Friday, December 12, 2014
An attack somewhat similar to Sony, but clearly not by the same hackers. A very interesting article. Sort of the opposite of “Win friends and influence people!” You can see where this is going.
Now at the Sands Casino: An Iranian Hacker in Every Server
… early on the chilly morning of Feb. 10, just above the casino floor, the offices of the world’s largest gaming company were gripped by chaos. Computers were flatlining, e-mail was down, most phones didn’t work, and several of the technology systems that help run the $14 billion operation had sputtered to a halt.
Computer engineers at Las Vegas Sands Corp. (LVS) raced to figure out what was happening. Within an hour, they had a diagnosis: Sands was under a withering cyber attack.
… This was no Ocean’s Eleven. The hackers were not trying to empty a vault of cash, nor were they after customer credit card data, as in recent attacks on Target, Neiman Marcus, and Home Depot. This was personal. The perpetrators wanted to punish the company, or, more precisely, its chief executive officer and majority owner, the billionaire Sheldon Adelson. Although confirming their conjectures would take some time, executives suspected almost immediately the assault was coming from Iran.
… In October 2013, Adelson, one of Israel’s most hawkish supporters in the U.S., arrived on Yeshiva University’s Manhattan campus for a panel titled “Will Jews Exist?”
… “What are we going to negotiate about?” Adelson asked. “What I would say is, ‘Listen. You see that desert out there? I want to show you something.’ ” He would detonate an American warhead in the sand, he said, where it “doesn’t hurt a soul. Maybe a couple of rattlesnakes and scorpions or whatever.” The message: The next mushroom cloud would rise over Tehran unless the government scrapped any plans to create its own nukes.
… Iran’s Supreme Leader Ayatollah Ali Khamenei responded two weeks later, according to the country’s semiofficial Fars News Agency, saying America “should slap these prating people in the mouth and crush their mouths.”
… Physically, Adelson and Sands are well protected. He appears in public with a phalanx of armed bodyguards, said to be former agents of the U.S. Secret Service and Mossad, Israel’s intelligence agency. Sands paid almost $3.3 million to protect Adelson and his family last year, according to a company filing. That’s on top of what Sands spends on vaults, security cameras, biometric screening devices, and one of the largest private police forces of any U.S. company, all to safeguard the millions of dollars of cash and chips that flow through its operations every day.
But the company has been slow to adapt to digital threats. Two years ago it had a cybersecurity staff of five people protecting 25,000 computers, according to a former executive.
My Computer Security students are beginning to understand that much (most?) of Sony's problems are due to bad (ignorant) management.
Sam Biddle reports:
Sony says the recent breach of its servers and weeklong cyber humiliation is an “unprecedented” strike and an “unparalleled crime.” If they’re shocked by these events, they’ve been shocked for almost a year: leaked emails obtained by Gawker show security troubles dating back to February.
If you read the full article on Gawker, you’ll see emails noting a hack that Sony chose not to disclose and where they elected not to notify affected individuals because, well, they just had no legal obligation to notify.
It just continues to get worse and worse for them, doesn’t it? But it all seems self-inflicted, and any attempts to portray them as the victims will be met with, “No, your employees are the victims, and you’re responsible for their embarrassment and potential problems.”
(Related) If managers can't figure out computer security, regulators will explain what they must do.
Katherine Gasztonyi writes:
On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward.
In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all New York chartered or licensed banking institutions—noted that the Department would take a close look at banks’ data breach detection abilities, cybersecurity corporate governance practices, resources devoted to information security, defenses against cyberattacks, management of third-party service providers, and cybersecurity insurance coverage, among other things.
Read more on Covington & Burling InsidePrivacy.
TED video. Police surveillance and you...
Catherine Crump: The small and surprisingly dangerous detail the police track about you
Law in “space and time.” Could have been written by Steven Hawking.
Orin Kerr writes:
With law school exam season finishing up, here’s a new Fourth Amendment decision with facts that seem straight from a law school exam: United States v. Camou, authored by Judge Pregerson. In the new decision, the Ninth Circuit suppressed evidence from a 2009 search of a cell phone taken from a car incident to arrest at the border. The new ruling might not be the final word in the case. But the court does decide an important question along the way: The Ninth Circuit rules that if the police have probable cause to search a car under the automobile exception, they can’t search cell phones found in the car.
Read more on Volokh Conspiracy.
(Related) Same time, different space. And the ruling is actually the same (as far as this non-lawyer can tell)
The Supreme Court of Canada ruled on Thursday that law enforcement can search the cellphone of someone they’ve just arrested as long as the search is related to that arrest.
The e-rate “tax” goes to internet providers, not to schools, right? Schools become 'eligible for discounts' but are not guaranteed broadband Internet. Seems kind of backwards to me.
OVERNIGHT TECH: Dems applaud funding boost for school Internet
Russia cuts itself off. Russia cuts its own throat. Pick one.
Google shuts Russia engineering office
Google is to close its engineering office in Russia, in the latest sign that a crackdown on internet activity by Russian authorities this year could hasten an outflow of engineering talent from the country.
A series of moves against internet companies, culminating in a new law designed to force them to keep all data about Russians inside the country, has led some Russian entrepreneurs and engineers to consider relocating outside the country.
When one of these Apps reaches a certain level of accuracy, energy utilities will offer them to homeowners for free. Meanwhile, the market is mostly 'green' fanatics.
Weird name, cool tool: Smappee monitors and reports energy consumption for each of your home's appliances
Smappee (it’s a sort of an acronym for Smart App for Energy Efficiency) is a sensor that measures the total electrical power that your home draws from the grid. That's not unique, but Smappee's ability to uniquely identify each appliance—large and small—is new.
… You—or an electrician, if you don’t feel comfortable working inside your breaker box—clamp a pair of sensors to the main power lines coming from the grid into your circuit-breaker panel. (The clamps don't come in contact with the copper wires, reducing the risk of shock, but Smappee nonetheless recommends you hire a professional.)
… Smappee has also developed very low-cost plug-in modules that can be used to remotely power-off devices. One is included with the product, and you can buy three more for just $40.
For my students who read.
The Best Book I Read This Year
The Atlantic's editors and writers share their favorite titles—new, classic, or somewhere in between—from a year of reading.