Google Cloud Accidentally Deletes $125 Billion Pension Fund’s Online Account
A major mistake in setup caused Google Cloud and UniSuper to delete the financial service provider’s private cloud account.
This event has caused many to worry about the security and dependability of cloud services, especially for big financial companies.
The outage started in the blue, and UniSuper’s 620,000 members had no idea what was happening with their retirement funds.
Services didn’t start again until Thursday, and the fund promised its members that investment account amounts would be updated as soon as possible, even though they were still showing numbers from the previous week.
Joint Statement and Apology
According to the Guardian reports, the CEOs of UniSuper and Google Cloud, Peter Chun and Thomas Kurian, apologized for the failure together in a statement, which is not often done.
“This incident is an exceptional and singular occurrence that has not happened with any client of Google Cloud on a global scale before.” This ought not to have occurred. Google Cloud has implemented preventative measures in response to the identified events that precipitated this disruption.
They said that the event was “extremely frustrating and disappointing” for members and caused by a “one-of-a-kind occurrence” in which UniSuper’s Private Cloud services were set up incorrectly, causing the fund’s cloud subscription to be deleted.
“UniSuper’s Private Cloud subscription was ultimately terminated due to an unexpected sequence of events that began with an inadvertent misconfiguration during provisioning,” the two sources stated. “Google Cloud CEO Thomas Kurian has confirmed that the disruption was caused by an unprecedented sequence of events.”
Google is the most popular email provider (Gmail) contributes about 70% of the email traffic on earth and being one of the oldest mass adopted email service (passing 20 years old is a worth achievement for any application, especially a “free” one.
As a cyber security digital expert, I have raved about the free service, its novel cloud-based structure, and how and why is
While I’m tickled to have been an early adopter of now-successful technology, though, it’s important to know when enough is enough. For me, that time has come, and I’m moving my primary digital correspondence to privacy-focused Swiss provider Proton Mail. It’s been a long time coming.
Should I, or should I not be popular?
Google is a Mega Monopoly Email Provider: Legal, but is it Ethical?
We’ve seen a lot go down in the privacy and security realms over the last two decades. Google’s been far from the only culprit, but as the default search engine for most browsers and the curator of Android, the Play Store, Google Analytics, reCaptchas, and more, the Big G has more data on the average North American user than any other corporation.
I’m as far from paranoid as any internet user, and even I use a VPN (primarily for spoofing IP geolocation); while I don’t do anything nefarious, and nobody’s tracking me for anything other than advertising, I prefer knowing I’m a little safer from bad actors that can hijack the content I’m viewing and thus possibly my hardware.
But Google creeps me out, and I’m no longer comfortable using Gmail. The successors to the FAANG stocks, the MAMAA companies (Meta, Apple, Microsoft, Amazon, and Alphabet) own a considerable amount of not just forward-facing web resources but also the underlying infrastructure most of the world’s internet relies on. I can’t avoid my data passing through the Google Cloud or Amazon Web Services, but I can limit what sites and apps I actively engage with.
Gmail’s interface is fine, I guess, if somewhat cluttered and not very attractive
Google’s always innocent until it’s not
Until 2017, Google automatically scanned Gmail accounts for keywords that it then used to personalize ads within the platform and probably outside it, too. Here’s why that should terrify you:
It had likely been happening since Gmail’s launch
Scans included messages from non-Gmail accounts, presumably contributing to shadow accounts containing data on those users
Widespread publicity via a 2013 Microsoft ad campaign and lawsuit the same year failed to stop it
Google’s proposed settlement was rejected for being overly vague and failing to promise proper disclosure of data harvesting practices
I’m under no misconception that I can extricate myself entirely from Google’s clutches; It’s too ubiquitous, and tons of common apps and services rely on its wide range of services. But I’ll do what I can, which includes moving to Proton Mail, a privacy-centric email provider with encrypted, underground servers, practically the polar opposite of Alphabet Inc.
Google paid over $26 billion in 2021 to remain the default search engine in various browsers
The surprisingly easy switch to Proton Mail
Why Proton Mail is my new favorite email provider
My own Proton account has been used as a backup since 2018. Moat recently though, it has now become my primary email for both personal and business.
I tested a trial of ProtonVPN a few years afo (ProtonVPN was a bit slow back then, but I and other cyber security expert highly recommend it as one of today’s top VPNs) due to its increased infrastructure and massive much faster speed. They have quadrupled the number of Servers globally since 2021).
I made the jump many years ago (2018) and highly recommend it to all of you going forward – primarily due to Proton’s comprehensive set of features, as well as the policies it enacts to keep your data private.
Among Proton’s consumer-friendly practices:
It opposes data harvesting, ads, and trackers (even the subversive tracking that comes from opening third-party-hosted images)
It falls under Switzerland’s privacy jurisdiction and isn’t subject to US surveillance
Theoretically, no other human can view your emails. In fact, if you lose and need to reset your password, you’ll lose access to previous messages, an impressive layer of security against hacking
Support for end-to-end encryption between Proton users and password protection for external emails
Open-source encryption (including optional PGP signing) and independent auditing to ensure strict adherence to standards
A few clicks, and I never have to access my Gmail page again
Compared to my first brief look years ago, Proton’s UI and general implementation have matured significantly. It was also a breeze to sit back and observe how easy it was to have over 100 (128 and counting!) forward over 100 (121 and counting!) of my Client’s perform the action of transferring each of their current Gmail messages to their now-primary Proton address, and the calendar appears to have integrated well, with alerts showing up consistently on both Android and iPhones without problems.
They are perfectly happy with the features provided by Proton’s most affordable tier, the Mail Plus plan. You can create 10 separate addresses and even a custom domain, as well as shorten the default existing domain to pm.me (because @protonmail.com is, admittedly, a bit of a mouthful).
It includes 15GB of storage, unlimited folders and filters, and can do everything I ever wanted my Gmail account to do. Most importantly, it keeps their permanent correspondence out of Alphabet’s umbrella and especially any private or confidential emails, as well as people who send it to them that don’t even use Gmail!
Proton offers diverse Subscription Plans (including Free!)
You can actually use Proton Mail entirely for free, although it does have restrictions: You are limited to 150 emails per day and 1GB of storage, can’t create custom addresses or domains, and won’t have access to the calendar, or the encrypted password manager and unlimited VPN offered by the Proton Unlimited subscription. But even the free tier is visually and more private and securr, as well as overall being much better than Gmail.
Committing to 1 or 2 years of the $5/month low tier drops the price to $4 or $3.50, respectively.
The Unlimited tier will set you back $10 or $8 per month at those same subscription lengths and afford you 500GB of storage, 15 custom addresses, 3 custom domains, and unlimited VPN and Proton Pass (its password manager) access. There is also a six-user family plan starting at $30 and three tiers of slightly more business-focused options.
But I’m really not advertising for Proton here. I’m just choosing to actively take my digital footprint back into my own hands in a way many of us haven’t done since Gmail’s massive rise over a decade ago. It’s well overdue, and over the few weeks I’ve used Proton Mail full-time, I can’t say I regret it or will ever look back.
Geobox: A Hacking Device That Is Basically Untraceable
In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!
Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:
1. Spoof location
2. Mimic Wi-Fi access points
3. Manipulate DNS and network parameters while providing anonymity.
4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).
Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!
After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”
OR
They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.
It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!
Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.
However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.
The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!
These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!
With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.
Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.
The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes
“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”
*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*
The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!
Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.
It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!
Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.
“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.
%20(2).webp "Google Cloud Accidentally Deletes 5 Billion Pension Fund’s Online Account")
