Saturday, March 03, 2018

It’s how you earn a bitcoin.
Bitcoin Heist: 600 Powerful Computers Stolen in Iceland
REYKJAVIK, Iceland (AP) — Some 600 computers used to "mine" bitcoin and other virtual currencies have been stolen from data centers in Iceland in what police say is the biggest series of thefts ever in the North Atlantic island nation.
Some 11 people were arrested, including a security guard, in what Icelandic media have dubbed the "Big Bitcoin Heist." A judge at the Reykjanes District Court on Friday ordered two people to remain in custody.
The powerful computers, which have not yet been found, are worth almost $2 million. But if the stolen equipment is used for its original purpose — to create new bitcoins — the thieves could turn a massive profit in an untraceable currency without ever selling the items.
… The Bitcoin ledger is powered by "miners," so-called because they throw computational power into the system, occasionally receiving — or "mining" — new bitcoins in return. Drumming up that computational power usually means lots of computers — and thus lots of electricity.
That desire for energy has created a gold rush for bitcoin in Iceland. Traders searching for cheap, renewable energy have been flooding into the island in recent months to take advantage of its geothermal and hydroelectric power plants.
Police tracking the stolen computers are monitoring electric consumption across the country in hopes the thieves will show their hand, according to an industry source who spoke on condition of anonymity because he is not allowed to speak to the media.




Trying to give my Computer Security students some perspective.
From Verizon:
We’ve re-examined the data within our Data Breach Investigations Report (DBIR) series (2016 and 2017) to focus in on the healthcare sector’s unique profile and security challenges, and particularly the use/abuse of protected health information (PHI). Our 2018 Protected Health Information Data Breach Report (PHIDBR) is underpinned by 1,368 incidents from this caseload covering 27 countries.
Our major findings are as follows:
  • 58 percent of incidents involved insiders. Healthcare is the only industry in which internal actors are the biggest threat to an organization. Often they are driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 percent); fun or curiosity in looking up the personal records of celebrities or family members (31 percent); or simply convenience (10 percent).
  • 70 percent of incidents involving malicious code within the healthcare sector were ransomware infections. Mirroring the ongoing use of ransomware across all business sectors, as we reported in our 2017 Data Breach Investigations Report and the cyber-attacks Europe witnessed mid-2017.
  • 27 percent of incidents were related to PHI printed on paper. Medical device hacking may be in the news, but it seems the real criminal activity is found by following the paper trail. Whether prescription information sent from clinics to pharmacies, billing statements issued by mail, discharge papers physically handed to patients, or filed copies of ID and insurance cards, printed documents are more prevalent in the healthcare sector than any other. The very nature of how PHI paperwork is handled and transferred by medical staff has led to preventable weaknesses – sensitive data being misdelivered (20 percent), thrown away without shredding (15 percent), and even lost (8 percent).
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI. More employee education is required to ensure that basic security measures are put in place.
Read more.




“NOW will you consider better security?” How much should you spend to avoid $600 million in breach costs?
Equifax breach could be most costly in corporate history
Equifax Inc (EFX.N) said it expects costs related to its massive 2017 data breach to surge by $275 million this year, suggesting the incident at the credit reporting bureau could turn out to be the most costly hack in corporate history.
The projection, which was disclosed on a Friday morning earnings conference call, is on top of $164 million in pretax costs posted in the second half of 2017. That brings expected breach-related costs through the end of this year to $439 million, some $125 million of which Equifax said will be covered by insurance.
… Total costs of the breach, which compromised sensitive data of more than 147 million consumers, could be “well over $600 million,” after including costs to resolve government investigations into the incident and civil lawsuits against the firm, he said.




Consider: Russia has demonstrated what some of its offensive cyber weapons can do in very limited attacks. Can we now imaging what a cyber war would look like?
Nuance Estimates NotPetya Impact at $90 Million
Nuance Communications, one of the companies to have been impacted by the destructive NotPetya attack last year, estimates the financial cost of the attack at over $90 million.
Initially believed to be a ransomware outbreak, NotPetya hit organizations worldwide on June 27, and was found within days to be a destructive wiper instead. Linked to the Russia-linked BlackEnergy/KillDisk malware, NotPetya used a compromised M.E.Doc update server as infection vector.
In its latest 10-Q filing with the Securities and Exchange Commission (SEC), Nuance reveals that, for the fiscal year 2017, NotPetya caused losses of around $68.0 million in revenues, and incurred incremental costs of approximately $24.0 million as result of remediation and restoration efforts.
Last month, Danish shipping giant A.P. Moller–Maersk said it had to reinstall software on nearly 50,000 devices following the NotPetya assault. In September 2017, FedEx revealed a negative impact of around $300 million on its profit as result of the attack.




Interesting, but still leaves the package vulnerable. No doubt they will ‘suggest’ allowing them to put it inside. “Just give us the key!”
Amazon may soon send you a photo of your own front door — here's why
What a typical photo confirmation looks like. Business Insider/Hayley Peterson Herrin According to USA Today, the online retailer has recently expanded a program called Amazon Logistics Photo On Delivery that involves a carrier taking a photo of a package after delivering it.
… The photo, included in the delivery confirmation, is meant to help the customer identify where and when the packages were left.
But Amazon also does this for internal insurance — it gets a record of whether the package was left at the customer's specified delivery location, should the customer say they never received it. [Does that transfer the liability to the homeowner’s insurance? Bob]


(Related) You could think of this as a ‘Trade War’ or as a way to keep Google from seeing what Amazon does when they deliver inside the house. (Will Google call this an abuse of ‘monopoly’ power?)
Amazon will stop selling Nest smart home devices, escalating its war with Google




Anything to get rid of my students…


Friday, March 02, 2018

That which does not kill us, makes us stronger?Impressive defense. I wonder who is ready for this and who will be scrambling in the dark?
GitHub Survived the Biggest DDoS Attack Ever Recorded
On Wednesday, at about 12:15 pm ET, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required.
GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.




A mere 294 breaches, with 16,060 records compromised per breach. Probably not time to start bragging.
Rajiv Leventhal reports:
In 2017, the number of individuals affected by breaches within the healthcare sector reached a four-year low, according to a new report from Campbell, Calif.-based security company Bitglass.
The report revealed that the majority of breaches were due to hacking and IT incidents (71 percent), and that percentage has continued to grow since 2014. The fourth annual Healthcare Breach Report aggregates data from the U.S. Department of Health and Human Services’ (HHS) Wall of Shame—a database of breach disclosures that is required as part of the Health Insurance Portability and Accountability Act (HIPAA)—to identify the most common causes of data leakage.
Read more on Healthcare Informatics.




Perhaps they should try to hire someone who knows how to run a bank? “Harm the victims” is definitely a “customer last” strategy!
Wells Fargo is accused of harming fraud victims by closing accounts
When signs of fraud appear on a customer’s account, such as a counterfeit check or an unauthorized withdrawal, a bank is required by law to investigate whether criminal activity has occurred.
Wells Fargo had a simpler solution, according to a former employee: Close the account and drop the customer.




For my Data Management students.
How to Turn ‘Data Exhaust’ into a Competitive Edge
A vast amount of data that is discarded — the so-called ‘data exhaust’ — actually hold a lot of value and could be tapped to create new competitive advantages, according to this opinion piece by Scott Snyder, a Wharton senior Fellow, and Alex Castrounis, vice president of product and advanced analytics for Rocket Wagon, an Internet of Things, digital and AI company.
Instead of the Internet of Things (IoT), perhaps we should call it the data of things or the internet of data?
IoT will generate a staggering 400 zettabytes (or 400 trillion gigabytes) of data a year by 2018, according to the 2016 Cisco Visual Networking Index. This is being driven by everything from wearables and smart home devices to high-end connected platforms like the Boeing 787, which generates 40 terabytes per hour of flight, or a Rio Tinto mining operation that can generate up to 2.4 terabytes of data a minute (more than 20 times what Twitter generates in a day).
Despite this huge growth in data from IoT devices, only a small amount (8.6 Zettabytes) will actually be sent to data centers for storage and subsequent analysis — the ‘data exhaust’ is much bigger than what’s actually being analyzed for insights.
… On the B2B side, companies like John Deere have used IoT data to shift their business model. The average farm went from generating 190,000 data points per day in 2014 to a projected 4.1 million data points in 2020 fueled by the significant growth in sensorization of fields and equipment. By turning these data streams into insights and prescriptive analytics, or automated decisions based on data, Deere moved from selling farm equipment to delivering ‘Precision Farming’ services, guided by their data advantage.




Perspective.
Pew – Social Media Use in 2018
A majority of Americans use Facebook and YouTube, but young adults are especially heavy users of Snapchat and Instagram: “A new Pew Research Center survey of U.S. adults finds that the social media landscape in early 2018 is defined by a mix of long-standing trends and newly emerging narratives. Facebook and YouTube dominate this landscape, as notable majorities of U.S. adults use each of these sites. At the same time, younger Americans (especially those ages 18 to 24) stand out for embracing a variety of platforms and using them frequently. Some 78% of 18- to 24-year-olds use Snapchat, and a sizeable majority of these users (71%) visit the platform multiple times per day. Similarly, 71% of Americans in this age group now use Instagram and close to half (45%) are Twitter users. As has been the case since the Center began surveying about the use of different social media in 2012, Facebook remains the primary platform for most Americans. Roughly two-thirds of U.S. adults (68%) now report that they are Facebook users, and roughly three-quarters of those users access Facebook on a daily basis. With the exception of those 65 and older, a majority of Americans across a wide range of demographic groups now use Facebook. But the social media story extends well beyond Facebook. The video-sharing site YouTube – which contains many social elements, even if it is not a traditional social media platform – is now used by nearly three-quarters of U.S. adults and 94% of 18- to 24-year-olds. And the typical (median) American reports that they use three of the eight major platforms that the Center measured in this survey…”




Which auto makers will survive a rides-on-demand future where individuals will not buy cars?
Toyota venture to spend $2.8 billion to develop self-driving technology
Toyota Motor Corp said a new venture would be investing more than $2.8 billion to develop automated-driving software - the latest salvo in an increasingly frenetic battle to be ahead in a sector hit by a slew of disruptive technologies.


(Related)
Uber is driving patients to their doctors in a big grab for medical transit market
Uber announced the launch of a new digital tool meant to book rides for patients who need assistance getting to and from their appointments. A health care provider can book a ride for patients and caregivers immediately, within a few hours, or with 30 days’ notice. The company is positioning itself as a cheaper and more reliable option than most non-emergency medical transportation.
… The non-medical-emergency medical transportation market is worth more than $3 billion, according to the Transit Cooperative Research Program, a federally funded independent research entity. A lot of that money is for people who can’t drive — either because of age or poverty — and so Medicare and Medicaid providers foot the bill. Uber has clearly become interested in the industry.




For my geeks.
Microsoft Gives Devs More Open Source Quantum Computing Goodies
Microsoft this week announced the first major upgrade to its Quantum Development Kit since its introduction last year. It has added several new features designed to open the platform to a wider array of developers, including support for Linux and macOS, as well as additional open source libraries.
Further, the kit will be interoperable with the Python computing language.


Thursday, March 01, 2018

Something is really off here. If this network is protected more carefully than others, why was the breach not stopped in December? Did they feed the hackers some type of disinformation?
Germany admits hackers infiltrated federal ministries, Russian group suspected
Citing anonymous sources, German news agency dpa had earlier reported that the Russian hacking group APT28 had placed malware in a government network and infiltrated both the Foreign Ministry and the Defense Ministry.
The sources said the malware could have remained in the government's networks for as long as a year before the government discovered the breach in December.
Security services reportedly allowed the malware to remain in the system until Wednesday to try and gather information about the attack and who was responsible.
… The hackers reportedly infiltrated the government's "Informationsverbund Berlin-Bonn" (IVBB) network, a specially designed communications platform which is separate from other public networks to ensure a supposed added layer of security. It's used exclusively by the chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn; the former German capital where some ministries still have offices.
The government said it receives roughly 20 attempted hacking attacks per day, while German intelligence services also carry out penetration tests once per week.
… Some opposition lawmakers have criticized the security services for failing to inform them about the attack.
"If the government has known about this since December, the fact that lawmakers responsible for oversight of [digital affairs] had to learn of it through the press is really scandalous," the Left Party's cyber expert, Anke Domscheit-Berg, told public broadcaster ZDF.
… The group's 2015 attack on the Bundestag was so far-reaching that the German government was forced to replace its entire IT infrastructure.




Apparently Equifax is still discovering new ways to find out what happened on its systems. Shouldn’t they know from sources they already used to manage their security? Oh wait, that’s right, they didn’t manage their security.
Reuters reports:
Equifax Inc (EFX.N), a provider of consumer credit scores, on Thursday said it found another 2.4 million U.S. consumers hit by a data breach last year, bringing the total to 147.9 million.
The company said the latest batch of consumers affected had their names and driver’s license information stolen, but noted less information was taken because it did not include home addresses, driver’s license states, dates of issuances, or expiration dates.
Read more on Reuters.




Giving my Computer Security students ‘regular intelligence’ to prepare them for ‘artificial intelligence.’
Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation
This report surveys the landscape of potential security threats from malicious uses of AI, and proposes ways to better forecast, prevent, and mitigate these threats. After analyzing the ways in which AI may influence the threat landscape in the digital, physical, and political domains, we make four high-level recommendations for AI researchers and other stakeholders. We also suggest several promising areas for further research that could expand the portfolio of defenses, or make attacks less effective or harder to execute. Finally, we discuss, but do not conclusively resolve, the long-term equilibrium of attackers and defenders.” arXiv:1802.07228 [cs.AI] (or arXiv:1802.07228v1 [cs.AI] for this version)


(Related?)
NYT – The Sublime and Scary Future of Cameras With A.I. Brains
The New York Times: “There’s a new generation of cameras that understand what they see. They’re eyes connected to brains, machines that no longer just see what you put in front of them, but can act on it — creating intriguing and sometimes eerie possibilities. At first, these cameras will promise to let us take better pictures, to capture moments that might not have been possible with every dumb camera that came before. That’s the pitch Google is making with Clips, a new camera that went on sale on Tuesday. It uses so-called machine learning to automatically take snapshots of people, pets and other things it finds interesting… Now, A.I. will create a revolution in how cameras work, too. Smart cameras will let you analyze pictures with prosecutorial precision, raising the specter of a new kind of surveillance — not just by the government but by everyone around you, even your loved ones at home…”


(Related) Why must what probably is a good idea, sound so creepy?
Microsoft and UPMC unveil virtual AI assistant that listens in and takes notes on doctor’s visits
Every day, doctors and nurses across the country do a complicated dance around patient care. They turn back and forth as a mother describes her child’s symptoms, trying to listen and simultaneously log information in the electronic health record. They huddle with a team to coordinate a cancer patient’s care using whiteboards, post-it notes and clipboards.
Microsoft wants to use technology to make things easier and more efficient in those situations. The company announced a slew of new cloud- and artificial-intelligence-fueled technologies Wednesday as part of its Healthcare NExT program, all aimed at helping healthcare providers wage a technology revolution in the industry.
The company announced four new projects: A healthcare-focused Azure cloud blueprint; Microsoft Genomics, a platform that powers genetic analysis and personalized medicine; A new template for Microsoft Teams specialized for healthcare providers; and Empower MD: an artificial intelligence platform that can assist doctors by listening in and learning from their conversations with patients. [Will AI eventually be recognized as a ‘third party’ in this conversation, effectively eliminating any claim to privacy? Bob]


(Related)
Wireless LAN startup Mist Systems closes on $46M funding round
Networking startup Mist Systems Inc., which has built a self-learning wireless local area network for enterprises that’s powered by artificial intelligence technologies, is gearing up for expansion after landing a $46 million late-stage funding round.
… Mist is quickly making a name for itself thanks to its Wireless LAN offering, which is essentially just a local area network for enterprises that doesn’t rely on wired Ethernet connections. The company said its Wireless LAN is superior to other networks, claiming it’s the world’s first “self-learning network” powered by its proprietary AI technology.
The self-learning capabilities means that many of the laborious tasks associated with managing the network can be automated. In addition, Mist said, its Wireless LAN helps to make Wi-Fi services more predictable, reliable and measurable by providing greater visibility into the network’s inner workings.




Some Privacy resources.
Jadzia Butler writes:
On the heels of the Federal Trade Commission’s (“FTC”) third annual “PrivacyCon,” the Future of Privacy Forum hosted its eighth annual “Privacy Papers for Policymakers” event on Capitol Hill—a gathering in which academics present their original scholarly works on privacy-related topics to D.C. policy wonks who may have a hand in shaping laws and regulations at the local, federal, and international level. The goal of the event is, in part, to foster academic-industry collaboration in addressing the world’s current and emerging privacy issues.
Read more on Covington & Burling Inside Privacy.




How will you tell all the ‘official’ stuff from all the ‘Russian’ stuff?
Democratic National Committee war plan: Target 50 million voters
… The DNC dubs its effort the "IWillVote" program and says it sets the party's most ambitious goal ever for a midterm election.
It will consist of new branding and content, tools and technologies, a voter hotline, online ads, and on-the-ground organizing — all with the aim of getting people to commit early to voting and then following through with them to ensure they register and ultimately turn out.




My students were very reluctant to ask Facebook (et al) to identify potential school shooters, but isn’t that what the EU is suggesting they could do?
Facebook, Google Get One Hour From EU to Scrub Terror Content
The European Union on Thursday upped its ante against tech companies, including Alphabet Inc.’s Google, Facebook Inc. and Twitter Inc., announcing sweeping guidelines for speedily scrubbing terror and other illegal content from their European websites, following pressure by some national governments to make internet firms legally liable for the information that appears on their platforms.
The European Commission, the bloc’s executive, said tech firms should remove terror content within one hour of it being flagged...


(Related) Is it really better if we don’t know these people (people Yahoo fears or hates?) are out there? Would it be better to group them in a ‘comedy channel’ or a ‘collection of examples for mental health workers to practice on?’
YouTube is taking down conspiracy theorist channels and popular gun videos
In the wake of the February 14 Parkland, FL school shooting, YouTube has banned a considerable number of the most egregious conspiracy peddlers and alt-righters from its ranks. The company also issued “warning strikes” and partial suspensions to a number of other channels, at least one of which was gun-focused. The move comes after months of scandals regarding the site’s inability to properly moderate the content published on its platform.




We discussed the chicken shortage in our Data Management class (my classes are fun) so this will be a great follow-up.
First Chicken, Now Gravy. KFC Has Another Shortage
KFC outlets in the U.K. are reporting a shortage of the fried chicken joint’s famous gravy just weeks after some locations ran out of chicken and were forced to close down.
… A spokesperson for KFC owner Yum Brands told Reuters that while 97% of KFC locations have reopened, the restaurants are going through a gravy shortage due to “ongoing distribution challenges” at DHL.




Judging by the recruiters at our last Job Fair, my students are selling fast, so they need to keep their resumes current!
… The LinkedIn Resume Assistant provides you with example resume snippets from other people in your field. This lets you see how they describe and explain their work experience and job skills.
If you struggle with the correct resume wording or how to best highlight your skills, it can be useful to see how other professionals do it.


(Related)




Free is good!
Google wants to teach more people AI and machine learning with a free online course
Machine learning and AI are some of the biggest topics in the tech world right now, and Google is looking to make those fields more accessible to more people with its new Learn with Google AI website.
… Google envisions the Learn with Google AI site serving as a repository for machine learning and AI, and it’s meant to be a hub for anyone looking to “learn about core ML concepts, develop and hone your ML skills, and apply ML to real-world problems.” The site will apparently cater to all levels of AI enthusiasts, from researchers looking for advanced tutorials to beginners.




Have I mentioned that my goal in life is to be like Wally?


Wednesday, February 28, 2018

Is this a Cold War FBI policy? We know the targets, we know some of the techniques, are we ready for the next round?
Cynthia McFadden, William M. Arkin, Kevin Monahan, and Ken Dilanian report:
The U.S. intelligence community developed substantial evidence that state websites or voter registration systems in seven states were compromised by Russian-backed covert operatives prior to the 2016 election — but never told the states involved, according to multiple U.S. officials.
Top-secret intelligence requested by President Barack Obama in his last weeks in office identified seven states where analysts — synthesizing months of work — had reason to believe Russian operatives had compromised state websites or databases.
Three senior intelligence officials told NBC News that the intelligence community believed the states as of January 2017 were Alaska, Arizona, California, Florida, Illinois, Texas and Wisconsin.
Read more on NBC, as their coverage goes beyond just these seven states, and they are reporting on a very concerning issue, even if, as they report, “All state and federal officials who spoke to NBC News agree that no votes were changed and no voters were taken off the rolls.” At least for those seven states. But what about the others? So far, there doesn’t seem to be a lot of evidence of successful penetration much less data tampering, but was 2016 just a test run for something more in 2018?




No honesty among thieves?
Thanatos Ransomware Makes Data Recovery Impossible
A newly discovered ransomware family is generating a different encryption key for each of the encrypted files but saves none of them, thus making data recovery impossible.
Dubbed Thanatos, the malware was discovered by MalwareHunterTeam and already analyzed by several other security researchers.
When encrypting files on a computer, the malware appends the .THANATOS extension to them. After completing the encryption, the malware connects to a specific URL to report back, thus allowing attackers to keep track of the number of infected victims.
The malware also generates an autorun key to open the ransom note every time the user logs in. In that note, the victim is instructed to send $200 to a listed crypto-coin address. Victims are also instructed to contact the attackers via email to receive a decryption program.
Thanatos’ operators allow victims to pay the ransom in Bitcoin, Ethereum, or Bitcoin Cash, thus becoming the first ransomware to accept Bitcoin Cash payments, Bleeping Computer’s Lawrence Abrams points out.
The issue with the new ransomware is that it, because it doesn’t save the encryption keys, files cannot be decrypted normally. However, victims don’t know that and might end up paying the ransom in the hope they can recover their files.




Something my Data Management students should kick around for a while.
Epic failure of data integration allowed 17 people to be murdered in Parkland
Leaving the gun debate to others, I propose that we focus on something more easily fixable about the Florida shooting: the epic failure of data integration that allowed this tragedy to happen.
“Every single red flag was present. If this kid was missed, there is no system.”
Broward County Public Defender Howard Finkelstein is right – there was a staggering amount of information available in multiple databases about Nikolas Cruz. But it wasn’t connected.




Minority Report” is already here.
About to Break the Law? Chinese Police Are Already On To You
Authorities in China’s troubled, heavily surveilled region of Xinjiang are deploying a platform that marshals the troves of data being collected to identify and pre-emptively detain potential troublemakers, according to a rights group.
Human Rights Watch said Tuesday the “predictive policing” platform combines feeds from surveillance cameras with other personal data such as phone use, travel records and religious orientation, and then analyzes the information to identify suspicious individuals.


(Related) ...and not just in China.
Palantir has secretly been using New Orleans to test its predictive policing technology
Palantir deployed a predictive policing system in New Orleans that even city council members don’t know about
… According to Ronal Serpas, the department’s chief at the time, one of the tools used by the New Orleans Police Department to identify members of gangs like 3NG and the 39ers came from the Silicon Valley company Palantir. The company provided software to a secretive NOPD program that traced people’s ties to other gang members, outlined criminal histories, analyzed social media, and predicted the likelihood that individuals would commit violence or become a victim. As part of the discovery process in Lewis’ trial, the government turned over more than 60,000 pages of documents detailing evidence gathered against him from confidential informants, ballistics, and other sources — but they made no mention of the NOPD’s partnership with Palantir, according to a source familiar with the 39ers trial.




Another step toward automating the legal business?
New on LLRX – From Judging Lawyers to Predicting Outcomes
Via LLRXFrom Judging Lawyers to Predicting OutcomesItai Gurari discusses Judicata’s latest technology solution – Clerk – that evaluates briefs filed in court, grading them on three dimensions: Arguments, Drafting, and Context. The grading reflects factors like how strong the brief’s arguments are, how persuasive the relied upon cases are, and the extent to which the brief cites precedent that supports the desired outcome.




We could do this here. Just saying…
From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt




Perspective. Big tech companies see opportunity in Health Care?
Google sister-company Verily is plotting a move into a fast-growing corner of the health insurance industry
  • Verily's new hires and partnerships point to a move into health insurance.
  • The company is looking to take on risk for patient populations and sharing in the upside if it can bring down health-care costs, sources tell CNBC.
  • The opportunity is currently in the tens of billions, with the potential to grow into a trillion dollar market.




Perspective.
What is it worth to Amazon to be able to enter your home?
Amazon To Purchase Video Doorbell Maker Ring For Over $1 Billion


(Related) Cheaper than an ambulance?
Passengers Who Call Uber Instead Of An Ambulance Put Drivers At Risk
A recent (yet to be peer-reviewed) study found that, after Uber enters new markets, the rates of ambulance rides typically go down, meaning fewer people call professionals in favor of the cheaper option. People have always taken taxis to the hospital — there’s the classic example of the woman going into labor in the back of a cab — but ride-hail technology makes it much easier, especially in less densely populated cities. This money-saving tactic might make sense for people in noncritical condition, but it puts ride-hail drivers in an uncomfortable position. They’re forced to choose between assuming potential legal liability if something goes wrong, or dealing with a sense of guilt and the fear of getting a lower rating if they decline or cancel the ride.




Perspective. And you thought only their brains were atrophying,,,
Children struggle to hold pencils due to too much tech, doctors say
The Guardian.com: “Children are increasingly finding it hard to hold pens and pencils because of an excessive use of technology, senior paediatric doctors have warned. An overuse of touchscreen phones and tablets is preventing children’s finger muscles from developing sufficiently to enable them to hold a pencil correctly, they say. “Children are not coming into school with the hand strength and dexterity they had 10 years ago,” said Sally Payne, the head paediatric occupational therapist at the Heart of England foundation NHS Trust. “Children coming into school are being given a pencil but are increasingly not be able to hold it because they don’t have the fundamental movement skills….”
“It’s easier to give a child an iPad than encouraging them to do muscle-building play such as building blocks, cutting and sticking, or pulling toys and ropes. Because of this, they’re not developing the underlying foundation skills they need to grip and hold a pencil.”
I cannot help but say, I told you so – it is not only kids who cannot hold pencils or pens and actually write on paper anymore – it is adults as well. And how many people do you know (excluding librarians please) who actually type – with two hand over a keyboard, using all their respective fingers (I am raising my hand but you cannot see me) – and I own so many pens that I am afraid of being shamed for what is considered an odd collection of otherwise “useless objects.” I actually use them daily to write real cards – to people I know – and to take notes – every day – but then – I am a librarian/researcher/knowledge manager – who does not own a phone that I can “swipe.” I have an 8 year old “smartphone” with whom I have an increasingly contentious relationship – but I digress. If people do not use the muscles in their hands, will they eventually be of no use (an unimaginable fate for some, most..of us?).




For my techies.
A funny look at the unintended consequences of technology | Chuck Nice
Technology should work for us, but what happens when it doesn't? Comedian Chuck Nice explores the unintended consequences of technological advancement and human interaction -- with hilarious results.


Tuesday, February 27, 2018

Perhaps Georgia wants to use that vulnerability?
AP reports:
Lying about your weight on an online dating site? Checking out who won the Falcons game from your work computer? Using your computer hacking knowledge as an “ethical hacker?” Those actions may become illegal if a Georgia bill gets voted into law, civil liberty advocates say.
Supporters of a bill making its way through the state legislature say it’s designed to give law enforcement the ability to prosecute “online snoopers” — hackers who break into a computer system but don’t disrupt or steal data. The legislation came in response to a recent data breach at a Georgia university in which unauthorized cybersecurity experts noticed the vulnerability of Georgia’s voting records.
Read more on Times Free Press.




Local interest.
Kirk Mitchell reports:
Russian computer hackers operating in Colorado and 15 other states used data-mining viruses to steal thousands of credit card numbers from U.S. residents in 20 states and sold them on the darknet for more than $3.6 million, according to federal court documents.
As part of the wide-scale criminal operation, so-called “carders” from Russia advertised and sold the numbers to Ukrainian operatives using the Rescator network of websites — named for a Ukranian hacker who specializes in the sale of stolen credit cards.
Read more on The Denver Post.




For my Ethical Hacking students: It’s where the money is!
Feds No Longer Need Apple Consent To Crack Nearly Any iPhone Thanks To Cellebrite iOS 11 Exploit
Cellebrite, an Israeli company known for selling solutions to law enforcement agencies around the globe to unlock smartphones, is back in the news again. This time around, the company is touting a new solution that would make it possible to crack just about any device that is currently running Apple's iOS 11 operating system.
To understand why this announcement is so pivotal, we must rewind to just over two years ago. Following the San Bernardino terrorist attack that left 14 people dead in late 2015, Apple and the U.S. Department of Justice got into a war of words about device encryption and backdoor software access, bringing the subject to a mainstream audience. Law enforcement officials – lead primarily by the FBI – argued that they needed access to one of the perpetrators' iPhones for national security reasons. Apple argued that providing backdoor access to the FBI or other agencies could lead to a reduction in security for all of its customers and stood its ground.
In the end, the FBI ended up gaining access to the iPhone 5c thanks to software [reportedly] made by Cellebrite. Now, Cellebrite's ability to crack encryption on iPhones extends to all current hardware capable of running iOS 11 including the iPhone X. According to sources for Forbes', the latest hack to circumvent Apple security was perfected over the past few months and is being shopped around to Cellebrite's usual law enforcement clientele.
Cellebrite describes its services, writing, "These new capabilities enable forensic practitioners to retrieve the full file system to recover downloaded emails, third-party application data, geolocation data and system logs, without needing to jailbreak or root the device.
… We should note that Android devices aren't immune from Cellebrite's tentacles either, as it can access data on "Samsung Galaxy and Galaxy Note devices; and other popular devices from Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE, and more."




The best laid schemes o' mice an' men / Gang aft a-gley.” What about failure to plan?
USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online
In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images.
The USPS recently told this publication that beginning Feb. 16 it started alerting all households by mail whenever anyone signs up to receive these scanned notifications of mail delivered to that address. The notification program, dubbed “Informed Delivery,” includes a scan of the front of each envelope destined for a specific address each day.




Perhaps a method to identify potential school shooters?
How Companies Scour Our Digital Lives for Clues to Our Health
Your digital footprint — how often you post on social media, how quickly you scroll through your contacts, how frequently you check your phone late at night — could hold clues to your physical and mental health.
That at least is the theory behind an emerging field, digital phenotyping, that is trying to assess people’s well-being based on their interactions with digital devices. Researchers and technology companies are tracking users’ social media posts, calls, scrolls and clicks in search of behavior changes that could correlate with disease symptoms. Some of these services are opt-in. At least one is not.


(Related) At least Dilbert keeps up.




Interesting stats?
Law and reputation firms generate 21% of Right to Be Forgotten delistings, says Google
Google says that there are “tens of thousands” of Right to Be Forgotten (RTBF) requests filed each month in Europe. In a new blog post, the company explains that it’s updating its “Transparency Report,” which details RTBF requests, to include new categories of information.
In addition to reporting aggregate data on requests, their countries of origin and percentages granted, Google says it will now reveal:
  • The type of individual/entity making the request: private vs. non-private (government entity, corporations, NGOs)
  • What sort of content is associated with the request: personal information, professional information, criminal activity
  • Whether the site on which the link appears is a directory site, news site, social media or other.
  • Delisting rate by content category
Google is simultaneously releasing a report that provides more depth and detail on the nature of delisting requests, summarizing three years of data since RTBF first came into being in May 2014. The high-level findings are provided in an infographic in the blog post.
In the report, Google says there are “two dominant intents for RTBF delisting requests.” Roughly a third (33 percent) of requests are related to personal information on social media and directory sites. Another 20 percent relate to news and government websites that contain “a requester’s legal history.” The rest are diverse and span a range of content types and objectives.
… One of the more interesting disclosures in the report is that there is a category of high-volume RTBF requesters. Google reports that the top 1000 requesters “generated 14.6 percent of requests and 20.8 percent of delistings. These mostly included law firms and reputation management agencies, as well as some requesters with a sizable online presence.”




For my Data Management students. Apparently, Online is cheaper than creating and storing CDs.
Public broadcaster music library closing, CDs to be digitised, destroyed
Radio Canada International: “Canada’s public broadcaster CBC (English) and Radio-Canada (French) is going through massive changes. The sprawling headquarters of the Radio-Canada network in Montreal have been sold, and the organisation will move to new and much smaller rented quarters being built on one of the former parking lots. With huge funding cuts from the government and increasing costs, this has meant equally massive staff and production cuts. Rapidly developing technological developments are also driving the changes. The broadcaster with stations across the country has, over the decades, amassed a vast collection of recorded music and other artefacts… The main French-language production centre of Radio-Canada in Montreal has also been digitising its collection. However, recently it was revealed that most of the collection of over 200,000 CDs will be destroyed when the process is completed in 2019 and prior to the move to new quarters in 2020. The destroyed materials apparently will be recycled…”




When Social Media turns anti-social?
Meet Vero: Why a billionaire's Instagram alternative is suddenly so popular
Instagram haters are jumping on a new social media bandwagon.
Vero, a photo-sharing app that launched in 2015, is the latest app to benefit from ongoing frustration with Instagram's hated algorithm.
A week ago, the app was ranked so low it didn't even appear in the App Store's top 1,500 apps; today it's the most popular app in the entire App Store. It's gotten so popular that the app's servers have been overloaded, with many users unable to post or even sign up for an account.
… So how does it make money?
The short answer is that it doesn't — at least, not yet. Because there are no ads on the platform, Vero says it will eventually rely on user subscriptions for the bulk of its revenue.
… And while it's not clear what has prompted Vero's sudden surge, it appears to be at least partly due to frustration's with Instagram's algorithm, which has been bubbling up for months.
Instagrammers have been upset over the app's algorithm since it rolled out last year. But, unlike other changes, which people have gotten used to over time, frustration seems to have only intensified over time.
Now, Instagram users are promoting their Vero accounts to followers. There are currently more than 500,000 Instagram posts tagged as #Vero, the majority of which are users posting screenshots of their profiles and asking followers to join them on the app.




Perspective. Back in my day, it was "Duck and cover" and we couldn’t shoot back. Perhaps training on how to recognize mental illness would be more valuable?
This is America: 9 out of 10 public schools now hold mass shooting drills for students
Read this and weep – and then get busy – please: How “active shooter” drills became normal for a generation of American schoolchildren. “… Since Columbine, 32 states have passed laws requiring schools to conduct lockdown drills to keep students safe from intruders. Some states went even further after 20 children died in Newtown, Connecticut, in 2012. Now, six states require specific “active shooter” drills each year. That means the training must be specifically tailored to respond to an armed gunman out to kill. There is no consensus on what these drills should look like, but several states, including Missouri, require shooting simulations with police officers…”




For my geeks…
Google’s Flutter app SDK for iOS and Android is now in beta
Flutter is Google’s open source toolkit for helping developers build iOS and Android apps. It’s not necessarily a household name yet, but it’s also less than a year old and, to some degree, it’s going up against frameworks like Facebook’s popular React Native. Google’s framework, which is heavily focused around the company’s Dart programming language, was first announced at Google’s I/O developer conference last year.


Monday, February 26, 2018

Reinforcing several trends reported here earlier, including physician invulnerability.
MUSC terminates employees who 'snoop' in patients' medical records
Thirteen employees were fired in 2017 from the Medical University of South Carolina after administrators determined they had broken federal law by using patient records without permission, spying on patient files or disclosing private information.
Some of these privacy breaches involved high-profile patients. [You couldn’t sell my records to the National Enquirer. Bob]
MUSC staff explained to the hospital's Board of Trustees during a recent meeting that designated employees monitor the news media for any potential privacy breaches. Sometimes, they said, health care providers will "snoop" in patient records after a case makes the news. Eleven of 58 privacy breaches at MUSC in 2017 were categorized as snooping.
… But patients shouldn't worry excessively about the security of their own information. Experts agree that digital medical records are more secure than paper ones. [I’m an expert, and I strongly disagree. Bob]
Elizabeth Willis, the corporate privacy officer at Roper St. Francis, said the ability to track each employee who opens a record makes patient files less vulnerable to a security breach. [It makes detection of breaches easier, but does nothing to stop a breach – see paragraph one. Bob]
… She provided further information about security breaches and terminations at MUSC dating back to 2013. Since then, MUSC has identified 307 breaches and 30 employees have been fired. Nearly half of all those firings occurred last year. None were physicians, Woolwine said.




I called this a while back… Russia is demonstrating what could happen if they are banned from future games.
Russia Hacked Olympics Computers, Turned Blame on North Korea: Report
Russian military spies hacked hundreds of computers used by Winter Olympics organizers and tried to make it look like the work of North Korea, the Washington Post reported Sunday, quoting US intelligence sources.
South Korea had previously announced that it was investigating the failure of several Olympic-linked internet sites and broadcast systems just as the opening ceremonies were taking place on February 9.
The Russians used a North Korean internet provider to make it appear the attack originated in North Korea, in what is known as a "false flag" operation, the Post said.
they said the cyber attack against the Games -- from which Russia's team was excluded for doping -- was worrisome.
Some analysts believe the cyber attack was retribution for that ban. Some Russian athletes were allowed to compete, but only under the designation of "Olympic Athletes from Russia."




Can we prepare for the hack of the 2020 election?
A primer on political bots: Part one
Data Drive Journalism – “The rise of political bots brings into sharp focus the role of automated social media accounts in today’s democratic civil society. Events during the Brexit referendum and the 2016 U.S. Presidential election revealed the scale of this issue for the first time to the majority of citizens and policy-makers. At the same time, the deployment of Russian-linked bots designed to promote pro-gun laws in the aftermath of the Florida school shooting demonstrates the state-sponsored, real-time readiness to shape, through information warfare, the dominant narratives on platforms such as Twitter. The regular news reports on these issues lead us to conclude that the foundations of democracy have become threatened by the presence of aggressive and socially disruptive bots, which aim to manipulate online political discourse. While there is clarity on the various functions that bot accounts can be scripted to perform, as described below, the task of accurately defining this phenomenon and identifying bot accounts remains a challenge. At Texifter, we have endeavoured to bring nuance to this issue through a research project which explores the presence of automated accounts on Twitter. Initially, this project concerned itself with an attempt to identify bots which participated in online conversations around the prevailing cryptocurrency phenomenon. This article is the first in a series of three blog posts produced by the researchers at Texifter that outlines the contemporary phenomenon of Twitter bots. Bot accounts are a persistent feature of the user experience on Twitter. They can increase the influence of positive, negative, or “authentic” fake news stories; promote opinion posts from a variety of accounts (botnets); and circulate memes. Their ability to shape online political discourse and public opinion, however, is generating legitimate concerns. The significance of the bot effect stretches from the academic research community, to tech and platform companies, national regulatory bodies, and the field of journalism. One of the most recognized examples of this involves the lead-up to the 2016 U.S. Presidential Election. During that period, over 50,000 automated Twitter accounts from Russia retweeted and disseminated political material posted by and for Trump, reaching over 677,775 Americans. Over 2,000,000 tweets and retweets were the result of these Twitter bots, accounting for approximately 4.25% of all retweets of Trump’s tweets in the lead-up to the U.S. election. These findings accentuate the larger issue of state actors using social media automation as a tool of political influence…”




First numbers I’ve seen on the “new” cards.
Chip Cards Lead to 70% Drop in Counterfeit Fraud: Visa
The financial industry has been pushing for the adoption of EMV (Europay, MasterCard, Visa) card technology in the United States since 2011, and efforts were increased following the disclosure of the massive data breach suffered by Target in 2013.
However, according to Visa, by September 2015, only roughly 392,000 merchant locations had been accepting chip cards, and the number of Visa debit and credit cards using this technology was only at 159 million.
Data collected by Visa shows the number of storefronts that had migrated to EMV technology by December 2017 increased by more than 570%, with 2.7 million storefronts in the U.S., representing 59% of the total, accepting chip cards. The number of Visa cards using chip technology increased by 202% to 481 million, with 67% of Visa payment cards having chips.
Visa also reported that EMV cards accounted for 96% of the overall payment volume in the United States in December 2017, with chip payment volume reaching $78 billion.
As a result of U.S. merchants upgrading their payment systems for EMV cards, cases of counterfeit fraud had dropped by 70% in September 2017 compared to December 2015.
While the adoption of chip and PIN technology addresses the problem of counterfeit card fraud, it has not deterred fraudsters, who have simply shifted their focus to card-not-present (CNP) and other types of fraud.




Which part of “we surveil your children” did they not understand?
James Tozer reports:
Happily chatting and walking between lessons, these children are being watched by school spy cameras designed for their protection.
Now it has emerged that the images can be viewed by anyone after the CCTV systems were hacked and put online.
A disturbing website, which boasts ‘Watch live surveillance cameras in the UK’, allows people anywhere in the world to spy on children, teachers and parents in real time.
[…]
The website broadcasting the footage claims no cameras are hacked and all the internet-connected cameras on the site do not have proper password protection.
Read more on Daily Mail. So have UK parents just discovered the Internet of Unsecured Things the hard way? Were these systems really hacked or did they just use default configurations available to everyone or….? And will this result in cams in toilets being removed? Will any lessons be learned or is this just another 15 minute news cycle?




Is this any way to run a government agency?
Kathleen Dion of Robinson & Cole writes:
On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data.
First, EDUCAUSE expressed concerns about letters that various colleges and universities received from the FSA. These letters indicated that a data breach or suspected data breach occurred at educational institutions, and required the institutions to make a full accounting of their information security program. Some of the letters also indicated that the institutions failed to self-report alleged or suspected breaches. It appeared that the FSA identified these institution from news reports, but EDUCAUSE expressed concern that FSA did not confirm that the breaches or suspected breaches occurred prior to sending the letter.
[From the article:
Second, EDUCAUSE expressed concerns that FSA did not have proper reporting procedures in place. In late 2017, the FSA stated that notifications could be made via text message to an FSA official’s cellphone number. It also indicated that blocked phishing attempts constituted a suspected data breach that must be “immediately reported,” (i.e. on the date of detection).




An article worth reading.
On February 13, 2018, the New York Times reported that Uber is planning an IPO. Uber’s value is estimated between $48 and $70 billion, despite reporting losses over the last two years. Twitter reported a loss of $79 million before its IPO, yet it commanded a valuation of $24 billion on its IPO date in 2013. For the next four years, it continued to report losses. Similarly, Microsoft paid $26 billion for loss-making LinkedIn in 2016, and Facebook paid $19 billion for WhatsApp in 2014 when it had no revenues or profits. In contrast, industrial giant GE’s stock price has declined by 44% over the last year, as news emerged about its first losses in last 50 years.
Why do investors react negatively to financial statement losses for an industrial firm but disregard such losses for a digital firm?




Looks like everyone is underpaid!
Search and explore faculty, staff, and adjunct salary data at thousands of colleges
Chronicle of Higher Education – Chronicle Data – Institutions are grouped under the most recent Carnegie Classification. User may search full time salaries, staff salaries, and adjunct salaries, by college, state, sector or Carnegie Classification, as well as display by college.




I can not convince my students to take notes!
Laws on Recording Conversations in All 50 States
  • See also related reference from last June via Quartz – As Comey shows, documenting conversations with your boss can be smart – “Careful documentation of meetings via notes and memos is part of the FBI’s culture (via NYT), but there are sound reasons for ordinary workers to at least consider doing the same when we talk to our bosses. Taking notes—or better, recording conversations in states where its legal—is sound practice for employees who feel their managers are doing something inappropriate…