39 incidents, with details for 28 of them;
348,889 records for the 28 incidents for which we had numbers;
16 Insider incidents, accounting for 177,247 records: 15 out of 16 were insider-error, and 1 was insider-wrongdoing;
13 Hacking incidents, accounting for 160,381 records;
11 Business Associate/Third Party incidents; and
23 of the 39 incidents involved providers.
Wednesday, March 21, 2018
An unusually large post from DataBreaches, but that’s good for my students.
Protenus, Inc. has released its February Breach Barometer, with its analysis of 39 health data incidents compiled for them by this site. As I have done in companion posts to their previous reports, I am providing a list, below, of the incidents upon which their report is based. Where additional details are available, I have linked to them. In some cases, as in past months, the only information we have is what HHS has posted on their public breach tool (referred to by some as the “Wall of Shame”). Because HHS’s reporting form results in ambiguous reports, some incidents reported to HHS wind up being coded as “UNKNOWN” for breach vector in Protenus’s analyses. Similarly, HHS’s form does not seem to result in accurate estimates of the role of third parties or Business Associates, and Protenus’s report contains more reports involving third parties than HHS’s list would suggest or indicate.
Unlike previous months’ reports, though, you will see four “nonpublic” incidents in this month’s tally. I will be discussing those four incidents later in this post, but let’s start with a few of the highlights from Protenus’s report for February:
See their report for additional statistics and analyses, including their analyses of gap to discovery of breaches and gap to reporting/disclosing of breaches. Here is the list of the 39 incidents compiled for February:
Something my students will be discussing this Quarter. At last, a recommendation for a paper trail! But no way to match it to vote totals?
Senate Intel Committee gives Homeland Security its election security wish list
In a press conference today, the Senate Select Committee on Intelligence presented its urgent recommendations for protecting election systems as the U.S. moves toward midterm elections later this year.
[The one page PDF: https://www.burr.senate.gov/imo/media/doc/One-Pager%20Recs%20FINAL%20VERSION%203-20.pdf
Lots to chew on here. How much it will change Facebook or social media in general remains to be seen. Probably not much.
Facebook, Cambridge Analytica, the 2016 Election, and a colossal misappropriation of social media data
News about the media frenzy linking a whole lot of high profile news stories together – Facebook CEO Zuckerberg’s disappearing act, Cambridge Analytica’s ‘harvesting’ of 50 million FB users’ data [without permission – and directed by Steve Bannon] which helped explain the role that the company played when it was embedded with the Trump campaign in 2016]; the Mueller investigation, the Comey book, the McCabe firing, and the weather (happy Spring – enjoy Washington’s biggest snowstorm of the season) is yet to reach a crescendo, so hang in there. Along with the impact of the DC area snow storm on budget funding deadline, we are also waiting for Facbook’s official response to yet another ‘breach’ of trust and data, and more evidence about how the social media data of tens of millions of users was appropriated and used by a UK conglomerate that has some very troubling history with its involvement in elections in the US and UK and beyond – and it use of self destructing email to cover its trail.
I posted over a dozen references and sources on this issue when it began to break, and I use the word ‘began’ cautiously. The massive, unmonitored [dubbed harvesting] collection of social media user data is far greater than users of various applications have been willing to address, or even attempt to mitigate against future harvesting efforts [if they have any capability of doing so in the first place – which remains unclear]. This premise stands completely separate from the concept of any regulatory function or layer that may exist between users and the companies, here and abroad, that acquire our data (often at no cost at all) and use it until such time that a whistleblower or two enter from stage left and lift the curtain on all the backend techie sausage making.
And via Cory Doctorow – Yet Another Lesson from the Cambridge Analytica Fiasco: Remove the Barriers to User Privacy Control
See also via MIT Technology Review – The Cambridge Analytica affair reveals Facebook’s “Transparency Paradox”
(Related) I shouldn’t have to tell my students, but it can’t hurt.
How To Change Your Facebook Settings To Opt Out of Platform API Sharing
Facebook has lost nearly $50 billion in market cap since the data scandal
Clearly we (NSA) have weapons. When can they be used and against what targets?
U.S. Military Should Step Up Cyber Ops: General
General John Hyten, who leads US Strategic Command (STRATCOM), told lawmakers the US has "not gone nearly far enough" in the cyber domain, also noting that the military still lacks clear rules of cyber engagement.
"We have to go much further in treating cyberspace as an operational domain," Hyten told the Senate Armed Services Committee.
"Cyberspace needs to be looked at as a warfighting domain, and if somebody threatens us in cyberspace we need to have the authorities to respond."
Hyten noted, however, that the US had made some progress in conducting cyber attacks on enemies in the Middle East, such as the Islamic State group.
His testimony comes weeks after General Curtis Scaparrotti, commander of NATO forces in Europe, warned that US government agencies are not coordinating efforts to counter the cyber threat from Russia, even as Moscow conducts a "campaign of destabilization."
And last month, Admiral Michael Rogers, who heads both the NSA – the leading US electronic eavesdropping agency – and the new US Cyber Command, said President Donald Trump had not yet ordered his spy chiefs to retaliate against Russian interference in US elections.
(Related) The terrorist organization and individual actors; how about funding sources and nations that provide shelter and training?
'Slingshot' Campaign Outed by Kaspersky is U.S. Operation Targeting Terrorists: Report
Earlier this month, Kaspersky published a report detailing the activities of a threat actor targeting entities in the Middle East and Africa — sometimes by hacking into their Mikrotik routers. The group is believed to have been active since at least 2012 and its members appear to speak English, the security firm said.
The main piece of malware used by the group has been dubbed Slingshot based on internal strings found by researchers. Kaspersky identified roughly 100 individuals and organizations targeted with the Slingshot malware, mainly in Kenya and Yemen, but also in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.
CyberScoop claims to have learned from unnamed current and former U.S. intelligence officials that Slingshot is actually an operation of the U.S. military’s Joint Special Operations Command (JSOC), a component of Special Operations Command (SOCOM), aimed at members of terrorist organizations such as ISIS and al-Qaeda. SOCOM is well known for its counterterrorism operations, which can sometimes include a cyber component.
Something to liven up those dull PowerPoint slides? Screaming, groaning, weeping students perhaps?
ZapSplat - Thousands of Free Sound Effects
ZapSplat is a website that offers more than 20,000 sound effects and songs that you can download and re-use for free. The licensing that ZapSplat uses is quite clear. As long as you cite ZapSplat, you can use the sound effects and music in your videos, podcasts, and other multimedia projects.
ZapSplat does require you to create an account in order to download the MP3 and WAV files that it hosts. Once you have created an account you can download as many files as you like. ZapSplat does offer a "Gold" account. The benefit of a Gold account is that you don't have to cite ZapSplat and access to an expanded library of sounds.