Weekly Report: JPCERT/CCが「正規サービスを悪用した攻撃グループAPT-C-60による攻撃」を公開

JPCERT
2 weeks 3 days ago
JPCERT/CCは、「正規サービスを悪用した攻撃グループAPT-C-60による攻撃」を公開しました。JPCERT/CCでは、2024年8月ごろに攻撃グループAPT-C-60によるものとみられる国内の組織に対する攻撃を確認しています。本記事では、マルウェア感染までの流れ、ダウンローダーの分析、バックドアの分析、同種のマルウェアを使用した攻撃キャンペーンの4項目に分けて攻撃手法を解説しています。

Top Ten EFF Digital Security Resources for People Concerned About the Incoming Trump Administration

EFF update
2 weeks 3 days ago

In the wake of the 2024 election in the United States, many people are concerned about tightening up their digital privacy and security practices. As always, we recommend that people start making their security plan by understanding their risks. For most people in the U.S., the threats that they face and the methods by which they are likely to be surveilled or harassed have not changed, but the consequences of digital privacy or security failures may become much more serious, especially for vulnerable populations such as journalists, activists, LGBTQ+ people, people seeking or providing abortion-related care, Black or Indigenous people, and undocumented immigrants.

EFF has decades of experience in providing digital privacy and security resources, particularly for vulnerable people. We’ve written a lot of resources over the years and here are the top ten that we think are most useful right now:

1. Surveillance Self-Defense

https://ssd.eff.org/

Our Surveillance Self-Defense guides are a great place to start your journey of securing yourself against digital threats. We know that it can be a bit overwhelming, so we recommend starting with our guide on making a security plan so you can familiarize yourself with the basics and decide on your specific needs. Or, if you’re planning to head out to a protest soon and want to know the most important ways to protect yourself, check out our guide to Attending a Protest. Many people in the groups most likely to be targeted in the upcoming months will need advice tailored to their specific threat models, and for that we recommend the Security Scenarios module as a quick way to find the right information for your particular situation. 

2. Street-Level Surveillance

https://sls.eff.org/ 

If you are creating your security plan for the first time, it’s helpful to know which technologies might realistically be used to spy on you. If you’re going to be out on the streets protesting or even just existing in public, it’s important to identify which threats to take seriously. Our Street-Level Surveillance team has spent years studying the technologies that law enforcement uses and has made this handy website where you can find information about technologies including drones, face recognition, license plate readers, stingrays, and more.

3. Atlas Of Surveillance

https://atlasofsurveillance.org/ 

Once you have learned about the different types of surveillance technologies police can acquire from our Street-Level surveillance guides, you might want to know which technologies your local police has already bought. You can find that in our Atlas of Surveillance, a crowd-sourced map of police surveillance technologies in the United States. 

4. Doxxing: Tips To Protect Yourself Online & How to Minimize Harm

https://www.eff.org/deeplinks/2020/12/doxxing-tips-protect-yourself-online-how-minimize-harm

Surveillance by governments and law enforcement is far from the only kind of threat that people face online. We expect to see an increase in doxxing and harassment of vulnerable populations by vigilantes, emboldened by the incoming administration’s threatened policies. This guide is our thinking around the precautions you may want to take if  you are likely to be doxxed and how to minimize the harm if you’ve been doxxed already.

5. Using Your Phone in Times of Crisis

https://www.eff.org/deeplinks/2022/03/using-your-phone-times-crisis

Using your phone in general can be a cause for anxiety for many people. We have a short guide on what considerations you should make when you are using your phone in times of crisis. This guide is specifically written for people in war zones, but may also be useful more generally. 

6. Surveillance-Self Defense for Campus Protests

https://www.eff.org/deeplinks/2024/06/surveillance-defense-campus-protests 

One prediction we can safely make for 2025 is that campus protests will continue to be important. This blog post is our latest thinking about how to put together your security plan before you attend a protest on campus.

7. Security Education Companion

https://www.securityeducationcompanion.org/

For those who are already comfortable with Surveillance Self-Defense, you may be getting questions from your family, friends, or community about what to do now. You may even consider giving a digital security training session to people in your community, and for that you will need guidance and training materials. The Security Education Companion has everything you need to get started putting together a training plan for your community, from recommended lesson plans and materials to guides on effective teaching.

8. Police Location Tracking

https://www.eff.org/deeplinks/2024/11/creators-police-location-tracking-tool-arent-vetting-buyers-heres-how-protect 

One police surveillance technology we are especially concerned about is location tracking services. These are data brokers that get your phone's location, usually through the same invasive ad networks that are baked into almost every app, and sell that information to law enforcement. This can include historical maps of where a specific device has been, or a list of all the phones that were at a specific location, such as a protest or abortion clinic. This blog post goes into more detail on the problem and provides a guide on how to protect yourself and keep your location private.

9. Should You Really Delete Your Period Tracking App?

https://www.eff.org/deeplinks/2022/06/should-you-really-delete-your-period-tracking-app

As soon as the Supreme Court overturned Roe v. Wade, one of the most popular bits of advice going around the internet was to “delete your period tracking app.” Deleting your period tracking app may feel like an effective countermeasure in a world where seeking abortion care is increasingly risky and criminalized, but it’s not advice that is grounded in the reality of the ways in which governments and law enforcement currently gather evidence against people who are prosecuted for their pregnancy outcomes. This blog post provides some more effective ways of protecting your privacy and sensitive information. 

10. Why We Can’t Just Tell You Which Messenger App to Use

https://www.eff.org/deeplinks/2018/03/why-we-cant-give-you-recommendation

People are always asking us to give them a recommendation for the best end-to-end encrypted messaging app. Unfortunately, this is asking for a simple answer to an extremely nuanced question. While the short answer is “probably Signal most of the time,” the long answer goes into why that is not always the case. Since we wrote this in 2018, some companies have come and gone, but our thinking on this topic hasn’t changed much.

Bonus external guide

https://digitaldefensefund.org/learn

Our friends at the Digital Defense Fund have put together an excellent collection of guides aimed at particularly vulnerable people who are thinking about digital security for the first time. They have a comprehensive collection of links to other external guides as well.

***

EFF is committed to keeping our privacy and security advice accurate and up-to-date, reflecting the needs of a variety of vulnerable populations. We hope these resources will help you keep yourself and your community safe in dangerous times.

Cooper Quintin

Speaking Freely: Aji Fama Jobe

EFF update
2 weeks 3 days ago

*This interview has been edited for length and clarity.

Aji Fama Jobe is a digital creator, IT consultant, blogger, and tech community leader from The Gambia. She helps run Women TechMakers Banjul, an organization that provides visibility, mentorship, and resources to women and girls in tech. She also serves as an Information Technology Assistant with the World Bank Group where she focuses on resolving IT issues and enhancing digital infrastructure. Aji Fama is a dedicated advocate working to leverage technology to enhance the lives and opportunities of women and girls in Gambia and across Africa.

Greene: Why don’t you start off by introducing yourself? 

My name is Aji Fama Jobe. I’m from Gambia and I run an organization called Women TechMakers Banjul that provides resources to women and girls in Gambia, particularly in the Greater Banjul area. I also work with other organizations that focus on STEM and digital literacy and aim to impact more regions and more people in the world. Gambia is made up of six different regions and we have host organizations in each region. So we go to train young people, especially women, in those communities on digital literacy. And that’s what I’ve been doing for the past four or five years. 

Greene: So this series focuses on freedom of expression. What does freedom of expression mean to you personally? 

For me it means being able to express myself without being judged. Because most of the time—and especially on the internet because of a lot of cyber bullying—I tend to think a lot before posting something. It’s all about, what will other people think? Will there be backlash? And I just want to speak freely. So for me it means to speak freely without being judged. 

Greene: Do you feel like free speech means different things for women in the Gambia than for men? And how do you see this play out in the work that you do? 

In the Gambia we have freedom of expression, the laws are there, but the culture is the opposite of the laws. Society still frowns on women who speak out, not just in the workspace but even in homes. Sometimes men say a woman shouldn’t speak loud or there’s a certain way women should express. It’s the culture itself that makes women not speak up in certain situations. In our culture it’s widely accepted that you let the man or the head of the family—who’s normally a man, of course—speak. I feel like freedom of speech is really important when it comes to the work we do. Because women should be able to speak freely. And when you speak freely it gives you that confidence that you can do something. So it’s a larger issue. What our organization does on free speech is address the unconscious bias in the tech space that impacts working women. I work as an IT consultant and sometimes when we’re trying to do something technical people always assume IT specialists are men. So sometimes we just want to speak up and say, “It’s IT woman, not IT guy.” 

Greene: We could say that maybe socially we need to figure this out, but now let me ask you this. Do you think the government has a role in regulating online speech? 

Those in charge of policy enforcement don’t understand how to navigate these online pieces. It’s not just about putting the policies in place. They need to train people how to navigate this thing or how to update these policies in specific situations. It’s not just about what the culture says. The policy is the policy and people should follow the rules, not just as civilians but also as policy enforcers and law enforcement. They need to follow the rules, too. 

Greene: What about the big companies that run these platforms? What’s their role in regulating online speech? 

With cyber-bullying I feel like the big companies need to play a bigger role in trying to bring down content sometimes. Take Facebook for example. They don’t have many people that work in Africa and understand Africa with its complexities and its different languages. For instance, in the Gambia we have 2.4 million people but six or seven languages. On the internet people use local languages to do certain things. So it’s hard to moderate on the platform’s end, but also they need to do more work. 

Greene: So six local languages in the Gambia? Do you feel there’s any platform that has the capability to moderate that? 

In the Gambia? No. We have some civil society that tries to report content, but it’s just civil society and most of them do it on a voluntary basis, so it’s not that strong. The only thing you can do is report it to Facebook. But Facebook has bigger countries and bigger issues to deal with, and you end up waiting in a lineup of those issues and then the damage has already been done. 

Greene: Okay, let’s shift gears. Do you consider the current government of the Gambia to be democratic? 

I think it is pretty democratic because you can speak freely after 2016 unlike with our last president. I was born in an era when people were not able to speak up. So I can only compare the last regime and the current one. I think now it’s more democratic because people are able to speak out online. I can remember back before the elections of 2016 that if you said certain things online you had to move out of the country. Before 2016 people who were abroad would not come back to Gambia for fear of facing reprisal for content they had posted online. Since 2016 we have seen people we hadn’t seen for like ten or fifteen years. They were finally able to come back. 

Greene: So you lived in the country under a non-democratic regime with the prior administration. Do you have any personal stories you could tell about life before 2016 and feeling like you were censored? Or having to go outside of the country to write something? 

Technically it was a democracy but the fact was you couldn’t speak freely. What you said could get you in trouble—I don’t consider that a democracy. 

During the last regime I was in high school. One thing I realized was that there were certain political things teachers wouldn’t discuss because they had to protect themselves. At some point I realized things changed because before 2016 we didn’t say the president’s name. We would give him nicknames, but the moment the guy left power we felt free to say his name directly. I experienced censorship from not being able to say his name or talk about him. I realized there was so much going on when the Truth, Reconciliation, and Reparations Commission (TRC) happened and people finally had the confidence to go on TV and speak about their stories. 

As a young person I learned that what you see is not everything that’s happening. There were a lot of things that were happening but we couldn’t see because the media was restricted. The media couldn’t publish certain things. When he left and through the TRC we learned about what happened. A lot of people lost their lives. Some had to flee. Some people lost their mom or dad or some got raped. I think that opened my world. Even though I’m not politically inclined or in the political space, what happened there impacted me. Because we had a political moment where the president didn’t accept the elections, and a lot of people fled and went to Senegal. I stayed like three or four months and the whole country was on lockdown. So that was my experience of what happens when things don’t go as planned when it comes to the electoral process. That was my personal experience. 

Greene: Was there news media during that time? Was it all government-controlled or was there any independent news media? 

We had some independent news media, but those were from Gambians outside of the country. The media that was inside the country couldn’t publish anything against the government. If you wanted to know what was really happening, you had to go online. At some point, WhatsApp was blocked so we had to move to Telegram and other social media. I also realized that at some point because my dad was in Iraq and I had to download a VPN so I could talk to him and tell him what was happening in the country because my mom and I were there. That’s why when people censor the internet I’m really keen on that aspect because I’ve experienced that. 

Greene: What made you start doing the work you’re doing now? 

First, when I started doing computer science—I have a computer science background—there was no one there to tell me what to do or how to do it. I had to navigate things for myself or look for people to guide me. I just thought, we don’t have to repeat the same thing for other people. That’s why we started Women TechMakers. We try to guide people and train them. We want employers to focus on skills instead of gender. So we get to train people, we have a lot of book plans and online resources that we share with people. If you want to go into a certain field we try to guide you and send you resources. That’s one of the things we do. Just for people to feel confident in their skills. And everyday people say to me, “Because of this program I was able to get this thing I wanted,” like a job or an event. And that keeps me going. Women get to feel confident in their skills and in the places they work, too. Companies are always looking for diversity and inclusion. Like, “oh I have two female developers.” At the end of the day you can say you have two developers and they’re very good developers. And yeah, they’re women. It’s not like they’re hired because they’re women, it’s because they’re skilled. That’s why I do what I do. 

Greene: Is there anything else you wanted to say about freedom of speech or about preserving online open spaces? 

I work with a lot of technical people who think freedom of speech is not their issue. But what I keep saying to people is that you think it’s not your issue until you experience it. But freedom of speech and digital rights are everybody’s issues. Because at the end of the day if you don’t have that freedom to speak freely online or if you are not protected online we are all vulnerable. It should be everybody’s responsibility. It should be a collective thing, not just government making policies. But also people need to be aware of what they’re posting online. The words you put out there can make or break someone, so it’s everybody’s business. That’s how I see digital rights and freedom of expression. As a collective responsibility. 

Greene: Okay, our last question that we ask everybody. Who is your free speech hero? 

My mom’s elder sister. She passed away in 2015, but her name is Mariama Jaw and she was in the political space even during the time when people were not able to speak. She was my hero because I went to political rallies with her and she would say what people were not willing to say. Not just in political spaces, but in general conversation, too. She’s somebody who would tell you the truth no matter what would happen, whether her life was in danger or not. I got so much inspiration from her because a lot of women don’t go into politics or do certain things and they just want to get a husband, but she went against all odds and she was a politician, a mother and sister to a lot of people, to a lot of women in her community.

David Greene

【フォトアングル】衆院選投開票日前日、野田代表最後の訴え=10月26日、池袋駅西口、伊東良平撮影

日本ジャーナリストクラブ(JCJ)
2 weeks 3 days ago
 異例の短期決戦となった衆議院選挙の投開票日前日、東京10区の池袋駅前には立憲民主党の野田佳彦代表が最後の応援に立ち、政治とカネの問題が最大の争点として、「裏金政治を続けるのか根絶させるのか、政権交代をして裏だらけの政治を終わらそよう」と訴えた。街頭には多くの聴衆が集まり、大きな拍手が寄せられた。野田代表は演説後には選挙カーを下りて聴衆の中に入り、前列に並んでいた人たち一人ひとりに握手をしながら支持を呼び掛けた。   JCJ月刊機関紙「ジャーナリスト」2024年..
JCJ