Saturday, February 13, 2016

It could be a hack for ransom or it could be a terrorist testing a new tool. We had better find out which.
NBCLA reports:
A Southern California hospital was a victim of a cyber attack, interfering with day-to-day operations, the hospital’s president and CEO said.
Staff at Hollywood Presbyterian Medical Center began noticing “significant IT issues and declared an internal emergency” on Friday, said hospital President and CEO Allen Stefanek.
A doctor who did not want to be identified said the system was hacked and was being held for ransom.
Read more on NBCLA. There is no statement on the hospital’s web site at the time of this posting, and I don’t see where there are any tweets from entities claiming responsibility for the hack.
[From the article:
The unnamed doctor said that departments are communicating by jammed fax lines because they have no email and that medical office staff does not have access to email.
The computers are essential for documentation of patient care, transmittal of lab work, sharing of X-rays and CT scans, the doctor said. Also, previous medical records for patients who have been admitted previously and who are newly admitted are inaccessible, "very dangerous."
Many patients there were transported to other hospitals.




And here I thought any conversation between an attorney and client was privileged. I guess in Missouri you have make prior arrangements. Interesting article.
The Intercept follows up on its earlier report in which a hack of Securus revealed that 70 million phone calls had been recorded – many involving what should be privileged communications between attorneys and their clients.
Jordan Smith and Micah Lee report:
The Intercept’s analysis, to the contrary, estimated that the hacked data included at least 14,000 records of conversations between inmates and attorneys. In the wake of the story’s publication, we informed Bukowsky that her phone number had been found among the records and provided her a spreadsheet of the calls made to her office — including the name of the client and the date, time, and duration of the calls. In turn, Bukowsky searched her case files for notes and other records, ultimately confirming that at least one call with McKim — which was prearranged with the Missouri DOC to be a private attorney call — was included in the data. The privileged call, more than 30 minutes long, was made at the height of Bukowsky’s preparations for McKim’s hearing. A unique recording URL accompanied each of Bukowsky’s calls included in the data, suggesting that audio had been recorded and stored for more than two years — and ultimately compromised by the unprecedented data breach.
Read more on The Intercept.




See? Double secret probation is not adequate. You actually have to tell someone and take appropriate action!
Shawn E. Tuma writes:
When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.
In Tank Connection, LLC v. Haight, 2016 WL 492751 (D. Kan. Feb. 8, 2016), the court granted the former employee’s motion for summary judgment against the employer’s CFAA claim.
Read more on the Cybersecurity Law Blog.




What is it with teenage hackers in the UK?
Cops arrest teen for hack and leak of DHS, FBI data
A 16-year-old boy living in England has been arrested in connection with the recent hack of FBI and DHS data, as well as the personal email accounts of CIA director John Brennan and homeland security chief Jeh Johnson.
Fox has confirmed that British authorities have arrested the still- unnamed teen with help from the FBI and that they are looking for possible accomplices.
The alleged hacker had told Motherboard webzine that he had swiped the names, titles and contact information for 20,000 FBI employees and 9,000 Department of Homeland Security employees. He told Motherboard this was possible through a compromised Department of Justice email.
Authorities believe this is the same hacker who compromised the private email accounts of Brennan and Johnson in October, though officials say neither man used these accounts for government use.


(Related) Is this serious or script-kidde hyperbole?
DOJ Hacker Also Accessed Forensic Reports and State Department Emails
… The hacker also took several screenshots while he was inside the Department of Justice’s intranet, highlighting what a serious data breach this really was. However, the obtained cache is much smaller in size than the 200GB originally claimed, totaling only around 20MB, and it has not been publicly released. It is not totally clear whether the hacker downloaded more data than what has been shared with Motherboard.
… According to CNN's report of the arrest, investigators found that the hacker had reached sensitive documents such as those related to investigations and legal agreements. The cache of files obtained by Motherboard seem to support that.
The hacker also seemingly downloaded just under 400 emails from the State Department. However, many of these appear to be from the HR division, and are marked as unclassified.




Try to keep up.
2015 Reported Data Breaches Surpasses All Previous Years
We are pleased to release our Data Breach QuickView report that shows 2015 broke the previous all-time record, set back in 2012, for the number of reported data breach incidents. The 3,930 incidents reported during 2015 exposed over 736 million records.
Risk Based Security’s newly released 2015 Data Breach QuickView report shows that 77.7% of reported incidents were the result of external agents or activity outside the organization with hacking accounting for 64.6% of incidents and 58.7% of exposed records.




I suspect we have already crossed this line. Interesting article, if a bit too late.
Voter targeting becomes voter surveillance
Political candidates have always done everything in their power to target voters. But in the current election cycle, with primary election season officially under way, technology is giving them a lot more power than before.
It is at the point where privacy advocates are referring to it as “voter surveillance.”
… What is new, and more ominous, according to Evan Selinger, senior fellow with the Future of Privacy Forum and a professor at Rochester Institute of Technology, is what he calls, “an asymmetry of knowledge.
“Average voters have no idea how much information campaigns have compiled on them and how fast a dossier can be updated,” he said. “If they did know, they might object to some of it being taken out of its original context of use, and being put to new use as political fodder.”
That is also one of the major arguments in an article titled “Engineering the public: Big data, surveillance and computational politics” by Zeynep Tufekci, who wrote that while the Internet has enabled much more powerful social movements due to “horizontal communication” that can connect people throughout nations and the world, those same digital technologies, “have also given rise to a data-analytic environment that favors the powerful, data-rich incumbents.”
… The title of a 2012 paper published by the University of Pennsylvania’s Annenberg School for Communications summed it up rather bluntly: “Americans Roundly Reject Tailored Political Advertising.”
… There is also the potential security problem. Colin J. Bennett, in an article titled “Trends in Voter Surveillance in Western Societies,” wrote that sensitive voter data, “can be put in the hands of multiple volunteers and campaign workers, who may have no privacy or security training.




Ah the French. It's like they have a whole different legal system. Could we ever agree on a “virtual jurisdiction” where the laws are the same for everyone?
French Court Rules Facebook Can Be Sued for Censorship in Nude Painting Case
… Back in 2011, Frederic Durand-Baissas, a 57-year-old teacher from Paris, discovered that his Facebook account had been deleted immediately after he posted a well-known nude painting by 19th century painter Gustave Courbet, called L'Origine du Monde (The Origin of the World).
Durand-Baissas sued the company, demanding it restore his account and pay him 20,000 euros (around $25,000) in damages. Facebook's legal team argued that the case could only go before a court in Santa Clara, Calif., where the company is headquartered, because of a provision in the site's terms and conditions. Last year, a high court in Paris ruled that the case should be heard in France, and last week, a Paris appeals court upheld that decision.




What is the best way? I like the idea of comedians poking holes in their logic, but we probably need multiple avenues of approach
Facebook Adds New Tool to Fight Terror: Counter Speech
Tuesday mornings, Monika Bickert and her team of content cops meet to discuss ways to remove hate speech and violent posts from Facebook Inc., the world’s largest social network. Recently, the group added a new tool to the mix: “counter speech.”
Counter speakers seek to discredit extremist views with posts, images and videos of their own. There’s no precise definition, but some people point to a 2014 effort by a German group to organize 100,000 people to bombard neo-Nazi pages on Facebook with “likes” and nice comments.
… Members also debated how to raise the visibility of counter speech on Facebook and Instagram. Once such content is created, “How do you get it to the right people?” Ms. Bickert asked.
… Facebook also has provided ad credits of up to $1,000 to counter speakers, including German comedian Arbi el Ayachi. Last year, Mr. el Ayachi filmed a video to counter claims from a Greek right-wing group that eating halal meat is poisonous to Christians. The one-minute video “was our take on how humor can be used to diffuse a false claim,” Mr. el Ayachi said.




Perspective.
The Amazon-Netflix Alliance
Netflix has completed its "cloud transition" to Amazon.com cloud services.
… Netflix now accounts for 37% of the Internet's traffic during peak viewing times - you can think of it as the 900-pound gorilla of Internet streaming. But after a seven-year transition, during which it did everything it could have done, technically, to reduce its dependence on Amazon Web Services, Netflix is signaling that it's more dependent than ever.
… Facebook bit the bullet on this years ago, and began building its own cloud data centers, using cash flow from its basic business to do so. Alphabet can easily afford the $1 billion/quarter cost of being in the game from its search business, and now from YouTube revenue. Microsoft has used software as an ante into the cloud game, and Apple is now investing the necessary cash to get into it, according to Oppenheimer analyst Tim Horan.
But Amazon's lead now has less to do with raw capital power and more to do with hard-won lessons learned in making that investment. Cloud has consolidated, and Amazon is the winner.
… Amazon has several billion-dollar "competitors" who use its delivery infrastructure to serve their customers. It has many other companies using its payment infrastructure, especially now that sales taxes on online sales are becoming routine, raising the cost of compliance beyond what many small players can afford.
Amazon is an infrastructure company. Do not analyze it as a retailer. Do not analyze it as a streaming company. Don't even analyze it based on cloud revenues. Amazon is infrastructure, infrastructure on which global commerce is increasingly dependent.




For my Data Management students.
How GM Uses Social Media to Improve Cars and Customer Service
… Because of the exponential growth of social media in recent years, and the fact nearly half of U.S. social media users actively seek customer service through social media, according to Nielsen and McKinsey Incite, we’ve made getting globally aligned one of GM’s priorities.




Another week of things worth knowing?
Hack Education Weekly News
… “A Florida proposal requiring public high schools to offer virtual or in-person computer science classes – and classifying those courses as foreign language – has passed in the Florida House of Representatives,” Edsurge reports.
… You thought the president of Mount St. Mary’s comment about treating struggling students bunnies needing to be drowned was bad? Oh man. It’s gotten worse. The provost who challenged the president’s retention plans has been fired, as have two professors (one tenured) – charged with “lack of loyalty,” whatever the hell that means. The school’s accreditor says it’ll investigate. The latest (at time of publishing) from The Chronicle of Higher Education: “Mount St. Mary’s Tells Tenured Professor It Fired That He Remains on the Payroll but Is Suspended.” “Tenure Protects Nothing,” Slate’s Rebecca Schuman concludes.
Via the News Tribune: “A $100 million computer software system for Washington’s 34 community colleges is so far behind schedule and operating so poorly that it will likely cost another $10 million before it’s installed in all schools.”




I'll teach spreadsheets again in the Spring.
35 Everyday Microsoft Excel Keyboard Shortcuts for Windows & Mac




I learned a bit, but not too much.
The Perfect Email
Okay, here’s a little test. See if you can decide which email is most likely to elicit a response:
1. Hey, I was thinking about you earlier. Do you want to get pizza?
2. Hey, I’d definitely like to get together next week. Do you want to get pizza?
3. Hey, it would be really great to see you and catch up. Do you want to get pizza?
4. Hey! It would be absolutely wonderful to see you! Do you want to get pizza? I’m so excited!
The correct answer is—drumroll—the second one. It’s in the Goldilocks zone of email tonality: not too positive, not too negative, not flat-out neutral. Just right. That’s according to a new analysis by the email-efficiency service Boomerang. The company anonymized and aggregated data from more than 5.3 million messages, and figured out which qualities made an email most likely to prompt a response.
… Boomerang found that emails that were slightly positive or slightly negative were most likely to get responses. Asking a couple of questions is good, but more than three starts working against you. “Flattery works, but excessive flattery doesn’t,” they wrote in a blog post about the findings.
… So, you know, play it cool. But not too cool. Also, no need to write long. The optimum length for an email is 50 to 125 words.


No comments: