Thursday, May 21, 2015

At least they encrypted the passwords. Another wise practice: The article also suggests they brought in a third party to double check their security because the industry was being increasingly targeted. Good on ya, CareFirst!
From CareFirst BlueCross BlueShield:
On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack.
The attackers gained limited, unauthorized access to a single CareFirst database. This was discovered as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of recent cyberattacks on health insurers. CareFirst engaged Mandiant – one of the world’s leading cybersecurity firms – to conduct an end-to-end examination of its IT environment. This review included multiple, comprehensive scans of the CareFirst’s IT systems for any evidence of a cyberattack.
The review determined that in June 2014 cyberattackers gained access to a single database in which CareFirst stores data that members and other individuals enter to access CareFirst’s websites and online services. Mandiant completed its review and found no indication of any other prior or subsequent attack or evidence that other personal information was accessed.
Evidence suggests the attackers could have potentially acquired member-created user names created by individuals to access CareFirst’s website, as well as members’ names, birth dates, email addresses and subscriber identification number.
However, CareFirst user names must be used in conjunction with a member-created password to gain access to underlying member data through CareFirst’s website. The database in question did not include these passwords because they are fully encrypted and stored in a separate system as a safeguard against such attacks. The database accessed by attackers contained no member Social Security numbers, medical claims, employment, credit card, or financial information.
… Approximately 1.1 million current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst’s websites prior to June 20, 2014 are affected by this event. All affected members will receive a letter from CareFirst offering two free years of credit monitoring and identity theft protection. The letters will contain an activation code and you must have the letter to enroll in the offered protections. Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords.
Note that CareFirst says they did detect the attack at the time, but did not fully appreciate its scope. In an FAQ on the incident, they write:
CareFirst did detect the initial attack and took immediate action to contain the attack. At the time CareFirst believed that we had contained the attack and prevented any actual access to member information. The evidence that data was accessed was found as part of a comprehensive assessment conducted as part of CareFirst’s ongoing information security efforts in the wake of cyberattacks on other health care companies.

Another downside of being clueless?
FTC looks 'favorably’ on firms that report data breach
The Federal Trade Commission advised companies Wednesday that it looks positively on cooperation when conducting investigations into data security breaches.
The agency said it would view a company that had reported a breach on its own and cooperated with law enforcement “more favorably” than one that had not.
… The warning was made in a blog post describing what private companies can expect when “the FTC comes to call” about an investigation, which could later lead to enforcement action.
… According to an FTC report released last year, the agency has brought about 50 data security cases in a little more than a decade. Last year alone, the FTC touted action against Snapchat, Fandango, Credit Karma, Verizon and others.

A “heads up!” for my students.
ATM Debit Card Theft Spikes to 20-Year High
… According to FICO (a credit-scoring and analytics company), from January to April 9, 2015, the number of attacks on debit cards used at ATMs reached the highest level for that period in at least 20 years. "We have periodically seen spikes in fraud but not at this level," said FICO's John Buzzard on FOX Business Network.
… Buzzard added that debit-card compromises at ATMs located on bank property were "pretty significant" jumping 174% from Jan. 1 to April 9, compared with the same period last year, while successful attacks at nonbank machines soared by 317%.

Nothing new?
Americans’ Attitudes About Privacy, Security and Surveillance
by Sabrina I. Pacifici on May 20, 2015
Two new Pew Research Center surveys explore [the issues of privacy and surveillance] and place them in the wider context of the tracking and profiling that occurs in commercial arenas. The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used. Adding to earlier Pew Research reports that have documented low levels of trust in sectors that Americans associate with data collection and monitoring, the new findings show Americans also have exceedingly low levels of confidence in the privacy and security of the records that are maintained by a variety of institutions in the digital age. While some Americans have taken modest steps to stem the tide of data collection, few have adopted advanced privacy-enhancing measures. However, majorities of Americans expect that a wide array of organizations should have limits on the length of time that they can retain records of their activities and communications. At the same time, Americans continue to express the belief that there should be greater limits on government surveillance programs. Additionally, they say it is important to preserve the ability to be anonymous for certain online activities.”

More fine grained definition. How would you write a warrant for an unnamed file found in a private search?
Orin Kerr writes:
The Sixth Circuit handed down a new decision on computer search and seizure that may be the next computer search issue to make it to the Supreme Court. The issue: How does the private search reconstruction doctrine apply to computers? The new decision creates an apparent circuit split with the Fifth and Seventh Circuits.
Read more on The Volokh Conspiracy.
[From the article:
In 2012, the Seventh Circuit joined the Fifth Circuit by adopting the unit of the device. And last month, a cert petition was filed at the Supreme Court on this issue in Gunter v. United States. But I hadn’t thought there was a particularly clear split. At least until this morning.
This morning, the Sixth Circuit handed down a new case, United States v. Lichtenberger, that adopts the proper unit as data or a file instead of the physical device.

Perspective. Big drones carry Maverick missiles, perhaps these little buggers will carry firecrackers?
Cicada’ the Mini-Drone: Swarming to a Terrorist Near You
… The mini-drones can be launched as a swarm by aircraft or other aerial platform. The new model developed by the Naval Research Laboratory is called the Cicada (Close-In Covert Autonomous Disposable Aircraft). The program has been under exploratory development since 2006.
The Cicada is presently little more than a paper airplane glider with GPS. The silent killers can soar at 47 MPH. They have already been tested at 57,000 plus feet three years ago in Yuma, Ariz. But right now they are envisioned for non-lethal roles that might include lacing targets or target areas. According to the Navy, 18 of these vehicles can fit in a six inch cube.

Here's the problem with inflating your military capabilities: Even when we doubt you word we can't simply ignore the possibility.
U.S. doubts N Korea’s claim on nuke weapons
The United States on Wednesday cast doubt on Pyongyang’s claimed capacity to miniaturise and diversify its stockpiled nuclear weapons.
“Regarding that specific claim of miniaturisation, we do not think they have that capacity,” State Department spokesperson Marie Harf told reporters, Xinhua reported.
North Korea said earlier in the day that it has entered the phase of miniaturisation and diversification of its nuclear weapons for quite some time, with the successful test-firing of a strategic ballistic missile from a submarine on May 8.

(Related) ...and when we know you have the capability, things can get rather tense. How far can China push and how firm can our response be? Something bad will happen when the limits are exceeded – and they will be.
On Wednesday, the Chinese navy issued warnings eight times for a U.S. surveillance plane to leave an area near man-made islands that Beijing has built to establish influence in the South China Sea, reported CNN.
… "This is the Chinese navy [...] This is the Chinese navy [...] Please go away," said a voice through the radio of the aircraft
During that one mission, the Chinese navy ordered the P8 to go out of the airspace eight times, and every time, the P8 pilot would calmly tell the Chinese radio operator that the P8 is flying through international airspace.
At one point, in exasperation, the Chinese voice told the American pilot, "This is the Chinese navy [...] You go!"
… The source of the Chinese voice heard through the radio of the P8 is a Chinese-made island some 600 miles from the country's coastline. The Wednesday confrontation occurred over Fiery Cross Reef, an island complete with military barracks and a runway.
… In 2013, China started constructing the man-made islands, creating land at the sea surface by repurposing sand [Interesting phrase Bob] at the area's 300-foot-deep waters. Over the past two years, China has built 2,000 acres of artificial land in the disputed area, according to the International Business Times.
… If China does not stop at establishing their military presence in the area, former CIA deputy director Michael Morell warned that a war between China and the United States will occur.
… A freedom of navigation exercise is being planned by the United States in which more U.S. ships or aircraft would be hovering within 12 nautical miles of Beijing-claimed territory, reported The Australian. The plan to emphasize freedom of navigation and freedom of the air aims to make it known that the United States does not approve of Beijing's construction over the disputed waters.

Targeted advertising. (Digest Item #6)
How to Advertise Beer to Women
And finally, in an effort to persuade more women that beer is actually rather tasty, German brand Astra advertised directly to the female half of the population. For directly, read exclusively, as these automated billboards only started up when there was a woman in the vicinity.
A small camera attached to the billboard uses facial recognition software to detect gender and age. And if a female is walking past, one of 70 videos starring German comedian Uke Bosse starts playing. And if it’s a guy? He’s told to keep on walking past. Possibly to buy some beer.

An interesting article for my Data Management students. I don't agree with it, but it does raise a few points for discussion.
4 Business Models for the Data Age
Data is invading every nook and cranny of every sector, every company therein, every department, and every job. As it does, it’s flexing its strategic muscles, and four ways to compete with data are starting to emerge.
The first involves cost reduction through improved data quality.
Improved data quality also lies at the root of the second strategy, which I call “content is king.
“Building a better data mousetrap” — or data-driven innovation — is the third way to pursue competitive advantage through data.
Finally, the fourth strategy is to become increasingly data-driven, in everything one does.

My answer is that as population increases the numbers of people (not the percentage) at either end of the normal curve increase. Therefore we have more idiots, serial killers and useless politicians than ever before – with no change in the statistical probabilities.
Are We Getting Dumber? Or Is Stupidity Just More Visible Online?

Interesting. Gives you a mosaic of similar searches to help you cover all the angles.
Athenir - A Search Engine With Visualizations of Related Terms
This afternoon I had a nice Skype conversation with a Stanford student named Nick Hershey who has built a nice search tool called Athenir. Nick has lots of neat things planned to add to Athenir this summer, but for now it is a search tool. When you enter a search term on Athenir you will get results from Yahoo along with a graphic of related search terms. In that regard it reminded me of Google's, now defunct, Wonder Wheel tool.
Applications for Education
Athenir could be useful to students who are struggling to see connections between search terms and or are need of assistance in changing their search terms.

...and we thought Artificial Intelligence was the problem. Dilbert reveals a far darker future.

No comments: