Tag Archives: hacking biometric information

How Russia Invaded Microsoft

Leave a reply

Microsoft  said in March 2024 a Russian state-sponsored hacking group that stole information from its senior leadership team is still using that information to gain unauthorized access to its internal systems. The technology company disclosed in January  2024 that the group, which it has identified as Midnight Blizzard, had extracted information from a small percentage of employee email accounts, including members of its senior leadership team and employees in its cybersecurity and legal teams. Since that disclosure, the group has used that information to gain access to Microsoft’s source code repositories and internal systems. The volume of some aspects of the attack, including password sprays, jumped 10-fold in February compared with the already large volume Microsoft encountered in January, it said.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said. The company said that its investigations of Midnight Blizzard activities are continuing and that it is coordinating efforts with federal law enforcement. In a blog post last August 2023, Microsoft said it had detected Midnight Blizzard, previously known as Nobelium, launching targeted social-engineering attacks that used Microsoft Teams chats to phish for credentials. The former Nobelium group has been linked by U.S. authorities to the Foreign Intelligence Service of the Russian Federation and is known for its involvement in the massive SolarWinds hack of 2020.

Excerpts from Dean Seal, Microsoft Says Russian-Sponsored Hackers Still Using Stolen Information, WSJ, Mar. 9, 2024

Alas! Computers that Really Get You

Leave a reply

 Artificial intelligence (AI) software can already identify people by their voices or handwriting. Now, an AI has shown it can tag people based on their chess-playing behavior, an advance in the field of “stylometrics” that could help computers be better chess teachers or more humanlike in their game play. Alarmingly, the system could also be used to help identify and track people who think their online behavior is anonymous

The researchers are aware of the privacy risks posed by the system, which could be used to unmask anonymous chess players online…In theory, given the right data sets, such systems could identify people based on the quirks of their driving or the timing and location of their cellphone use.

Excerpt from  Matthew Hutson, AI unmasks anonymous chess players, posing privacy risks, Science, Jan. 14, 2022

The Uses and Abuses of Alexa

Leave a reply

Excerpts from the Interview with Robert Lewis Shayon author of “The Voice Catchers: How Marketers Listen In to Exploit Your Feelings, Your Privacy, and Your Wallet” published  at the Pennsylvania Gazette July 2021

There is  emerging industry that is deploying immense resources and breakthrough technologies based on the idea that voice is biometric—a part of your body that those in the industry believe can be used to identify and evaluate you instantly and permanently. Most of the focus in voice profiling technology today is on emotion, sentiment, and personality. But experts tell me it is scientifically possible to tell the height of a person, the weight, the race, and even some diseases. There are actually companies now trying to assess, for example, whether you have Alzheimer’s based upon your voice…

The issue is that this new voice intelligence industry—run by companies you know, such as Amazon and Google, and some you don’t, such as NICE and Verint—is sweeping across society, yet there is little public discussion about the implications. The need for this conversation becomes especially urgent when we consider the long-term harms that could result if voice profiling and surveillance technologies are used not only for commercial marketing purposes, but also by political marketers and governments, to say nothing of hackers stealing data.

There are hundreds of millions of smart speakers out there, and far more phones with assistants, listening to you and capturing your voice. Voice technology already permeates virtually every important area of personal interaction—as assistants on your phone and in your car, in smart speakers at home, in hotels, schools, even stores instead of salespeople. 

Amazon and Google have several patents centering around voice profiling that describe a rich future for the practice…But consider the downside: we could be denied loans, have to pay much more for insurance, or be turned away from jobs, all on the basis of physiological characteristics and linguistic patterns that may not reflect what marketers believe they reflect.

The first thing to realize is that voice assistants are not our friends no matter how friendly they sound. I argue, in fact, that voice profiling marks a red line for society that shouldn’t be crossed.

Breath and Sweat: the Biometrics of All Private Things

Leave a reply

It is not just DNA that people scatter to the wind as they go about their business. They shed a whole range of other chemicals as well, in their breath, their urine, their faeces and their sweat. Collectively, these molecules are referred to as metabolites….

The most common way of analysing metabolite content is gas chromatography-mass spectrometry. This technique sorts molecules by their weight, producing a pattern of peaks that correspond to different substances….There are, however, a lot of information sources out there, in the form of publicly available metabolite databases. The databases themselves are getting better, too…. A study just published by Feliciano Priego-Capote at University of Cordoba, in Spain, for example, shows it is possible to extract much meaningful information from even a dried-up drop of sweat. “The day is coming soon”, observes Cecil Lewis, a molecular anthropologist at University of Oklahoma, who is studying the matter, “when it will be possible to swab a person’s desk, steering wheel or phone and determine a wide range of incredibly private things about them….


The police may be tempted to push the boundaries as well. The fourth amendment to America’s constitution protects against unwarranted searches and seizure of evidence. This means it is hard to force someone to give a sample. But if obtaining such merely requires taking a swab of a surface in a public place—perhaps a keyboard someone has just used—the 4th amendment is unlikely to apply.

That is not necessarily wrong, if it means more criminals are caught and convicted. But it needs to be thought about carefully, because many metabolites are sticky. Cocaine is a case in point. Studies have shown that as many as two-thirds of the dollar bills in circulation in America carry traces of this substance, which might thus end up on the fingertips of the innocent, as well as the guilty.

Excerpts from Metabolites and You, Economist, Feb. 15, 2019

The Biometrics Bonanza: Measuring and Identifying Humans

Leave a reply

Many African  governments have unwisely bought biometric proprietary systems of private companies, meaning that they are forced to go back to the seller for maintenance, upgrades and new components. That can be expensive. When Nigeria wanted to use its own card-printing machines, the firm that had sold it software tried to insist that Nigeria buy its machines as well… They eventually got help from Pakistan, which had software that worked on any machine.

But there are signs of change coming from within the industry itself, spurred by developments in an entirely different part of the world: India. Like Africa, it is vast, poor and home to more than a billion people. Yet as a single country India has tremendous negotiating power. When India developed its “Aadhaar” identity programme it invited leading firms to bid—but with the caveat that they provide open-source software, or code that can be examined and changed by others. This allowed engineers to knit together different bits of a system such as databases, enrollment software, fingerprint scanners and so on. The suppliers agreed because they did not want to miss out on the biggest identity bonanza the world had ever seen. Moreover, India’s spending led to a big increase in production, which caused prices to fall across the industry.

Even as governments think about the technical problems of recording identity, they also need to grapple with the far more consequential ones around rights, governance and privacy. The starkest warning of the misuse of identity was in the Rwandan genocide, where ID papers listed ethnicity, making it easy to target Tutsis. Since data on religion and ethnicity are not needed to provide services, governments should not be hoovering it up.

States should also be wary of denying people their rights by creating a class of citizens without papers. In Kenya, for example, the government wants everyone to register for ID  cards, but it discriminates against members of the Nubian minority by forcing them to appear before a security panel to prove their nationality. Modern identity systems promise to bring many benefits to Africa. But as they proliferate, so too will the temptation for politicians to misuse them

Excerpts from Identity Documentation in Africa: Papers Please, Economist, Dec. 7, 2019

Who Owns Your Voice? Grabbing Biometric Data

Leave a reply

Increasingly sophisticated technology that detects nuances in sound inaudible to humans is capturing clues about people’s likely locations, medical conditions and even physical features.Law-enforcement agencies are turning to those clues from the human voice to help sketch the faces of suspects. Banks are using them to catch scammers trying to imitate their customers on the phone, and doctors are using such data to detect the onset of dementia or depression.  That has… raised fresh privacy concerns, as consumers’ biometric data is harnessed in novel ways.

“People have known that voice carries information for centuries,” said Rita Singh, a voice and machine-learning researcher at Carnegie Mellon University who receives funding from the Department of Homeland Security…Ms. Singh measures dozens of voice-quality features—such as raspiness or tremor—that relate to the inside of a person’s vocal tract and how an individual voice is produced. She detects so-called microvolumes of air that help create the sound waves that make up the human voice. The way they resonate in the vocal tract, along with other voice characteristics, provides clues on a person’s skull structure, height, weight and physical surroundings, she said.

Nuance’s voice-biometric and recognition software is designed to detect the gender, age and linguistic background of callers and whether a voice is synthetic or recorded. It helped one bank determine that a single person was responsible for tens of millions of dollars of theft, or 18% of the fraud the firm encountered in a year, said Brett Beranek, general manager of Nuance’s security and biometrics business.

Audio data from customer-service calls is also combined with information on how consumers typically interact with mobile apps and devices, said Howard Edelstein, chairman of behavioral biometric company Biocatch. The company can detect the cadence and pressure of swipes and taps on a smartphone.  How a person holds a smartphone gives clues about their age, for example, allowing a financial firm to compare the age of the normal account user to the age of the caller…

If such data collected by a company were improperly sold or hacked, some fear recovering from identity theft could be even harder because physical features are innate and irreplaceable.

Sarah Krouse, What Your Voice Reveals About You, WSJ, Aug. 13, 2019