s Cyber Blurbs Roundup, we take a look at Facebook’s decision to move on from Face Recognition, the US’ next step in combatting hackers, and a bad day for a spyware developer.
Facebook (Sorta) Pulls Plug on Facial Recognition Tech
Facebook will put an end to its use of its Face Recognition feature, the company announced on Nov. 2. The feature was used for photo-tagging on the social networking platform: allowing users to be notified when they’d been tagged in recently posted photos or videos, as well as providing the image posters with suggestions on whom to tag.
The move serves as a big win for online privacy advocates who long expressed concern over the company’s facial recognition tech.
Jerome Pesenti, VP of Artificial Intelligence at Meta, says that while the tech has been beneficial to users, the company must also consider the negative impact it can have on society at large.
“But the many specific instances where facial recognition can be helpful need to be weighed against growing concerns about the use of this technology as a whole,” he wrote in a blog post. “There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use. Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”
But, as you may have surmised by the subhead dedicated to this blurb, there’s some fine print to consider. Meta, as first reported by Recode, will maintain its use of facial recognition tech to some degree. Meta spokesperson Jason Grosse tells Recode that the company will continue to leverage biometrics to support its virtual reality platform. The company also plans on keeping Deepface, the algorithm behind Facebook’s photo-tagging feature.
Grosse told Recode:
“We believe this technology has the potential to enable positive use cases in the future that maintain privacy, control, and transparency, and it’s an approach we’ll continue to explore as we consider how our future computing platforms and devices can best serve people’s needs. For any potential future applications of technologies like this, we’ll continue to be public about intended use, how people can have control over these systems and their personal data, and how we’re living up to our responsible innovation framework.”
A full statement from Meta can be found here.
US State Department Offers $10M Bounty for Colonial Pipeline Hackers
You may recall the Colonial Pipeline fiasco in May of this year, when much of the east coast was sent into a frenzy as the masses flocked to gas stations to panic-buy all of the fuel they could carry (sensible safety regulations be damned). It’s been a bit of a year. No sweat if you forgot. Gas was in high demand and adequate supply, but panic-induced purchasing prompted shortages, which led to higher-than-usual prices (though, none of it ever came close to what California is seeing today).
The issue stemmed from a ransomware incident carried out by cyber criminal group DarkSide — an attack that led to a $4.4 million payout in order for Colonial Pipeline to regain access to its system. US law enforcement officials were later able to intercept more than half of it, but it still stands as one of the most expensive ransomware payouts in history.
Months later, the US Department of State is still looking for answers. So much so that the feds are now offering a $10 million bounty to anybody capable of offering “identity or location” for DarkSide leadership. There’s also a $5 million reward for information that leads to the arrest or conviction of anybody involved in the ransomware incident.
The eight-figure bounty is just the latest example of how the US is looking to crackdown on ransomware actors — particularly those responsible for impacting American infrastructure. In June, the Department of Homeland Security announced plans to regulate pipeline security. Pipeline companies will now have to report directly to the Transportation Security Administration, notifying the TSA of any and all cyber incidents.
For its part, DarkSide eventually issued a formal apology for the Colonial Pipeline attack, stating that it will work to “avoid social consequences in the future,” per Vice.
Department of Commerce Blacklists Spyware Group
The US Department of Commerce has added the NSO Group to the Entity List for malicious cyber activities, citing the group’s development of the notorious Pegasus spyware. This, in essence, means that the federal government is asking American companies to avoid doing business with the NSO Group.
The Pegasus spyware first made headlines earlier this year as part of The Pegasus Project, a multi-outlet effort that revealed the spyware was at times used by repressive governments to spy on activists, journalists, and politicians around the world. NSO says its software was never intended to be used in this way.
The Commerce Department isn’t quite focused on the software developer’s intentions.
“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad,” Commerce Secretary Gina M. Raimondo said in a statement.
Pegasus was originally designed as a tool for law enforcement. It is intended to work without any suspicion from the target, providing law enforcement with access to the device’s text messages, images, and passwords.
A full statement from the Department of Commerce can be found here.