What
makes this one different? Perhaps this is a demonstration of
evolving skills, but it could also be an intelligence gathering hack
vs cash raising or military harassment. We had best learn to deal
with this kind of hack.
How
the suspected Equifax hackers covered their tracks
Even
for U.S. law enforcement, the Equifax hack was different.
Unlike
in previous examples of apparent Chinese government-backed
cyber-operations, the hackers behind the Equifax breach stymied
police for months. After the Office of Personnel Management hack in
2015, and the Marriott breach which was disclosed in 2018,
investigators were confident enough that China was involved to tell
the Wall
Street Journal and
New
York Times about
their suspicions soon afterward.
With
Equifax, the search for who was responsible was remarkably harder.
Data stolen from the credit monitoring firm hadn’t appeared for
sale on criminal forums, a possible indication of a nation-state’s
involvement. And while the trove of financial information would
certainly be useful to foreign intelligence agencies, using forensic
data to validate that theory would prove to be a tall order.
The
charges
announced Monday outline
a conspiracy to not only steal a massive trove of information on 145
million Americans but also get away with the theft.
(Related)
Glyn
Moody writes:
The speech by US Attorney General William P. Barr hardly seems earth-shattering. But buried within its business-like announcement of the indictment of four Chinese military hackers, there is the following statement, which has huge implications for privacy:
For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the U.S. Office of Personnel Management, the intrusion into Marriott hotels, and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax.
The first of the intrusions that Barr mentions took place in 2014, but was only revealed in November 2018, when Marriott Hotels admitted that it had discovered there was unauthorized access to its Starwood guest reservation database. The system held details of 500 million guests, and Marriott said that for around 327 million of these guests, the information included some combination of name, mailing address, phone number, email address, passport number, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Four years is plenty of time to exfiltrate all those details.
Ethical
arguments for fun and profit?
We
know ethics should inform AI. But which ethics?
… Consider
the difference between deontological and teleological ethical
standards. The former focuses on the intention and the means, while
the latter on the ends and outcomes.
… Another
useful yardstick is the so-called golden rule of ethics, which
invites you to treat others in the way you would like to be treated.
The difficulty in applying this principle to the burgeoning field of
AI lies in the gulf separating the billions of people whose data are
being accumulated and analysed from the billions of potential
beneficiaries.
… Consider one last set of ethical standards:
cultural relativism versus universalism. The former invites us to
evaluate practices through the lens of the values and norms of a
given culture, while the latter urges everyone to live up to a
mutually agreed standard.
No comments:
Post a Comment