Sunday, June 12, 2011

Which country would benefit from insider information?

International Monetary Fund Hit By Cyber Attack

DotNM writes

"CityNews and other media outlets are reporting that the International Monetary Fund has been hit by a 'cyber attack.' They are withholding most of the details; however, it is known that the World Bank has shut down a 'link' between them and the IMF."

Adds reader Hugh Pickens,

"A cyber security expert told Reuters the infiltration had been a targeted attack, which installed software designed to give a nation state a 'digital insider presence' at the IMF. 'The code was developed and released for this purpose,' said Tom Kellerman, who has worked for the Fund. Bloomberg quoted an unnamed security expert as saying the hackers were connected to a foreign government — however, such attacks are very difficult to trace."

[From the BBC article:

The cyber attack took place over several months, and happened before former IMF chief Dominique Strauss-Kahn was arrested over sexual assault charges.

… The New York Times said IMF staff had been told of the intrusion on Wednesday by e-mail, but that the Fund had not made a public announcement.

[From the Bloomberg article:

The fund told employees June 8 that it would replace their RSA SecurID tokens. EMC Corp.’s RSA security-systems unit offered to swap the tokens after a breach of its own network, disclosed in March, resulted in the theft of RSA data.



Infrastructure. Would my Business Continuity students have found a way to prevent this? (If they wanted to pass the class... Yes!)

Computer Glitch Friday Grounded US Airways Flights

mschaffer writes

"A computer glitch Friday night snarled the travel plans of US Airways customers, as reports flooded in of flights grounded around the country."

As someone stranded for several hours yesterday by this outage, "glitch" seems like quite a euphemism. With outgoing flights blocked, and new ones arriving full of passengers expecting to meet connections, the atmosphere got a little heated. Customers could see nice weather, and planes lined up outside, but "The System Is Down" trumps all. The E concourse at Charlotte (a US Airways hub) was packed full of customers ranging from livid (a handful) to merely angry (most) to calmly resigned — which means those of us with seats, snacks, and books or computers. It was disheartening to see how brittle is the infrastructure the airline employs; with the part of the system visible to airline employees down, customers thought they might get more information, or even rebooking, through the US Airways website. But that was down, too, and all the desk staff could do is shrug.

[From the article:

The Tempe, Ariz-based carrier cited a power outage near one of the airline's data centers in Phoenix as a possible cause. [Translation: We have no idea... Bob]

… Airline spokeswoman Tina Swail didn't have any information on when the outage occurred or what caused it or when the problem would be completely resolved.



Having a Policy is not sufficient.

http://www.databreaches.net/?p=18799

Southern California Medical-Legal Consultants reveals that 300,000 workers’ compensation applicants’ names and Social Security Numbers were exposed on internet

June 12, 2011 by admin

Remember how Heartland Payment Systems took a lot of heat for announcing their breach at a time that coincided with President Obama’s inauguration? Since then, a lot of entities have been bashed a bit over the timing of their breach disclosures. As someone who tracks breaches, it became almost a given that I would find a number of disclosures on Friday afternoons, when they might be more likely to be missed by people heading out for the weekend. But a press release about breach disclosure on a Sunday? Here’s a press release I just saw:

Southern California Medical-Legal Consultants, Inc. (SCMLC) announced that electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access. SCMLC is a California company that represents medical providers in the recovery of billing from workers’ compensation insurance carriers.

The company was notified of the possible breach by a data security firm that discovered some of the files using a sophisticated, automated search of Google indexes. According to SCMLC, the information was stored on a computer that was intended for internal purposes only, and not linked to or accessible from any of the company’s public web pages. The data security firm has assured SCMLC that they have not and will not distribute any of the information they accessed and that their purpose in accessing the files was the prevention of identity theft.

“We take data security and privacy very seriously,” said Joel Hecht, President of SCMLC. “Unfortunately, our internal security policies and procedures were not followed. [...and we never noticed. Bob] We were notified, we took immediate steps to remediate the situation and we are taking long-term measures to ensure that nothing like this ever happens again. While we believe that the risk of identity theft is minimal, SCMLC is doing everything required under the law with respect to notification of anyone who could be affected by this incident.”

For inquiries, contact notify@scmlc.com or call 562-493-0851.

I’ve emailed the firm to try to get additional details. A copy of the press release was prominently linked to from their web site home page yesterday.

Sometimes, entities are damned if they do, damned if they don’t disclose as soon as they’ve got their ducks in a row. Before critics pile on, maybe we need to find out more.



A question for my lawyer friends: If I copy a file via (let's say) Pirate Bay directly to my anonymous cloud, what evidence would you look for to prove what I did? (And where would you look for it?)

http://www.makeuseof.com/tag/cloud-save-save-files-cloud-chrome/

Cloud Save: Save Files Directly To The Cloud [Chrome]

Why download files to your computer, only to upload them somewhere else? Save yourself some unnecessary clicks by “downloading” files directly to the cloud, skipping your hard drive altogether.

Cloud Save sends would-be downloads directly to web-based services, including Dropbox, Google Docs, Facebook, Flickr, Picasa and more



“We don't need no stinking Judge!”

http://www.pogowasright.org/?p=23355

R.I. House passes Internet subpoena bill

June 11, 2011 by Dissent

Jim Baron reports:

Legislation billed as another police tool to prevent and pursue Internet child pornography, but that privacy and civil liberties advocates worry will cast too wide a net for less serious crimes, passed the House of Representatives 62-6 on Thursday.

The bill would allow the attorney general, local police chiefs, and other designated law enforcement officials to issue an “administrative subpoena” that would require an Internet service provider to disclose the name and address associated with a subscriber of that provider.

Proponents said this would merely expedite the investigation process and allow police to learn the identity of a suspect in a cybercrime-related case. They say it would simply give the police the name and address of a suspect, it would not allow them to conduct a search or seize any computer equipment or other materials.

Advocates for the bill says such administrative subpoenas are generally complied with quickly by an Internet service company in contrast to a warrant issued by a judge which the company will often route through its legal department causing sometimes lengthy delays. [Not the procedure I would recommend Bob]

[...]

In a news release, ACLU Executive Director Steven Brown said, “police will be able to easily obtain, just by signing a piece of paper, the name and address of any blogger, Facebook poster, etc. who is alleged to have said something that they consider to potentially be criminal ‘harassment’ or ‘bullying.’”

Brown said, “The ACLU has opposed this “administrative subpoena” legislation for many years (believing that court approval should be necessary to issue these types of subpoenas), but in previous years, it had at least been limited to allowing police to gain Internet subscriber information only about individuals alleged to be involved in child pornography.

Read more on The Call.



This is still in Beta, but has potential!

http://www.makeuseof.com/dir/ofelio-search-thousands-rss-feeds/

Ofelio: RSS Feed Search Engine

Ofelio is a search engine that searches for topics across all kinds of RSS feeds. That means that unlike other search engines which crawl a webpage to find potential content, Ofelio will go through the RSS feed of that page to track topics.

Clicking on the options icon, which is located just beside the search button, will show options to show the results as a digest, and on a map. It also lets you quickly check operators like AND and OR for easy searching.

www.ofelio.com


No comments: