Sunday, January 28, 2018

This warning is a bit late, but since this is an annual event everyone should already be on guard.
As this site has done in 2016 and 2017, will maintain a list of entities that disclose that they have become victims of a W-2 phishing or business email compromise (BEC) attack. For 2016, we compiled 175 incidents (although some of them didn’t become public knowledge until 2017), and for 2017, we had 204 incidents – a number that very closely matches what the government subsequently reported from their records.
How many incidents will we find in 2018, and how many individuals will potentially be at risk of tax refund fraud from this type of scam?
As in past years, the list will be alphabetized, which loses the chronology but makes it a bit easier for me to search for specific entities as I’m updating the list. Links are to media coverage or reports of the breach, and the number affected, if revealed, is in parentheses for the entry.
Throughout the season, look for Steve Ragan of Salted Hash to provide some summary updates on how many are being affected.
If you become aware of any W-2 incidents that I don’t have on this list, please let me know via the Comments section for this post, Twitter (@pogowasright) or email me at breaches[at]protonmail[dot]ch.
So here we go…… THE 2018 LIST:

Probably not a technique any teenager could employ. I wonder if we could borrow an ATM for my Ethical Hacking class?
ATM makers warn of 'jackpotting' hacks on U.S. machines
Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, have warned that cyber criminals are targeting U.S. cash machines with tools that force them to spit out cash in hacking schemes known as “jackpotting.”
The two ATM makers did not identify any victims or say how much money had been lost. Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.
… Diebold Nixdorf’s alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.

We will likely continue to ratchet up these laws a bit at a time because we don’t seem able to agree on where we should be.
Erin Jordan reports:
Data security breaches at big corporations, including Equifax and Target, spurred the Iowa Attorney General’s Office to seek changes to Iowa law to further protect consumers.
House Study Bill 526, discussed in a Judiciary subcommittee Tuesday, would update Iowa’s data breach notification act, which requires businesses, nonprofits and other entities hit by hackers to alert consumers and the state.
The update adds new categories of data, such as medical records. And although the law already requires reporting of information breaches “without reasonable delay,” the bill would add a 45-day maximum on reporting.
Read more on The Gazette.
One of the things the bill would change, although not mentioned in this article, is that it would apply to personal information in any form, and not just computerized data. And it significantly expands the definition of personal information. Do take a look at it. I hope we have more state attorneys general proposing such bills in the wake of Equifax, when state legislatures may be more inclined to actually pass stronger legislation.

It seems to have taken well over a year for social media to realize what was happening and locate some of the evidence. I wonder if anyone has asked the social sedia firms if they are ready for the next election?
Twitter Says Russian Bots Retweeted Trump 470,000 Times
Russian-linked Twitter bots shared Donald Trump’s tweets almost half a million times during the final months of the 2016 election, Twitter Inc. said in a submission to Congress.
The automated accounts retweeted the Republican candidate’s @realDonaldTrump posts almost 470,000 times, accounting for just more than 4 percent of the re-tweets he received from Sept. 1 to Nov. 15, 2016. Hillary Clinton’s account got less than 50,000 retweets by the Russian-linked automated accounts during the same period of time, the company said in documents posted Friday by the Senate Judiciary Committee.

Not much in the video (more like a Ford commercial) but something for my students to consider. Should it be armed?
Ford’s Autonomous Police Car Could Ticket You Without a Human
So far it's just a patent.

Anyone want to write “The Ethical Algorithm?”
Two new books focus on the injustice of algorithms
The difficulty with talking about the technology industry is that it’s increasingly hard to define. “A tech company can be a giant data-mining operation turned advertising platform, like Facebook or Google. But it can also be a design-heavy producer of phones, computers and software. Or perhaps it’s a transportation company pretending it’s just a marketplace, nothing to see here. Maybe it’s Amazon?.. A pair of recent books survey these issues, as they play out on social networks and in the wider world, in systems many Americans are not even aware of…”

Dilbert neatly summarizes all sides of the wage & salary debate.

No comments: