Friday, April 13, 2018

It’s amazing how quiet CyberWar is.
U.K. Launched Major Cyberattack on Islamic State: Spy Chief
The head of Britain’s Government Communications Headquarters (GCHQ) revealed this week that the U.K. has launched a major cyberattack on the Islamic State (IS) group, significantly disrupting its operations.
The attack was launched by the GCHQ in collaboration with the U.K. Ministry of Defence. The operation was the “first time the UK has systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign,” GCHQ director Jeremy Fleming told an audience at the Cyber UK conference in Manchester.
According to Fleming, these operations have been aimed at disrupting services or a specific online activity, deter an individual or group, or destroy equipment and networks used by the Islamic State, which is also known as ISIL, ISIS and Daesh.
In 2017 there were times when Daesh found it almost impossible to spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications. Of course, the job is never done – they will continue to evade and reinvent. But this campaign shows how targeted and effective offensive cyber can be,” Fleming said.
… “From a legal point of view, it may be a tricky question, however,” Kolochenko added, “as some of their targets may be European or American citizens, raising complicated issues of the international law.”
The US military's secretive Cyber Command (CYBERCOM) and Europol have also been conducting operations aimed at the Islamic State’s online activities.

So, Apple phones were never really that secure?
iPhone unlocking tool GrayKey sees increased use across all levels of law enforcement
Back in early 2016, Apple famously refused to assist the FBI in unlocking an iPhone 5c belonging to Syed Rizwan Farook, one of the shooters in that year's San Bernardino attack. The FBI later got into the device on their own, setting off an entire round of disputes between the company and federal law enforcement.
Both federal law enforcement and local police departments have begun using GrayKey, a relatively inexpensive encryption bypass tool, and other tools like it, according to an investigative piece published by Motherboard.
Vice found, using public records requests, that the State Department has purchased GrayKey technology, as have the Indiana and Maryland State Police. The Secret Service and Drug Enforcement Agency are planning to, and the Indianapolis and Miami-Dade police departments either have bought the equipment or have sought it.
… The device can unlock an iPhone in a matter of hours for a four-digit passcode, but six-digit passcodes, now the standard, can take as long as three days, according to an analysis by MalwareBytes.

Describing an increasingly significant target for the coming cyberwar?
The Smart Grid: Status and Outlook
CRS report via FAS – The Smart Grid: Status and Outlook. Richard J. Campbell, Specialist in Energy Policy. April 10, 2018. “The electrical grid in the United States comprises all of the power plants generating electricity, together with the transmission and distribution lines and systems that bring power to end-use customers. The “grid” also connects the many publicly and privately owned electric utility and power companies in different states and regions of the United States. However, with changes in federal law, regulatory changes, and the aging of the electric power infrastructure as drivers, the grid is changing from a largely patchwork system built to serve the needs of individual electric utility companies to essentially a national interconnected system, accommodating massive transfers of electrical energy among regions of the United States. The modernization of the grid to accommodate today’s more complex power flows, serve reliability needs, and meet future projected uses is leading to the incorporation of electronic intelligence capabilities for power control purposes and operations monitoring. The “Smart Grid” is the name given to this evolving intelligent electric power network. The U.S. Department of Energy (DOE) describes the Smart Grid as “an intelligent electricity grid—one that uses digital communications technology, information systems, and automation to detect and react to local changes in usage, improve system operating efficiency, and, in turn, reduce operating costs while maintaining high system reliability.”

Why no fine? Have they “agreed” to be treated just like everyone else?
Uber agrees to revised settlement with FTC following revelation of 2016 data breach
Uber has agreed to expand a settlement it reached with the Federal Trade Commission (FTC) last year in light of a massive data breach that the company revealed months after the agreement with regulators to settle previous privacy violations.
Like the previous settlement, which was reached in August, the revised agreement does not include a monetary fine for the breach that compromised information for 57 million people.
Under the terms of the new agreement, Uber has to disclose any future data breaches to the FTC or risk fines.

My Computer Security students will build their own encryption system.
Russian court bans access to Telegram messenger
A Russian court on Friday ordered that access to the Telegram messenger service should be blocked in Russia, Russian news agencies reported, heralding communication disruption for scores of users - including government officials.
The decision came a week after Russia’s state communication watchdog filed a lawsuit to limit access to Telegram messaging app following the company’s refusal to give Russian state security services access to its users messages.

An interesting commentary on a program that might be coming to a neighborhood near me.
Joe Cadillic doesn’t just advocate online. He’s active offline and in his community. After attending a recent public meeting on the use of the Boston police cam-share program, Joe submitted a letter to the editors of the Dorchester Reporter.
And not for nothing, but Joe tells me that after he made his public comments at the community hearing, the police told the attendees at the meeting that they didn’t appreciate Joe discussing it all in front of the public.
I just bet they didn’t appreciate it. You ROCK, Joe!
Here’s Joe’s submitted letter, reproduced with his permission:
BPD’s Community Cam-Share Privacy Concerns
I am a Clam Point resident who recently became aware of the Boston Police Department’s (BPD) new Community Cam-Share program.
Businesses sharing CCTV footage with police after a crime has been committed and police have issued a subpoena, has been going on for years with great success. Sharing video footage of an alleged crime aids law enforcement in arresting criminals and helps keep our neighborhoods safe.
But there are privacy concerns about the new cam-share program that business owners and residents should be aware of.
Police cam-share programs have been popping up across the country under different names like ProjectNola and Project Greenlight. These programs begin with police asking businesses and homeowners to voluntarily link their CCTV cameras to a police department but after a year or two they become mandatory.
A comment made by then District 11 Captain Tim Connolly to the Dorchester Reporter revealed how the police hope to eventually create a city wide surveillance network using community cam-share cameras. (
Connecting every CCTV camera to a city-wide surveillance center run by the Boston Regional Intelligence Center is disconcerting. Especially after it was just revealed that they have been secretly spying on residents social media without City Hall’s knowledge. (
Why does the BPD retain all rights to video footage from a business camera? Why aren’t business owners allowed to release any footage or still images at their own discretion? What precautions are in place to ensure it won’t be deleted or edited? (
With violent crimes in Boston and across the country declining or at all-time lows, the questions residents should be asking is why do we need more surveillance? Boston used to be known as the ‘cradle of liberty’, let’s keep it that way.
Joe Cadillic is a former private investigator, member of the Digital Fourth and a privacy, civil rights blogger. (

Good questions all, but it’s hard not to do better than the Senate.
What Wharton Faculty Would Have Asked Mark Zuckerberg
… Sen. Orrin Hatch (R-Utah), for example, asked Zuckerberg, “How do you sustain a business model in which users don’t pay for your services?” With a straight face, the Facebook CEO said, “Senator, we run ads.” Social media had a field day lampooning members of Congress with cheeky memes and YouTube video clips.

Perspective. Personal Computers are being replaced by several newer technologies. Can you name four or five?
Gartner: Global PC shipments fell 1.4% in Q1 2018, 14th straight quarter of decline
… Gartner and IDC analysts have pointed to a variety of factors as contributing to this past quarter’s decline, including component shortages and a rising bill for materials that translates to higher prices. The only consistent factor every quarter, however, is that the PC simply isn’t as in-demand as it once was.

Something for the toolkit!
NIST’s New Quantum Method Generates Really Random Numbers
“Researchers at the National Institute of Standards and Technology (NIST) have developed a method for generating numbers guaranteed to be random by quantum mechanics. Described in the April 12 issue of (link is external)Nature (link is external), the experimental technique surpasses all previous methods for ensuring the unpredictability of its random numbers and may enhance security and trust in cryptographic systems. The new NIST method generates digital bits (1s and 0s) with photons, or particles of light, using data generated in an improved version of a landmark 2015 NIST physics experiment. That experiment showed conclusively that what Einstein derided as “spooky action at a distance” is real. In the new work, researchers process the spooky output to certify and quantify the randomness available in the data and generate a string of much more random bits. Random numbers are used hundreds of billions of times a day to encrypt data in electronic networks. But these numbers are not certifiably random in an absolute sense. That’s because they are generated by software formulas or physical devices whose supposedly random output could be undermined by factors such as predictable sources of noise. Running statistical tests can help, but no statistical test on the output alone can absolutely guarantee that the output was unpredictable, especially if an adversary has tampered with the device…”

No comments: