3 Men Made Millions by Hacking Merger Lawyers, U.S. Says
Law firms that advise on mergers once had to worry about a
rogue employee trading on deal tips. Now, they have to worry about hackers
doing the same.
Federal
prosecutors in Manhattan have
charged
three Chinese citizens with making more than $4 million by trading on
information they got by hacking into some of the top merger-advising law firms
in New York. The three men targeted at least seven New York law firms to
try to obtain information about deals in the works, according to an indictment
unsealed on Tuesday.
… “This case of
cyber meets securities fraud should serve as a wake-up call for law firms around
the world,” Preet Bharara, the United States
attorney in Manhattan, said in a statement. “You are
and will be targets of cyberhacking because you have information valuable to
would-be criminals.” [If not, why spend time & money to keep it? Bob]
… “Law firms have been identified as the weakest link,
and it is great to see the U.S. attorney taking an interest,” said Daniel
Garrie, a law firm security consultant.
… The indictment
and the S.E.C. complaint detailed a number of major deals in which confidential
information had been retrieved. [Should be simple to identify the law firms
involved. Bob]
… They were
extraordinarily active in pursuing information. The indictment says that from March to
September 2015, the three men “attempted to cause unauthorized access to the
networks and servers of the targeted law firms on more than 100,000 occasions.” [Probably
automated, so not really a lot of effort.
Bob]
I’d call this ‘behind the times.’
Eric Auchard reports:
Major travel booking systems lack
a proper way to authenticate air travelers, making it easy to hack the short
code used on many boarding passes to alter flight details or steal sensitive
personal data, security researchers warned on Tuesday.
Passenger Name Records (PNR) are
used to store reservations with links to a traveler’s name, travel dates,
itinerary, ticket details, phone and email contacts, travel agent, credit card
numbers, seat number and baggage information.
The six-digit codes act as
pincodes for locating travel records, albeit with vital differences that make
them highly insecure compared with even the simple usernames and passwords that
consumers use to access email or websites, the researchers said.
Read more on Reuters.
[From the
article:
Travelers will never know who accessed their information,
because PNR data is not logged, the researchers said. Users have no option to secure these codes
themselves because the credentials are arbitrarily assigned by airlines using
the booking systems.
For my Computer Security students. Attacks are not just in the ‘backoffice’
anymore.
IBM Reports Significant Increase in ICS Attacks
The number of attacks aimed
at industrial control systems (ICS) increased
by 110 percent in 2016
compared to the previous year, according to data from IBM Managed Security
Services.
The company has attributed this significant increase to
brute force attacks on supervisory control and data acquisition (SCADA)
systems.
Attackers apparently used a penetration testing framework
made available on GitHub in January 2016. The tool, named smod, can be used to conduct a security
assessment of the Modbus serial communications protocol and it includes
brute-force capabilities.
And so begins a new chapter of ‘robots as witnesses.’
Amazon Echo murder case amplifies the question of what
‘always on’ really means
Some
people
have wondered if smart speakers like Amazon’s Echo devices, or its closest
contender, the Google Home, are constantly capturing audio data, rather than
just listening when the right wake word is uttered. Now a court case is bringing the issue to the
fore, and it could potentially show whether that’s actually happening.
The case, involving the investigation of a homicide in
Bentonville, Arkansas, was unearthed earlier today by The
Information. (Hat tip to ZDNet’s
Zach Whittaker for subsequently locating
the case’s documents.)
… And both Amazon
and Google allow users to delete voice recordings. But consumers can only take companies at their
word when they say the devices absolutely do not record when they are muted and
have not been triggered with a wake word.
… But, as The
Information points out, the case is “due to go to trial” early in 2017. That could shed more light on the data
collection norms of this trendy type of technology. (Coincidentally, today Amazon said
that the Echo and smaller Echo Dot were “the best-selling products across
Amazon this year.”)
This case may end up raising questions about how much
audio smartphones, tablets, and even earphones
that listen for “OK Google” or “Hey Siri” are actually recording.
Perspective. Auto
manufacturers are expanding their scope.
What makes driving easier? What
do drivers do that auto manufacturers can tie into?
VW to Purchase PayByPhone For Undisclosed Sum
Volkswagen AG’s
financing arm has acquired a Canadian mobile payments company, the latest move
by a car maker investing heavily to compete in a mobility arms race that is
heating up in the auto industry.
The German auto maker’s Volkswagen Financial Services AG
will dish out an undisclosed sum to acquire PayByPhone, a Vancouver-based
company that allows people to pay for certain parking spaces by mobile apps,
phone calls or texts. PayByPhone, founded in 2000, says it processes $300
million in transactions annually.
… Volkswagen wants
access to proven technology to connect a variety of commerce opportunities and
vendors to the cabin of a car and passengers looking for easier payment
methods. Whereas it is difficult to earn
even a 10% profit margin on the sale of a car, some analysts and startup entrepreneurs estimate the margins that auto
makers could reap on the selling of access to car owners and their data could
exceed 75%.
… Audi, one of a dozen brands operated by
Volkswagen, in January pledged $28 million to Silvercar, a startup that lets
its customers book rental cars using a mobile app.
There have been a flood of unrelated transactions in the
auto industry as Ford Motor Co., Toyota Motor Corp., BMW AG and others place financial bets
on small startups in an effort to outrun Silicon Valley tech giants that are
trying to reinvent automobiles.
Implications for my students? Could this happen here?
New on LLRX – Copyright is Not Inevitable, Divine, or Natural
Right
by Sabrina
I. Pacifici on Dec 27, 2016
Via LLRX.com – Copyright is Not Inevitable, Divine, or Natural Right
– Ken Sawdon discusses the implications of copyright
lawsuit that was settled in India which had been brought by several large
textbook publishers against a photocopying services that created student
coursepacks for educational purposes only.
[From the
article:
The Delhi High Court dismissed the case and held that
coursepacks and photocopies of chapters from textbooks are not infringing
copyright, whether created by the university or a third-party contractor, and
do not require a license or permission. Beyond
the immense benefits to students and academics, the ruling had some interesting
wording that gained attention online.
… The university
pointed to the existing copyright exceptions and the fact that the materials were clearly being used for educational purposes,
not meant for commercial exploitation.
Useful?
LC Guide to Law Online
by Sabrina
I. Pacifici on Dec 27, 2016
“The Guide to Law Online, prepared
by the Law Library of Congress Public Services Division, is an annotated guide
to sources of information on government and law available online. It includes selected links to useful and
reliable sites for legal information.
Select a Link:
Select a Link:
International and Multinational
Nations of the World
U.S. Federal – includes U.S. Code and Constitution links
U.S. States and Territories
Indigenous Law Portal
Guide Index
Nations of the World
U.S. Federal – includes U.S. Code and Constitution links
U.S. States and Territories
Indigenous Law Portal
Guide Index
The Guide to Law Online is an annotated compendium of Internet links; a portal of
Internet sources of interest to legal researchers. Although the Guide is selective, inclusion of
a site by no means constitutes endorsement by the Law Library of Congress.”
For my students.
(It can’t hurt!)
… Start by
changing your mindset. If you believe
that strategic thinking is only for senior executives, think again. It can, and must, happen at every level of the
organization; it’s one of those unwritten parts of all job descriptions. Ignore this fact and you risk getting passed
over for a promotion, or having your budget cut because your department’s
strategic contribution is unclear.
Know: Observe and Seek
Trends
Think: Ask the Tough
Questions
Speak: Sound Strategic
Act: Make Time for Thinking
and Embrace Conflict
Some background for my Data Management students.
Unlocking Big Data for Operational Intelligence
No comments:
Post a Comment