Wednesday, August 24, 2016

Clearly this information was a big target.  Not clear yet who failed to secure it. 
India investigating French submarine company data leak
India is investigating a massive data leak from French shipbuilder DCNS that affects a major submarine contract for its navy, defence officials say.
The leak of more than 22,000 pages exposes secrets about the combat capabilities of Scorpene-class vessels.
It is not clear who first obtained the confidential documents, which were made public by the Australian media.
   The Scorpene submarines are small-to-intermediate size vessels currently in use in Malaysia and Chile.  Brazil is due to deploy the submarine type in 2018.

A roving band of ATM hackers?
The hackers made off with at least 12 million baht ($346,000) by inserting cards installed with malware into multiple cash machines run by Thailand's state-run Government Savings Bank (GSB) in late July.
The theft came shortly after Taiwan announced that a group of foreigners had managed to steal $2.5 million from cash machines using a similar method.
A Latvian, a Romanian and a Moldovan were arrested over the Taiwan heist but a number of suspects -- including five Russians -- managed to flee abroad.
   Police said at least 21 ATMs were hacked, some of them spitting out up to a million baht at a time. They said the bank had not immediately noticed the theft.
Those behind the heist stood for long periods at the cash machines, usually late at night, prompting police to ask Thais to watch out for strange behaviour by foreigners at cash machines.

Another cost of a breach.  Even though no fine is mentioned. 
Ashley Madison parent broke Canada, Australia privacy laws
The parent company of infidelity dating website Ashley Madison was responsible for numerous violations of privacy laws at the time of a massive release of customer data in a cyber attack last year, privacy watchdogs in Canada and Australia said on Tuesday.
The two countries launched an investigation after the 2015 breach of Avid Life Media Inc's computer network, when hackers exposed the personal details of millions who signed up for the site with the slogan "Life is short. Have an affair."
   The company is also the target of a U.S. Federal Trade Commission investigation, Avid Life Media executives told Reuters in July. [nL1N19R1MA]

For my Computer Security students.  (Registration required)
2016 Cyber Weapons Report
What tools do attackers use?  The 2016 Cyber Weapons Report seeks to address this question by analyzing attack behaviors in real-world environments.  This report focuses on the anomalous activity that occur after the initial intrusion, including command and control, reconnaissance, lateral movement and data exfiltration.  That activity is then traced back automatically to the originating process, using a technology called Network to Process Association.  This results in a first-of-its-kind quantitative view of attack tools.

(Ditto) This surprises me.  I don’t think we’ve ever seen this level of abandonment.  For example, I don’t think Target saw even a 1% loss of customers.  Has there been a change in public perception or is the survey flawed?
19% of shoppers would abandon a retailer that’s been hacked
The 2016 KPMG Consumer Loss Barometer report surveyed 448 consumers in the U.S. and found that 19% would abandon a retailer entirely over a hack.  Another 33% said that fears their personal information would be exposed would keep them from shopping at the breached retailer for more than three months.
The study also looked at 100 cybersecurity executives and found that 55% said they haven't spent money on cybersecurity in the past year and 42% said their company didn't have a leader in charge of information security. [Now that I believe!  Bob]

Just in time for my Computer Security class lecture on Privacy!
The Independent – full list of 98 different datapoints that Facebook stores about people
by Sabrina I. Pacifici on Aug 23, 2016

For the Ethical Hacking class toolkit.  We have 3D printers; we can make those Mission Impossible masks!
Researchers Bypass Modern Face Authentication Systems
Earlier this month, researchers Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose presented their findings at the USENIX Security Symposium in Austin, Texas, and have published the research in a paper (PDF) entitled Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos.
The novel approach to fooling face authentication systems relies on creating realistic, textured, 3D facial models based on pictures that the target user has shared on social media.  [To be secure, be antisocial!  Bob]

Panopticon, Baltimore style?  Will this be coming to every major city?  I bet the police would love it!  (And there is really no need for this to be secret.)  This would be better done by drones.
Secret Cameras Record Baltimore’s Every Move From Above
   Since the beginning of the year, the Baltimore Police Department had been using the plane to investigate all sorts of crimes, from property thefts to shootings.  The Cessna sometimes flew above the city for as many as 10 hours a day, and the public had no idea it was there.
A company called Persistent Surveillance Systems, based in Dayton, Ohio, provided the service to the police, and the funding came from a private donor.  No public disclosure of the program had ever been made.

Another technology that requires a warrant.  Will all new technologies eventually need a warrant?
Abraham J. Rein of Post & Schell PC  writes:
In July, for the first time, a federal judge suppressed evidence in a criminal case from a device which, by mimicking a cell tower, can be used to geolocate a cellphone with surprising precision. The device is a cell-site simulator, often referred to as a “stingray.” Versions of the stingray have been used by federal law enforcement since at least the 1990s, and controversy has swirled around the device since a government-imposed veil of secrecy began to lift earlier this decade. Where does the recent federal decision fit in this history, and what might its impact be? Let’s begin with the case.
Read more on            The PDF: The PDF

Probably still a para-legal tool.  Lawyers may dabble in discovery, but they do strategy, not the hard, boring, repetitive stuff. 
Logikcull raises $10M to let lawyers analyze documents at the speed of a thousand interns
   eDiscovery may mean a team of associates combing through hundreds of pages of email correspondence on a screen, instead of printing it all out like lawyers used to do.  A win for the environment yes, but still very, very time consuming and not really taking advantage of technology.
But Logikcull is a software company trying to change this, and just closed $10M in Series A funding from OpenView Ventures and Storm Ventures to help.
   Lawyers can bulk-upload all the messy information they need to examine (even if it’s an entire hard drive of different types of files) and Logikcull will organize all the different file types into one searchable database.
   Essentially, the platform can be used for any task that requires you to organize and search a crazy amount of documents.
The company charges per user, and a small law firm can expect to pay $15k-$30k per year.  Expensive yes, but not if the alternative is paying hundreds of extra hours in legal fees at $600 per hour.

If you fail to stockpile food and your Internet goes out, will you starve? 
Stockpile Food in Case of Attack, Germany Tells Citizens
Germany on Wednesday urged its population to stockpile food and water in case of terrorist or cyber attacks, as it adopted its first civil defense strategy since the end of the Cold War.
   It also encourages the people to stockpile sufficient food for 10 days, and water to last five.

Would you call this an “intermediate currency?”  If so, I predict it is doomed.  (Disintermediation, you know)  Another indication that my students need to understand this technology.
UBS leads team of banks working on blockchain settlement system
Swiss bank UBS (UBSG.S) is leading a team of four of the world's biggest banks developing a system to enable financial markets to make payments and settle transactions quickly using blockchain technology.
UBS has developed a "Utility Settlement Coin" (USC), which is a digital cash equivalent of each of the major currencies backed by central banks, such as the dollar or euro, rather than a decentralized new digital currency such as bitcoin.

Once upon a time, all you had to do was make change.
Shopify launches its POS app and card reader in the UK
Shopify is launching its retail hardware and point-of-sale app for merchants in the UK.  The reader supports tap, chip and swipe payments, letting retailers accept both contactless and traditional card-based payments, and the free app works in tandem with the reader device on either iPhone or iPad.

My students might find this handy, those who can find the library that is.
LibGuides Community
by Sabrina I. Pacifici on Aug 23, 2016
Search for LibGuides content and librarian authors, and find great examples of guides from our worldwide user community.”
494,916 published guides   113,876 librarians   5,184 institutions   74 countries

No comments: