Friday, March 11, 2016

For my Computer Security students. You do not have to be overly smart to be a hacker. Only persistent. If you are trying to steal a Billion dollars, you should probably hire someone who can read & write English and any other language you are likely to encounter.
The Telegraph reports:
A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion (£700 million) heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.
Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.
The hackers breached Bangladesh Bank‘s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said.
Read more on The Telegraph.
[From the article:
Hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

Unfortunately, this case won't be resolved before my Computer Security class ends. Probably not before many of my students graduate. Let's hope it is resolved before they retire. (Wired even highlighted the juicy parts)
Government Calls Apple’s iPhone Arguments in San Bernardino Case a ‘Diversion’
The government says the security and privacy issues raised by Apple and numerous other tech companies about a court order in the San Bernardino iPhone case are mere diversions designed to hide the fact that Apple has deliberately created technical barriers to avoid assisting the government with lawful warrants. The government made the assertion in a brief filed in court today.
“Instead of complying, Apple attacked the All Writs Act as archaic, the Court’s Order as leading to a ‘police state,’ and the FBI’s investigation as shoddy, while extolling itself as the primary guardian of Americans’ privacy,” the government wrote in its brief, filed in the US District Court for the Central District of California (.pdf). “Apple’s rhetoric is not only false, but also corrosive of the very institutions that are best able to safeguard our liberty and our rights: the courts, the Fourth Amendment, longstanding precedent and venerable laws, and the democratically elected branches of government.”

(Related) I was surprised to learn that my students use 3 or four messaging Apps each, and now here's another. No doubt the FBI will want them to break their security too. (Just a note: If terrorists used this App it would be re-encrypted by Apple's iPhone. If the FBI could break Apple's encryption, they would find more encryption. Welcome to the modern world!)
Wire, the messaging app backed by Skype’s Janus Friis, gets video calls and message encryption
It’s been more than 15 months since Wire entered the competitive messaging app fray with the promise to build a Skype for the modern age — a promise given real credence by the backing of Skype cofounder Janus Friis.
Available for Android, iOS, and desktop, Wire is making good on that promise today by introducing video calls to the messaging mix. “It has consistently been our most requested feature,” explained Friis, who serves as executive chairman of Wire. In addition, Wire is also rolling out end-to-end encryption for messaging, a feature that has been available on voice calls since the app’s launch back in 2014.
“We are introducing privacy features that will keep our personal, private conversations on Wire out of the growing online data economy, where private user data is being harvested to build profiles and target us with advertising,” added Friis.

Is this why we tend to mistrust the FBI?
Andrew Crocker writes:
EFF recently received records in response to our Freedom of Information Act lawsuit against the Department of Justice for information on how the US Marshals—and perhaps other agencies—have been flying small, fixed-wing Cessna planes equipped with “dirtboxes”: IMSI catchers that imitate cell towers and are able to capture the locational data of tens of thousands of cell phones during a single flight. The records we received confirm the agencies were using these invasive surveillance tools with little oversight or legal guidance.
Read more on EFF.

No mention of encryption?
FCC proposes new privacy rules for Internet providers
… Under the proposal, customers would automatically consent to having their data used by their broadband provider when it was required for the delivery of their service.
… But beyond that, customers would have to explicitly consent to their data being shared with other companies or used for any other purposes.

Another 'government knows best' debate? Presumed innocent, but photogenic?
Tresa Baldas reports:
A Free Press-led battle over the public’s right to see mug shots of criminal defendants is back before a federal appeals court today, only this time the media company has loads of backup — roughly 60 news organizations have joined in the fight.
At issue is a policy by the U.S. Department of Justice, which has refused to release mug shots of criminal defendants on privacy grounds, even though courts have repeatedly ruled that the public has a right to see those photos. The latest such ruling came in August, when a three-judge panel of the U.S. 6th Circuit Court of Appeals ruled in favor of the Free Press, but still urged the full court to take up the issue.
Read more on THV11.

(Related) Children have no rights! (But they are tech savvy)
KJ Dell’Antonia writes that a recent study of 249 parent-child pairs revealed that kids are three times more concerned about what their parents are sharing about them online than the parents are. Read more on Well.

Another phrase I'll start using in my lectures. (If I steal enough smart stuff, I might be mistaken for smart)
Changing Cybersecurity Outcomes with Intelligence
Our modern world is strewn with cyber breaches, a proliferation of dangers, regional crises, political unrest, and dangerous threat actors – all at play against a backdrop of an over reliance on the Internet which was never designed to be the backbone of a global economy.
While we must continue to use defensive technologies because they help address the level of white noise that has become part of the cost to operate in our hyper-connected, digitized world, we can’t stop there.
This traditional, defensive cybersecurity approach has largely been deterministic in nature, which is a fundamental flaw. We know cyber threats and breaches are probabilistic.
The cost to operate and truly be resilient in the new digital landscape is most likely many times more than the average organization is spending today.

Is this inevitable or could the legal department actually anticipate reactions in every country? Perhaps if they hired a team of marketing experts and sociologists in each country?
Facebook Inc (FB) Should Worry About a String of Unfavorable German Court Rulings
… Facebook has rules that prohibit harassment, bullying and use of threatening language, but it has been criticized for its laxity in enforcing them.
This laxity is costing the company its reputation and finances, as German courts are having a field day issuing rulings that are placing Facebook at a disadvantage.
… The German court ruled that Facebook was abusing its dominant position by using its users’ private information to make a profit without their full consent. Facebook relies on the user data to better target its advertising offerings, which account for nearly all of its profits.
Earlier in January, Facebook had also lost a case in Germany’s highest court- -The Federal Court of Justice, which declared its “Find-a-Friend” feature unlawful and amounting to deceptive advertising. The feature was considered a ploy by Facebook to entice its users to market the social media site to their friends.
On Wednesday, Facebook found itself being mentioned, albeit negatively, in German courts again (Source: “German court rules against use of Facebook “like” button, Reuters, March 9, 2016). This time, the court ruled that local websites shouldn’t send visitor data to the social media site through its “like” button without the knowledge and consent of the visitors.
Facebook should reorganize its legal department or start complying with local regulations in countries it is operating in, or risk ruining its reputation and appeal.

Amusing and sad, at the same time.
RNC rolls out new attack on Clinton emails
The Republican National Committee on Thursday rolled out a new line of attack against Hillary Clinton’s private email setup while secretary of State, one year after she first publicly addressed the contested issue.
A new website attempts to rebut what it calls the “dishonest claims” the Democratic presidential front-runner has offered about her exclusive use of a private server while serving as secretary of State, claiming she violated federal policies and regulations.
… More than 2,000 of the roughly 30,000 supposedly work-related emails of Clinton’s that the State Department has released contained some level of classified information. Another 22 emails were classified at the highest level of “top secret” and were not released at all — even in a heavily redacted form.
… Clinton has claimed that all of those classification decisions were made retroactively. Government officials have disputed the point on at least the top secret emails.

I'm not sure I'd like a device to share the fact that my wife is home alone. (She might look at it as an opportunity to test the Rottweiler's protection training.) My Ethical Hacking students might find this an interesting target.
Home Alone? Now Nest Can Tell
Nest on Thursday announced two new features, Family Accounts and Home/Away Assist.
Family Accounts would let up to 10 people access the Nest products in a connected home from their Android or iOS devices. That means an end to sharing logins and passwords, the company said. Users can be added or removed seamlessly from the Family Account, which can provide notifications to the entire family. Users also can get updates from Nest Protect, check in with the Nest Cam and receive a monthly report on product usage.

I'm going to have a long think about this.
Is Twitter Making Us More Productive?
That question — how to measure technology’s effect on productivity, the economy, and well-being more broadly — is at the core of a major debate in economics right now. Productivity — in its simplest form, total economic output (gross domestic product) divided by the number of hours people work to produce it — is the central driver of economic growth and a reliable measure of a society’s prosperity.
… Yet by conventional measures, U.S. productivity has been in a slump for a decade — some fear permanently.
Many people in Silicon Valley, though, are skeptical that the productivity slowdown is real. How could it be? We all carry supercomputers in our pockets. We have every map of every neighborhood at our fingertips. We can order pizza from our phones! (OK, we’ve been able to order pizza from our phones for a long time. But now we can do it without talking to anyone.)
… In a new paper being presented at the Brookings Institution on Friday, economists David Byrne, John Fernald and Marshall Reinsdorf look at the Silicon Valley argument and firmly reject it. It’s true, they say, that official statistics underestimate the impact of technology on economic output. The government routinely understates gains in computing power, for example. But that was also true in the 1990s and early 2000s, before the productivity slump began. In fact, they argue, if we fully accounted for the impact of technology, the recent slowdown would look even worse than it does in the official statistics.

(Related) Maybe I can get an inflatable chauffeur for my self-driving car?
Tech Savvy: When to Hire a Robot
Robotics have reached their tipping point, according to International Data Corp. In a newly-released research report, the firm forecasts a near doubling of the worldwide robotics market over the next 4 years — from $71 billion in 2015 to $135.4 billion in 2019. Almost simultaneously, President Obama sent The Annual Report of the Council of Economic Advisors to Congress. It says advances in robotics technology are “presaging the rise of a potentially paradigm-shifting innovation in the productivity process.”

No comments: