It's bad enough that you get hacked. Now you have
to explain how a 15-year-old could out smart the best security you
could install. For TalkTalk's sake, let's hope this kid is the one
demanding ransom and had nothing to do with the hack.
The British police
have arrested a 15-year-old boy in Northern Ireland in connection
with a recent hacking attack on the telecommunications operator
TalkTalk.
The company, which provides fixed-line and
broadband services to roughly four million customers in Britain, said
last week that it had been the victim of a significant data breach,
and that hackers who claimed responsibility for the data breach had
demanded
ransom.
The teenager was taken into custody Monday
afternoon, and the police were searching his residence as part of a
criminal investigation, according to a statement
from the Metropolitan Police. On Tuesday, the police
said the boy had been released on bail.
… Shares of TalkTalk are down 8 percent since
the hacking attack was confirmed on Friday.
(Related) Here's a scarier alternative theory.
Did The
Cyber Jihadi Holy War Start With TalkTalk And iTunes?
… That attack, we were told, was perpetrated
by Russian cyber jihadists. The BBC reported the claims of a
“cyber expert” and former police officer Adrian Culley, who found
a post on a very secret cyber site called Pastebin, where the jihadis
claimed they were the ones who had taken those cyber guns and
plundered TalkTalk. Culley warned they were a
particularly nasty strain of jihadi – Russian cyber jihadis.
The Daily Mirror, the self-proclaimed genius of
the British tabloid playground, somehow managed to locate that
Pastebin post too. This was, the paper relayed,
the beginnings of a “cyber holy war”, with every single TalkTalk
customer embroiled in the opening melee. How else would such a war
begin than with a binary air strike on one of the smaller telecoms
providers in the UK?
An article for my Computer Security students (and
my Ethical Hacking students). Is the FBI saying they can't find the
hackers fast enough to stop them from carrying out their threats?
Perhaps they are saying, “If your security is so bad that hackers
can own your system, they have probably erased the evidence we need
to find them?” Or maybe, “Don't bother us with this trivial
stuff?”
When I saw the headline, “The FBI recommends
that you pay up if hackers infect your computer with ransomware,”
my first thought was that someone goofed and omitted a “not”
before “pay up.” I was wrong.
Tess Danielson reports:
If a hacker hijacks your computer with malware and holds your data for ransom, it’s probably best to just pay up, at least that’s the latest advice the FBI is giving out concerning ransomware.
Reported last week by Security Ledger, Joseph Bonavolonta, the Assistant Special Agent who oversees the FBI’s CYBER and Counterintelligence Program in Boston, spoke at the 2015 Cyber Security Summit and advised that companies infected with ransomware may want to give in to the criminal’s demands.
“The ransomware is that good,” Bonavolonta explained to an audience of business and technology leaders. “To be honest, we often advise people just to pay the ransom.”
Read more on Business
Insider.
As I count them, that's seven out of 45. Well,
they've only been working on this since June of 3007, so I guess
that's fast for a government agency.
Kieren McCarthy reports:
US watchdog the Federal Trade Commission (FTC) has signed an agreement with seven countries to share cross-border information relating to privacy.
The new “alert” system will let regulators from America, UK, Australia, Canada, Ireland, the Netherlands, New Zealand, and Norway share confidential information about ongoing investigations, and the FTC is very excited about it.
“Today, data is increasingly crossing borders, and our privacy investigations and enforcement must do the same,” said FTC chair Edith Ramirez at the signing on Sunday. “GPEN Alert is an important, practical cooperation tool that will help GPEN [Global Privacy Enforcement Network] authorities protect consumer privacy across the globe.”
The other signatories are notably less excited however. Of the seven other countries, just one – the UK – has even bothered to announce the news. And the GPEN website has yet to update itself to contain information about its own new alert system.
Read more on The
Register.
AN interesting debate.
Adam Klasfeld reports that the NYCLU, the NYU Law
Chapter of the American Constitution Society, the New York State
Association of Criminal Defense Lawyers, and four tech companies –
FourSquare, Kickstarter, Meetup and Vimeo – have filed an amicus
brief asking the New York Court of Appeals to overturn a ruling
that allowed prosecutors to rummage through the accounts of 381
Facebook users.
As Klasfeld reviews the history of the case:
A little more than two years ago, the Manhattan District Attorney’s office presented Facebook with a bulk warrant, part of a large-scale investigation into the fraudulent filing of Social Security disability claims.
Prosecutors wanted to pin down whether a group of retired police officers and firefighters faked mental illness triggered by the Sept. 11, 2001, attacks.
As of a few months ago, the probe led to charges against 62 people, but the bulk warrants named hundreds of Facebook accounts – and gagged the website from informing the targets about the requests.
Read more on Courthouse
News.
[From
the article:
"This case raises important questions that
impact the digital privacy and expressive rights of every New Yorker,
including the threshold question of whether companies like Facebook
have the right to challenge an order to produce its customers'
records on the basis of its customers' privacy rights," the New
York Civil Liberties Union wrote
in its 38-page amicus brief.
… "Facebook was conscripted to perform a
dragnet search and produce massive amounts of data contained in 381
user accounts and prohibited from notifying its users that their
personal information had been targeted," the tech companies
noted in a
separate brief.
… "To act as custodians of their users'
private information, such companies must have the choice to either
object to unlawful government intrusions or notify users of such
intrusions. The First Department's decision, as well as the trial
court order it left in place, denies both options. The double bind
in which these decisions leave online platforms is unlawful,"
the brief says.
(Related) Maybe. Or maybe the police just found
the information online? But that might raise some “chain of
custody” questions...
In response to allegations (noted
in this blog post) that police had obtained Nicky Hager’s
account information from Westpac without any court order, the
following news release by Felix Geiringer on Hager’s behalf was
issued today. Via Scoop:
Several people, including news media, have been seeking comment from Nicky Hager and his legal team about the revelation on the weekend that Westpac Bank gave the Police his private banking information (including over 10 months of his banking transactions from all of his accounts).
It is difficult for Mr Hager to comment at this time. The part of his claim that deals with the legality of these Police information requests was deferred during the first hearing and has not yet been argued. However, Mr Hager is keen to clarify the position and answer the public’s questions as much as he is able.
Until this weekend, Mr Hager only knew about the privacy breach by Westpac through court discovery. Documents provided through discovery are not allowed to be used for any other purpose until they are relied on in open Court. Since this part of Mr Hager’s case has not yet been argued, he has not been able to make use of his knowledge of this breach, not even to raise the matter with Westpac or the Privacy Commissioner.
Mr Hager had also requested documents from the Police under the Official Information Act and the Privacy Act. Had he been provided with documents under those Acts he would have been able to use them to take this matter further. However, the Police have not been willing to provide the documents under those Acts. Indeed, the Police have refused even to acknowledge the existence of correspondence with Westpac under those Acts. This is despite Mr Hager expressly asking the Police to list all of the documents they were wholly withholding under those Acts.
Mr Hager has complained to the Privacy Commission and the Office of the Ombudsman about the Police failure to respond fully to his requests for documents. Representatives of both of those organisations have met with Mr Hager’s lawyers and have been liaising with Police over these complaints.
Now that the fact of this breach of privacy has been made public, Mr Hager intends to seek a full and frank disclosure of the extent of the breach from Westpac. He looks forward to receiving Westpac’s response to that request and will be considering his options to take this matter further.
Mr Hager is very concerned by this breach. His case before the High Court includes a claim against the Police under the Bill of Rights Act for seeking and obtaining that information without a production order. He fully intends to explore all options open to him now that he is free to do so.
In the circumstances, neither Mr Hager nor his lawyers are able to give interviews on this topic at this time. However, it is hoped that we will be free to do so in the future.
This really is “pre-crime” without the
Minority Report. If policing has been biased in the past (e.g.
focusing on specific neighborhoods or ethnic groups) does that form
the basis for predicting future activity?
Joe Cadillic writes:
Predictive HotSpot mapping began in 2012, the National Institute of Justice (NIJ) or really DHS, calls it “Mapping and Analysis for Public Safety.” Click here, here & here to see how the NIJ is really DHS.
NH police officer Derek Cataldo saw a 2000 Honda Accord parked at 5:35 p.m. on Merrimack Street, a “predictive hot spot.” Deleire was sitting in the driver’s seat. Cataldo drove by the car and then circled the block to get a better look and determine if Deleire was there for legitimate purposes, officer Cataldo approached the car and began talking with Deleire, who police said was physically shaking.
Everyone should be asking, why are police approaching people for no good reason? But wait, it gets worse…
Read more on
MassPrivateI.
[From
the article:
Interestingly
the NIJ claims not every community has a "HOT SPOT" and
they (police) should use OTHER
forms of
geographic analysis.
What
you're not being told is a private metadata collection company
(LexisNexis) is giving police their data.
BAIR Analytics
invented the money making crime prediction software being used by
police, BAIR was recently purchased by LexisNexis.
I can see Congress going wild! Imagine if Siri
refused to answer questions about certain politicians! (The ones who
don't think Apple is the best thing since sliced bread.) Or only
responded to questions about technology with Apple's marketing
department propiganda.
Siri is
refusing to answer certain questions from people who aren't Apple
Music subscribers
Apple Music listeners
are starting to end their three-month free trials — and Siri has
begun to play hardball.
On Monday, angel
investor Tom Conrad pointed out on Twitter that if you ask Siri to
tell you the top songs in the US, and you aren’t an Apple Music
subscriber, she’ll basically stick her virtual tongue out at you
and refuse to respond.
We checked it out and
it reads the same for other fallen Apple Music subscribers. “Sorry,
Nathan,” Siri told me. “I can’t look up the music charts for
you. You don’t seem to be subscribed to Apple Music.”
… When I asked Siri about the top movie
rentals in the US, she was much more forthcoming, and tried to get me
to rent it on iTunes.
But the “give the
customer information and then nudge them to buy” tactic doesn’t
seem to be the way Apple wants to go at it in music.
Maybe that is
because Apple hasn’t
exactly been driving Spotify out of the market.
Spotify’s
CEO claims his service has seen
even greater user growth since the launch of Apple Music.
(Related) Same
strategy, different approach?
Facebook
wants to be the only thing you look at on your phone
I wonder if there is really a significant economic
benefit to drones or if this is seen as marketing?
Exclusive:
Wal-Mart seeks to test drones for home delivery, pickup
Wal-Mart Stores Inc
applied Monday to U.S. regulators for permission to test drones for
home delivery, curbside pickup and checking warehouse inventories, a
sign it plans to go head-to-head with Amazon in using drones to fill
and deliver online orders.
Lawyer technology. Mostly marketing, but they
mention evidence in passing. I guess this won’t be the basis for a
new law school course.
New on LLRX
– How Can Lawyers Use Social Media to Their Advantage?
by Sabrina
I. Pacifici on Oct 26, 2015
Via LLRX.com
– How
Can Lawyers Use Social Media to Their Advantage? – Lawyers are
no strangers to social media, but that doesn’t mean that everyone
in the legal arena is familiar with how to use it effectively,
proactively and consistently. If you are a lawyer who has not yet
launched a social media presence, Mike
Wallagher’s article provides actionable ways that document how
social media can benefit you and your career.
One stat leaps out.
Google
Turning Its Lucrative Web Search Over to AI Machines
… RankBrain uses artificial intelligence to
embed vast amounts of written language into mathematical entities --
called vectors -- that the computer can understand. If RankBrain
sees a word or phrase it isn’t familiar with, the machine can make
a guess as to what words or phrases might have a similar meaning and
filter the result accordingly, making it more effective at handling
never-before-seen search queries.
Unique Questions
The system helps Mountain View, California-based
Google deal with the 15
percent of queries a day it gets which its systems have never seen
before, he said. [That
seems remarkably high to me. Which is why I am remarking on it.
Bob]
Perspective. I'm surprised this hasn't (yet?)
been a hot market area.
Kangaroo is
an amazing $99 Windows 10 portable PC
InFocus
today debuted the Kangaroo, a
$99 Windows 10 portable PC that “goes anywhere and works with any
screen.” The term “mobile desktop” may seem like an oxymoron,
but that really is the best description: Picture your typical desktop
PC tower shrunk down to the size of a phablet sans screen; just like
any desktop, you’ll still need to connect a mouse, keyboard, and
monitor. Kangaroo is available on Newegg
now, and will go on sale at the Microsoft Store by mid-November.
The pitch is simple: Kangaroo offers the power
of a cheap full-sized computer with the convenience and mobility of a
cell phone.
Perspective. Teachers and students too.
Parents and
Teens Don’t Understand Each Other’s Internets
Something similar happens in the classroom,
Dilbert's theory may explain a lot!
No comments:
Post a Comment