Should be interesting.
While most people in the U.K. and U.S. might have
been preparing for New Year’s Eve celebrations, the hackers known
as thedarkoverlord had their own plans for the evening, and their
plans seemed to involve spoiling the plans of a number of corporative
executives on both sides of the Atlantic.
Earlier in the day, the hackers, whose
past hacks and extortion demands have been covered extensively on
this site, announced
that a
law firm hack earlier in 2018 that had not garnered much notice
had been one of their hacks. That hack, they claim, had reportedly
given them access to files from major insurers such as Hicsox Group
and Lloyd’s of London.
But it was in poring through the files they
obtained that the hackers realized that they had acquired a treasure
trove of files concerning the World Trade Center attacks and
post-attack litigation. And as you might expect with such complex
litigation involving subrogation, there were files containing
Sensitive Security Information “from the likes of the FBI, CIA,
TSA, FAA, DOD, and others.”
By the time they were done pillaging,
thedarkoverlord had acquired what they described as 18,000 files
relating to the litigation.
Consistent with their past methods,
thedarkoverlord claims that they had offered to keep the files out of
the public’s eye if their victim paid them . And the victim did
pay, they say, but as in the
Larson Studio case, the victim then allegedly cooperated with law
enforcement, which thedarkoverlord viewed as a breach of their
contract. When the victim was unwilling to pay an additional
penalty, thedarkoverlord went public with a sample of files, a new
Twitter account (@tdo_h4ck3rs)
to tweet out some files, and some threats.
A good backgrounder for my students. (Have
someone read this to a Congressman)
Artificial
intelligence can’t save us from human stupidity | Editorial
Looking over the year that has passed, it is a
nice question whether human stupidity or artificial intelligence has
done more to shape events. Perhaps it is the
convergence of the two that we really need to fear.
… It is possible to make them represent their
reasoning in ways that humans can understand. In fact, in the EU and
Britain it may be illegal not to in certain circumstances: the
General Data Protection Regulation (GDPR) gives people the right to
know on what grounds computer programs make decisions that affect
their future, although this has not been tested in
practice. This kind of safety check is not just a precaution against
the propagation of bias and wrongful discrimination: it’s also
needed to make the partnership between humans and their newest tools
productive.
Background for my Computer Security students.
A job my students should consider. (And some
skills I have to teach.)
The New
(And Misunderstood) Role of the GDPR Data Protection Officer
… Core competencies
Three areas of significant experience are absolute
requirements for this position:
- Knowledge of how GDPR regulations and all applicable national data protection law apply to the organization’s data processing practices;
- Significant experience with IT security audits and threat assessment; and
- Strong communication skills across a variety of organizational positions and departments.
Interesting and worth thinking about.
Look Beyond
the Regulations to See What 2019 Has in Store for the Privacy
Industry
… here are my predictions concerning data
privacy in 2019:
The Rise of
the CISO and CTO –
Privacy is a data issue, and that’s the responsibility of the CTO
and sometimes the CISO.
The Data
Protection Continuum – Privacy and security will start to
be seen as a Data Protection Continuum, with privacy telling you
“what” is important and “why,” and security telling you “how”
to protect it
Privacy vs.
Data Industrial Complex – In 2019, organizations will
recognize they need to be concerned about the private data they hold
– even if they themselves don’t intend to monetize it.
Growth of Data
Privacy Automation – People will realize that automation
at the data layer is the only feasible way to ensure continuous
compliance related to data privacy laws. [This
is why I changed so many of my lectures on Security and Software
Architecture. Bob]
Perspective. The Luddites of 2019?
… “They didn’t ask us if we wanted to be
part of their beta test,”
At least 21 such attacks have been leveled at
Waymo vans in Chandler, as first reported
by The Arizona Republic. Some analysts say they expect more such
behavior as the nation moves into a broader discussion about the
potential for driverless cars to unleash colossal changes in American
society. The debate touches on fears ranging from eliminating jobs
for drivers to ceding control over mobility to autonomous vehicles.
“People are lashing out justifiably," said
Douglas Rushkoff, a media theorist at City University of New York and
author of the book “Throwing Rocks at the Google Bus.” He
likened driverless cars to robotic incarnations of scabs — workers
who refuse to join strikes or who take the place of those on strike.
If you really, really love movies…
No comments:
Post a Comment