At a glance.

  • Are reverse search warrants a violation of privacy? 
  • NFT marketplace involved in massive user data breach.
  • Renter, beware.
  • CISA on MedusaLocker ransomware.

Are reverse search warrants a violation of privacy? 

Forbes reports that an arson case is raising major questions about privacy on the internet. After a family of five died in a house fire in the US state of Colorado, investigators issued a Google keyword search warrant to gather information on anyone who had conducted an internet search for the home’s address. The data led police to three suspects, but privacy advocates as well as the suspects’ legal counsel say the Google warrant was a violation of their constitutional right to privacy. Mike Price, counsel for one of suspects and Fourth Amendment Center litigation director at the National Association of Criminal Defense Lawyers, has launched the first ever US constitutional challenge to keyword warrants, seeking to suppress the evidence provided by Google. 

Privacy advocates have long argued that because keyword warrants don’t target a specific person or property, they endanger the privacy of everyone in the country. Furthermore, some argue such searches violate the First Amendment by giving the government information on what innocent people are searching for in private. An amicus brief submitted by internet privacy advocacy group the Electronic Frontier Foundation (EFF) states, “Over the course of months and years, there is little about a users’ life that will not be reflected in their search keywords, from the mundane to the most intimate. The result is a vast record of some of users’ most private and personal thoughts, opinions, and associations.” 

NFT marketplace involved in massive user data breach.

OpenSea, the world’s largest NFT marketplace, has disclosed that a massive data breach has led to the exposure of user data. The NFT giant, which was valued at a whopping $13 billion in January, says an employee of OpenSea email vendor shared the email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party, TechCrunch explains. The company stated, “If you have shared your email with OpenSea in the past, you should assume you were impacted,” indicating that the data of any of the 1.8 million users who have conducted transactions through the Ethereum network on OpenSea could be compromised. The employee at fault has been suspended, and OpenSea is working with on an investigation. 

Renter, beware.

Renters are being urged to read their landlords’ privacy policies carefully after a TechCrunch writer found that his name and home address were made publicly available on the website of rental rewards company Bilt Rewards, and that anyone with his email address could easily access the data. Bilt Rewards founder Ankur Jain explained that Equity, the company that owns the building, had shared a subset of its renters’ data with Bilt. Turns out the writer had unknowingly given Equity the right to do this when he agreed to the company’s Terms of Use and Privacy Policy. When contacted, Equity spokesperson Marty McKenna stated they didn’t see their actions as a security issue, explaining, “Equity Residential shares information with service providers to allow services to be provided to our residents. Our authority to do so lies in our Terms of Use and Privacy Policy which are available on our website.” Further investigation showed that Equity is not the only company that builds such verbiage into their privacy policy, and with the US undergoing a massive housing shortage, it’s likely most renters wouldn’t let such fine print keep them from putting a roof over their heads. 

CISA on MedusaLocker ransomware.

As part of the US government’s #StopRansomware campaign, a joint Cybersecurity Advisory (CSA) warning the public about MedusaLocker ransomware was issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN). The CSA reads, “Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks.” After encryption, the victims are directed to a bitcoin wallet to deposit the requested ransom. The group operates on a Ransomware-as-a-Service (RaaS) model, with an affiliate receiving the majority of the ransom and the developer receiving the remainder. Suggested mitigations include implementing a system recovery plan that maintains secure, regularly updated backups of sensitive and proprietary data, enabling real time detection for antivirus software on all hosts, staying abreast of all updates, and regularly reviewing the network for suspicious accounts. An audio version of the CISA Alert, prepared with the CyberWire, may be found here.