Saturday, May 21, 2016

Something for my Ethical Hacking students to study very closely. 
Now It’s Three: Ecuador Bank Hacked via Swift
A little-noticed lawsuit details a hacking attack similar to one that stole $81 million from Bangladesh’s central bank, saying cybercriminals stole about $9 million last year from a bank in Ecuador.  The case suggests global bankers haven’t been sharing critical information to prevent such heists.
   In the January 2015 Ecuador hack, as with the Bangladesh case, hackers managed to get the bank’s codes for using Swift, the global bank messaging service, to procure funds from another bank, according to court papers.
A spokeswoman for Swift said Thursday that the network was never told of the earlier hack.  “We need to be informed by customers of such frauds if they relate to our products and services, so that we can inform and support the wider community,” said spokeswoman Natasha de Teran.  “We have been in touch with the bank concerned to get more information and are reminding customers of their obligations to share such information with us.’’
The Ecuadorean bank, Banco del Austro, filed a lawsuit in New York federal court this year, accusing Wells Fargo & Co. of failing to notice “red flags” in a dozen January 2015 transactions and to stop them before the thieves transferred about $12 million, most of it to banks in Hong Kong.
   According to that filing on behalf of Banco del Austro, or BDA, “For each of the unauthorized transfers, an unauthorized user, using the Internet, hacked into BDA’s computer system after hours using malware that allowed remote access, logged onto the Swift network purporting to be BDA, and redirected transactions to new beneficiaries with new amounts.”
Using that method, just before midnight on Jan. 14, 2015, a payment order made to a Miami company for less than $3,000 was altered to send $1.4 million to an account in Hong Kong, according to the court filing.

Let the lawsuits begin!
Worth re-visiting in light of the Supreme Court’s ruling in Spokeo v. Robins:
Consumers whose personal information was accessed in a cyberattack should not have to show someone stole their identities or ruined their credit to have standing to sue the hacked company, according to a friend-of-the-court brief filed in a federal appeals court.
Washington-based Electronic Privacy Information Center, or EPIC, asks the 3rd U.S. Circuit Court of Appeals to allow a class action against national payroll firm Paytime Inc. to move forward.
Read more on Legal Solutions Blog.
Previous coverage of the Paytime breach and updates linked from here.

(Related)  I’m going to use that weed wacker bit. 
Alison Frankel of Reuters subsequently blogged about the issue today, and mentioned yet a few more cases now rushing to the courts citing Spokeo. She writes:
It will be a long while until the lower courts decide who won Spokeo – but it is already clear that defendants in privacy class actions are going to wield the Supreme Court ruling like a weed wacker.  In just the first few days after its issuance, the decision is already an issue in three privacy breach cases.
The three cases she cites involve Children’s National Health System (which I had also mentioned on, PayTime, and Conde Nast.  If you include Barnes & Noble, which I had also cited today, that’s four cases so far.
Read more on Reuters.

I certainly would.
Defendants demand to see FBI's secret hacking tool
   Defendants have demanded to see details of the FBI's network investigative technique (NIT), the agency's name for the relatively recent hacking tool, in a handful of criminal cases, but the agency has refused to disclose the information.
   If the FBI shares the source code, its hacking tools may be compromised in future cases.  But the U.S. Constitution's Sixth Amendment gives a defendant the right to confront his accusers and challenge their investigation.

Judge Robert Bryan of the U.S. District Court for the Western District of Washington wrestled with the competing interests in a case status order he issued in the U.S. v. Michaud case this week. 
The defendant's request for the NIT source code "places this matter in an unusual position," Bryan wrote.  "What should be done about it when, under these facts, the defense has a justifiable need for information in the hands of the government, but the government has a justifiable right not to turn the information over to the defense?"
   The FBI's strategy with NIT-aided investigations appears to involve hiding its use of hacking tools, and, in some cases, pressing for guilty pleas before defendants and their lawyers question the investigative techniques, said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union.
   "This is a classic example of the law not keeping up with technology," Goodnow said by email.  "The law on the disclosure of source code is murky, at best."
   In addition, expect more defendants to challenge government hacking techniques, with their lawyers questioning whether the hacking exceeded the limits of a warrant, Goodnow added.
"When it comes to source code, defendants are going to argue that they have a constitutional right to explore whether the officer provided the judge with enough specificity about how evidence was being obtained and whether the obtained evidence is within the scope of that warrant," he said.  "No code; no due process; no conviction -- at least that’s how the argument will go."

Just out of curiosity, why does the FBI need drone detection technology?  Are they responsible for airport security?  TSA can’t do the job? 
The FAA has been testing the FBI's drone-detection system at JFK airport
   This week, the FAA said it had been conducting trials of a new drone-detection system built by the FBI, testing the technology at JFK airport in New York.
   That's about all we know though.  It's not clear how successful the trials were, or what the FBI's drone-detection system consists of.
   Figuring out exactly how much of a threat drones are to commercial flights is also a tricky issue.  Although reports from pilots of drones flying near airports and planes have gone up, some have suggested that at least part of this increase is due to objects being misidentified as drones.  Last month, reports of a collision between a drone and an airplane in the UK turned out not to be true, with officials suggesting the object in question "may even have been a plastic bag."

If we never have the time to do things right, how is it that we always find the time to do things over?
Data Quality Should Be Everyone’s Job
All of us depend on data created elsewhere to do our work.  In the face of errors, most people’s natural reaction is to correct such errors in the data they need — after all, when you’re dealing with a mountain of day-in, day-out demands, that seems the fastest, most efficient way to complete the task at hand.  The problem is that finding and fixing flawed data soon becomes a permanent fixture.  Writ large, it is expensive and time-consuming.  Worst of all, it doesn’t work well: Too many errors leak through, rearing their ugly heads later on and leading to larger mistakes, bad decisions, and angry customers.
The alternative is to prevent errors at their sources, obviating the need to find and fix them. While this seems obvious enough, it simply doesn’t occur to most people.

No doubt Watson (The IBM tool to eliminate lawyers) will be listening.
Free Seminar – What Happens When Laws Become Open Data?
by Sabrina I. Pacifici on
Center for Data Innovation – “Since President Obama’s first day in office, open data has been a major priority for the administration, and the United States has established itself as a world leader in open data.  But until recently, legislative data—information about legislative activities, including bills and their status, lawmaker votes, committee meetings, public communications by members of Congress, lobbying information, and the products of legislative support agencies such as the Congressional Research Service—was rarely published as open data.  This is changing.  In late 2015, a bill was introduced to Congress to transform the Statutes at Large, the catalog of all laws enacted during a session of Congress, into freely accessible and machine readable open data.  In February 2016, the Government Publishing Office began publishing bill status information in machine readable formats and making it available for bulk download.  And in March 2016, the House and Senate introduced bills that would make Congressional Research Service reports publicly available.  Like other types of open data, legislative data can serve as a platform for new products and services that enhance transparency, promote civic engagement, and fuel new business models.  But open legislative data specifically offers unprecedented insight into the legislative process, making it easier than ever for the public to analyze legislative activities, monitor influence, and hold lawmakers accountable for their actions.  Join the Center for Data Innovation for a panel discussion exploring the impact of open legislative data on the public and private sectors and identifying opportunities for both federal and state governments to better provide this data to unlock social and economic benefits.” [Via Kris Kasianovitz]
Tuesday, May 24, 2016, from 9:00-10:30 AM, 101 K Street NW, Suite 610, Washington, D.C., 20005.

U.S. Children On Average Receive Their Very First Smartphone At Age 10
   Would you believe that the average age a child is given their first phone is a mere 10.3 years old?  Or how about the fact that 39% of kids aged 11.4 receive their first social media account?

I have been looking for something like this to serve as the basis for my spreadsheet class “funding your retirement” project.
Historical infographic maps returns of major asset classes over time
by Sabrina I. Pacifici on
Chicago Booth CRSP (Center for Research in Security Prices) – “2016 the Big Picture illustrates the investment returns of major asset classes from 1926 onward.  The animated chart will open at full screen.” [David vun Kannon]

We need a bigger 3D Printer…
3D Printed Electric Motorcycle from APWorks Looks Fragile, but It’s Deceptively Strong

If the University won’t allow us to use their servers…
10 Good Options for Creating Digital Portfolios - A PDF Handout
For the majority of readers of this blog the end of the school year is already here or will be here within a month.  This is the time of year that I get a lot of requests for suggestions on digital portfolio tools.  If you find yourself looking for a digital portfolio tool and or have colleagues asking for suggestions, take a look at the ten options featured in my PDF handout embedded below or grab the Google Docs copy.

The weekly silly.
Hack Education Weekly News
   Colorado Education Commissioner Rich Crandall announced his resignation Thursday just four-and-a-half months into the job, shocking the state’s education community and roiling the state Department of Education as it embarks on a number of critical initiatives,” Chalkbeat Colorado reports.
   Via KNN: “‘’ launched as India’s largest free online open learning platform.” [Only India so far?  Bob]
   Burlington College will close its doors, “citing longstanding financial woes,” according to The Chronicle of Higher Education.  Here’s a different angle, via The Week: “Burlington College will close due to crushing debt incurred by Bernie Sanders’ wife, Jane Sanders.”
   Via the NiemanLab: “The Knight Foundation and Columbia University are partnering to launch a new organization focused on First Amendment research and litigation.  Knight and Columbia will each commit $5 million in operating funds and $25 million in endowment funds (for an initial total of $60 million) to a new nonprofit affiliated with the university called the First Amendment Institute.”
   Apple and Maine education officials are allowing school districts to trade in iPads for laptops after teachers and students say the computers are better for schoolwork,” according to The Sun Journal.

No comments: