Make up your mind! You refuse to “officially”
blame China, but you're going to retaliate? That's true doublethink
Big Brother.
The Obama
administration has determined that it must retaliate against China
for the theft of the personal information of more than 20 million
Americans from the databases of the Office of Personnel Management,
but it is still struggling to decide what it can do without prompting
an escalating cyberconflict.
The decision came after the administration
concluded that the hacking attack was so vast in scope and ambition
that the usual practices for dealing with traditional espionage cases
did not apply.
But in a series of classified meetings, officials
have struggled to choose among options that range from largely
symbolic responses — for example, diplomatic protests or the ouster
of known Chinese agents in the United States — to more significant
actions that some officials fear could lead to an escalation of the
hacking conflict between the two countries.
… In public, Mr. Obama has said almost
nothing, and officials are under strict instructions to avoid naming
China as the source of the attack. While James R. Clapper Jr., the
director of national intelligence, said last month that “you have
to kind of salute the Chinese for what they did,” he avoided
repeating that accusation when pressed again in public last week.
… For Mr. Obama, responding to the theft at
the Office of Personnel Management is complicated because it was not
destructive, nor did it involve stealing intellectual property.
Instead, the goal was
espionage, on a scale that no one imagined before. [My
Ethincal Hacking students did. Bob]
“This is one of those cases where you have to
ask, ‘Does the size of the operation change the nature of it?’ ”
one senior intelligence official said. “Clearly, it does.”
(Related) Can we blame China or is that not
politically correct?
The University is responding to a criminal
cyberintrusion through which hackers
apparently originating in China gained access to servers
at UConn’s School of
Engineering. UConn has implemented a combination of
measures intended to further protect the University from cyberattack,
and to assist individuals and research partners whose data may have
been exposed.
UConn IT security professionals, working with
outside specialists, have no direct evidence that any data was
removed from the School of Engineering’s servers. However the
University is proceeding from an abundance of caution by notifying
roughly 200 research sponsors in government and private industry, as
well as working to determine how many individuals need to be notified
about a potential compromise of personal information.
… The security breach was first detected by IT
staffers at the School of Engineering on March 9, 2015, when they
found malicious software, or “malware,” on a number of servers
that are part of the school’s technical infrastructure.
… Related: From their FAQ
on Incident:
What did the investigation reveal?
Based on analysis done both internally by the University and by Dell SecureWorks, it was determined that the first penetration of a server on the School of Engineering network occurred on Sept. 24, 2013, with further penetration of the system occurring after that date.
Of course they do. Hackers never pass up a golden
opportunity and Microsoft confused users about which Windows 10 would
be free, so many stopped paying attention.
With millions
of people expecting to upgrade to Windows 10 this week,
fraudsters have taken
advantage of an opportunity to scam some money. Many people have
not received an official notification to upgrade, so when an email
purporting to be from Microsoft tells them to run an attached file
for the upgrade, some people are eager to do it.
To the unsuspecting eye, the email looks quite
convincing; it uses the Microsoft color scheme, comes from an
update@microsoft.com address, has a disclaimer message and even
includes a message saying that the email was scanned for viruses and
passed.
But the email is of course fake and the attached
file is a CTB-Locker, which is ransomeware or a variant of malware.
Worth reading the whole article...
4th
Amendment Lives: Court Tells US Government Get A Warrant If It
Wants Mobile Phone Location Info
A potentially big ruling came out of the courtroom
of Judge Lucy Koh yesterday, in which she affirmed a magistrate
judge's decision to tell the government to get
a warrant if it wants to obtain historical location info
about certain "target" mobile phones (officially known as
"Cell Site Location Info" -- or CSLI). The government
sought to use a provision of the Stored Communications Act (a part of
ECPA, the Electronic Communications Privacy Act) to demand this info
without a warrant -- using a much lower standard: "specific and
articulable facts" rather than the all important "probable
cause." Judge Koh says that's doesn't pass 4th Amendment
muster, relying heavily on the important Supreme Court rulings in the
Jones case, involving attaching
a GPS device to a car, and the Riley case about searching
mobile phones.
… Judge Koh points to some survey data from
Pew (sent in by EFF) noting that many, many people consider their
location information to be "sensitive information" and, on
top of that, the fact that CSLI is generated even if someone turns
off the GPS or "location data" features on their phone --
meaning they can't even opt
out of generating such information to try to keep it private.
(Related)
Nathan Freed Wessler of the ACLU writes:
A petition submitted to the Supreme Court could settle a key question about the extent of our privacy rights in the digital age.
The ACLU, working with attorneys in Florida, has asked the court to take up Davis v. United States, a case involving warrantless government access to a large volume of cell phone location information. At stake is the continuing vitality of the Fourth Amendment.
Read more on ACLU.
(Related) For one or two cards, I agree.
Hundreds of cards looks like probable cause to me.
Orin Kerr writes:
In United States v. Bah, decided July 24th, the U.S. Court of Appeals for the Sixth Circuit handed down the first circuit ruling on whether skimming a credit card — swiping the card through a magnetic reader to find out the number and name stored inside — is a Fourth Amendment search. The court ruled that the answer is “no.” I think that’s wrong, and that the answer should be “yes.”
Continue reading on The
Volokh Conspiracy.
It's not really new. It shows no details. But
look! It's a map! (Wop-de-do)
Exclusive:
Secret NSA Map Shows China Cyber Attacks on U.S. Targets
A secret NSA map obtained exclusively by NBC News
shows the Chinese
government's massive cyber assault on all
sectors of the U.S economy, including major firms like Google and
Lockheed Martin, as well as the U.S. government and military.
The map uses red dots to mark more than 600
corporate, private or government "Victims of Chinese Cyber
Espionage" that were attacked over
a five-year period, with clusters in America's industrial
centers.
… Each dot represents a successful Chinese
attempt to steal corporate and military secrets and data about
America's critical infrastructure, particularly the electrical power
and telecommunications and internet backbone.
… The map was part of an NSA briefing prepared
by the NSA Threat Operations Center (NTOC) in February 2014,
an intelligence source told NBC News.
Did they just figure this out? More likely they
want to be able to point out that “We told you so!”
Homeland
Security warns drones could be used in attacks
CBS News has learned that the Department of
Homeland Security has sent an intelligence assessment to police
agencies across the country about drones being used as weapons in an
attack.
The bulletin went out Friday and warned that
unmanned aircraft systems or drones could be used in the U.S. to
advance terrorist and criminal activities.
… the release of a bulletin dedicated to the
threat from UAS is unusual. The bulletin does not mention any
specific upcoming events authorities are concerned about but points
to the overall security challenges drones present.
If one parent wants a camera, but the others do
not, who wins?
Eva-Marie Ayala reports:
Texas special education advocates say a new law requiring video cameras in some classrooms will protect those students most at risk of being abused.
The law says school districts must install cameras in special education classrooms if parents, teachers or school staffers request them. The law also requires that parents be allowed to view the videos.
[…]
The new law limits the list of those allowed to watch a video. That includes a parent or school employee who is involved in an incident, police officers, nurses, staff trained in de-escalation and restraint techniques, and state authorities who could be investigating.
Read more on The
Dallas Morning News.
The thrust of the article is concern over costs
pitted against concerns about protecting vulnerable students.
There’s no specific mention of FERPA in this article, but the
reference to federal student privacy laws suggests that there may be
a FERPA issue brewing here. Can parents view videos of other
people’s children if those children are caught on camera during an
incident involving their child? It sounds likely that they could.
What privacy rights does the other student and their parents have?
Are classroom videos “education records” under
FERPA? If so, how do you allow parents to access their child’s
records but protect other children’s? This could get messy and
even more costly quickly. Not that it’s not a good idea to protect
the most vulnerable children who often can’t tell us what’s
happened to them, but I do see some student privacy concerns here.
More government disconnect? Still hiring like
it's 1955?
Federal
Bureau of Investigation understaffed to tackle cyber threats
The U.S. Department of Justice released a report
underlining the FBI’s difficulty in attracting and keeping computer
scientists for its cybersecurity program, mainly due to low wages,
Reuters reported yesterday (July 30).
The DOJ Inspector General called on the FBI to
measure timeliness of the information sharing, work harder to hire
computer scientists, continue developing new strategies for
recruiting, hiring and retaining cyber professionals and ensure
changes to the Cyber Division are strongly communicated.
The Bureau spent $314 million on the program in
2014, which included 1,333 full-time workers, but only 52 computer
specialists had been hired by the end of January, 2015.
The average salary offered to a cybersecurity
expert by FBI is significantly lower than that offered to candidates
in the private sector, according to the Office of the Inspector
General.
(Related) Gismondo was more blunt.
FBI
Struggling With Cybersecurity Because Of Shit Pay And Drug Tests
[The
audit report:
https://oig.justice.gov/reports/2015/a1529.pdf
(Related?) Is Dilbert suggesting a way for the
FBI to learn about technology?
Reading these articles is kinds like going to law
school, but cheaper.
Kate Groetzinger reports:
….
Unfortunately for [Sandra Bland] —and for anyone else who is pulled
over and asked to step out of their car—her rights are murky. Even
though the Fourth Amendment guarantees citizens will not be subjected
to unreasonable searches and seizures, it hasn’t been able to
protect drivers from this particular invasion of privacy since 1977.
Two
major Supreme Court decisions in the past half-century have eroded
the Fourth Amendment’s power in an effort to protect police in the
line of duty.
Read more on Quartz,
where Groetzinger describes the impact of the Terry and
Mimms rulings.
Ditto
Privacy
Laws in Asia – free download available
by Sabrina
I. Pacifici on Jul 31, 2015
Bloomberg BNA – “With its critical impact on
the world economy and global trade, privacy legislation in Asia has
been extremely active in the last several years. A recently released
report, Privacy
Laws in Asia, written by Cynthia Rich of Morrison &
Foerster LLP for Bloomberg BNA, analyzes commonalities and
differences in the privacy and data security requirements in
countries including Australia, India, Hong Kong and more. This
report gives you at-a-glance access to:
- A side-by-side chart comparing four key compliance areas, including registration requirements, cross-border data transfer limitations, and data breach notification, and data protection officer requirements.
- A country-by-country review of the differences and special characteristics in the law, as well as a look at privacy legislation in development.
- Explanations of the common elements of the laws in 11 jurisdictions with comprehensive privacy laws with regards to Notice, Opt-In and Consent issues, Data Retention, and more.”
And again, ditto.
Last Thursday, France’s constitutional court—le
Conseil constitutionnel—issued a ruling upholding most of that
country’s controversial new surveillance law, enacted in the wake
of the Charlie Hebdo terrorist attacks. Francophones can
read the untranslated decision here.
The legislation grants the French government
sweeping new powers to monitor suspected terrorists. Among other
things, the law authorizes warrantless
wiretaps; officials need not obtain a court order before
conducting electronic surveillance but rather must receive permission
from a special administrative body. The law also requires
telecommunications carriers and internet service providers to install
“black
boxes” on their networks, which the government can use to
collect and analyze users’ communications metadata. The court’s
largely favorable ruling means the law will now go into effect.
We don't have a Law School but we have a few Big
Data wonks, so perhaps we could partner with one to do some
innovative legal research?
Univ of
Toronto virtual legal research database uses IBM Watson
by Sabrina
I. Pacifici on Jul 31, 2015
“The University of Toronto team that built a
virtual legal research database [video
demonstration is embedded in this article] for the IBM Watson
Cognitive Computing Competition made it to the final round of the top
three before finishing the competition in second place… The
contest began when International Business Machines Corp. (IBM) asked
10 elite schools, including Stanford, Carnegie Mellon and U of T, to
put together teams at each university using its famous
Jeopardy-playing super-computer, named Watson. U of T was the only
Canadian institution invited to participate; its computer science
department was recently ranked
among the top 10 computer science departments worldwide in the
prestigious Shanghai Jiao Tong University’s Academic Ranking of
World Universities. (Read
more about the decision to bring Watson to U of T.)
Still no hint of an alternative system for
delivering classified information to the Secretary of State. This
would go away if State could point to a secure delivery method that
was always in place. I suspect there was no other system.
John Solomon and S. A. Miller report:
The U.S. intelligence community is bracing for the possibility that former Secretary of State Hillary Rodham Clinton’s private email account contains hundreds of revelations of classified information from spy agencies and is taking steps to contain any damage to national security, according to documents and interviews Thursday.
The top lawmakers on the House and Senate intelligence committee have been notified in recent days that the extent of classified information on Mrs. Clinton’s private email server was likely far more extensive than the four emails publicly acknowledged last week as containing some sensitive spy agency secrets.
Read more on Washington
Times.
(Related) Another amusing factoid.
Hillary
Clinton Emails: 1,300 Messages From Private Account Released
… Ironically, one email posted today shows
Clinton in 2009 asking her chief of staff to borrow a book on email
etiquette called "SEND: Why People Email So Badly and How to Do
It Better," by David Shipley.
Perspective. You can't tell the winners without a
scorecard!
Uber Speeds
Past Facebook as Quickest to $50 Billion Value Level
Uber just closed a new round of funding that will
value the company at more than $50 billion, according to The Wall
Street Journal.
The newspaper says that Uber raised
close to $1 billion in the round, which brings the total amount
of equity financing the company has raised to more than $5 billion.
Previously, Facebook had been the only
venture-backed private company to sport a $50 billion valuation. But
it took Facebook a good deal longer to hit that level: eight years,
compared with Uber's five.
Facebook, which subsequently went public, is now
worth just over $260 billion.
Interesting choice for stalkers and pedophiles?
Things
You’ll Wish You Knew Before Your Kids Started Using Kik
… Kik
is a free texting app, with a user-base of around 50 million (so
really small, compared to WhatsApp). iTunes gives it a rating of
17+, but despite that, people much younger (as young as 13) use it on
a regular basis. But for some strange reason, Google Android rates
it 12+. Not sure what is going on there.
Where Kik sharply differs from WhatsApp however,
is that WhatsApp works with the user’s mobile phone number, as the
“username”. Kik, on the other hand, requires no phone number —
just an invented username. Therefore, as well as smartphones, you
can also install Kik on iPod
Touch and iPads (which have no phone capabilities and are
therefore commonly given to tweens).
For our Business Intelligence students. We teach
them to use the Intelligence they generate.
Companies
Collect Competitive Intelligence, but Don’t Use It
Free is good!
Free eBook:
‘The Path to Value in the Cloud’
Today, we have an awesome free eBook called “The
Path to Value in the Cloud” that will show you key things you need
to know to make the Cloud an important part of your business. It’s
short enough that you’ll be able to read through it in one sitting,
but it’s packed with valuable information that you’ll most
definitely want to use for your business.
Download:
“The
Path to Value in the Cloud”
I like to make sure my students know of the free
options.
Which
Office Suite Is Best for You?