Thursday, May 03, 2012
e-Xtortion? Isn't the loss of customer confidence worth more than the EUR 150,000? So they have already paid the tax...
Hackers demand EUR150K ‘idiot tax’ from Dexia in return for stolen customer data
May 2, 2012 by admin
A group claiming to have hacked a Dexia Bank subsidiary’s database is threatening to post sensitive customer information unless it receives an “idiot tax” of EUR150,000 by Friday.
In a pastebin statement addressed to the media, the unnamed group says it has “downloaded extensive confidential customer information” from servers belonging to Elantis, a mortgage and consumer credit unit of Belgium-based Dexia.
The data – a sample of which has been posted in the message – apparently includes loan applications featuring full names, job descriptions, ID card numbers, contact information and income details.
Read more on Finextra.
The full media statement follows:
Dear members of the media,
Last week, our group downloaded extensive confidential customer information from Elantis’ servers. Elantis is a money lending company which belongs to renowned Belgian bank, Dexia (Do not bother trying to reach their website, they disconnected their server after we hacked into it).
In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants’ full names, their jobs, ID card numbers, contact information and details about their income.
It is worth pointing out that this data was left unprotected and unencrypted on Elantis’ servers.
We contacted Dexia over the weekend to offer them not to publicly release this data over the Internet if they agreed to pay us the equivalent of roughly EUR 150,000 before Friday, May 4th. So far they have declined to do so.
While this could be called ‘blackmail,’ we prefer to think of it as an ’idiot tax’ for leaving confidential data unprotected on a Web server.
The only question that remains now is this — After they carelessly treated their clients’ data, will Dexia act to prevent their clients’ data from being published online, or is their clients’ confidentiality worth less to them than EUR 150,000?
Time is running out.
The hackers involved did not identify themselves or point to any Twitter accounts.
Update: Loek Essers of IDG obtained some additional details on the breach. The bank says it will not pay blackmail, which is just as well as it seems the hackers didn’t give them any instructions as to how they were supposed to make the payment. It may well be that the hackers’ threat was just to call more attention to the bank’s lack of security for their data, but just making the threat could add years to any sentence if/when the hackers are caught.
Same tools different payoff?
Hackers Threaten University of Pittsburgh with Disclosure of Students’ Personal Info if Demands Are Not Met
May 3, 2012 by admin
Jacob Kleinman reports:
Members of the hacktivist collective calling itself “Anonymous” are targeting the University of Pittsburgh, and threatening to release a wealth of private information regarding the school and its students, if the University does not “apologize to your students, law enforcement, and professors on your home page of your domain for a duration of no less then fifteen days!”
In a three-minute long video directly addressing the Computer Science (CS) and Law departments in particular, Anonymous claims to have obtained every students personal information including passwords, dorm information, payment and credit information, parent information, coursework and grades, as well alumni information. According to the video, Anonymous has deleted the information, which was poorly protected, from the University’s website, but will post it publicly online if their demands are not met by Monday, May 6.
Read more on International Business Times, where you can read the full text of Anonymous’s statement.
[Video omitted Bob]
Sadly, I think Anonymous has just played right into the hands of those who would promote CISPA and broad information sharing by non–government entities with the federal government. Anonymous is also showing no regard for the privacy of students who have done nothing wrong but who may have their details posted online.
The hack is reportedly in response to the university being involved in the arrest of several supporters of Anonymous. And while the university might be embarrassed or incur expenses if the data are all posted online, I suspect there will be a greater backlash against Anonymous for using the 99% as a mere tool in their campaign.
The university already caved in to one demand, dropping a posted reward for information resulting in the apprehension of party or parties who pranked the university. Will they cave in to this demand, too?
Interesting. Now I know how to build a mailing list to advertise Privacy seminars.
Sixth Circuit dismisses class action over personal information release
May 2, 2012 by Dissent
Jessica M. Karmasek writes:
A federal appeals court this week upheld the dismissal of a proposed class action lawsuit over the distribution of personal information from a state’s motor vehicle records.
Plaintiffs Norma Wiles, Thomas Wiles, Theresa Gibson and Wanta Evitt, all Kentucky residents, filed the proposed class action against defendants Ascom Transport System Inc., Downtown Owensboro Inc., Jones and Wenner Insurance, Nationwide Debt Recovery Service Inc., Tennessee Valley Authority and Xerox Corporation in January 2010.
Read more about the case on Legal Newsline.
[From the article:
The district court ruled in December 2010 that the bulk purchase of such motor vehicle records without a "specific need for every record" does not violate the DPPA, and ultimately granted Ascom's motion to dismiss the plaintiffs' third amended complaint.
Teachers are always enemies, never friends.
"The New York City Department of Education has issued rules covering student-teacher interactions on social networking websites. Following numerous [Could be 9, could be 99 percent Bob] inappropriate relationships between students and teachers that began on social networking sites, the rules prohibit teachers from communicating with students using their 'personal' accounts, and requires parental consent before students can participate in social networking for educational purposes. The rules also state that teachers have no expectation of privacy online, and that principals and other officials will inspect teachers' profiles. Oddly, the rules do not address communication involving cell phones, which the Department of Education's own investigations have shown to be even more problematic."
More about “reverse engineering” than copying the code...
"The European Court of Justice ruled on Wednesday that the functionality of a computer program and the programming language it is written in cannot be protected by copyright. In its ruling on a a case brought by SAS Institute against World Programming Limited (WPL), the court said that 'the purchaser of a license for a program is entitled, as a rule, to observe, study or test its functioning so as to determine the ideas and principles which underlie that program.'"
I thought we had settled this a while ago... (The order is included in the article)
Judge: An IP-Address Doesn’t Identify a Person (or BitTorrent Pirate)
May 3, 2012 by Dissent
Ernesto reports on a federal court ruling from Eastern District New York:
A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has suffered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders.
Read more on TorrentFreak.
[From the article:
Previous judges who handled BitTorrent cases have made observations along these lines, but none have been as detailed as New York Magistrate Judge Gary Brown was in a recent order.
In his recommendation order the Judge labels mass-BitTorrent lawsuits a “waste of judicial resources.” For a variety of reasons he recommends other judges to reject similar cases in the future.
Why didn't they ask for a copy of the video to improve engine safety? More interested in enforcement of (really silly) rules than airline safety?
FAA issues warning to passenger who filmed bird strike
A Delta Air Lines passenger who admitted using an electronic device last month to videotape a bird strike minutes after takeoff has been warned by the Federal Aviation Administration to follow the rules or face a penalty the next time.
Free and accessible.
"Wikipedia founder Jimmy Wales is helping a UK government bid to make the results of Government funded research available freely online. The move taps into a popular protest at the restrictions which academic publishers place on the availability of research. From the article: 'Almost 11,000 researchers have signed up to a boycott of journals owned by the huge academic publisher Elsevier. Subscriptions to the thousands of research journals can cost a big university library millions of pounds each year – costs that have started to bite as budgets are squeezed. Harvard University, frustrated by the rising costs of journal subscriptions, recently encouraged its faculty members to make their research freely available through open access journals and to resign from publications that keep articles behind paywalls.'"
Attention publishers? Will anyone/everyone follow?
Blurb, The Custom Book Printing Startup, Is Tossing Its Hat Into The E-Book Ring
Blurb has had a good amount of success as a disruptive player in the “traditional” publishing space. The San Francisco-based company, which lets anyone write and publish a physical book at relatively affordable prices, has built a profitable business with more than 100 staff and more than a million paying customers since it launched to the public six years ago.
… Blurb is expanding into the e-book space this summer, gradually rolling out a software platform developed in-house that will allow people to create and distribute multimedia-enabled digital books.
Geeky (and not-so-geeky) stuff (Each links to a full article)
10 awesome ways to use a USB flash drive
Tools for the artist...
For my students who already know everything...help students become better searchers. Aimed at educators, this site provides lesson plans, video tutorials, and access to live trainings to help show teachers how to empower their students to use the tools that Google has to offer and make their search experience stronger and more valid. A wonderful resource for teachers and learners of all ages.
One possible direction for education?
EdX: A Platform for More MOOCs and an Opportunity for More Research about Teaching and Learning Online
At a joint press conference today, Harvard University President Drew Faust and MIT President Susan Hockfield announced a new nonprofit partnership, edX, that would offer free open online courses.
… But the east coast-west coast and/or the elite university rivalries aren’t really the most interesting thing about the edX news.
Nor is it that Harvard says that it will, just as MITx does, offer certification (but no college credits) to those who complete the class.
Nor is the most interesting thing in today’s news that we’re seeing institutions of higher ed, reknowned for the glacial pace of their responsiveness and transformation, move quickly – really really quickly – to embrace MOOCs. Add to the list of MIT, Stanford, and Harvard are other US universities too – the University of Pennsylvania, Princeton, and the University of Michigan, now all offering courses via the Coursera or the MITx platform, as well as open online courses at other universities, including those offered at the University of Mary Washington and the University of Regina.)
… As the MITx platform will be open source, universities will be able to offer MOOCs on it without having to pay or license the similar software from one of these other new for-profit education startups.
Dilbert explains why Apps sell so well. (For your Privacy Cartoon collection)