Friday, February 17, 2017
Closer to an Act of War? As we digitize our army, the potential for similar attacks has been considered and is likely well guarded against. The soldiers’ personal smartphones? Maybe not so much…
Israeli soldiers hit by Android malware from cyberespionage group
… The Israeli soldiers were lured via Facebook Messenger and other social networks by hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The victims were tricked into installing a malicious Android application, which then scanned the phone and downloaded another malicious app that masqueraded as an update for one of the already installed applications.
… Once installed on the phone, this malicious app allows hackers to execute on-demand or scheduled commands. The commands can be used to read text messages, access the contacts list, take pictures and screenshots, eavesdrop at specific times of the day, and record video and audio.
The Kaspersky researchers concluded that this is likely only the "opening shot" of the operation and that it is a targeted attack against the Israel Defense Forces, "aiming to exfiltrate data on how ground forces are spread, which tactics and equipment the IDF is using, and real-time intelligence gathering."
(Related). We called this “Targeting.”
Many Ukrainian Organizations Targeted in Reconnaissance Operation
CyberX, a company that specializes in ICS security, has been monitoring a well-organized campaign that has targeted at least 70 entities with ties to Ukraine, including the country’s critical infrastructure.
The campaign, dubbed Operation BugDrop, has been underway since at least June 2016. It involves malware delivered via spear phishing emails and malicious macro-enabled Office documents.
The BugDrop malware is capable of collecting system information, passwords and other browser data, and audio from the microphone. It can also steal files from local, shared and USB drives, including documents, spreadsheets, presentations, archives, databases and text files.
My Computer Security class starts today, so this might interest my students.
Researchers at Kaspersky Lab have analyzed several Android applications for connected cars and determined that most of them lack important security features, making it easier for hackers to unlock the vehicles.
… Kaspersky has analyzed seven of the most popular connected car Android applications, which have been installed by millions of users.
… All the tested applications can be used to unlock a vehicle’s door and some of them also allow the user to start the engine. However, the aforementioned security features are mostly missing from the apps – only one encrypts the username and password, and none of them use obfuscation, overlay protection, root detection or code integrity checks.
The lack of security mechanisms makes it easier for a piece of malware that has infected the Android device to take control of the smart car app. And while hijacking the application does not allow an attacker to drive away with the car, it does allow them to unlock it and disable its alarm, which can make it easier to steal.
An article the FBI should read.
RSA: Elite cryptographers scoff at idea that law enforcement can ‘overcome’ encryption
U.S. Attorney General Jeff Sessions’ call for a way to “overcome” cryptography met with scorn from a panel of elite cryptographers speaking at this week’s RSA Conference 2017 in San Francisco.
“Any one of my students will be capable of writing good crypto code,” says Adi Shamir, the ‘S’ in RSA and a professor at the Weizmann Institute in Israel.
… Shamir noted that the current, most respected encryption algorithm was devised by Belgians, and noted that other major crypto advances were made by Japanese, Israelis and others. “It’s not uniquely American,” he says. Forcing backdoors in American crypto products would be shooting U.S. interests in the foot, he says. “Other countries would be happy to step in with un-backdoored cryptography,” he says.
… Landau notes that in the Apple v. FBI case last year, the problems of decrypting a terrorist’s iPhone were overblown by the FBI, which said it could only get in with Apple’s help. Later, the FBI hired a private firm to do the work, and a researcher demonstrated how to do it with about $150 worth of off-the-shelf gear.
Shamir says that the Israeli company that purportedly helped the FBI was later hacked and its methods publicly disclosed by the attackers. “You need to be careful about helping the FBI,” he says with a smile.
Even if the data is factual, it could trigger bias in the responders. Would responders slow down if the heard: “The address is the Trump Re-Election headquarters.”
Nathan Munn reports:
Police in Canada’s capital city of Ottawa are being supported by a so-called “virtual backup” team that provides front-line officers with unprecedented amounts of information as they race to service calls.
The unit, known as the Ottawa Police Strategic Operations Centre (OPSOC), has been active since October 2016. But civil liberties advocates are raising concerns about the project, pointing out that it monitors protesters on social media and is developing ‘predictive policing’ capabilities based on crime data that could contain hidden biases.
Read more on Motherboard.
Privacy in the future? What will cause this system to deny you entry?
Joe Cadillic writes:
A retail store in St.Louis called Motomart is demanding customers submit to having their faces scanned before they’re allowed entry !
Think about what that means, police are identifying every single customer using DHS’s REAL ID’s.
According to a Fox2Now article, once it gets dark, employees put up signs that say: “Facial Recognition Software in Use – Please Look at Above Camera for Entry.”
Read more on MassPrivateI.
For my Data management students.
How Chief Data Officers Can Get Their Companies to Collect Clean Data
In analytics, nothing matters more than data quality. The practical way to control data quality is to do it at the point where the data is created. Cleaning up data downstream is expensive and not scalable, because data is a byproduct of business processes and operations like marketing, sales, plant operations, and so on. But controlling data quality at the point of creation requires a change in the behaviors of those creating the data and the IT tools they use.
Don’t worry, Watson can explain it all.
The moral dilemmas of the Fourth Industrial Revolution
World Economic Forum: “Should your driverless car value your life over a pedestrian’s? Should your Fitbit activity be used against you in a court case? Should we allow drones to become the new paparazzi? Can one patent a human gene? Scientists are already struggling with such dilemmas. As we enter the new machine age, we need a new set of codified morals to become the global norm. We should put as much emphasis on ethics as we put on fashionable terms like disruption. This is starting to happen . Last year, America’s Carnegie Mellon University announced a new centre studying the Ethics of Artificial Intelligence; under President Obama, the White House published a paper on the same topic; and tech giants including Facebook and Google have announced a partnership to draw up an ethical framework for AI. Both the risks and the opportunities are vast: Stephen Hawking, Elon Musk and other experts signed an open letter calling for efforts to ensure AI is beneficial to society…”
The most important thing our Congressional Representatives could possibly do?
Gardner, Polis, Tipton, Introduce KOMBUCHA Act
Today Sen. Cory Gardner (R-Colo.), Rep. Jared Polis (D-Colo.), and Rep. Scott Tipton (R-Colo.) introduced bipartisan, bicameral legislation that would eliminate federal alcohol taxes on kombucha and update regulations for kombucha companies in Colorado and nationwide.
… Kombucha is a fermented tea that has been consumed for over 2,000 years. Trace amounts of up to 1 percent alcohol can occur naturally in the production process, which currently triggers the type of federal excise taxes usually reserved for alcoholic beverages. The KOMBUCHA Act eliminates those unintended tax and regulatory burdens by increasing the applicable alcohol-by-volume limit for kombucha from 0.5 percent to 1.25 percent.
… The kombucha industry is one of the fastest growing beverage categories with a current economic impact of $600 million and expected growth to $1.8 billion by 2020. Colorado's kombucha industry is estimated at $20 million in annual sales and provides hundreds jobs across the state.
Perhaps he is considering running for President.
Facebook’s Mark Zuckerberg pens letter warning against threats to globalism
Facebook Inc Chief Executive Mark Zuckerberg laid out a vision on Thursday of his company serving as a bulwark against rising isolationism, writing in a letter to users that the company’s platform could be the “social infrastructure” for the globe.
In a 5,700-word manifesto, Zuckerberg, founder of the world’s largest social network, quoted Abraham Lincoln, the U.S. president during the country’s 19th century Civil War known for his eloquence, and offered a philosophical sweep that was unusual for a business magnate.
… Quoting from a letter Lincoln wrote to Congress in the depths of the Civil War, he wrote to Facebook’s 1.9 billion users: “The dogmas of the quiet past, are inadequate to the stormy present.”
… Zuckerberg’s letter was “a bit more ambitious and a bit more of the 30,000-foot view than I see from most tech company CEOs,” Peter Micek, global policy and legal counsel at Access Now, an international digital rights group, said in a phone interview.
But Zuckerberg stayed away from certain subjects on which Facebook could be vulnerable to criticism, mentioning the word “privacy” only once, Micek said.