Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Exploit. Show all posts
Illegal Gambling
Confidential Data Cyber Security Data Breach data misuse Data protection data security Google Exploit Google Search History Illegal Gambling

Google Employee Charged After Allegedly Using Confidential Search Data to Win $1.2 Million on Polymarket

 

A person working at Google stands charged with misusing private internal data to make winning predictions online - profits reportedly surpassing $1.2 million. In Manhattan, federal authorities say access to unreleased insights about what people search was leveraged improperly; outcomes linked directly to Google's own ranking movements. While performing regular job duties, the individual allegedly monitored patterns not meant for public view, then applied that knowledge elsewhere. Bets placed on future trends were informed by information obtained through employment. 

The case centers on whether insider awareness crossed into illegal territory when used outside corporate boundaries. Though common tools were involved, their application in forecasting events raised legal concerns. What began as routine work activity appears to have branched into personal financial gain. Investigators emphasize timing and access as critical elements under review. Working at Google as an information security engineer, Michele Spagnuolo reportedly gained access to user interaction logs tied to search activity. With such access came the ability - allegedly - to observe patterns others could not. 

From there, it is claimed he placed multiple wagers on Polymarket, where event-based predictions are monetized. The charges stem from a federal filing stating those trades relied on nonpublic insights. Though meant to remain confidential, the data supposedly guided his entries on the betting site. Each transaction appears linked to specific shifts in public interest tracked internally at Google. What followed was scrutiny when usage anomalies matched his market moves. It is claimed by investigators that Spagnuolo leveraged private data on Google searches to forecast movements tied to the company's yearly ranking releases. 

Because he had clearance to sensitive corporate details, prosecutors argue, he was aware of outcomes ahead of official announcements. With such insight came an edge - bets were made under conditions most market participants could not replicate. His position reportedly created opportunities far beyond what typical traders experience. Later came confirmation - Google's 2025 search data showed D4vd ranked highest by public interest. That result lined up exactly with a gamble made earlier under the alias "AlphaRaccoon." The bet had favored musician D4vd despite slim odds offered on prediction platforms. Authorities now connect Spagnuolo to that username. Before the list dropped, few expected such an outcome. Profits surged after the official release. 

Unlikely forecasts sometimes pay off, especially when timing aligns. Funds from successful trades reportedly added up to about $1..2 million, according to federal authorities. Following the influx of money, Spagnuolo began altering records - shifting details around - to mask who really controlled the accounts. Behind these actions lay an attempt, officials claim, to cover up improper use of confidential data. Prosecutors filed charges over commodities fraud, followed by wire fraud, along with money laundering accusations. 

Held in New York, Spagnuolo - an Italian national - gained release after posting a $2.25 million bond backed not only by cash but also by additional financial assurances as legal proceedings continue. When questioned about the claims, Google mentioned working alongside law enforcement. While workers may access certain internal systems normally, turning private data into gambling material crosses clear policy lines, according to the firm. 

Following review procedures, the individual involved was temporarily removed from duties until outcomes are determined. Two big court cases this year in New York target Polymarket, showing growing scrutiny. Behind the scenes, officials are digging into ways secret data might sway betting odds on forecasts. Questions grow about whether stronger rules should block insiders from exploiting these platforms. What happens next could reshape how such markets operate under watch.
Read more »
Security Flaws
Amnesty International Android Android Flaw Cyber Security Google Account Google Exploit Google security Security Flaws

Google Patches Android Zero-Day Flaws Used to Unlock Phones

 

Google recently addressed critical security flaws in Android that allowed authorities to unlock phones using forensic tools, according to a report by Amnesty International. The report, released on Friday, detailed three previously unknown vulnerabilities exploited by phone-unlocking company Cellebrite. Amnesty’s researchers discovered these flaws while investigating the hacking of a student protester’s phone in Serbia. Since the vulnerabilities were found in the core Linux USB kernel, they could have potentially affected over a billion Android devices. 

Zero-day vulnerabilities, which remain unknown to software and hardware makers until discovered, are particularly dangerous as they can be exploited without any existing patches. Amnesty first noticed traces of one such flaw in mid-2024. Later, while examining the phone of an activist in Serbia, the organization shared its findings with Google’s Threat Analysis Group. This led Google to identify and fix the three security loopholes. During its investigation, Amnesty found that Serbian authorities had used Cellebrite’s forensic tools to exploit a USB vulnerability, allowing them to bypass security measures and unlock the activist’s device. 

Amnesty had previously reported in December that Serbian officials had used similar tools to access the phones of both an activist and a journalist, later installing the Android spyware NoviSpy. Following these allegations, Cellebrite stated earlier this week that it had discontinued its services for its Serbian customers. A Cellebrite spokesperson, Victor Cooper, pointed to a company statement that acknowledged the Amnesty report. The statement emphasized that Cellebrite had reviewed the allegations from Amnesty’s December 2024 report and conducted an internal investigation. As a result, the company decided to halt the use of its products by the Serbian authorities. 

In January, Amnesty was contacted to analyze another case involving a youth activist who was arrested by Serbia’s Security Information Agency (BIA) late last year. According to the report, the circumstances of his arrest and the actions of BIA officers closely resembled previous incidents documented in Amnesty’s December findings. A forensic analysis of the activist’s device confirmed that Cellebrite’s tools had been used to unlock his Samsung A32 without consent or legal authorization.  

Amnesty condemned the use of Cellebrite’s technology against individuals engaging in peaceful protests and exercising their right to free expression, stating that such actions violate human rights laws. Bill Marczak, a senior researcher at Citizen Lab, advised activists, journalists, and civil society members to consider switching to iPhones, which may offer stronger protection against these types of exploits. Amnesty’s Security Lab head, Donncha Ó Cearbhaill, warned thatCellebrite’s widespread availability raises serious concerns, suggesting that the full extent of its misuse may still be unknown. 

Google has not yet responded to requests for comment regarding the issue.
Read more »
Technology
Google Google Exploit Google Pixel Showcase.apk Technology

The Hidden Threat: Vulnerable App on Google Pixel Devices Puts Millions at Risk


A flaw was discovered in Google Pixel devices, raising concerns among users and experts alike. This blog delves into the details of this vulnerability, its implications, and the steps being taken to mitigate the risk.

The Discovery

A pre-installed app on Google Pixel devices, known as “Showcase.apk,” posed a severe security risk. This app, intended for demo purposes in retail stores, was found to have excessive system privileges. These privileges could potentially be exploited by malicious actors to execute remote code, install malicious packages, and gain unauthorized access to sensitive data.

The Scope of the Problem

The affected devices include Google Pixel phones sold through Verizon, with the vulnerability dating back to at least 2016. Millions of users could be at risk, as the app has been on devices for several years. The fact that such a critical flaw went unnoticed for so long highlights the challenges in ensuring the security of pre-installed software on smartphones.

Technical Details

The “Showcase.apk” app was designed to showcase the features of Google Pixel devices in retail environments. However, its extensive system privileges made it a potential target for exploitation. The app could be used to execute arbitrary code with elevated privileges, allowing attackers to install malicious software, access personal data, and even control the device remotely.

The vulnerability was classified as a high-severity issue due to the potential impact on users’ privacy and security. If exploited, it could lead to data breaches, identity theft, and other malicious activities.

Google’s Response

Upon discovering the vulnerability, Google acted swiftly to address the issue. The company acknowledged the problem and initiated steps to remove the “Showcase.apk” app from affected devices. Google also assured users that there was no evidence of active exploitation of the vulnerability at the time of discovery.

In addition to removing the app, Google has been working on enhancing its security measures to prevent similar issues in the future. This includes conducting thorough security audits of pre-installed software and improving the vetting process for apps that come pre-loaded on devices. Further details are yet to be disclosed by Google.

Read more »
Subscribe to: Posts (Atom)