Sunday, June 07, 2015

Think strategically and security breaches take on a whole different level of risk.
Why Did China Hack Federal Employees' Data?
… There’s still a great deal that hasn’t been explained about why and how the hack happened, and whose data was compromised. (Angry federal employees took to the Facebook page of the Office of Personnel Management to complain about feeling left in the dark about the attacks.) There are, however, some emerging answers to three key questions: Who did it, why, and how it happened.
Early on, the government fingered Chinese hackers in the leak. Bruce Schneier has written for The Atlantic about the dangers of uncritically accepting initial attributions for attacks. The Chinese government has also rejected the claim, saying that it’s a victim of hacking itself. (That’s probably true—and the U.S. admits that it also hacks foreign governments.) But officials says there are fingerprints of known Chinese hackers.
… “They didn’t go to sell the data, which is what criminal groups usually do,” James Lewis of the Center for Strategic and International Studies told The New York Times. The government and outside experts think that, along with the fact that the leak targeted government employees suggest an elaborate effort to build a huge database of information on federal employees. The data reportedly cover employees going back as far as 1985, and includes information on employees who applied for security clearances.
… The government will now institute two-step verification—a step that longtime Atlantic readers will remember James Fallows exhorting them to take as early as the spring of 2011.
… Critics have also wryly noted that a huge incursion into sensitive employee information tends to undermine the government’s claims that its intelligence apparatus can protect huge amounts of personal information swept up in surveillance dragnets. As one former senior official told the Times, “The mystery here is not how they got cleaned out by the Chinese. The mystery is what took the Chinese so long.”

I'm not sure you can turn off the wipe feature. Perhaps a custom built browser?
When Joe Cadillic sent me a link to this article, the headline sounded so far-fetched that I figured it was some wild conspiracy theory. But it turns out it’s not.
Juliana DeVries reports that people are being prosecuted under the Sarbanes-Oxley Act for destroying evidence – including browser history – even if they were unaware that they were under investigation at the time of the destruction!
The law was, in part, intended to prohibit corporations under federal investigation from shredding incriminating documents. But since Sarbanes-Oxley was passed in 2002 federal prosecutors have applied the law to a wider range of activities. A police officer in Colorado who falsified a report to cover up a brutality case was convicted under the act, as was a woman in Illinois who destroyed her boyfriend’s child pornography.
Prosecutors are able to apply the law broadly because they do not have to show that the person deleting evidence knew there was an investigation underway. In other words, a person could theoretically be charged under Sarbanes-Oxley for deleting her dealer’s number from her phone even if she were unaware that the feds were getting a search warrant to find her marijuana. The application of the law to digital data has been particularly far-reaching because this type of information is so easy to delete. Deleting digital data can inadvertently occur in normal computer use, and often does.
Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation, says the feds’ broad interpretation of Sarbanes-Oxley in the digital age is part of a wider trend: federal agents’ feeling “entitled” to digital data.
Read more on The Nation.

As I read this, only law abiding drone operators would be monitored and controlled. Hijack a drone (or leave off the communications and control electronics) and like the hijacked planes of 9/11, there is nothing NASA or the FAA or anyone can do about it.
Here’s another one I missed while I away at the Health Privacy Summit this week, but thankfully, Joe Cadillic sent it to me.
Mark Harris reports:
Verizon, the US’s largest wireless telecom company, is developing technology with Nasa to direct and monitor America’s growing fleet of civilian and commercial drones from its network of phone towers.
According to documents obtained by the Guardian, Verizon signed an agreement last year with Nasa “to jointly explore whether cell towers … could support communications and surveillance of unmanned aerial systems (UAS) at low altitudes”.
That $500,000 project is now underway at Nasa’s Ames Research Center in the heart of Silicon Valley. Nasa is planning the first tests of an air traffic control system for drones there this summer, with Verizon scheduled to introduce a concept for using cell coverage for data, navigation, surveillance and tracking of drones by 2017. The phone company is scheduled to finalise its concept by 2019.
Read more on The Guardian.

Like BitCoins, this moves money outside the control of governments. Will governments respond? Perhaps I could combine BitCoins and mobile cash to create my own money? How much would “One Bob” be worth? On second thought, don't answer that.
Disruptive Financial Technology Startup – Mobile Payments
by Sabrina I. Pacifici on Jun 6, 2015
Exponential Finance: Who Will Be the Instagram or Uber of Finance? – Jason Dorrier: “Abra is exemplary of what happens when several digital technologies converge in one product. Combining an Uber-like peer-to-peer network with smartphone technology and blockchain, Abra literally stashes the cash in your pocket on your smartphone. From there, users can send cash as easy as they send a text. All this happens without a bank. Abra’s founder, Bill Barhydt, estimates we’re three years away from wireless carriers cycling off every feature phone—simple cell phones—sold when the iPhone and Android first came out. As smartphones become ubiquitous in the developing world, it’s possible many of the world’s unbanked billions in developing countries will skip traditional finance, a little like how they leapfrogged landlines for cell phones. It’s a radical thought. But with Abra, it’s plausible that bank-free, digital cash will be a force to be reckoned with.”

My weekly giggle generator.
Hack Education Weekly News
… “Washington State Passes Bill Strengthening Computer Science Education.” [Actually: would establish computer science standards, create a computer science teaching endorsement, and make grants available to train teachers in the subject in Washington state is now headed to Gov. Jay Inslee for his signature.
… “An Increasingly Popular Job Perk: Online Education.” – “A partnership between Southern New Hampshire and Anthem Inc., a health-insurance company, will allow some 55,000 Anthem employees to earn associate or bachelor’s degrees through the university’s College for America, a competency-based assessment program.”
… It’s 2015 and school districts are still freaking out about teachers interacting with students on social media.
Via the BBC: “Schools are being offered new software that helps teachers spy on pupils’ potentially extremist online activity. It alerts teachers if pupils use specific terrorism-related terms or phrases or visit extremist websites on school computers, laptops or tablets.”
Via the Orlando Sentinel: “What Orange County students – and staff – post on social media sites such as Twitter, Facebook and YouTube is now being monitored by their school district to ‘ensure safe school operations.’”

No comments: