An
attack somewhat similar to Sony, but clearly not by the same hackers.
A very interesting article. Sort of the opposite of “Win friends
and influence people!” You can see where this is going.
Now
at the Sands Casino: An Iranian Hacker in Every Server
…
early on the chilly morning of Feb. 10, just above the casino floor,
the offices of the world’s largest gaming company were gripped by
chaos. Computers were flatlining, e-mail was down, most phones
didn’t work, and several of the technology systems that help run
the $14 billion operation had sputtered to a halt.
Computer
engineers at Las Vegas Sands Corp. (LVS)
raced to figure out what was happening. Within an hour, they had a
diagnosis: Sands was under a withering cyber attack.
…
This was no Ocean’s Eleven. The hackers were not trying to empty
a vault of cash, nor were they after customer credit card data, as in
recent attacks on Target, Neiman Marcus, and Home Depot. This was
personal. The perpetrators wanted to punish the company, or, more
precisely, its chief executive officer and majority owner, the
billionaire Sheldon Adelson. Although confirming their conjectures
would take some time, executives suspected almost immediately the
assault was coming from Iran.
…
In October 2013, Adelson, one of Israel’s most hawkish supporters
in the U.S., arrived on Yeshiva University’s Manhattan campus for a
panel titled “Will Jews Exist?”
…
“What are we going to negotiate about?” Adelson asked. “What
I would say is, ‘Listen. You see that desert out there? I want to
show you something.’ ” He would detonate an American warhead
in the sand, he said, where it “doesn’t hurt a soul. Maybe a
couple of rattlesnakes and scorpions or whatever.” The message:
The next mushroom cloud would rise over Tehran unless the government
scrapped any plans to create its own nukes.
…
Iran’s Supreme Leader Ayatollah Ali Khamenei responded two weeks
later, according to the country’s semiofficial Fars News Agency,
saying America “should slap these prating people in the mouth and
crush their mouths.”
…
Physically, Adelson and Sands are well protected. He appears in
public with a phalanx of armed bodyguards, said to be former agents
of the U.S. Secret Service and Mossad, Israel’s intelligence
agency. Sands paid almost $3.3 million to protect Adelson and his
family last year, according to a company filing. That’s on top of
what Sands spends on vaults, security cameras, biometric screening
devices, and one of the largest private police forces of any U.S.
company, all to safeguard the millions of dollars of cash and chips
that flow through its operations every day.
But
the company has been slow to adapt to digital threats. Two years ago
it had a cybersecurity staff of five people protecting 25,000
computers, according to a former executive.
My
Computer Security students are beginning to understand that much
(most?) of Sony's problems are due to bad (ignorant) management.
Sam
Biddle reports:
Sony says
the recent
breach
of its servers and weeklong cyber
humiliation is an “unprecedented” strike and an
“unparalleled crime.” If they’re shocked by these events,
they’ve been shocked for almost a year: leaked emails obtained by
Gawker show security troubles dating back to February.
If
you read
the full article on Gawker, you’ll see emails noting a hack
that Sony chose not to disclose and where they elected not to notify
affected individuals because, well, they just had no legal obligation
to notify.
It
just continues to get worse and worse for them, doesn’t it? But it
all seems self-inflicted, and any attempts to portray them
as the victims will be met with, “No, your employees are the
victims, and you’re responsible for their embarrassment and
potential problems.”
(Related)
If managers can't figure out computer security, regulators will
explain what they must do.
Katherine
Gasztonyi writes:
On Wednesday, December 10, 2014, financial industry regulatory and
enforcement agencies issued statements that their organizations will
increase scrutiny of financial industry cybersecurity practices going
forward.
In New York, the State’s Department of Financial Services
Superintendent Benjamin Lawsky issued new guidelines to banks,
detailing how their cybersecurity practices would be evaluated. The
memorandum—sent
to all New York chartered or licensed banking institutions—noted
that the Department would take a close look at banks’ data breach
detection abilities,
cybersecurity corporate governance
practices, resources devoted to information security,
defenses against cyberattacks, management
of third-party service providers, and cybersecurity
insurance coverage, among other things.
Read
more on Covington & Burling InsidePrivacy.
TED
video. Police surveillance and you...
Catherine
Crump: The small and surprisingly dangerous detail the police track
about you
Law
in “space and time.” Could have been written by Steven Hawking.
Orin
Kerr writes:
With law school exam season finishing up, here’s a new Fourth
Amendment decision with facts that seem straight from a law school
exam: United
States v. Camou, authored by Judge Pregerson. In the new
decision, the Ninth Circuit suppressed evidence from a 2009 search of
a cell phone taken from a car incident to arrest at the border. The
new ruling might not be the final word in the case. But the court
does decide an important question along the way: The Ninth Circuit
rules that if the police have probable cause to search a car under
the automobile exception, they can’t search cell phones found in
the car.
Read
more on Volokh Conspiracy.
(Related)
Same time, different space. And the ruling is actually the same (as
far as this non-lawyer can tell)
The
Supreme Court of Canada ruled
on Thursday that law enforcement can search the cellphone of someone
they’ve just arrested as long as the search is related to that
arrest.
The
e-rate “tax” goes to internet providers, not to schools, right?
Schools become 'eligible for discounts' but are not guaranteed
broadband Internet. Seems kind of backwards to me.
OVERNIGHT
TECH: Dems applaud funding boost for school Internet
Russia
cuts itself off. Russia cuts its own throat. Pick one.
Google
shuts Russia engineering office
Google
is to close its engineering office in Russia, in the latest sign that
a crackdown on internet activity by Russian authorities this year
could hasten an outflow of engineering talent from the country.
A
series
of moves against internet companies, culminating in a new law
designed to force them to keep all data about Russians inside the
country, has led some Russian entrepreneurs and engineers to consider
relocating outside the country.
When
one of these Apps reaches a certain level of accuracy, energy
utilities will offer them to homeowners for free. Meanwhile, the
market is mostly 'green' fanatics.
Weird
name, cool tool: Smappee monitors and reports energy consumption for
each of your home's appliances
Smappee
(it’s a sort of an acronym for Smart App for Energy Efficiency) is
a sensor that measures the total electrical power that your home
draws from the grid. That's not unique, but Smappee's ability to
uniquely identify each appliance—large and small—is new.
…
You—or an electrician, if you don’t feel comfortable working
inside your breaker box—clamp a pair of sensors to the main power
lines coming from the grid into your circuit-breaker panel. (The
clamps don't come in contact with the copper wires, reducing the risk
of shock, but Smappee nonetheless recommends you hire a
professional.)
…
Smappee has also developed very low-cost plug-in modules that can be
used to remotely power-off devices. One is included with the
product, and you can buy three more for just $40.
For
my students who read.
The
Best Book I Read This Year
The
Atlantic's editors and writers share their favorite titles—new,
classic, or somewhere in between—from a year of reading.
No comments:
Post a Comment