Perfect timing. My next Computer Security class
starts next week and I needed a good conversation starter. Confusing
though, it's more about building the gamboling business than identity
theft.
Charges
Announced in J.P. Morgan Hacking Case
In one of the biggest cybercrimes in history,
federal prosecutors say, three men stole data on more than 100
million people from a dozen companies’ computers and used a vast
global network of accomplices to turn it into hundreds of millions of
dollars in illegal profits.
Indictments unsealed Tuesday in Manhattan and
Atlanta accused the men and hundreds of their accomplices of carrying
out last year’s big data breach at J.P.
Morgan Chase & Co.
and a host of other crimes around the world—involving computer
networks in South Africa and Brazil, money laundered through Cyprus
and illegal credit-card payments processed in Azerbaijan.
Manhattan U.S. Attorney Preet Bharara on Tuesday
said this “diversified criminal conglomerate” was “breathtaking”
in the size and scope of its hacking.
… The schemes allowed Mr. Shalon and his
accomplices to turn stolen information into hundreds of millions of
dollars, including at least $100 million hidden in his Swiss and
other bank accounts, prosecutors said.
… The investigation into the three men began
when J.P. Morgan came forward “early on” to share information
with the government, prosecutors said. That led investigators to
uncover a broader network of criminal activity with computer hacking
at its center.
… In addition to disguising payments and
constantly obtaining new bank accounts, the men tried to evade
detection by hacking into a company that assessed merchant risk for
credit-card issuers, starting
in 2012. The breach allowed the defendants to read
employees’ emails and figure out how to sidestep the company’s
efforts to monitor illegal payments, according to the indictment.
(Related)
The Man
Accused of Masterminding the Hacks That Shook Wall Street
… Shalon began building his criminal
conglomerate in 2007 with Internet casinos and capped it off with
stock and credit-card schemes years later, according to the 68-page
indictment against Shalon and others in Manhattan.
Also for my Computer Security students.
Who Is The
Biggest Security Threat? Turns Out, It’s You
[The
infographic:
http://cdn.makeuseof.com/wp-content/uploads/2015/11/social-media-oversharing-security-risks-infographic.png?456c8f
Update: I would have guessed a lot higher.
BBC reports:
The
cyber-attack on TalkTalk could cost it up to £35m in one-off costs,
the company has said.
Following the hack, which divulged some users’ financial details, all customers of the telecoms group will be offered a free upgrade.
Read more on BBC.
The company is still sticking to its position that customers who
want out of their contract due to lack of trust will have to pay a
contract termination fee unless they can show they were financially
harmed by the breach.
(Related) Then again, maybe not.
Diana Goovaerts reports:
In its earnings report for the six months ended September 30, 2015, Experian posted a charge of $20 million stemming from its response to an October security breach that exposed the data of millions of T-Mobile customers.
According to the report, the “one-off costs” came from Experian’s response to the hack, which included notifying impacted individuals, offering them free credit monitoring services and informing the appropriate government agencies of the intrusion.
That reportedly doesn’t include costs associated
with all the lawsuits filed against them over the breach.
Read more on Wireless
Week.
Lots if questions. Did the hospital allow all
their “financial services” employees full access to medical
records? If this was a policy violation, did the hospital detect it
and take appropriate action?
Kevin Grasha has an update on a breach previously
noted
on this site.
University of Cincinnati Medical Center can’t be sued after an employee leaked private medical records about a patient who had syphilis, a judge ruled Monday.
The patient, a woman in her early 20s, filed the lawsuit last year. A screen shot of the woman’s private medical records from the hospital was posted on the Facebook group, “Team No Hoes,” in September 2013. The records listed the woman’s diagnosis as “maternal syphilis.” She was pregnant at the time.
Read more on Cincinnati.com.
In a way, and even though the patient may appeal
the ruling, this ruling is consistent with other cases where covered
entities were found not liable for employees’ egregious conduct
that were outside the employee’s scope of work duties. In this
case, the employee was
reportedly in the financial services department.
It is not known what, if any, action HHS/OCR has
taken as a result of their investigation into the incident.
[From
the article:
At a hearing Monday in Hamilton County Common
Pleas Court, Judge Jody Luebbers ruled that the employee was not
acting “within the scope of her employment” by leaking the
records.
Ohio case law, Luebbers said, dictated that she
drop the hospital from the suit.
“(The hospital) had a policy. It was violated,”
she said. “It’s tragic … but that’s just how I see it.”
… The suit also names the woman’s former
boyfriend and the former hospital employee, who was fired a week
after the Facebook post. [Because
of the emails and Facebook posts? Bob]
Politics: “It is better to look good than to be
good.” (with apologies to Hernando
Fernando)
Corinne Reichert reports:
The Australian Privacy Foundation has accused the Senate of being “dangerously naive” in thinking that opt-out e-health records could be secured against breaches of privacy.
Bernard Robertson-Dunn, a member of the Privacy Foundation who has also constructed IT systems for several government departments, said it is “patently absurd” for the Senate inquiry committee to think that Australian laws will do anything to deter criminals and cyber attacks from overseas.
Read more on ZDNet.
[From
the article:
The Senate had ignored expert advice by changing
the e-health records to be opt-out, according to the Privacy
Foundation, with the likelihood of personal information being stolen
and published in an attack similar to the Ashley
Madison hack increasing with the more data that is stored.
"This is in spite of being told that it is
insecure and a major threat to the privacy of most Australians, has
little value to health professionals, and has all the appearance of
primarily being an aid to law-enforcement and revenue-collection
agencies," Robertson-Dunn said in a letter to senators.
Even lawful access to the medical information
could constitute a "huge invasion of privacy", the Privacy
Foundation argued, as anyone employed by a medical facility could
access the health records of patients.
Interesting.
Mapping
Attempts to Craft an Internet Bill of Rights
by Sabrina
I. Pacifici on Nov 10, 2015
Towards
Digital Constitutionalism? Mapping Attempts to Craft an Internet Bill
of Rights. Lex Gil, Dennis Redeker, Urs Gasser. November 9, 2015.
Available for download via SSRN.
“The idea of an “Internet Bill of Rights” is
by no means a new one: in fact, serious efforts to draft such a
document can be traced at least as far back as the mid-1990s. Though
the form, function and scope of such initiatives has evolved, the
concept has had remarkable staying power, and now—two full decades
later—principles which were once radically aspirational have begun
to crystallize into law. In this paper, we propose a unified term to
describe these efforts using the umbrella of “digital
constitutionalism” and conduct an analysis of thirty initiatives
spanning from 1999 to 2015. These initiatives have great
differences, and range from advocacy statements to official positions
of intergovernmental organizations to proposed legislation. However,
in their own way, they are each engaged in the same conversation,
seeking to advance a relatively comprehensive set of rights,
principles, and governance norms for the Internet, and are usefully
understood as part of a broader proto-constitutional discourse.
While this paper does not attempt to capture every facet of this
complex political behavior, we
hope to offer a preliminary map of the landscape, provide a
comparative examination of these diverse efforts toward digital
constitutionalism, and—most importantly—provoke new questions for
further research and study. The paper proceeds in four
parts, beginning with a preliminary definition for the concept of
digital constitutionalism and a summary of our research methodology.
Second, we present our core observations related to the full range of
substantive rights, principles and themes proposed by these
initiatives. Third, we build on that analysis to explore their
perceived targets, the key actors and deliberative processes which
have informed their character, and the changes in their substantive
content over time. Finally, we look forward, identifying future
directions for research in this rapidly changing policy arena and for
the broader Internet governance community.”
Massive investment that could be made worthless if
we keep trying to be the world's digital cops.
Microsoft
is building data centres in Germany to protect European users from US
spying
Microsoft is building a set of data centres in
Germany which will, the company hopes, help fend of data requests
from the US government, The
Financial Times reports. The project is in conjunction with
Deutsche Telekom.
Various big American companies, including Apple
and Microsoft, have become involved
in a legal spat with the US government over its rights to data
access on non-US soil, namely in Europe. A lot of data for European
customers was hosted in the US which, the government argued, allowed
them access.
… Microsoft announced
on Tuesday that the company is expanding its data centre presence
elsewhere in Europe, spending $2 billion (£1.3 billion) on upgrading
existing infrastructure in Ireland and the Netherlands and building
entirely new centres in the UK.
Why does the government have so much trouble doing
what thousands of companies do every day?
A decade
into a project to digitize U.S. immigration forms, just 1 is online
Heaving under mountains of paperwork, the
government has spent more than $1 billion trying to replace its
antiquated approach to managing immigration with a system of
digitized records, online applications and a full suite of nearly 100
electronic forms.
A decade in, all that officials have to show for
the effort is a single form that’s now available for online
applications and a single type of fee that immigrants pay
electronically. The 94 other forms can be filed only with paper.
Our boy Kim is still using our own words against
us. (Kim seems to be putting on weight.)
TPP text
cited in Dotcom hearing
Lawyers for Kim Dotcom say the Trans Pacific
Partnership (TPP) backs their view that internet service providers
are protected from copyright infringement.
… The text showed internet service providers
were protected from copyright infringement by their users.
It confirmed this protection was not conditional
on service providers monitoring users, he said.
This is good. This could be troublesome. This
could mean war. (Pick three)
Burma’s
election leaves former patron China with uncomfortable questions
Burma’s historic general elections and signs of
a landslide victory for backers of opposition leader Aung San Suu Kyi
have raised some uncomfortable questions in giant northern neighbor
China.
The first is how China’s Communist Party rulers
will manage to get along with a civilian-led government in Burma
after decades of wholeheartedly backing military rule in Burma.
But a second question, perhaps less expected, has
bubbled up from Chinese people themselves in the past few days. If
the Burmese can have democracy, some ask, why can’t we?
No comments:
Post a Comment