Friday, October 06, 2017

Inevitable. Fortunately, no one would ever conduct government business on a personal phone.
John Kelly's personal cellphone was compromised, White House believes
White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.
The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.
Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.
Kelly told the staffers the phone hadn’t been working properly for months, according to the officials.
… A White House spokesman said Kelly hadn’t used the personal phone often since joining the administration. This official said Kelly relied on his government-issued phone for official communications.

It’s just a little tiny-weeny bit of war. That doesn’t count, right?
Russia Raises Tensions in Baltic Region With Testing of Cyber Weapons
"Russia has opened a new battlefront with NATO," claims the Wall Street Journal. "Russia may have tested cyber warfare on Latvia," says Reuters. These are two reports about two separate incidents in the Baltic area close to Russia's largest military war games since 2013: Zapad.
The first incident revolves around hacking soldiers' smartphones. Two separate methodologies have been reported: the use of drones with sophisticated electronics equipment, and in an earlier incident, a mobile telephone tower (similar to law enforcement's use of stingray equipment). The sophistication of the attacks leaves little doubt that there is some state-sponsorship involved.
The Reuters report claims, "Moscow was probably behind interruptions in Latvia's mobile communications network before Russia's war games last month, in an apparent test of its cyber attack tools, Baltic and NATO officials said, based on early intelligence of the drills."
The effect of the jammer was to take out Latvia's emergency services' 112 hotline in a disruption that lasted about seven hours. This is the first time that the service has failed, and occurred on September 13, just prior to the most intensive period of the Russian Zapad war games.

If this is true, they should have been a bit more forthcoming when they banned Kaspersky.
Russian hackers reportedly stole NSA data in 2015, likely via Kaspersky software
Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday.
As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.
In a later story, The Washington Post said the employee had worked at the NSA’s Tailored Access Operations unit for elite hackers before he was fired in 2015.
… Citing unidentified sources, both the Journal and the Post also reported that the contractor used antivirus software from Moscow-based Kaspersky Lab, the company whose products were banned from U.S. government networks last month because of suspicions they help the Kremlin conduct espionage.
Kaspersky Lab has strongly denied those allegations.
Russian government officials could have used flaws in Kaspersky software to hack into the machine in question, security experts told Reuters. They could also have intercepted traffic from the machine to Kaspersky computers.
Kaspersky said in a statement on Thursday that it found itself caught in the middle of a geopolitical fight.
… “The baffling parts are that he was able to get stuff out of the building and that he was using Kaspersky, despite where he worked,” Lewis said. He said that intelligence agencies have considered Kaspersky products to be a source of risk for years.

Why? And who else got this level of access? (Clearly, Apple has it, right?)
Apple gave Uber's app 'unprecedented' access to a secret backdoor that can record iPhone screens
Uber's iPhone app has a secret backdoor to powerful Apple features, allowing the ride-hailing service to potentially record a user's screen and access other personal information without their knowledge.

I hope they do it more securely than India did. (Will the US point to this as they consider replacing the Social Security number as an ID?)
EU to implement electronic ID for residents to accelerate adoption of e-government services
The European Union’s member states signed a sweeping declaration today designed to transform the way governments across the continent deliver services by embracing e-government initiatives.
Chief among these plans is an agreement to move forward with development of a digital identification system that can be used by residents to access a wide range of new online public and private services. The agreement calls on the EU to create a framework for ensuring the implementation of electronic IDs, while also ensuring protection of privacy and security of the data.

For my Computer Security students.
Business Email Scams: Protecting Your Company’s Information
by Sabrina I. Pacifici on Oct 5, 2017
From the Pennsylvania Department of Banking and Securities, a succinct and very useful Infographic guide: “Business Email Compromise is a cyber threat targeted against businesses, both large and small, that typically involves a con artist targeting employees with access to company financial or sensitive documents. The scammers lead the employees to believe they are a trusted partner or are legitimately entitled to the information, when in reality, they are criminals. A common tactic of these cybercriminals is the use of a “spear-phishing” emails and use of malware to first infiltrate the organization and eventually send a sham email supposedly from the CEO to an employee with access to financial information, requesting money to be transferred…” [h/t Pete Weiss]

For our CJ students. helps justice professionals improve effectiveness
by Sabrina I. Pacifici on Oct 5, 2017
“It’s important to celebrate milestones, and has hit a big one — 500 rated programs. That’s 500 opportunities for the criminal and juvenile justice and victim service practitioners and policymakers we serve to learn about what works, what doesn’t, and what’s promising. While I am relatively new to the National Institute of Justice, I have spent a good part of my career championing evidence-based policy and the need for rigorous, replicated, program evaluations. All our resources are limited, and we need to ensure the programs we fund are effective in addressing the many issues faced by criminal justice agencies. helps justice professionals, who may or may not be social scientists, improve their effectiveness. The systematic, independent review process and evidence ratings are intended to help practitioners and policymakers understand the implications of social science evidence that can otherwise be difficult to understand or apply, and serve as a basis for gauging the quality of evidence. In short, strives to help practitioners answer the question: Does it work?”
  • “ content is organized a variety of ways, including by topic. The topic pages capture summary information as well as programs and practices that have been reviewed by Additionally, links to topical publications, Q&A, and related resources are also captured on the topical pages.”

Computers & Law, what a concept!
Survey – Ready or Not: Artificial Intelligence and Corporate Legal Departments
by Sabrina I. Pacifici on Oct 5, 2017
Lawyers have long been characterized as technology Luddites who are slow to change and wary of innovation. For corporate counsel, though, this stereotype may be fading. According to the results of a new Thomson Reuters report, “Ready or Not: Artificial Intelligence and Corporate Legal Departments“, corporate counsel believe they are tech savvy but acknowledge that their comfort level and confidence with technology have limitations, specifically around artificial intelligence (AI). The applications and impact of AI are growing, and AI tools will undoubtedly affect how the legal profession practices over the next decade. Consider how dramatically technology inventions have already changed the practice of law: From typewriters to computers and from fax machines to email, each advance has been transformative in the law. Lawyers have accepted and adopted each of these evolutions. AI is the next frontier. To better understand corporate counsel’s knowledge of and comfort with the use of artificial intelligence in the profession, Thomson Reuters conducted a survey of 207 in-house attorneys to measure current perceptions regarding the use of AI in corporate legal departments and the perceived benefits of AI once adopted.

Facebook is spending $1 billion for a building that basically no one will work in
The Commonwealth of Virginia celebrated on Thursday with the announcement that Facebook would be investing $1 billion to build a massive, new facility in the state.
There's a catch. Facebook's building will be a data center—and it will require almost no people to operate.
The project will mean plenty of money spent on construction and then 100 jobs in the data center afterward.

The state of Twitter: Trump passes Pope as most-followed world leader
… as of May 2016, Trump’s follower count was in the 7 million range. Now he’s about to blow past 40 million.
Of course, Katy Perry has 104.5 million followers, making her the most-followed person overall on Twitter. So, Trump still has a ways to go before knocking her from that perch.

No comments: