Tuesday, February 18, 2014
For what it's worth, this is my 2800th Blog post, according to Google.
Anyone can download hacking tools and for any reason become a cyber-vigilante! Individually, that's no big deal. Do something that catches the attention of many people (worse, organized groups) and this could be the result.
Jeb Boone reports:
Hackers around the world are setting their sights on Venezuela’s government web properties following violent repression against anti-government protesters and instances of internet censorship.
Already, hacker groups have defaced, deleted and waged DDoS (distributed denial of service) attacks on Venezuelan government and military sites.
Spearheaded by South American Anons, as the hackers are known, the large-scale attacks against gov.ve subdomains began after three people were killed during demonstrations in Caracas last week.
Read more on MinnPost.
Interesting “process.” One person does the hack, another drains the cash!
Skillful Hackers Drained ATMs Using Malware-laden USB Drives
PUNTA CANA - KASPERSKY LAB SECURITY ANALYST SUMMIT - A highly sophisticated gang of criminals inserted infected USB sticks into ATMs and emptied out all the cash inside, a security researcher told SecurityWeek.
The gang looted four ATMs belonging to a single bank using a USB stick containing a DLL exploit payload, Tillmann Werner, a researcher for CrowdStrike, told SecurityWeek in an interview. Werner declined to specify the targeted bank, the brand of the ATM that was compromised, or the country where the attack occurred. Law enforcement officials have thus far made only one arrest in this operation--the money mule who was caught while taking the money out of a compromised ATM.
Considering how much money is kept inside a single ATM, it's likely the gang has already stolen millions of dollars, and the gang is still in operation. It is also possible other banks may be targeted by this attack, Werner warned.
(Related) Are thumb drives treated like phones? If one justification is to find evidence of the crime “for which, the person was arrested” does that automatically place evidence of any other crime off limits?
Searching a cell phone incident to arrest: Possible Fourth Amendment rules that the Supreme Court might consider in Riley and Wurie
Orin Kerr writes:
The Supreme Court recently granted cert on two cases about how the Fourth Amendment applies to the search incident to an arrest of a cell phone found on a person arrested. In textual terms, when is a search of a cell phone incident to arrest constitutionally “reasonable”? In this post, I want to lay out some of the possible Fourth Amendment rules that the Court might consider to answer that question. I’ll start with a basic introduction to the rationales of the search incident to arrest exception. I’ll then offer a few possible rules the Court might adopt to answer when a cell phone can be searched under the exception. Next, I’ll turn to possible rules for how broadly a search should extend under the exception if/when such searches are allowed. In future posts, I’ll offer some thoughts on how the Court might choose among the rules.
Read more on WaPo Volokh Conspiracy.
How much can a breach cost you?
Wachovia customer sues bank for failing to protect his account and then falsely fingering him to the feds
Jay Weaver of the Miami Herald has a must-read piece about what Carlos Gomez, a Wachovia Bank customer, went through after becoming a victim of ID theft by a bank employee, and how he’s suing Wachovia, which has since been taken over by Wells Fargo:
Just before dawn, insistent pounding on the front door jolted the ex-Marine and young father out of bed. Federal agents poured into his Kendall home, pushing his wife aside and rushing to his bedroom. They held guns to his face before slapping him in handcuffs.
“I kept asking, ‘What is going on?’ ” recalled Gomez, who works as a driver for UPS. “I was scared for my life.”
Gomez, busted in a money-laundering scheme, would spend nearly two weeks in a federal detention center and another seven months under house arrest.
It took 222 days before federal prosecutors realized it was all a terrible mistake: A rogue bank worker had stolen his identity.
Thanks in part to Gomez’s own sleuthing, prosecutors eventually discovered he had been wrongfully charged. The Wachovia Bank employee had stolen $1.1 million from customers, then swiped Gomez’s identity to create a checking account under the pilfered name to launder portions of the embezzled proceeds.
Now, nearly three years after the ordeal, Gomez is suing Wachovia for “malicious prosecution.”
Read more on Bellingham Herald.
Picture yourself in his situation. Your bank doesn’t protect you from an insider breach and then gives federal investigators false information about you that gets you charged and detained? And then you have to spend your time and money trying to clear your name because of their failures. Wouldn’t you sue them for the misery they put you through? I sure would.
Gomez’s civil lawyers, Jermaine Lee and Eric Hernandez, claim in a lawsuit filed in September in federal court that Wachovia officials were reckless when they failed to protect Gomez’s “confidential” account and to provide “accurate” information about him to federal authorities.
In a key ruling last month, U.S. District William Dimitrouleas rejected the bank’s bid to throw out the civil case, saying Gomez had “sufficiently alleged” that Wachovia violated its “fiduciary duty” to him by allowing an employee and others “to misuse his private and confidential information to launder monies.” As a result, Gomez’s case is headed for mediation and, if still unresolved, trial.
Good luck, Mr. Gomez. And if any court should try to dismiss this case for lack of ability to show harm, then we need a revolution in this country.
What you don't know about your audience can impact your security.
Millennials have a reputation for being the most plugged-in generation in the workplace. Experts have even suggested “reverse mentoring” so that younger workers can inculcate their “tech-savvy” habits in older generations. But a new survey from Softchoice shows that those may actually be bad habits when it comes to keeping data secure.
For instance, 28.5% of twenty-somethings keep their passwords in plain sight, compared with just 10.8% of Baby Boomers. They’re also significantly more likely to store work passwords on a shared drive or word document that isn’t itself password-protected, and more likely than older workers to forget their passwords.
And it gets worse! They’re more likely to email work documents to their personal accounts, move documents via cloud apps that IT doesn’t know they have, and lose devices that would give whoever found them unrestricted access to company data. Basically, in every way that Softchoice measured, the youngest workers were the most likely to lose data or leave themselves open to hacking.
Somehow I doubt the average citizen will support the tax increase this would require.
Anthony Cuthbertson reports:
Germany and France will carry out talks to discuss a new European communication network that would avoid emails and online data passing through the US. [Even if that is the fastest route? Bob]
German Chancellor Angela Merkel spoke of the new network in her weekly podcast, stating her intention to propose it to French President Francois Hollande when she meets with him on Wednesday.
Read more on ITProPortal.
Posturing? We'd do the same thing if we had the resources? A negotiating tactic?
Indonesia Slams Reported Australian Spying as 'Mind-boggling'
Indonesia Monday described as "mind-boggling" a report that Australian spies targeted Jakarta during a trade dispute with Washington, as a new espionage row erupted during a visit by US Secretary of State John Kerry.
Ties between Canberra and Jakarta have sunk to their lowest point for years in recent months over previous allegations that Australian spies tried to tap the phones of Indonesian President Susilo Bambang Yudhoyono and his inner circle.
Jakarta recalled its ambassador from Canberra and suspended cooperation in several areas, including on the sensitive area of people-smuggling, following the allegations.
… "I find that a bit mind-boggling and a bit difficult how I can connect or reconcile discussion about shrimps and how it impacts on Australia's security," Indonesian Foreign Minister Natalegawa told reporters at a press conference alongside Kerry.
Do we have an obligation to protect those to whom we grant asylum from Cyber attacks?
Associated Press reports:
An Ethiopian refugee is urging British authorities to open an investigation after experts found traces of sophisticated surveillance software on his computer.
Tadesse Kersmo accused the Ethiopian government of deploying the software to spy on his Skype calls with other members of the country’s opposition, excerpts of which later ended up on the Internet.
Read more on AP The Big Story.
“I see in your latest email to your cousin George that you think you have no privacy. How can we make you feel more secure?”
New Zealand’s new privacy commissioner gave an interview on his first day in office, and ONE News covered it:
The man charged with safeguarding our privacy says public faith in government agencies needs to be rebuilt.
Privacy Commissioner John Edwards says he wants to help rebuild public confidence that personal information is safe.
“There are rules, and those rules need to be respected,” he said.
Mr Edwards’s comments come as privacy whistleblower Bronwyn Pullar calls for more power and resources for the Privacy Commission.
Read/watch more on TVNZ.
(Related) At least, we'd like some indication that government agencies are aware of events taking place around them.
Tim Cushing reports:
The government’s overclassification problem has turned its redaction efforts into a farce. When not deploying questionable exceptions to avoid returning responsive documents to FOIA requests, government agencies are cranking out amateurishly redacted pages that leave info exposed in one response and covered up in the next. No wonder they fear the“mosaic” approach to FOIA requests. If they’d just come up with some meaningful redaction guidelines, they could avoid this. Instead, things like the following bit of stupidity happen.
Read more on TechDirt.
Something for the “resource folder?”
Handbook on European data protection law
“This handbook is designed to familiarise legal practitioners who are not specialised in the field of data protection with this area of law. It provides an overview of the EU’s and the CoE’s applicable legal frameworks. The rapid development of information and communication technologies underscores the growing need for the robust protection of personal data – a right safeguarded by both European Union (EU) and Council of Europe (CoE) instruments. Technological advances expand the frontiers of, for example, surveillance, communication interception and data storage; all of these pose significant challenges to the right to data protection. The Handbook on European data protection law explains key jurisprudence, summarising major rulings of both the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU). Where no such case law exists, it presents practical illustrations with hypothetical scenarios. In a nutshell, this handbook aims to help ensure that the right to data protection is upheld with vigour and determination.”
Another “finding” that will go nowhere. I really can't understand why China continues to tolerate, let alone support North Korea. I can't see any advantage.
North Korea: UN Commission documents wide-ranging and ongoing crimes against humanity
UN Commission on Human Rights – “A wide array of crimes against humanity, arising from “policies established at the highest level of State,” have been committed and continue to take place in the Democratic People’s Republic of Korea, according to a UN report released Monday, which also calls for urgent action by the international community to address the human rights situation in the country, including referral to the International Criminal Court. In a 400-page set of linked reports and supporting documents [Report of the commission of inquiry on humanrights in the Democratic People’s Republic of Korea – A/HRC/25/63] based on first-hand testimony from victims and witnesses, the UN Commission of Inquiry on human rights in the DPRK has documented in great detail the “unspeakable atrocities” committed in the country. “The gravity, scale and nature of these violations reveal a State that does not have any parallel in the contemporary world,” the Commission — established by the Human Rights Council in March 2013 — says in a report that is unprecedented in scope. “These crimes against humanity entail extermination, murder, enslavement, torture, imprisonment, rape, forced abortions and other sexual violence, persecution on political, religious, racial and gender grounds, the forcible transfer of populations, the enforced disappearance of persons and the inhumane act of knowingly causing prolonged starvation,” the report says, adding that “Crimes against humanity are ongoing in the Democratic People’s Republic of Korea because the policies, institutions and patterns of impunity that lie at their heart remain in place.” The second more detailed section of the report cites evidence provided by individual victims and witnesses, including the harrowing treatment meted out to political prisoners, some of whom said they would catch snakes and mice to feed malnourished babies. Others told of watching family members being murdered in prison camps, and of defenceless inmates being used for martial arts practice. “The fact that the Democratic People’s Republic of Korea…has for decades pursued policies involving crimes that shock the conscience of humanity raises questions about the inadequacy of the response of the international community,” the report stated. “The international community must accept its responsibility to protect the people of the Democratic People’s Republic of Korea from crimes against humanity, because the Government of the DPRK has manifestly failed to do so.” The Commission found that the DPRK “displays many attributes of a totalitarian State.” [No kidding? Bob]
For my fellow geeks. Let's try to get people looking up.
ISS observation – When can I spot the Space Station?
Observation of the International Space Station – “The International Space Station can easily be spotted with the naked eye. Because of its size (110m x 100m x 30m) it reflects very much sunlight. The best time to observe the ISS is when it is night time at your location, but the Space Station is sunlit. Such a situation occurs often in the morning before sunrise or in the evening after sunset. Visible passes - You find a list of the next sighting opportunities for your location below. The green bars indicate the brightness of the ISS on its pass. The list contains all visible passes of the ISS during the next ten days. Please select a pass to get more details.” [Enter your city location in the search box for accurate tracking of the ISS]
For some of us, everyday is drink wine day.
February 18, 2014 is Drink Wine Day
How cruel am I? I'm making my Math students write an essay explaining the formulas in an elaborate Excel spreadsheet. Perhaps these tools will help.
13 Browser-Based Tools For Writers
(Related) Something for my students other than a Math essay?
Free Webinar - Digital Storytelling With Comics
Last month I hosted a free webinar on digital storytelling with comics. More than 100 people attended the live session. Next week on February 25th at 7pm I'll be conducting that webinar again. You can register for the webinar here. If you're interested in this topic but you cannot make the live session, please register anyway to have the recording emailed to you. The webinar is sponsored by Storyboard That, but will not be limited to only using Storyboard That. You will also see WeVideo and Widbook in use.
The webinar will be based on my free ebook Digital Storytelling Projects With Comics.