Monday, May 06, 2019




...and so it begins. Note that you need to be near the actors to attack them directly. That does not mean you ignore allies or associates who are within reach.
https://www.forbes.com/sites/kateoflahertyuk/2019/05/06/israel-retaliates-to-a-cyber-attack-with-immediate-physical-action-in-a-world-first/
Israel Retaliates To A Cyber-Attack With Immediate Physical Action In A World First
The Israel Defense Forces (IDF) has launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space.
The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.
It could mark a change in modern cyber warfare tactics, given that it is the first time a cyber-attack has been met with immediate physical retaliation. However, as ZDNet points out, the US is still the first country to respond to cyber-attacks with military force. In 2015, the nation launched a drone strike to kill the British national in charge of ISIL's hacker groups Junaid Hussain. Hussain had also dumped personal details of US military forces online.
But Ian Thornton-Trump, security head at AmTrust Europe says: “Israel would not have targeted the building and presumably those in it without a lot more due diligence and intelligence than ‘a cyber-attack was coming from the building’."
He points out that in the ISTAR (intelligence, surveillance, target acquisition and reconnaissance) process, the target would be developed and verified with “additional and quite likely non-cyber information”.
He adds: “Part of military strategy involves making the enemy believe you have overwhelming capabilities: it’s part psyops and a good strategy.”
… “Aside from this particular incident, it also sends a clear message to any state or non-state actor that threats promulgated through cyberspace can and will be met with a physical response if appropriate. This is an inevitable escalation against a very real threat.”
Ingram points out that operations in cyber space “are not governed by the rules of warfare”. However, the Geneva protocols and international law do cover a response occurring in the physical domain. “There have been attempts to bring in rules for cyber warfare with the Tallinn Manual on the International Law applicable to Cyber Warfare, but this has not been ratified or adopted by any nation or multinational organization.”






I wonder if anyone asked how much they had spent (or budgeted) on Computer Security?
Cyber-attack threat is costly for Modesto schools. The total estimate may surprise you.
Ken Carlson reports:
The costs of combating a recent cyber attack and securing computer services against further attacks will easily exceed $1 million for Sylvan Union School District.
According to a budget study in April, the Modesto school district amassed $475,700 in costs in eradicating two cyber-attack viruses that took down essential services in the district with 10 elementary schools and three middle schools. Staff and teachers lost connection to cloud-based data, networks and educational platforms that use the school district’s Internet connection.
Read more on Modesto Bee.






Useful?
https://teachprivacy.com/anatomy-of-a-privacy-law/

Anatomy of a Privacy Law

I was recently giving a presentation about new privacy laws, and I created the infographic above to catalog the various elements that privacy laws often have.






How many people does it take to read all the posts to Facebook in near real time? See why they are working on AI?

https://www.reuters.com/article/us-facebook-ai/facebook-labels-posts-by-hand-posing-privacy-questions-idUSKCN1SC01T
Facebook 'labels' posts by hand, posing privacy questions
Over the past year, a team of as many as 260 contract workers in Hyderabad, India has ploughed through millions of Facebook Inc photos, status updates and other content posted since 2014.






Perhaps we don’t need the Russians to spread ‘fake news.’
https://www.bespacific.com/study-major-media-outlets-twitter-accounts-amplify-false-trump-claims-on-average-19-times-a-day/
Study: Major media outlets’ Twitter accounts amplify false Trump claims on average 19 times a day
Media Matters: “Major media outlets failed to rebut President Donald Trump’s misinformation 65% of the time in their tweets about his false or misleading comments, according to a Media Matters review. That means the outlets amplified Trump’s misinformation more than 400 times over the three-week period of the study — a rate of 19 per day. The data shows that news outlets are still failing to grapple with a major problem that media critics highlighted during the Trump transition: When journalists apply their traditional method of crafting headlines, tweets, and other social media posts to Trump, they end up passively spreading misinformation by uncritically repeating his falsehoods. The way people consume information in the digital age makes the accuracy of a news outlet’s headlines and social media posts more important than ever, because research shows they are the only thing a majority of people actually read. But journalists are trained to treat a politician’s statements as intrinsically newsworthy, often quoting them without context in tweets and headlines and addressing whether the statement was accurate only in the body of the piece, if at all. When the politician’s statements are false, journalists who quote them in headlines and on social media without context end up amplifying the falsehoods...






Is it wise to ask the DHS to train people with no Computer Security skills or would it be smarted for the campaigns to hire people with Computer Security skills?
https://www.securityweek.com/2020-campaign-staffers-being-trained-handle-cyber-threats
2020 Campaign Staffers Being Trained to Handle Cyber Threats
Whether presidential campaigns have learned from the cyberattacks is a critical question ahead as the 2020 election approaches. Preventing the attacks won’t be easy or cheap.
… Mook has been helping develop a plan for a nonprofit to provide cybersecurity support and resources directly to campaigns.
The Department of Homeland Security’s cyber agency is offering help, and there are signs that some Democratic campaigns are willing to take the uncomfortable step of working with an administration they are trying to unseat.
Candidates can get some advice from the Republican and Democratic national committees, which are in regular contact with Homeland Security and focus on implementing basic security protocols.
The relative ease with which Russian agents penetrated computers underscores the perilous situation facing campaigns. Clinton has been talking about this with Democratic presidential candidates.
Unless we know how to protect our election from what happened before and what could happen again ... you could lose,” Clinton said in a MSNBC interview. “I don’t mean it to scare everybody. But I do want every candidate to understand this remains a threat.”






I’ve never heard of MindGeek. Looks like I need to do some extensive research…
https://www.nytimes.com/2019/05/03/style/britain-age-porn-law.html
How the U.K. Won’t Keep Porn Away From Teens
Come July 15, 2019, internet users in Britain attempting to visit major pornography sites will be confronted with a question: How old are you? Then, a follow-up: Can you prove it?
They’ll have a few options. Users can verify their age online, by submitting official government IDs or credit card information. Or they can walk into a store and establish their eligibility to access porn the old-fashioned way: by handing money and identification over to a human being, at a participating store, in exchange for a pass.
The British government has touted its mandatory age check as a “world-first” that will help make Britain the “safest place in the world to be online,” particularly for children. It has been less vocal about the precise manner in which these rules will be enforced. Just a few months out, and after multiple embarrassing delays, this is very much a work in progress.
What is taking shape is an enforcement regime made up not just of actual regulators and quasi-regulators but also major pornographers. It is a system that may not only fail to accomplish the law’s stated purpose (to keep children from stumbling upon adult content), but which also risks being captured by the biggest name in online porn, a multinational streaming conglomerate called MindGeek.






More on Amazon architecture (logistics) Have the been deliberately slowing their delivery?
https://www.cnbc.com/2019/05/05/amazon-can-already-ship-to-72percent-of-us-population-in-a-day-map-shows.html
Amazon can already ship to 72% of US population within a day, this map shows
Amazon is already capable of offering same-day and next-day delivery to 72% of the total U.S. population, including almost all of the households (95% or more) in 16 of the wealthiest and most populated states and Washington, D.C., according to a report published in March by RBC Capital Markets.






Perspective.
https://www.cnbc.com/2019/05/06/apple-buys-a-company-every-few-weeks-says-ceo-tim-cook.html

Apple buys a company every few weeks, says CEO Tim Cook





No comments: