Monday, July 10, 2017
To have really big breaches, it helps to have really big populations. I expect really big things from India, unfortunately.
India telecom operator Reliance Jio investigating claims of data breach
India's Reliance Jio is investigating whether personal data of over 100 million of its customers had leaked onto a website, in what analysts said could be the first ever large-scale breach at an Indian telecom operator.
Jio, India's newest telecoms entrant, said that the data on the website, "Magicapk.com", appeared to be "unauthentic" and that its subscriber data was safe and maintained with the highest security.
But people complained on Twitter about personal information of Jio users being publicly available on Magicapk.com, and some Indian media said that their checks had led them to believe the leak was real.
Campaigns will need to be faster in their identification of “fake news” and ready with a factual counter-message. Do we need a “fact checking” service for all political messages? How would that work?
Study: Bots have turned Twitter into a powerful political disinformation platform
As if Twitter’s reputation hasn’t been battered enough, a new study sheds light on how the social media platform can be hijacked by bots to spread political disinformation during election campaigns.
A researcher at the University of Southern California found that almost 20 percent of Twitter bots that were engaged in spreading propaganda against Emmanuel Macron during the recent French presidential election had been used to spread misinformation in favor of Donald Trump last year during the U.S. elections.
… Bottom line, according to the study by Dr. Emilio Ferrara, a research assistant professor at USC Computer Science Department: “Account usage patterns suggest the possible existence of a black-market for reusable political disinformation bots.”
… Ferrara’s study is called: “Disinformation and Social Bot Operations in the Run Up to the 2017 French Presidential Election.” The study was published as an open source document, and the full version is here.
I expect more managers to eventually wake up, but this is rather typical.
75 Percent of U.S. Companies Think GDPR Doesn't Apply to Them
A new report focusing on Europe's General Data Protection Regulation (GDPR) preparedness shows a worrying disconnect between Business and Security. GDPR will come into effect in May 2018, and perhaps more than any other security regulation will require close cooperation between Business, IT and Security to enable and ensure regulatory compliance across the whole organization. The penalty for failure is severe: up to €20 million or 4% of global turnover -- and the reach of the regulation is effectively global.
NTT Security interviewed 1,350 non-IT decision-makers across the globe. It sought to understand GDPR awareness across the business, and measure how well information security policies are being communicated across the business. The results (PDF), it suggests, are mixed. While there is some improvement in general security policies, there is poor understanding of security-related regulations in general, and GDPR in particular.
This was an accident but as AI improves, this might become common. Big Brother indeed?
We’re gradually learning that smart home devices can be quite valuable for police. Following a recent case in which Amazon handed over data from its Echo device to police investigating a murder, a Google Home called the police when a couple was allegedly involved in a violent domestic dispute.
According to ABC News, officers were called to a home outside Albuquerque, New Mexico this week when a Google Home called 911 and the operator heard a confrontation in the background. Police say that Eduardo Barros was house-sitting at the residence with his girlfriend and their daughter. Barros allegedly pulled a gun on his girlfriend when they got into an argument and asked her: “Did you call the sheriffs?” Google Home apparently heard “call the sheriffs,” and proceeded to call the sheriffs.
… In a different incident in January, a local TV news broadcast involving a dollhouse reportedly triggered multiple Amazon Echo devices in the area to start ordering dollhouses. It’s easy to imagine police getting tired of being called to citizen’s homes every time they watch the latest episode of Law and Order.
For my Computer Security students.
Cybersecurity: The cold war online
by Sabrina I. Pacifici on Jul 9, 2017
Cybersecurity: The cold war online, Steven Aftergood. Nature 547, 30–31 (06 July 2017) doi:10.1038/547030a. Published online 05 July 2017.
“The Internet is under attack, and not just by hackers, thieves and spies. As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitized landscape as a transnational commons. Cyberspace is becoming a war zone in a new era of ideological combat. Klimburg — director of cyber policy at the Hague Centre for Strategic Studies in the Netherlands — sees the combatants as belonging to two groups. The forces of the ‘free Internet’ favour the unconstrained flow of information, independent of national borders or cultural barriers. The ‘cybersovereignty’ camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China’s ‘Great Firewall’ employs more people than serve in the country’s armed forces… [Estimated 1.6 to 2.3 million. Bob]
For my Systems students. Was this system designed to be unmanageable?
Wells Fargo says closer to reaching $142 mln phony accounts settlement
A California judge has granted a preliminary approval for Wells Fargo & Co's agreement to pay $142 million, and perhaps more, to customers whose credit scores were harmed by its employees creating fake accounts in their names, the bank said on Sunday.
… Wells Fargo has previously said thousands of branch employees created as many as 2.1 million bank and credit card accounts in individuals' names without their permission to artificially hit sales goals.
(Ditto). Is any system failure proof?
India's biggest stock exchange grapples with system fault ahead of IPO
A technical glitch shut down India's National Stock Exchange (NSE) for five hours on Monday, dealing the country's biggest stock exchange an embarrassing blow ahead of its plans to list and leading to a surge in volumes on a rival bourse.
… In a statement late in the day, the NSE attributed the disruption to an unidentified "technical problem". [“We don’t know what happened?” OR “We’re not going to tell you what happened?” Not the best way to inspire confidence. Bob]
Interesting, if a bit vague.
… While war is still conducted with fighter jets, assault rifles, and roadside bombs, the world’s governments and armed forces are increasingly bringing new kinds of weapons and information systems to bear. And these software-based systems may soon eclipse most others in the effect they have on the battlefield. At the very least, a shift is under way that will see software come to have a deeper and deeper impact on almost every aspect of conflict.
I think WolframAlpha is a great teaching tool. Perhaps some people are using it incorrectly or not at all?
AI Is Making It Extremely Easy for Students to Cheat