Illustration by Angelica Alzona for ForbesBy Emily Baker-White, Forbes Staff

Weeks before Turkeys authoritarian president, Recep Tayyip Erdoan, eked out a narrow reelection in May, TikToks acting security chief, Kim Albarella, received a piece of bad news: As many as 700,000 TikTok accounts in Turkey had been compromised by a hack that allowed attackers to access users private information and control their accounts.

Internal emails, chat logs, documents, and other sourcing from inside and outside of TikTok reveal that the company was made aware of the vulnerability, which stemmed from its so called greyrouting of SMS messages through insecure channels, more than a year earlier: In April 2022, TikToks security chief Roland Cloutier received an email from the U.K.s National Cyber Security Centre, a division of the nations top intelligence agency, GCHQ, warning that this practice could allow SIM farms in Russia and other countries to request and intercept one-time passwords to gain access to TikTok users accounts.

In laymans terms, greyrouting means sending SMS text messages through unsecured channels in order to bypass fees established by international telecommunications agreements. Using greyroutes can save companies money and help them avoid guardrails like rate limits and anti-spam detection, but doing so can compromise messages security, making them vulnerable to interception.

Cloutiers team internally investigated the GCHQ tip, and learned that ByteDance was indeed using greyrouting to keep costs down. The company then considered changing its SMS message providers, but decided against the change, apparently because the fix would have cost the company millions of dollars each month.

Alex Stamos, director of the Stanford Internet Observatory and former security chief for Facebook, cautioned that without more information, its hard to know how significant the breach was. This could range from a super advanced spam attack to a state actor, he said. If youd just told me 700,000 accounts, Id tell you thats a Wednesday. But he noted that SMS hijacking attacks are often more targeted than random takeovers, and authoritarian states almost always have control of telecom companies.

This exploit is the largest known compromise of TikTok accounts that has been acknowledged as genuine by the company. (TikTok denied reports of another alleged attack in September 2022.) In response to a detailed list of bullet points and questions about the attack, TikTok spokesperson Alex Haurek wrote in an email, TikTok became aware of unusual activity in April that affected the number of likes and accounts being followed on some user accounts. We immediately took steps to reverse and terminate this activity, notified affected users, and helped them secure their accounts.

Haurek continued, TikTok was not hacked. None of our internal systems were compromised and no company data was exfiltrated. When TikTok became aware of the incident in question, we immediately ramped up monitoring for inauthentic behavior, while working to mitigate the issue, which has since been resolved. He said TikTok did not find any evidence that unauthorized content was posted or used in direct messages."

This security breach emphasizes the power and responsibility that TikTok now holds as one of the most popular apps in the world.

TikTok and its parent company, ByteDance, have faced harsh scrutiny in recent months for misleading lawmakers about their data security practices. In April, Forbes revealed that the company had stored sensitive financial information from thousands of U.S. vendors and creators in China, despite testimony from TikTok CEO Shou Zi Chew at a recent hearing that American data has always been stored in Virginia and Singapore. Meanwhile, ByteDance is under federal criminal investigation for using the TikTok app to spy on journalists, including this reporter. (Disclosure: in a former life, I held policy positions at Facebook and Spotify.)

It is also not clear who exploited the vulnerability. Under Erdogan, the Turkish government has a history of using state-sponsored troll networks to hack and intimidate journalists and other critics. In the run-up to the May election, Erdogan relied on deepfakes and censorship to help swing voters his way. His main opponent in the election, Kemal Kilicdaroglu, also accused Russias government of distributing false information during the days before the election. Haurek said an internal TikTok investigation found no evidence that the activity was related to the Turkish elections.

This security breach emphasizes the power and responsibility that TikTok now holds as one of the most popular apps in the world. Like tech giants Meta, Twitter, and Google, its endless feed of personalized recommendations has the power to move markets, change culture and swing elections. This power has alarmed regulators concerned about the companys ties to the Chinese state, but has also made its app a prime target for hackers, bot armies, scammers and others seeking to exploit its billions of users.

The risk of exploitation is heightened in states with records of human rights violations, and also in the periods leading up to major elections. TikTok has repeatedly deemphasized the role of politics on its platform, differentiating itself from Facebook, which previously encouraged politicians to use its platform for advocacy. Its lobbyists have told politicians and reporters that TikTok is not the go-to place for politics, while also assuring them that political speech on the app will not be censored. But with Twitters rightward shift and Metas 180-degree turn away from political content (a decision the company made after election deniers on its platforms helped incite the January 6, 2021 attack on the U.S. Capitol), TikTok may be the next natural place for political discourse.

This week, TikTok published a blog post announcing that the app is introducing passkeys a way for users to log into their accounts without using SMS codes and that it had joined a security trade group called the FIDO Alliance. A tweet from the FIDO Alliance shows that TikTok first joined the group in April, and the new passkeys feature rolled out in late-June.

When asked whether any TikTok or ByteDance SMS vendors were still engaged in greyrouting today, Haurek said, Like many global companies, we have multiple partners in the telecommunications sector and, while we do not disclose those partners by geography, we continuously work to keep our community secure.

Read this article:
As Many As 700,000 Turkish TikTok Accounts Were Hacked Before ... - Forbes

A Tinder-like app popular among teenagers and young adults has allegedly been used to extort users by tricking them into sending sexually explicit photos, a problem that internet safety watchdogs say is indicative of the challenges of keeping young people safe on social media.

The app, Wizz, allows users to scroll through profiles that show a persons picture, first name, age, state and zodiac sign. Wizz advertises the app as a safe space to meet new friends and allows users as young as 13 to join and connect with users of a similar age.

Its basic functionality resembles popular dating apps. When users open the app, they are presented with another persons profile. They can then choose to send that person a message in the apps chat function or swipe left to see a new profile.

Child safety watchdogs have questioned whether the apps safety system is effective.

The app, which is based in France, has been downloaded more than 14 million times worldwide since it launched in 2019 and more than doubled its monthly active users in the last year, according to Sensor Tower, a company that tracks apps. Its at times ranked in the top 10 social networking apps on the Apple App Store.

That makes Wizz a relatively successful but still niche social network the kind that can avoid the scrutiny heaped on bigger tech platforms. And since Wizz is a French app, it does not have to report child safety issues to U.S. authorities, experts told NBC News. The app also has no parental controls, according to Bark, a company that makes parental control products.

John Shehan, senior vice president of the exploited children division and international engagement for the National Center for Missing and Exploited Children (NCMEC), a nonprofit group tasked by the U.S. government with tracking reports of child sexual abuse material online, said his organization has received more than 100 reports from members of the public about minors allegedly sextorted on Wizz this year, putting the app behind only Snapchat and Instagram for such reports.

Sextortion is an increasingly common online crime in which people are enticed into sending sexually explicit photos. Once the photos are sent, the receiver of the images threatens to share them online or with family or friends unless the victim sends money.

Thats just people knowing to report to the cyber tipline, so the incident rate could be much much higher, Shehan said.

According to the Canadian Centre for Child Protection (C3P), a national charity focused on child safety, Wizz was the seventh-most mentioned platform in sextortion reports to its tip line between June 2022 and last month.

Stephen Sauer, director of the C3Ps tip line, said they received 75 reports in relation to Wizz since Jan. 1, compared to 15 reports in the six months prior. He said he could not speak to the reasons for the uptick.

In the last six months, around 90% of C3Ps reports involving Wizz were related to the alleged sextortion of young people, he said. He added that some young users in these cases, ranging from 13 to 17 years old, viewed or talked about Wizz as a dating app.

They are often looking to connect with other similar-aged peers through the app and thats how they get extorted, Sauer said.

Its unclear who was behind the sextortion or if the sextortion efforts were part of a larger pattern of online criminality.

The app has become popular enough to spawn its own genre of online content in which people post videos of themselves using the app and attempting to woo people they find attractive. In many TikTok videos, users have shown screenshots of their chats on Wizz, where they test their rizz, a slang term used by young people to describe someones level of charisma or attractiveness. It rhymes with the apps name Wizz, which teens picked up on and turned into rizz challenges on Wizz.

When contacted about alleged safety issues on the app, Wizz provided a press release in which CEO Aymeric Roff said: Wizz understands parents concerns about their teenagers online safety. We are committed to providing a safe platform for everyone, including young adults and teenagers.

Abuse of the app by predators fits in with what authorities and experts say is a broader rise in sextortion schemes targeting minors online. Recent studies have linked harmful content and predatory activity to teen social apps.

Social apps geared toward connecting teens such as Yubo, Wizz and Wink have been released in the last decade to varying levels of popularity. Experts say platforms with a chat feature and young user base inherently come with risks, including popular platforms where adults and minors can interact.

Its an issue that has been the subject of a growing body of research.

Teen dating and social apps are among the online venues used by adults to meet and communicate with minors, according to a research paper published last year by Brian Neil Levine, director of the University of Massachusetts Amherst Cybersecurity Institute, on the efficacy of investigations of online child exploitation material.

A study published in the American Academy of Pediatrics journal last year analyzed Apple App Store reviews on friendship apps marketed toward teens, including Wizz. Its findings point to an alarming presence of predatory and fraudulent content in apps marketed towards young adolescents.

In February, the FBI warned that the financial sextortion of minors online has become a global crisis, based on thousands of such reports it received last year.

Wizz does make some efforts to prevent adults from interacting with minors. The app uses third-party services to moderate complaints made by users through the app, according to its press release. Wizz matches users with individuals in their age range to ensure user safety and estimates users ages when they upload a selfie through an artificial intelligence tool provided by Yoti, an identity technology company. According to Wizzs privacy policy, if Yoti cannot provide an accurate enough age estimation, the app uses AI data company Hive to manually attempt to validate a users age.

The use of AI to determine ages has been scrutinized, as such systems can perpetuate and even exaggerate human biases.

As we want to make sure that our community members can only connect with people that are in the same age range, we are verifying every users age via our trusted partner Yoti, Wizz says on a part of its website dedicated to questions about safety. It added that the company manually reviews pictures of people who claim the system made a mistake while identifying their age.

Wizz also says in its rules of acceptable use that users who break its rules can have their accounts suspended, and that the company may report illegal activity to law enforcement.

Hive did not respond to a request for comment. A spokesperson for Yoti directed NBC News to Wizz.

Some child safety experts have questioned the effectiveness of that system. Most social media apps have a form of age verification, with some using AI like Wizz and others going as far as to require users to upload pictures of their government ID. But few rely on it to ensure safety in relation to the core function of their app.

Detective Sgt. Katie Feehan of the New Jersey State Polices Internet Crimes Against Children Unit said Wizzs age verification process gives young users a false sense of security that they are talking to users their age.

Any app that has a chat feature and kids are on is potentially dangerous, she added. And if these sextortion bad actors are on the Wizz app, its something that parents need to know about and kids need to know, you know, the dangers of using it.

Shehan of the NCMEC said its common for people in sextortion schemes to create fictitious accounts posing as typically an attractive young female. And theyre specifically enticing young boys to produce a sexually-explicit image of themselves.

Sauer said that some of C3Ps reports indicated that online predators were able to lie about their age on Wizz to target minors.

The bigger concern is that theres a mix of adults and youth on the platform and that the distinction between those two groups doesnt seem to be restricted based on what were seeing, he said.

Bark, the parental control company, criticized the apps age verification system in a review on its website, which said the risk of predation is huge on Wizz.

Kelly Newcom, a parent and founder of Brave Parenting, a Texas-based online safety education group for parents, said in an interview that she thinks Wizz has way more dangers than it has actual benefits to make real friends.

In lieu of controls for parents, some schools have started to step in to warn parents about the potential uses of Wizz. In the last four months, five schools in the U.S. and the United Kingdom shared online safety infographics and guides about Wizz with parents.

Khadijah Khogeer is an intern on NBC News' tech desk.

See more here:
Wizz offered a safe space for teens sextortion soon followed - NBC News

Benefits of automation in business

Kyndryls Advanced Delivery approach is designed to help our clients meet these goals. Advanced Delivery enables our clients to be automated, orchestrated and intelligent. It combines our key technologies, Kyndryl Bridge and Intelligent Automation, with dedicated and focused delivery teams that integrate with our customers application teams.

This two-pronged approach of technology and people-based support gets the most out of knowledge already embedded in the massive scale of operations and maintains our intimate customer connections. Today, we manage millions of applications and IT components, many exabytes of storage, perform tens of millions of automated Day 0, 1, and 2 operations every month, and much more. Operating at this scale provides the learnings that feed critical information into our AIOps technology, giving us the insights needed to automatically take necessary actions.

We want to be proactive ideally, we want to fix it before it breaks. The advanced capabilities of Kyndryl Bridge can help pinpoint and anticipate what and where incidents will happen in an IT environment and do whats necessary to take preventive actions. Since itslaunch last September, early customers of Kyndryl Bridge have already achieved up to 75% reduction in incident volume.

Additionally, our experience shows us that end-of-life and end-of-service devices in an IT estate are risky and often big contributors to problems in IT environments. Kyndryl Bridge AIOps technology provides real-time reporting and forecasting for hardware and software approaching end-of-life. This proactive identification supports better capital allocation, prioritizes cloud migration projects and identifies investment targets for additional resiliency expenses.

Another at-risk area in IT is best practice alignment. Microsoft, VMWare, SAP and others constantly publish new best practice configurations for their hardware, operating systems and software. With additional challenges like security and compliance recommendations from organizations such as the Center for Internet Security (CIS), it can be overwhelming to keep up with the latest changes.

Drifting from these configurations happens over time. So, our objective is to keep a best practices alignment of 90% or better. We use policy-based automation technology to ensure that deviations from these settings are automatically fixed when detected.

Kyndryl has a simple goal: ensure at least 95% of the interactions with an IT environment are driven through automation. Whether its use cases like fulfilling a service request, implementing a change or responding to an incident, or automatically initiating resiliency protocols when seismic events happen we believe our automation can deliver the best outcome.

Only 20% of companies identify themselves as mature in automation, according to recent studies. Within this group, 70% indicated they could not achieve that status without a third party. Partnership is the most important factor for success providing implementation and additional managed services for automation after implementation.

Thats where Kyndryl excels. Kyndryls Advanced Delivery with automation and Kyndryl Bridge AIOps technology can proactively identify issues, automatically fix problems and implement policy-based guardrails that ensure your critical IT and application environment.

We know things happen. When they do, we are prepared to quickly offer quality responses, which is critical. It can be the difference between a transitory and momentary blip in service or a business disaster that puts customers in the news for the wrong reasons.

View post:
Why Business Leaders Plan to Invest Heavily in Automation - Kyndryl

New Jersey, United States The Global DDoS Protection Market Report is a comprehensive analysis of the sector, aimed at providing organizations and stakeholders with valuable insights to make informed decisions. The report delves into significant market trends, growth catalysts, challenges, and opportunities. It begins with an in-depth analysis of the market, defining its scope and segmentation. The study explores the markets characteristics, including the factors that drive growth, present challenges, and potential opportunities, enabling businesses to anticipate market developments and gain a competitive edge by understanding current and upcoming trends.

Geographic regions such as North America, Europe, the Asia-Pacific region, South America, the Middle East, and Africa are thoroughly analyzed in the reports regional section. Market trends, key players, and expansion prospects in each region are assessed. Additionally, the research considers economic conditions, governmental policies, and consumer preferences that influence market growth in these areas. The regional analysis provides a comprehensive view of the Global DDoS Protection market, empowering companies to tailor their strategies according to specific regional characteristics.

Get Full PDF Sample Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @https://www.verifiedmarketresearch.com/download-sample/?rid=2762

Key Players Mentioned in the Global DDoS Protection Market Research Report:

Nexusguard Ltd, Dosarrest Internet Security Ltd, Imperva, Arbor Networks Corero Network Security Radware Ltd., Neustar Akamai Technologies Cloudflare F5 Networks, Inc.

The growth of the Global DDoS Protection market is significantly shaped by key vendors. The report highlights their market share, product portfolio, strategic objectives, and financial performance, underscoring their importance. Notably, important suppliers are acknowledged for fostering innovation, investing in research and development, and forming strategic partnerships with other businesses to enhance their market position. The competitive landscape is thoroughly evaluated, shedding light on major vendors tactics to gain a competitive edge. Businesses aiming to enter or strengthen their position in the global Global DDoS Protection market must fully comprehend the roles played by these significant providers.

The Global DDoS Protection Market Report is recommended for several reasons. Firstly, it offers a detailed examination of the market, considering critical factors such as market size, growth drivers, challenges, and opportunities. This research provides insightful information that aids organizations in formulating effective action plans and making informed decisions. Additionally, the study presents a comprehensive competitive landscape, allowing customers to benchmark their performance against major competitors and identify potential alliances. The reports geographical analysis helps businesses grasp market dynamics in different regions, enabling them to adapt their strategies accordingly. For companies seeking to understand and thrive in the Global DDoS Protection industry, this report proves to be an invaluable resource.

Global DDoS ProtectionMarket Segmentation:

DDOS PROTECTION MARKET, BY ORGANIZATION SIZE

Large Companies Small and Medium Businesses

DDOS PROTECTION MARKET, BY APPLICATION AREA

Endpoint Application Network Database

DDOS PROTECTION MARKET, BY DEPLOYMENT MODEL

Cloud-based On-premise Hybrid

DDOS PROTECTION MARKET, BY COMPONENT

Solution

Service

Managed Service

Professional Service

Training and education

DDOS PROTECTION MARKET, BY VERTICAL

Government and Defense

IT and Telecommunications

Banking, Financial Services, and Insurance (BFSI)

Retail

Healthcare

Energy and Utilities

Others

Inquire for a Discount on this Premium Report@ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=2762

What to Expect in Our Report?

(1) A complete section of the Global DDoS Protection market report is dedicated for market dynamics, which include influence factors, market drivers, challenges, opportunities, and trends.

(2) Another broad section of the research study is reserved for regional analysis of the Global DDoS Protection market where important regions and countries are assessed for their growth potential, consumption, market share, and other vital factors indicating their market growth.

(3) Players can use the competitive analysis provided in the report to build new strategies or fine-tune their existing ones to rise above market challenges and increase their share of the Global DDoS Protection market.

(4) The report also discusses competitive situation and trends and sheds light on company expansions and merger and acquisition taking place in the Global DDoS Protection market. Moreover, it brings to light the market concentration rate and market shares of top three and five players.

(5) Readers are provided with findings and conclusion of the research study provided in the Global DDoS Protection Market report.

Key Questions Answered in the Report:

(1) What are the growth opportunities for the new entrants in the Global DDoS Protection industry?

(2) Who are the leading players functioning in the Global DDoS Protection marketplace?

(3) What are the key strategies participants are likely to adopt to increase their share in the Global DDoS Protection industry?

(4) What is the competitive situation in the Global DDoS Protection market?

(5) What are the emerging trends that may influence the Global DDoS Protection market growth?

(6) Which product type segment will exhibit high CAGR in future?

(7) Which application segment will grab a handsome share in the Global DDoS Protection industry?

(8) Which region is lucrative for the manufacturers?

For More Information or Query or Customization Before Buying, Visit @ https://www.verifiedmarketresearch.com/product/global-ddos-protection-market-size-and-forecast-to-2025/

About Us: Verified Market Research

Verified Market Research is a leading Global Research and Consulting firm that has been providing advanced analytical research solutions, custom consulting and in-depth data analysis for 10+ years to individuals and companies alike that are looking for accurate, reliable and up to date research data and technical consulting. We offer insights into strategic and growth analyses, Data necessary to achieve corporate goals and help make critical revenue decisions.

Our research studies help our clients make superior data-driven decisions, understand market forecast, capitalize on future opportunities and optimize efficiency by working as their partner to deliver accurate and valuable information. The industries we cover span over a large spectrum including Technology, Chemicals, Manufacturing, Energy, Food and Beverages, Automotive, Robotics, Packaging, Construction, Mining & Gas. Etc.

We, at Verified Market Research, assist in understanding holistic market indicating factors and most current and future market trends. Our analysts, with their high expertise in data gathering and governance, utilize industry techniques to collate and examine data at all stages. They are trained to combine modern data collection techniques, superior research methodology, subject expertise and years of collective experience to produce informative and accurate research.

Having serviced over 5000+ clients, we have provided reliable market research services to more than 100 Global Fortune 500 companies such as Amazon, Dell, IBM, Shell, Exxon Mobil, General Electric, Siemens, Microsoft, Sony and Hitachi. We have co-consulted with some of the worlds leading consulting firms like McKinsey & Company, Boston Consulting Group, Bain and Company for custom research and consulting projects for businesses worldwide.

Contact us:

Mr. Edwyne Fernandes

Verified Market Research

US: +1 (650)-781-4080US Toll-Free: +1 (800)-782-1768

Email: sales@verifiedmarketresearch.com

Website:- https://www.verifiedmarketresearch.com/

Read the original here:
Global DDoS Protection Market Size and Forecast | Nexusguard Ltd ... - Chatfield News-Record

Past efforts: Both Cyber Command and the NSA have played key roles in monitoring for and disrupting threats to U.S. elections in recent years. This includes Cyber Command reportedly carrying out an operation on the day of the 2018 U.S. midterm elections to block internet access for the key Russian troll farm involved in spreading disinformation about the vote. Russian hackers were also linked to efforts in 2016 to target voting infrastructure and spread disinformation designed to sway the outcome of the presidential election.

The advent of AI technologies, such as the surging use of OpenAIs ChatGPT, poses new challenges. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, the main agency that protects U.S. election infrastructure, warned in a speech in May that AI poses epoch-defining risks, including increasing disinformation online.

AI in the spotlight: The confirmation hearing Thursday was heavy on AI-related questions from senators on both sides of the aisle eager to tackle the problem. When asked about his concerns with adversarial nations using AI, Haugh pointed to China and how its use of AI to monitor and surveil its citizens could be a worrying portend of trends worldwide.

Its an area from a threat perspective we should continue to inform and understand what that means to any nation they would be considering partnering with, and the implications of that technology on that society, Haugh said of Chinese developments.

Haugh also noted that the Department of Defense is working on an AI roadmap to help define how to use AI technologies, something critical as China plows ahead with its efforts.

The other area that I think the nation expects from us is to understand how our adversaries use this technology, and be able to inform what that looks like in terms of threat both to our national security and to our industry, Haugh said.

More here:
Intelligence nominee warns generative AI poses threat to 2024 ... - POLITICO