hunter.sundbeck

Privacy Tracking & Surveillance

YouTube Video and Spotify Episode. Find us on Apple Podcasts!

Privacy Tracking & Surveillance 

United Healthcare Cyber Attack

  • (Feb 21, based in Nashville) Change Healthcare – Platform providing analytics, data, data transfers between providers, payers, and consumers https://status.changehealthcare.com/incidents/hqpjz25fn3n7 
  • Any pharmacies, including military pharmacies, couldn’t provide prescriptions to customers 
  • Systems were disconnected and taken offline to avoid further spread and isolate he issue.  
  • Handles 67,000 pharmacies, 129 million customers, and 15 billion transactions annually 
  • Too early to tell if patient data was exposed and what exactly happened, although my guess is that a third party with access to the platform was breached and the threat actor was able to obtain entry to the system 
  • Suspecting a nation-state in the breach 

Chapter 6: Tracking & Surveillance

We will not be discussing the technical aspects of internet travel (protocols, packet headers, GET, etc.)  

Internet Monitoring

  • Packets traveling across the web –> Packet sniffing, eavesdropping 
  • Emails communications being intercepted 
  • Employers tracking employee activity on company devices 

Web Tracking 

  • Wireshark, Kismet, Eavesdrop tools 
  • Cookies 
  • Set-cookie (small text file saved to the user’s PC with values the site wants to store, expiration date, and domain path) 
  • Session cookie (stored only until the web browser is closed and only info about a particular page visit) 
  • Persistent Cookies (can be saved indefinitely, unique user identifier, website preferences)  

Blocking and Controlling Web Traffic

  • US Children’s Internet Protection Act (CIPA) requires schools and public libraries to block harmful and inappropriate content. 
  • Helpful tips 
    • Use HTTPS 
    • Secure wireless networks 
    • Use VPNs 
    • Use TLS 1.2 

Location Tracking 

  • Often seeing the banner coming up that asks, “would you like to share your location with XYZ?” Options are usually “Never,”” “Only while using app,” or “always.” 
  • Safari and Firefox block 3rd party cookies 
  • RFIDs used to track inventory and products 
  • Location tracking should only be included if it provides a direct benefit to the user and is a primary component of the service/product offered to the user. In other words, it should only be included in the offering if the service is unusable without it.  

Audio and Video Surveillance

  • The Federal Wiretap Act allowed the FBI to legally tap the cell phones of known criminals. Malware was deployed to the phones to tab them. 
  • Pennsylvania School District in 2010 was taking photos of children’s homes w/o their knowledge or parental consent 
  • 42 users were affected in 14 months, settled for $600k 

Sensor-based Surveillance 

  • Smart homes and all the sensors 
  • Vehicles and sensors included in them 
  • Pothole tracking application where drivers report potholes. In addition to reporting potholes, the drivers also give up their location since they need to report the potholes based on where they drove. 

Behavioral Monitoring

  • Targeted Advertising 
  • Building large data models based on your preferences to then target advertisements –> Those Instagram ads where you were talking about something, then suddenly you get an ad for it. Hearing your voice or just planning a few steps ahead of you? 

Concluding Thoughts

  • Privacy Bill Next Up: New Hampshire (HB 314, SB 255) 
  • Privacy Bill in the hole: Wisconsin (AB 466), Kentucky (HB 15) 
  • NIST 800-66 Rev 2 to guide you to HIPAA compliance is available 
  • COPPA 2.0 has fresh new sponsorships w/ Maria Cantwell and Ted Cruz 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.