I’ll wager the attacks never stopped. Why would
they?
The
Russians tried to hack the Senate and conservative think tanks,
Microsoft says
Parts of an operation linked to Russian military
intelligence targeting the US Senate and conservative think tanks
were thwarted last week, Microsoft announced early Tuesday.
The company said it
executed a court order giving it control of six websites created by a
group known as Fancy Bear. The group was behind the 2016 hack of the
Democratic National Committee and directed by the GRU, the Russian
military intelligence unit, according to cybersecurity firms.
The websites could have
been used to launch cyberattacks on candidates and other political
groups ahead of November's elections, the company said.
Among the websites a judge in the Eastern District
of Virginia granted Microsoft control of were those with domain names
designed to resemble sites used by congressional staff. They include
"senate.group," and "adfs-senate.email."
Other domains were designed to look like they were
related to the Hudson Institute, a conservative think tank, and the
International
Republican Institute, whose board includes six serving senators,
former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.
Microsoft said the domains were "associated
with the Russian government and known as Strontium, or alternatively
Fancy Bear or APT28." The company said it has no evidence that
the domains were used in successful attacks but that it was working
with the potential target organizations. [Looks
like a diversion to me. Bob]
(Related) Why should we change a system that
works for us?
Hacking
Elections: Georgia's Midterm Electronic Voting in the Dock
The
security of electronic voting and the direct-recording election (DRE)
voting machines used has been questioned for years. The upcoming
U.S. midterm elections in November, coupled with the attempted
Russian meddling in the 2016 presidential election, have made this a
current and major concern for many in the security industry and
beyond. Now it has gone to court.
Earlier
this month (Aug. 3), the Coalition for Good Governance filed a Motion
for Preliminary Injunction against the Secretary of State for
Georgia (Brian Kemp, who is also the Republican candidate for
governor in the midterms) seeking
to force the state to abandon DREs and revert to a paper ballot.
The
Secretary of State has responded
to the Motion, claiming, “Such recklessness, if given the power of
a federal decree, would compromise the public interest.”
… The
vulnerability of the DRE systems themselves is hardly doubted. At
the end of 2016, both Cylance and Symantec separately demonstrated
hacks
against DREs. This month DEF CON ran its second annual Vote
Hacking Village, where attendees were invited to hack the voting
infrastructure, including DREs – and numerous vulnerabilities were
found and exploited.
DRE
manufacturers, and officials using them, are quick to point out most
exploits require physical access to the machines, and that any
individual hack would only affect the votes made on that system. The
overall vote itself will remain statistically valid.
Last
week (Aug. 13), a new survey from Venafi
found that 93% of more than 400 IT security professionals from the
U.S., UK and Australia found that “are concerned about
cyber-attacks targeting election infrastructure and data.”
Furthermore, “81% believe cyber criminals will target election data
as it is transmitted between machines, software and hardware
applications, and moved from local polling stations to central
aggregation points.”
The
voting infrastructure is much wider than vulnerable DREs alone.
… Georgia
uses approximately 27,000 Diebold AccuVote DRE touchscreen voting
units running a modified version of Windows CE. It
does not and cannot produce a paper audit trail of votes.
Georgia is one of just a few states – and the largest – that does
not produce a paper backup.
The
Coalition’s argument hinges on three elements: that DREs are
inherently insecure; that Georgia’s voting system has already been
breached; and that Georgia voting officials destroyed all evidence of
who might have benefited from the breach.
Protect your students’ data or we’ll stop
student loans?
Karen Scarfone reports:
No matter how many layers of security school districts put in place to stop ransomware, it’s inevitable that, at some point, an endpoint will be infected. Since January 2016, there have been 355 cybersecurity-related incidents against K–12 schools, including ransomware attacks, according to the K–12 Cybersecurity Resource Center.
In 2016, 60 percent of K–12 schools hit with ransomware decided to pay attackers in order to get back control of their data, according to analysis from the Department of Education. In response, the Education Department has responded with a number of resources to encourage better cybersecurity practices.
Most recently, the Education Department announced it would strip any K–12 school district or higher education institution of Title IV funding if it did not adhere to “reasonable methods” to protect student data.
Read more on EdTech.
(Related) But demonstrating that they have no
privacy may be okay?
Aaah, the traditions of a new school year. New
teachers, new backpacks, new crushes—and algorithms trawling
students’ social media posts.
Blake Prewitt, superintendent of Lakeview school
district in Battle Creek, Michigan, says he typically wakes up each
morning to twenty new emails from a social media monitoring system
the district activated earlier this year. It uses keywords and
machine learning algorithms to flag public posts on Twitter and other
networks that contain language or images that may suggest conflict or
violence, and tag or mention district schools or communities.
… There’s little doubt that students share
information on social media school administrators might find useful.
There is some debate over whether—or how—it can be
accurately or ethically extracted by software.
Amanda Lenhart, a New America Foundation
researcher who has studied
how teens use the internet, says it’s understandable schools like
the idea of monitoring social media. “Administrators are concerned
with order and safety in the school building and things can move
freely from social media—which they don’t manage—into that
space,” she says. But Lenhart cautions that research
on kids, teens, and social media has shown that it’s difficult for
adults peering into those online communities from the outside to
easily interpret the meaning of content there.
Think what you could do with this data!
WSJ –
What Your Car Knows About You
Auto
makers are figuring out how to monetize drivers’ data
[paywall]: “Car makers are collecting massive amounts of data from
the latest cars on the road. Now, they’re figuring out how to make
money off it. With millions of cars rolling off dealer lots with
built-in connectivity, auto companies are gaining access to
unprecedented amounts of real-time data that allow them to track
everything from where a car is located to how hard it is braking and
whether or not the windshield wipers are on. The data is generated
by the car’s onboard sensors and computers, and then stored by the
auto maker in cloud-based servers. Some new cars have as many as 100
built-in processors that generate data… Car companies stress that
they get the owner’s consent first before gathering any data…
Still, privacy experts say it is not always clear to consumers when
they are giving consent. As with other electronic devices, the data
disclosures are often buried in the terms and service agreement and
described in ways that aren’t always easy for customers to
understand…”
The industry is adding encrypted communications
faster than the FBI can take them to court (and lose).
Skype's
End-to-End Encryption Goes Live
… The feature went live for all users in
updates for all Skype apps deployed last week, according to
MsPowerUser, which first spotted the feature.
… All they have to do is press the "+
Chat" button atop their contacts sidebar and select the "New
Private Conversation" option that appears there.
… The conversations are end-to-end encrypted,
meaning messages are encrypted while in transit and on the two
devices engaged in the conversation.
For my rich friends?
JP Morgan
to unveil new investing app with an eye-catching, disruptive price:
Free
J.P.
Morgan Chase is about to lob a grenade into the increasingly
competitive world of retail investing.
The bank is rolling out a digital investing
service next week that comes bundled with free or discounted trades,
a sophisticated portfolio-building tool and no-fee access to the
bank's stock research. Anyone who downloads J.P. Morgan's mobile
banking app or uses its website can get at least 100 free trades in
the first year.
For my students’ forensic toolkit.
No comments:
Post a Comment