At least they encrypted the passwords. Another
wise practice: The article also suggests they brought in a third
party to double check their security because the industry was being
increasingly targeted. Good on ya, CareFirst!
From CareFirst BlueCross BlueShield:
On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack.
The attackers gained limited, unauthorized access to a single CareFirst database. This was discovered as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of recent cyberattacks on health insurers. CareFirst engaged Mandiant – one of the world’s leading cybersecurity firms – to conduct an end-to-end examination of its IT environment. This review included multiple, comprehensive scans of the CareFirst’s IT systems for any evidence of a cyberattack.
The review determined that in June 2014 cyberattackers gained access to a single database in which CareFirst stores data that members and other individuals enter to access CareFirst’s websites and online services. Mandiant completed its review and found no indication of any other prior or subsequent attack or evidence that other personal information was accessed.
Evidence suggests the attackers could have potentially acquired member-created user names created by individuals to access CareFirst’s website, as well as members’ names, birth dates, email addresses and subscriber identification number.
However, CareFirst user names must be used in conjunction with a member-created password to gain access to underlying member data through CareFirst’s website. The database in question did not include these passwords because they are fully encrypted and stored in a separate system as a safeguard against such attacks. The database accessed by attackers contained no member Social Security numbers, medical claims, employment, credit card, or financial information.
… Approximately 1.1 million current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst’s websites prior to June 20, 2014 are affected by this event. All affected members will receive a letter from CareFirst offering two free years of credit monitoring and identity theft protection. The letters will contain an activation code and you must have the letter to enroll in the offered protections. Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords.
Note that CareFirst says they did detect the
attack at the time, but did not fully appreciate its scope. In an
FAQ
on the incident, they write:
CareFirst did detect the initial attack and took immediate action to contain the attack. At the time CareFirst believed that we had contained the attack and prevented any actual access to member information. The evidence that data was accessed was found as part of a comprehensive assessment conducted as part of CareFirst’s ongoing information security efforts in the wake of cyberattacks on other health care companies.
Another downside of being clueless?
The Federal Trade Commission advised companies
Wednesday that it looks positively on cooperation when conducting
investigations into data security breaches.
The agency said it would view a company that had
reported a breach on its own and cooperated with law enforcement
“more favorably” than one that had not.
… The warning was made in a
blog post describing what private companies can expect
when “the FTC comes to call” about an investigation, which could
later lead to enforcement action.
… According to an
FTC report released last year, the agency has brought
about 50 data security cases in a little more than a decade. Last
year alone, the FTC touted action against Snapchat, Fandango, Credit
Karma, Verizon and others.
A “heads up!” for my students.
ATM Debit
Card Theft Spikes to 20-Year High
… According to FICO (a credit-scoring and
analytics company), from January to April 9, 2015, the number of
attacks on debit cards used at ATMs reached the highest level for
that period in at least 20 years. "We have periodically seen
spikes in fraud but not at this level," said FICO's John Buzzard
on FOX Business Network.
… Buzzard added that debit-card compromises at
ATMs located on bank property were "pretty significant"
jumping 174% from Jan. 1 to April 9, compared with the same period
last year, while successful attacks at nonbank machines soared by
317%.
Nothing new?
Americans’
Attitudes About Privacy, Security and Surveillance
by Sabrina
I. Pacifici on May 20, 2015
“Two
new Pew Research Center surveys explore [the issues of privacy
and surveillance] and place them in the wider context of the tracking
and profiling that occurs in commercial arenas. The
surveys find that Americans feel privacy is important in
their daily lives in a number of essential ways. Yet,
they have a pervasive sense that they are under surveillance when in
public and very few feel they have a great deal of control
over the data that is collected about them and how it is used.
Adding to earlier Pew Research reports that have documented low
levels of trust in sectors that Americans associate with data
collection and monitoring, the new findings show Americans also have
exceedingly low levels of confidence in the privacy and security of
the records that are maintained by a variety of institutions in the
digital age. While some Americans have taken modest steps to stem
the tide of data collection, few have adopted advanced
privacy-enhancing measures. However, majorities of Americans expect
that a wide array of organizations should have limits on the length
of time that they can retain records of their activities and
communications. At the same time, Americans continue to express the
belief that there should be greater limits on government surveillance
programs. Additionally, they say it is important to preserve the
ability to be anonymous for certain online activities.”
More fine grained definition. How would you write
a warrant for an unnamed file found in a private search?
Orin Kerr writes:
The Sixth Circuit handed down a new decision on computer search and seizure that may be the next computer search issue to make it to the Supreme Court. The issue: How does the private search reconstruction doctrine apply to computers? The new decision creates an apparent circuit split with the Fifth and Seventh Circuits.
Read more on The Volokh Conspiracy.
[From the article:
In 2012, the Seventh
Circuit joined the Fifth Circuit by adopting the unit of the device.
And last month, a
cert petition was filed at the Supreme Court on this issue in
Gunter
v. United States. But I hadn’t thought there was a
particularly clear split. At least until this morning.
This morning, the Sixth Circuit handed down a new
case, United
States v. Lichtenberger, that adopts
the proper unit as data or a file instead of the physical device.
Perspective. Big drones carry Maverick missiles,
perhaps these little buggers will carry firecrackers?
‘Cicada’
the Mini-Drone: Swarming to a Terrorist Near You
… The mini-drones can be launched as a swarm
by aircraft or other aerial platform. The new model developed by the
Naval Research Laboratory is called the Cicada
(Close-In Covert Autonomous Disposable Aircraft). The program
has been under exploratory development since 2006.
The Cicada is presently little more than a paper
airplane glider with GPS. The silent killers can soar at 47 MPH.
They have already been tested at 57,000 plus feet three years ago in
Yuma, Ariz. But right now they are envisioned for non-lethal roles
that might include lacing targets or target areas. According to the
Navy, 18 of these vehicles can fit in a six inch cube.
Here's the problem with inflating your military
capabilities: Even when we doubt you word we can't simply ignore the
possibility.
U.S. doubts
N Korea’s claim on nuke weapons
The United States on Wednesday cast doubt on
Pyongyang’s claimed capacity to miniaturise and diversify its
stockpiled nuclear weapons.
“Regarding that specific claim of
miniaturisation, we do not think they have that capacity,” State
Department spokesperson Marie Harf told reporters, Xinhua reported.
North Korea said earlier in the day that it has
entered the phase of miniaturisation and diversification of its
nuclear weapons for quite some time, with the successful test-firing
of a strategic ballistic missile from a submarine on May 8.
(Related) ...and when we know you have the
capability, things can get rather tense. How far can China push and
how firm can our response be? Something bad will happen when the
limits are exceeded – and they will be.
On Wednesday,
the Chinese navy issued warnings eight times for a U.S. surveillance
plane to leave an area near man-made islands that Beijing has built
to establish influence in the South China Sea, reported CNN.
… "This is the Chinese navy [...] This is
the Chinese navy [...] Please go away," said a voice through the
radio of the aircraft
During that one mission, the Chinese navy ordered
the P8 to go out of the airspace eight times, and every time, the P8
pilot would calmly tell the Chinese radio operator that the P8 is
flying through international airspace.
At one point, in exasperation, the Chinese voice
told the American pilot, "This is the Chinese navy [...] You
go!"
… The source of the Chinese voice heard
through the radio of the P8 is a Chinese-made island some 600 miles
from the country's coastline. The Wednesday confrontation occurred
over Fiery Cross Reef, an island complete with military barracks and
a runway.
… In 2013, China started constructing the
man-made islands, creating land at the sea surface by repurposing
sand [Interesting
phrase Bob] at the area's 300-foot-deep waters. Over the
past two years, China has built 2,000 acres of artificial land in the
disputed area, according to the International
Business Times.
… If China does not stop at establishing their
military presence in the area, former CIA deputy director Michael
Morell warned that a war between China and the United States will
occur.
… A freedom of navigation exercise is being
planned by the United States in which more U.S. ships or aircraft
would be hovering within 12 nautical miles of Beijing-claimed
territory, reported The
Australian. The plan to emphasize freedom of navigation and
freedom of the air aims to make it known that the United States does
not approve of Beijing's construction over the disputed waters.
Targeted
advertising. (Digest Item #6)
How to
Advertise Beer to Women
The video:
https://www.youtube.com/watch?v=PZKgAuk6kLM
And finally, in an effort to persuade more women
that beer is actually rather tasty, German brand Astra advertised
directly to the female half of the population. For directly, read
exclusively, as these
automated billboards only started up when there was a woman in the
vicinity.
A small camera attached to the billboard uses
facial recognition software to detect gender and age. And if a
female is walking past, one of 70 videos starring German comedian Uke
Bosse starts playing. And if it’s a guy? He’s told to keep on
walking past. Possibly to buy some beer.
An interesting article for my Data Management
students. I don't agree with it, but it does raise a few points for
discussion.
4 Business
Models for the Data Age
Data is invading every nook and cranny of every
sector, every company therein, every department, and every job. As
it does, it’s flexing its strategic muscles, and four ways to
compete with data are starting to emerge.
The first involves cost
reduction through improved data quality.
Improved data quality
also lies at the root of the second strategy, which I call “content
is king.”
“Building a better
data mousetrap” — or data-driven innovation —
is the third way to pursue competitive advantage through data.
Finally, the fourth
strategy is to become increasingly data-driven, in everything
one does.
My answer is that as population increases the
numbers of people (not the percentage) at either end of the normal
curve increase. Therefore we have more idiots, serial killers and
useless politicians than ever before – with no change in the
statistical probabilities.
Are We
Getting Dumber? Or Is Stupidity Just More Visible Online?
Interesting. Gives you a mosaic of similar
searches to help you cover all the angles.
Athenir - A
Search Engine With Visualizations of Related Terms
This afternoon I had a nice Skype conversation
with a Stanford student named Nick Hershey who has built a nice
search tool called Athenir.
Nick has lots of neat things planned to add to Athenir this summer,
but for now it is a search tool. When you enter a search term on
Athenir you will get results from Yahoo along with a graphic of
related search terms. In that regard it reminded me of Google's, now
defunct, Wonder Wheel tool.
Applications for
Education
Athenir
could be useful to students who are struggling to see connections
between search terms and or are need of assistance in changing their
search terms.
...and we
thought Artificial Intelligence was the problem. Dilbert reveals a
far darker future.
No comments:
Post a Comment