Thursday, April 02, 2015

I wonder if the vendor contract has an “If you do anything stupid...” clause. Why would anyone set up password only access to their systems?
Carly Q. Romalino reports:
A weak network password allowed hackers to infiltrate a Gloucester County school district’s network last week, holding its files hostage for more than $125,000, according to Educational Information and Resource Center experts.
A ransomware attack on Swedesboro-Woolwich Elementary School District’s network last week interrupted state-mandated testing and locked down network files last week. The attackers demanded 500 bitcoins — a hard-to-trace digital currency.
Read more on Courier-Post. Of note, the weak password was used by an unnamed vendor doing work for the school. The vendor reportedly used the account name “breaker” with a weak password for all of its work on clients’ systems.
[From the article:
The “brute force attack” originated outside of the United States, he added.
Hackers identified a potential open port in the Swedesboro-Woolwich system, then assaulted the servers thousands of times per minute with various password and username combinations until one worked, Procopio explained.

Why is this data in a computer at all? Wouldn't a file on a CD/DVD (locked in a safe) be adequate?
From the locker-numbers-today-grades-tomorrow dept.:
Krista Brick reports:
Information technology professionals are trying to determine today how students were able to access a secured computer file at Bethesda’s Westland Middle School and distribute the names, locker numbers and locker combinations for that school’s 1,400 lockers.
Montgomery County Public School’s Westland Principal Alison Serino told MyMCMedia Wednesday that a substitute teacher saw the students making copies of the list on Tuesday and the administration was made aware of what happened this morning.
[From the article:
“I’m not sure how this happened,” she said, adding that the locker file is kept on a password protected file on an office computer.
No other student data was accessed from that computer she said. [Ever? The computer is never used or there is no record of activity? Bob]

Very interesting. Does this suggest that management thinks it is cheaper to pay the hackers than to provide adequate backups and security in the first place? Or do they have no faith in their Security people?
30 Percent of Companies Would Negotiate Data Ransom With Cybercriminals: Survey
In a survey from ThreatTrack Security, 30 percent of the 250 organizations pooled said they would negotiate with a cyber-criminal to get their data back. Though that means 70 percent would not support negotiating, the survey also found that 86 percent of security pros believe their peers at other organizations have done so.
The percentage of those willing to negotiate was even higher among organizations that had already been hit by a cyber-extortion scheme. Nearly 40 percent of security professionals said they are employed at an organization that has been targeted in that kind of attack, and 55 percent of them are willing to negotiate. Security professionals within the healthcare and financial services sectors were least likely to recommend negotiating with cyber-extortionists with 92 percent and 80 percent, respectively, saying "no."

The next step up (down) from sexting? (The sex was legal, recording it was legal, only posting it was illegal?)
WLS reports:
Four Joliet teenagers were charged with child pornography after a group sex video was posted to Twitter.
The three males – ages 14, 15 and 16 – and one female, 15, all attend Joliet Central High School. They were arrested after the girl’s mother saw the video and called police. The sex was consensual, according to the Joliet police chief, but distributing it online is considered child pornography.
Read more on ABC News.

Is this one of those “Hey look! We did something!” actions? Hackers who have investments in the US are probably rather rare. Or is this just a polite way to target China?
Obama: Groups That Launch Cyberattacks Against U.S. Companies To Face Economic Sanctions
President Obama signed an executive order today that declares cyberattacks from foreign soil to be a national emergency and gives the United States new powers for defending against them. The executive order, titled “Blocking The Property Of Certain Persons Engaging In Significant Malicious Cyber-Enabled Activities” gives the federal government the power to hit foreign hackers with freezes on their U.S. funds and property.
… Prime targets will be foreign officials who the U.S. government suspects of serious hacking activity, such as the officers in the Chinese People’s Liberation Army (PLA) who were blamed for attacking major American businesses in 2014.

A debate that should be coming here soon.
Professor Nils Hoppe has an article in BioNews that I recommend you read. It begins:
One of the legally and ethically problematic issues regularly debated in the context of biobanks and tissue repositories is that of its potential for forensic use. When Anna Lindh (the Swedish foreign minister) was murdered in 2003, her killer was subsequently identified by way of matching DNA traces found at the crime scene with data contained on the killer’s Guthrie card (an archived heel blood test done on every child born in Sweden). This was an elegant and inspired forensic move by the prosecuting authorities in Stockholm, but it led to frantic debate in the relevant scientific communities about whether mechanisms ought to be developed that restricted such use in the future.
The rationale for this discussion was not what one might first suspect it to be: it was not driven by a desire to strengthen individuals’ informational self-determination, or a sign that genetic information was in some way instantly recognised as particularly volatile and needing additional protection (though the jury is still out on that particular question). The driver behind this discussion is essentially the same as that in the context of medical confidentiality taken by the Court in X v Y [1988], succinctly summarised in that judgment by Rose J:
[i]n the long run, preservation of confidentiality is the only way of securing public health; otherwise doctors will be discredited as a source of education, for future individual patients ‘will not come forward if doctors are going to squeal on them‘. (my emphasis). (1)
This is, in essence, a consequentialist public health argument. It is not about protecting the privacy or augmenting informational self-control of individuals, but about providing stability and coherence in the system. If the information is not safe in the system, I will not give my information to the system. This would have disastrous consequences for the provision of clinical care to the benefit of everyone.
Read the full article on BioNews. He raises a lot of really important questions that do need to be debated and addressed.

One-Fifth Of Americans Use Smartphones As Their Primary Onramp To Internet
… The biggest takeaway from the results is that nearly 20% of Americans access the Internet primarily on their mobile phones. That means they don't use a desktop or notebook for Internet access - only their phone. Perhaps for the younger generation, this shouldn't come as too much of a surprise, but even so, 20% is a huge share.
… In households where less than $30,000 is earned each year, 13% of people will rely on their phone entirely; for households where $75,000 or more each year is earned, only 1% rely solely on their smartphones.
… There are some other interesting bits, however. In total (of those who completed the survey), 62% of people have used their smartphones to look up health information, while 57% have conducted online banking. Here's one that impresses me: 18% have used their smartphone to submit a job application.

Suspicious? Google has been parking the corporate jets at Moffett for years. I wonder who they out bid for the lease? Why 60 years? (April 1st?)
Google Takes Over Giant Airship Hangars at Moffett Field
There was no ceremony, no party, just a quiet transfer. Google is now the custodian of the giant airship hangars at Moffett Field.
The tech company will lease the historic buildings and 1,000 surrounding acres for the next 60 years.
The deal calls for Google to restore the hangers.

Timely. My Data Management students will learn how to do some of this...
What is data-driven marketing?
In words tinged with somber acceptance, today's digital marketers proclaim customer data as their new master. No marketing decision shall be made without closely consulting the data-analytics tea leaves. Marketing's black art has just become quantifiable, but what does data-driven marketing really mean?
"Arguably, the most important evolution in the history of marketing is the ability to understand what data you have, what data you can get, how to organize and, ultimately, how to activate the data," says Mark Flaharty, executive vice president of advertising at SundaySky, a tech vendor leveraging customer data to create and deliver one-to-one marketing videos.
… Then there are external data providers such as Avention, formerly OneSource, which offers business-to-business data about customers and prospects, which a company blends with internal data and feeds into an analytics engine to spit out marketing insights. Avention data helps companies better target prospect and manage the customer purchasing lifecycle.

Something for Big Data students to try?
International Statistical Agencies
Via Census – International Statistical Agencies – links to data from around the world. “The U.S. Census Bureau conducts demographic, economic, and geographic studies of other countries and strengthens statistical development around the world through technical assistance, training, and software products. For over 60 years, the Census Bureau has performed international analytical work and assisted in the collection, processing, analysis, dissemination, and use of statistics with counterpart governments in over 100 countries.”

No comments: