Saturday, March 03, 2018

It’s how you earn a bitcoin.
Bitcoin Heist: 600 Powerful Computers Stolen in Iceland
REYKJAVIK, Iceland (AP) — Some 600 computers used to "mine" bitcoin and other virtual currencies have been stolen from data centers in Iceland in what police say is the biggest series of thefts ever in the North Atlantic island nation.
Some 11 people were arrested, including a security guard, in what Icelandic media have dubbed the "Big Bitcoin Heist." A judge at the Reykjanes District Court on Friday ordered two people to remain in custody.
The powerful computers, which have not yet been found, are worth almost $2 million. But if the stolen equipment is used for its original purpose — to create new bitcoins — the thieves could turn a massive profit in an untraceable currency without ever selling the items.
… The Bitcoin ledger is powered by "miners," so-called because they throw computational power into the system, occasionally receiving — or "mining" — new bitcoins in return. Drumming up that computational power usually means lots of computers — and thus lots of electricity.
That desire for energy has created a gold rush for bitcoin in Iceland. Traders searching for cheap, renewable energy have been flooding into the island in recent months to take advantage of its geothermal and hydroelectric power plants.
Police tracking the stolen computers are monitoring electric consumption across the country in hopes the thieves will show their hand, according to an industry source who spoke on condition of anonymity because he is not allowed to speak to the media.

Trying to give my Computer Security students some perspective.
From Verizon:
We’ve re-examined the data within our Data Breach Investigations Report (DBIR) series (2016 and 2017) to focus in on the healthcare sector’s unique profile and security challenges, and particularly the use/abuse of protected health information (PHI). Our 2018 Protected Health Information Data Breach Report (PHIDBR) is underpinned by 1,368 incidents from this caseload covering 27 countries.
Our major findings are as follows:
  • 58 percent of incidents involved insiders. Healthcare is the only industry in which internal actors are the biggest threat to an organization. Often they are driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 percent); fun or curiosity in looking up the personal records of celebrities or family members (31 percent); or simply convenience (10 percent).
  • 70 percent of incidents involving malicious code within the healthcare sector were ransomware infections. Mirroring the ongoing use of ransomware across all business sectors, as we reported in our 2017 Data Breach Investigations Report and the cyber-attacks Europe witnessed mid-2017.
  • 27 percent of incidents were related to PHI printed on paper. Medical device hacking may be in the news, but it seems the real criminal activity is found by following the paper trail. Whether prescription information sent from clinics to pharmacies, billing statements issued by mail, discharge papers physically handed to patients, or filed copies of ID and insurance cards, printed documents are more prevalent in the healthcare sector than any other. The very nature of how PHI paperwork is handled and transferred by medical staff has led to preventable weaknesses – sensitive data being misdelivered (20 percent), thrown away without shredding (15 percent), and even lost (8 percent).
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI. More employee education is required to ensure that basic security measures are put in place.
Read more.

“NOW will you consider better security?” How much should you spend to avoid $600 million in breach costs?
Equifax breach could be most costly in corporate history
Equifax Inc (EFX.N) said it expects costs related to its massive 2017 data breach to surge by $275 million this year, suggesting the incident at the credit reporting bureau could turn out to be the most costly hack in corporate history.
The projection, which was disclosed on a Friday morning earnings conference call, is on top of $164 million in pretax costs posted in the second half of 2017. That brings expected breach-related costs through the end of this year to $439 million, some $125 million of which Equifax said will be covered by insurance.
… Total costs of the breach, which compromised sensitive data of more than 147 million consumers, could be “well over $600 million,” after including costs to resolve government investigations into the incident and civil lawsuits against the firm, he said.

Consider: Russia has demonstrated what some of its offensive cyber weapons can do in very limited attacks. Can we now imaging what a cyber war would look like?
Nuance Estimates NotPetya Impact at $90 Million
Nuance Communications, one of the companies to have been impacted by the destructive NotPetya attack last year, estimates the financial cost of the attack at over $90 million.
Initially believed to be a ransomware outbreak, NotPetya hit organizations worldwide on June 27, and was found within days to be a destructive wiper instead. Linked to the Russia-linked BlackEnergy/KillDisk malware, NotPetya used a compromised M.E.Doc update server as infection vector.
In its latest 10-Q filing with the Securities and Exchange Commission (SEC), Nuance reveals that, for the fiscal year 2017, NotPetya caused losses of around $68.0 million in revenues, and incurred incremental costs of approximately $24.0 million as result of remediation and restoration efforts.
Last month, Danish shipping giant A.P. Moller–Maersk said it had to reinstall software on nearly 50,000 devices following the NotPetya assault. In September 2017, FedEx revealed a negative impact of around $300 million on its profit as result of the attack.

Interesting, but still leaves the package vulnerable. No doubt they will ‘suggest’ allowing them to put it inside. “Just give us the key!”
Amazon may soon send you a photo of your own front door — here's why
What a typical photo confirmation looks like. Business Insider/Hayley Peterson Herrin According to USA Today, the online retailer has recently expanded a program called Amazon Logistics Photo On Delivery that involves a carrier taking a photo of a package after delivering it.
… The photo, included in the delivery confirmation, is meant to help the customer identify where and when the packages were left.
But Amazon also does this for internal insurance — it gets a record of whether the package was left at the customer's specified delivery location, should the customer say they never received it. [Does that transfer the liability to the homeowner’s insurance? Bob]

(Related) You could think of this as a ‘Trade War’ or as a way to keep Google from seeing what Amazon does when they deliver inside the house. (Will Google call this an abuse of ‘monopoly’ power?)
Amazon will stop selling Nest smart home devices, escalating its war with Google

Anything to get rid of my students…

No comments: