Friday, September 09, 2016
Another government providing that warm and fuzzy feeling.
Hackers have stolen 22 gigabytes of data from municipal servers in Almelo, reports NU.nl. It says that although it is unclear what data have been leaked, people’s personal data have almost certainly been affected. Hackers reportedly gained access to systems for Werkplein Twente, a partnership between the UWV benefit agency and areas in Twente that help find work for people with a disability or who are on the unemployment benefits. It is apparently unclear how long the system has been compromised as the hack was discovered by chance.
Read more on DutchNews.nl
A trivial group? We’re just used to seeing billion dollar companies.
Brian Krebs reports:
vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.
The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principal owners and masterminds of the attack service, with support services coming from several young hackers in the United States.
Read more on KrebsOnSecurity.com.
[From Brian’s article:
… in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.
Allow me to introduce Bob’s First Rule of Techno-Politics: Politicians should never be allowed to use technology. (Based on the philosophy of Forrest Gump: “Stupid is as stupid does.”)
Slack Alice writes:
File under “major situational awareness issues”: A picture tweeted out by Labour’s leadership contender Owen Smith’s team inadvertently showed 16,000 people how to log into the Pontypridd MP’s phone bank system.
The pic showed the candidate at a phone canvassing session—along with a sign in the background showing the web address, ID, username, and password required to log in.
Read more on InfoSecurity Magazine.
(Related) This too could be very interesting. Will they be allowed to describe the security failures that allowed them to hack all these people? Or is the government claiming that these kids got through the best security the CIA could provide?
Two Men Arrested in U.S. for Hacking Emails of Top Officials
Two men suspected of belonging to a network that hacked the emails of top American officials including CIA chief John Brennan were arrested Thursday in North Carolina, the authorities announced.
… Police in Britain investigating the matter, in February arrested a 16-year-old student suspected of involvement.
CNN and the technology website Motherboard reported at the time that the targets of "Crackas With Attitude" included top CIA officials like Brennan, as well as senior figures in the FBI, the Homeland Security Department, the White House and other federal agencies.
In January, the US director of national intelligence James Clapper said that he, too, had been the victim of cyber pirates who had gained access to the personal account he used for internet and telephone service, managing even to intercept phone calls from his home, Motherboard reported.
Who said, “The difficult we do immediately. The impossible takes a little longer.”?
DHS chief: 'Very difficult' for hackers to skew vote
Department of Homeland Security (DHS) Secretary Jeh Johnson on Thursday downplayed concerns about malicious hackers influencing U.S. elections amid rising fears about foreign actors trying to wreak havoc on Election Day.
… Despite Johnson’s claims, however, hackers would not necessarily need to alter a particular vote count in order to inject chaos into the U.S. electoral system.
Merely tainting the integrity of the voting system might be enough to sow discord in the U.S on Election Day. In other words, even if hackers do nothing, simply claiming to have altered the results could cause the public to doubt the results.
And hackers might be able to alter ballot counts in swing districts where the outcome might have oversized importance.
A paper by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology, and Drew Spaniel, Researcher, Institute for Critical Infrastructure Technology provides an overview of what’s going on on the dark web when it comes to patient-related information. You can access it here.
Better late than never? This is so late it might as well be never.
Meet the U.S.'s First Ever Cyber Chief
Retired Air Force Brigadier Gen. Gregory Touhill just got a promotion.
The White House has named Touhill as the first ever federal chief information security officer, a role that is focused on bolstering the U.S. government’s digital defenses. The Obama administration first announced the creation of the position in February
… Touhill will be responsible for “helping to ensure the right set of policies, strategies, and practices are adopted across agencies,” they said.
… You can read more about his bio on the U.S. Air Force website here.
… The Obama administration also appointed Grant Schneider, cybersecurity policy director on the White House’s National Security Council, as Tuohill’s acting deputy information security chief—a career role, in contrast to Touhill’s.
Should any communication be governed by a single set of rules? If not, why not? IT Governance? This is what happens when you disrupt an industry.
EU looking at extending some telecom security rules to WhatsApp and Skype
The European Union is set to extend some security rules currently only applicable to telecom operators to web services such as WhatsApp, Skype and Apple Inc’s FaceTime, according to a draft proposal seen by Reuters.
… Telecom companies such as Vodafone, Orange, and Deutsche Telekom have long complained that web groups including Alphabet Inc’s Google, Microsoft and Facebook are more lightly regulated despite offering similar services and have called for the EU’s telecoms-specific rules to be repealed.
… Under the draft directive, over the top services will have to ensure the security and integrity of their services, including reporting breaches to authorities and having contingency plans and service continuity strategies.
… However the proposal does allow for some of the security obligations to be lighter for services which like, for example, WhatsApp, do not exercise control over the transmission of their services over telecom networks.
As I read this, I could post the links and not be infringing. Could commercial sites link to me?
EU court backs Playboy in Dutch hyperlinks copyright case
The European Court of Justice has ruled in favour of Playboy in a long-running case over hyperlinks to copyrighted content.
The Dutch website Geenstijl, operated by GS Media, had posted links to an Australian site that was hosting photographs from Playboy.
But the court ruled GS Media had broken copyright rules, in part because it was motivated by profit.
… now the court has ruled that GS Media's posting of the links was a "communication to the public" - making it subject to the stated checks and balances regarding copyright.
… "[W]hen hyperlinks are posted for profit, it may be expected that the person who posted such a link should carry out the checks necessary to ensure that the work concerned is not illegally published," it said.
… The decision itself is available here. [It may be copyrighted, I haven’t checked. Bob]
For my IT Governance class. What could you do to detect this?
Wells Fargo boots 5,300 employees for creating accounts its customers didn’t ask for
Wells Fargo agreed to pay the largest fine ever collected by the federal government’s new consumer protection agency after an investigation found its staff opened more than 2 million fake checking, credit card and other accounts for customers in order to meet sales targets and earn bonuses. The bank, one of the largest in the country, said it has fired 5,300 over the last five years for the conduct.
… the Wells Fargo scheme is striking because those accused included thousands of ordinary workers inside one of the country’s largest banks.
… CFPB Director Richard Cordray blamed Wells Fargo’s company culture for allowing the “reckless, unsafe or unsound practices.”
(Related?) You didn’t have to use this service?
Mastercard faces £14bn card fee claim
In 2014, the European Court of Justice ruled that regulators were right to condemn the cost of its interchange fees - the fees retailers pay banks to process card payments.
Mastercard lowered its fees but now faces a claim for damages for 16 years of charging from 1992 to 2008.
… Speaking to Radio 5 Live, Mark Barnett of Mastercard said that using card payments had reduced costs for consumers overall because it was cheaper than using cash, as there was no need to print notes and transport them across the country.
This might be worth a read.
This article is published via the Passcode – Modern field guide to security and privacy from The Christian Science Monitor”: The cypherpunk revolution-How the tech vanguard turned public-key cryptography into one of the most potent political ideas of the 21st century, by Thomas Rid, July 20, 2016.
“…But amid the hype [in the 1990s with the fast growing impact of personal computers and the internet ]and a slowly but steadily growing economic bubble, it dawned on a number of users that something was missing: privacy and secure communications. History, thankfully, was gracious. Even more than that: nature itself was generous to humans in front of plastic keyboards. Unrelated to either PCs or the internet, cryptographers had made a third and no less far-reaching discovery in the 1970s. They didn’t just invent a technology; more like explorers than innovators, they discovered an algorithm based on a beautiful mathematical truth. That truly revolutionary technology was finally unleashed for widespread public use in June 1991: asymmetric encryption, also known as public-key cryptography…”
Perspective. Can you name 9 ride sharing companies?
Today, we’re adding two more partners in the U.S., Lyft and Gett. Now Google Maps will display options from 9 ride-sharing partners in over 60 countries, allowing you to compare the fastest, most affordable ride near you, without having to download and open multiple apps.
It’s bad enough that the week before Finals is Free Pizza Week. I’m not going to duck drones too.
Google's Project Wing to deliver burritos to hungry students
Technology has been responsible for some truly life-changing advancements. Electricity. The internal combustion engine. The internet.
Virginia Tech student, she might say that all those pale in comparison to what will be happening on that campus in the coming weeks: drone-delivered burritos. That's right -- Google is teaming up with Chipotle to deliver piping hot burritos by drone. It doesn't get much better than this, folks.