Wednesday, December 28, 2016

Is security worth as much as legal expertise?  Should it be? 
3 Men Made Millions by Hacking Merger Lawyers, U.S. Says
Law firms that advise on mergers once had to worry about a rogue employee trading on deal tips. Now, they have to worry about hackers doing the same.
Federal prosecutors in Manhattan have charged three Chinese citizens with making more than $4 million by trading on information they got by hacking into some of the top merger-advising law firms in New York.  The three men targeted at least seven New York law firms to try to obtain information about deals in the works, according to an indictment unsealed on Tuesday.
   “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world,” Preet Bharara, the United States attorney in Manhattan, said in a statement.  “You are and will be targets of cyberhacking because you have information valuable to would-be criminals.” [If not, why spend time & money to keep it?  Bob]
   “Law firms have been identified as the weakest link, and it is great to see the U.S. attorney taking an interest,” said Daniel Garrie, a law firm security consultant.
   The indictment and the S.E.C. complaint detailed a number of major deals in which confidential information had been retrieved.  [Should be simple to identify the law firms involved.  Bob] 
   They were extraordinarily active in pursuing information.  The indictment says that from March to September 2015, the three men “attempted to cause unauthorized access to the networks and servers of the targeted law firms on more than 100,000 occasions.”  [Probably automated, so not really a lot of effort.  Bob]

I’d call this ‘behind the times.’
Eric Auchard reports:
Major travel booking systems lack a proper way to authenticate air travelers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned on Tuesday.
Passenger Name Records (PNR) are used to store reservations with links to a traveler’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information.
The six-digit codes act as pincodes for locating travel records, albeit with vital differences that make them highly insecure compared with even the simple usernames and passwords that consumers use to access email or websites, the researchers said.
Read more on Reuters.
[From the article:
Travelers will never know who accessed their information, because PNR data is not logged, the researchers said.  Users have no option to secure these codes themselves because the credentials are arbitrarily assigned by airlines using the booking systems.

For my Computer Security students.  Attacks are not just in the ‘backoffice’ anymore. 
IBM Reports Significant Increase in ICS Attacks
The number of attacks aimed at industrial control systems (ICS) increased by 110 percent in 2016 compared to the previous year, according to data from IBM Managed Security Services.
The company has attributed this significant increase to brute force attacks on supervisory control and data acquisition (SCADA) systems.
Attackers apparently used a penetration testing framework made available on GitHub in January 2016.  The tool, named smod, can be used to conduct a security assessment of the Modbus serial communications protocol and it includes brute-force capabilities.

And so begins a new chapter of ‘robots as witnesses.’
Amazon Echo murder case amplifies the question of what ‘always on’ really means
Some people have wondered if smart speakers like Amazon’s Echo devices, or its closest contender, the Google Home, are constantly capturing audio data, rather than just listening when the right wake word is uttered.  Now a court case is bringing the issue to the fore, and it could potentially show whether that’s actually happening.
The case, involving the investigation of a homicide in Bentonville, Arkansas, was unearthed earlier today by The Information.  (Hat tip to ZDNet’s Zach Whittaker for subsequently locating the case’s documents.)
   And both Amazon and Google allow users to delete voice recordings.  But consumers can only take companies at their word when they say the devices absolutely do not record when they are muted and have not been triggered with a wake word.
   But, as The Information points out, the case is “due to go to trial” early in 2017.  That could shed more light on the data collection norms of this trendy type of technology.  (Coincidentally, today Amazon said that the Echo and smaller Echo Dot were “the best-selling products across Amazon this year.”)
This case may end up raising questions about how much audio smartphones, tablets, and even earphones that listen for “OK Google” or “Hey Siri” are actually recording.

Perspective.  Auto manufacturers are expanding their scope.  What makes driving easier?  What do drivers do that auto manufacturers can tie into? 
VW to Purchase PayByPhone For Undisclosed Sum
Volkswagen AG’s financing arm has acquired a Canadian mobile payments company, the latest move by a car maker investing heavily to compete in a mobility arms race that is heating up in the auto industry.
The German auto maker’s Volkswagen Financial Services AG will dish out an undisclosed sum to acquire PayByPhone, a Vancouver-based company that allows people to pay for certain parking spaces by mobile apps, phone calls or texts. PayByPhone, founded in 2000, says it processes $300 million in transactions annually.
   Volkswagen wants access to proven technology to connect a variety of commerce opportunities and vendors to the cabin of a car and passengers looking for easier payment methods.  Whereas it is difficult to earn even a 10% profit margin on the sale of a car, some analysts and startup entrepreneurs estimate the margins that auto makers could reap on the selling of access to car owners and their data could exceed 75%.
   Audi, one of a dozen brands operated by Volkswagen, in January pledged $28 million to Silvercar, a startup that lets its customers book rental cars using a mobile app.
There have been a flood of unrelated transactions in the auto industry as Ford Motor Co., Toyota Motor Corp., BMW AG and others place financial bets on small startups in an effort to outrun Silicon Valley tech giants that are trying to reinvent automobiles.

Implications for my students?  Could this happen here? 
New on LLRX – Copyright is Not Inevitable, Divine, or Natural Right
by Sabrina I. Pacifici on Dec 27, 2016
Via LLRX.comCopyright is Not Inevitable, Divine, or Natural RightKen Sawdon discusses the implications of copyright lawsuit that was settled in India which had been brought by several large textbook publishers against a photocopying services that created student coursepacks for educational purposes only.
[From the article: 
The Delhi High Court dismissed the case and held that coursepacks and photocopies of chapters from textbooks are not infringing copyright, whether created by the university or a third-party contractor, and do not require a license or permission.  Beyond the immense benefits to students and academics, the ruling had some interesting wording that gained attention online.
   The university pointed to the existing copyright exceptions and the fact that the materials were clearly being used for educational purposes, not meant for commercial exploitation.

LC Guide to Law Online
by Sabrina I. Pacifici on Dec 27, 2016
The Guide to Law Online, prepared by the Law Library of Congress Public Services Division, is an annotated guide to sources of information on government and law available online.  It includes selected links to useful and reliable sites for legal information.
Select a Link:
The Guide to Law Online is an annotated compendium of Internet links; a portal of Internet sources of interest to legal researchers.  Although the Guide is selective, inclusion of a site by no means constitutes endorsement by the Law Library of Congress.”

For my students.  (It can’t hurt!)
   Start by changing your mindset.  If you believe that strategic thinking is only for senior executives, think again.  It can, and must, happen at every level of the organization; it’s one of those unwritten parts of all job descriptions.  Ignore this fact and you risk getting passed over for a promotion, or having your budget cut because your department’s strategic contribution is unclear.
Know: Observe and Seek Trends
Think: Ask the Tough Questions
Speak: Sound Strategic
Act: Make Time for Thinking and Embrace Conflict

Some background for my Data Management students.
Unlocking Big Data for Operational Intelligence

No comments: