paris victims

Tech Firms On Trial for Paris Attacks

The father of one of the women killed in the Paris attacks in November has brought litigation against a variety of tech firms, holding businesses like Google, Facebook and Twitter responsible for providing “material support” to the violent extremists.

According to Reynaldo Gonzalez, the tech firms “knowingly permitted” the Islamic State group, called “ISIS” in his legal action, to use their services to recruit, raise money and spread “extremist propaganda.”

isis on facebook“For years, [the companies] have knowingly permitted the terrorist group ISIS to use their social networks as a tool for spreading extremist propaganda, raising funds and attracting new recruits,” stated the court papers filed by Gonzalez’s representation¬†in California on Tuesday.

“This material support has been instrumental to the rise of ISIS, and has enabled it to carry out numerous terrorist attacks, including the 13 November 2015 attacks in Paris, where more than 125 were killed, including Nohemi Gonzalez.”

Reynaldo Gonzalez’s daughter Nohemi was one of the 130 people killed when extremists attacked Paris’ Batacian concert hall, the national football stadium in Saint-Denis, and a spattering of bars and restaurants.

According to Gonzalez, “the explosive growth of ISIS over the last few years into the most-feared terrorist group in the world would not have been possible” without Twitter, Facebook and Youtube (Google-owned) as they have acted as the means through which the violent extremist group could spread its ideals.

Gonzalez quoted the Brookings Instritution research as stating that ISIS “exploited social media, most notoriously Twitter, to send its propaganda and messaging out to the world and to draw in people vulnerable to radicalization.”

The companies have responded by asserting that they have policies against extremist material and acted within the boundaries of the law.¬†Twitter stated that it had “teams around the world actively investigating reports of rule violations, identifying violating conduct, and working with law-enforcement entities when appropriate.”

Facebook stated that if the company saw “evidence of a threat of imminent harm or a terror attack,” it always contacted law enforcement.

isis2Google declined to comment on the pending legal action, but noted that it had “clear policies prohibiting terrorist recruitment and content intending to incite violence and quickly removed videos violating these policies when flagged by our users.”

US law tends to not hold internet companies responsible for the material that their users post on their networks. According to Section 230 of the 1996 Communications Decency Act, the government allows for a “safe harbour” for companies like Twitter and Facebook, claiming that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

Whether this legal argument will be enough to free the tech firms of liability in this case remains to be seen.

According to Ari Kresch, one of the lawyers representing Gonzalez, “This complaint is not about what ISIS’s messages say… it is about Google, Twitter, and Facebook allowing ISIS to use their social media networks for recruitment and operations.”

According to the complaint, YouTube shared revenue with ISIS when advertisements ran on the group’s videos.

twitter2

Dark Web Targets Twitter Users

It’s recently been revealed that data has been stolen from over 32 million Twitter users and offered for sale on the dark web for 10 bitcoin, a joint price of about US$5,800. LeakedSource made the sale public and added the account and email information to its searchable repository of credentials that have become compromised.

dark web2Apparently the data set came from a user called Tessa88@exploit.im, a username that has been connected to other large collections of compromised date including the credentials for over 425 million Myspace accounts that made headlines a few weeks back. The Twitter information includes over 32 million records with each one containing email addresses, usernames and passwords.

According to LeakedSource, that information likely originated from compromised user systems as opposed to a breach of Twitter’s systems, meaning that the hackers responsible infected tens or millions of users’ systems with malware that then collected saved usernames and passwords from browsers like Chrome and Firefox.

“We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached,” tweeted Twitter’s Trust and Information Security Officer Michael Coats, or the hacker that was posing to be him. “We are working with @leakedsource to obtain this information & take additional steps to protect users.”

As stated earlier, it appears that Twitter’s systems were not breached to obtain the data. That said, the fact that all that data has been compromised poses a major problem for users and service providers alike on a global level. As Joe Siegrist, vice president and general manager of LastPass stated,

“It looks like plain text passwords have been stolen from over 32 million consumers, most likely from their browsers, i.e. Chrome, Firefox, Safari… While it is heavily weighted towards Russian consumers, it’s impacting people all over the world.”

“It also means that this isn’t just a Twitter attack- that’s just the data source that’s being traded,” continued Siegrist. “It means this is an end user plain text password scrape attack which will impact every account the end user saved. Every service provider in the world needs to be on the lookout for nefarious activity.”

hack2While the attack is certainly disconcerting to all Twitter users, those with two-factor authentication aren’t likely to have the security of their accounts significantly compromised. Two-factor authentication requires that the person logging in not only provide a password, but a code must also be sent by an account holder, generally in the form of a text to a mobile phone.

“If log-in verification is enabled, then the hacker should not be able to access their account, because they don’t have the physical device that’s used to authorize the log-in,” explained Symantec Senior Security Response Manager Satnam Narang. That said, even if the 2FA protects a person’s Twitter account, if the user uses the same password for other accounts, they may have other issues on their hands.

“If the Twitter password is reused elsewhere, Twitter two-factor authentication isn’t going to help you on those other accounts,” explained Trend Micro Global Threat Communications Manager Christopher Budd.