It cannot be said that cyber crimes are strange to our contemporary world, as they became accustomed to various sectors, but this time, the catastrophe was not in the process of penetration itself, but rather what this penetration process revealed.
On the morning of January 7, a group of pirates announced their success in penetrating a company called “Gravy Analytics”. Very accurate belonging to thousands of famous applications such as “Candy Crash” and “Tirmder”, an application to follow the pregnancy and even religious applications available through the “Apple” and “Google” store alike.
This advertisement caused a widespread uproar, because the company “Graphi Analithx” is the mother company of a Venntel data company, which sold secret data related to user sites for various bodies in the United States, such as National Security and Federal Investigation, which indicates that Graphi Analytix and its subsidiaries are ready to sell site data and geographical tracking of any party in the world as long as they are able to pay.
This incident revealed that one of the largest data brokerage firms in the world, as “Gravic Analytix” followed suspicious methods of accessing and storing this information, leaving the world the incident of penetration and focuses on the mechanism of collecting the site data and selling it to competitors.
How did “Graphi Analytix” collect user websites?
In order to realize the size of the catastrophe carried out by the company “Graphi Analytix”, the mechanism that the company followed in order to collect these data must be clarified, and whether it differs from the usual ways to collect the site data, as companies were usually adding software codes to reach a sensor ” GPS installed on any phone to read the site is better accurately, but some applications do not need such data, so you did not add the code to collect it.
Such a challenge to some companies that work in the advertising and even product development sector, as it caused the lack of data that they can access, so these companies have resorted to a new mechanism to collect site data, which is done by “Gravic Analytix”.
The company uses advertising platforms in order to track the user’s website data and access them with great accuracy, because some advertising companies display their ads in a constant geographical location, and via tracking phones and knowing the places where the advertisement appeared for each user and every phone, it becomes possible Drawing an integrated map for the user’s process and its website data, including visits to sensitive places such as places of worship, health clinics and ethnic gatherings, then selling them to any party that you seek to obtain, and it is worth noting this data collected from the mechanisms It depends on updating the value of the advertising compared to the customer’s website.
Although the leak did not directly reveal the advertising networks participating in this data collection, the analysis of cybersecurity experts to the data list that appeared directly indicated to the advertising network of Google.
Usually, governments and intelligence agencies are among the largest customers for these companies, as this information and data are used to access clear details and monitor the phones of people who are wanting to follow.
The “Washington Post” website presented a detailed report in 2023 on these companies, describing them as the site data brokers, and the report showed that the intelligence bodies in the United States, France and India were one of the most prominent customers of these companies.
Why all this uproar?
Although collecting user website data is common between a group of various applications around the world, what user brokers companies do is a clear penetration of privacy and a real danger to users, as explained by cybersecurity and privacy expert Zach Edwards in his interview with the “Ward” website.
Edwards describes what happened as a nightmare for all workers and those interested in privacy around the world, because the data was collected indirectly and was left without appropriate cyber insurance, which made access to it easy.
Usually, the applications require the authority to access the site data and the site sensor in order to collect the site data, and by default the user is aware of this matter, but what happened with “Grafi Analytix” is completely different, as it relied on advertising networks that offer ads in applications that were not required to reach To the user’s website data.
Then I stored this data and offered it for sale with any buyer that could provide the appropriate price, and although “Graphi Analytix” was not the direct seller of this data, its subsidiaries were part of the sale process, which is the interface that contacted users directly.
The data displayed in the sites of more than tens of millions of phones in the United States, Russia, Europe and some countries of the Middle East, and included the names of the applications that were collected from them, all of which are usual applications installed in various phones of users.
Several applications that have nothing to do with the site data
Most of the applications that collected the site data do not need to work well, but they used it to display ads for each geographical region, and according to the leaked version of the stolen data, the total number of applications participating in this crisis exceeded 12 thousand applications.
The list included famous applications that have millions of downloads, such as “TEDWAY SUBWAY SURFER” and “Subway Surfer” and “Call of Duty” for phones, the “Mi Vitense Pal The famous “My Fitness Pal” to track meals and exercise, “Tumblr”, the Yahoo Email app, the “Microsoft 365” application package, the “Muslim Prayers” application and applications “PVN”.
Some applications have made it clear in an official statement that they do not allow advertisers to access the site data, but this does not mean that they are completely innocent of this, for example, the “Muslim Pro” application, one of the victims of this incident previously participated in the process of selling the site’s data for users to one American security companies.
Who buys this data?
There are many global bodies that drive millions to access this data, and the “Wired” report has made clear that “Gravic Analytix” through its sub -companies sold data to many American bodies such as taxes, immigration, federal investigations, national security and other bodies.
But the list does not end here, as there is an Israeli company to track the website data called “Patrons” (Zach Edwards) that participated in an incident similar to this matter, as it collected the site data from many famous applications such as “9 Gaj” (9gag) and “Kik” (Kik ” (Truecaller), it should be noted that all of these applications also appeared in the leakage of the data of the company “Graphi”.
The next step?
It is difficult to predict what may happen in the future after the occurrence of this leak, as the danger is at more than one point, starting with collecting advertising networks and companies for the site data and selling them to government agencies and bodies as well as the ability to penetrate and stole data and then offer them for sale.
Also, there is no clear way to prevent access to these data, it is difficult to prevent all advertising networks on phones, as well as companies and applications will not change their commercial policy and profit mechanisms in giving up ads, not to mention that the list of applications participating in the leak includes many important applications From large companies such as “Yahoo” and “Microsoft” and others.
But at the present time, the Federal Trade Committee issued a decision prohibiting the company “Vintel” and “Graphi Analytix” under any name from selling the data of sensitive sites to users or even keeping them in its databases, which may limit the risk of such leaks in The future, but it will not be enough to prevent it.
(Tagstotranslate) Technology