Australia Online Census Shutdown After Cyber Attacks
… as
thousands of people headed to the official website Tuesday evening, a series of
denial-of-service attacks -- attempts to overwhelm an online system to prevent
people accessing it -- prompted authorities to take the site offline.
"It was an attack, and we believe from
overseas," said David Kalisch from the Australian Bureau of Statistics,
which organises the census.
"The scale of the attack, it was quite
clear it was malicious," he told the Australian Broadcasting Corporation.
The census website was not back online
Wednesday.
There must be more here than I’m seeing. If I was a conspiracy buff, I might see some
serious hackers behind this. What might
North Korea want in exchange for not shutting down all airline systems?
Complexity makes airline computer systems vulnerable
… Why do these
kinds of meltdowns keep happening?
The answer is that airlines depend on huge, overlapping
and complex IT systems to do just about everything, from operating flights to
handling ticketing, boarding, websites and mobile-phone apps. And after years of rapid consolidation in the
airline business, these computer systems may be a hodgepodge of parts of
varying ages and from different merger partners.
These systems are also being worked harder, with new fees
and options for passengers, and more transactions — Delta’s traffic has nearly
doubled in the past decade.
… It is unclear
exactly what went wrong at Delta. The
airline said it suffered a power outage at an Atlanta installation around 2:30
a.m. EDT that caused many of its computer systems to fail. But the local electric company, Georgia Power,
said that it was not to blame and that the equipment failure was on Delta’s
end.
IT experts questioned whether Delta’s network was
adequately prepared for the inevitable breakdown.
“One piece of equipment going out shouldn’t cause this,”
said Bill Curtis, chief scientist at software-analysis firm Cast. “It’s a bit
shocking.”
Curtis said IT systems should be designed so that when a
part fails, its functions automatically switch over to a backup, preferably in
a different location. “And if I had a
multibillion-dollar business running on this, I would certainly want to have
some kind of backup power,” he added.
(Related) I wonder if one of the vulnerabilities was, “turn
off the power?”
Joshua Philipp reports:
Computer systems of Delta
Airlines have suffered a “glitch” that is causing flight delays on the airline
globally. While the cause of the delays
is still unclear, a group of cyber criminals was recently selling
vulnerabilities to major airlines on the black market.
On Jan. 3, cybercriminals on a
darknet black market run by Chinese state hackers published an advertisement
for information and vulnerabilities in a long list of major airlines that
included Delta Airlines, United Airlines, Japan Airlines, FedEx, and others.
Read more on Epoch
Times.
(Related) How to
backup an entire country?
Estonia's "Data Embassy" Could be UK's First Brexit
Cyber Casualty
The government of Estonia is one of the most cyber-aware
governments in the world. Recent reports
have suggested that the country has been in discussion with the UK for the
establishment of an overseas data embassy. Those same reports suggest that Britain's
decision to leave the European Union is making Estonia reconsider the UK, and
perhaps favor Luxembourg. If this is
true, it could make the loss of business with Estonia the first major cyber
casualty of the Brexit.
… Although the
Ministry here describes the project as simply a data center, it has elsewhere
used the term 'virtual data embassy'. This is to differentiate the concept from
simple backups that have been stored in overseas embassies for the last ten
years. Estonia is facing an issue now
that will be faced by more and more nations as electronic government increases:
secure mirrors will be required to ensure that the country itself doesn't face
downtime in a catastrophe. Estonia, of
course faces the additional concern of physical incursion from its neighbor and
one-time overlord, Russia.
Taavi Kotka, the Government CIO, wrote, "As part of this research project, we have
evaluated methods to ensure that the data and services of and for our citizens,
e-residents, and institutions are kept safe, secure, and continuously
available. Privacy, security, data
protection, and data integrity are central to our government services."
A new (to me) resource!
What kind of month was July for breaches involving health
information. I counted 39 incidents
reported during the month. Read Protenus’s blog
for an analysis of the incidents.
Update: Tom Sullivan of HealthcareITNews
has a great
write-up on the blog post.
I see a project for my Ethical Hacking students.
75 Percent of Bluetooth Smart Locks Can Be Hacked
Many Bluetooth Low Energy smart locks can be hacked and
opened by unauthorized users, but their manufacturers seem to want to do
nothing about it, a security researcher said yesterday (Aug. 6) at the DEF CON
hacker conference here.
Something to amuse my Computer Security students.
25 Awesome “Bug Bounty” Programs for Earning Pocket Money
A bug bounty is a monetary payout for
finding and reporting security holes in software. If you have expertise in security protocols,
you could make some extra pocket money hunting for bugs in popular apps and
websites.
It’s also a great way to sharpen your skills and build
your reputation as a security expert — to the point where you could be
recruited by companies (or even the American government). Here are the best bug bounty programs
available in 2016.
Because the FBI has jurisdiction over all riots?
Kristen V. Brown reports:
When the FBI sent secret spy
planes to capture surveillance footage of the Baltimore protests of Freddie
Gray’s death in 2015, the agency justified the aerial monitoring as necessary. “Large scale demonstrations and protests”
meant there was “potential for large scale violence and riots,” the agency wrote
in an internal memo at the time.
Last week, the FBI released
more than 18 hours of this footage in response to a FOIA request from the
American Civil Liberties Union. Captured
by a
thermal-imaging system with infrared cameras mounted to the plane’s
wing, the footage was taken over five days during at least 10
surveillance flights. The footage
shows major Black Lives Matter marches, quiet neighborhood gatherings and
near-empty streets. It’s unclear if law
enforcement acted on this footage in policing the protests.
Read more on Fusion.
(Related) Did the FIOA request ask about facial
recognition?
Andrada Fiscutean reports:
Romania’s intelligence service is
about to build a system to identify people taking part in street protests or
talking on Facebook or Skype, according to four local human-rights groups.
In an open letter published on
Monday, the groups said the system would be capable of running facial
recognition on three million people. It
could also intercept online traffic without the consent of the users and will
have unrestricted access to all public databases containing information about
citizens.
Read more on ZDNet.
You know this is not going to die. Ever. (Translation: When a politician says, “as far as I know”
what he or she means is, “I’m staying deliberately ignorant, but I don’t want
to admit that.”
(Washington DC) – Judicial Watch today
released 296
pages of State Department records, of which 44
email exchanges were not previously turned over to the State Department,
bringing the known total to date to 171 of new Clinton emails (not part of the
55,000 pages of emails that Clinton turned over to the State Department).
These records further appear to contradict statements by Clinton that, “as far
as she knew,” all of her government emails were turned over to the State
Department
Is ad blocking the cyber-equivalent of muting the TV
during commercials?
Facebook Will Force Advertising on Ad-Blocking Users
Facebook is going to start forcing ads to appear
for all users of its desktop website, even if they use ad-blocking software.
The social network said on Tuesday that it will change the
way advertising is loaded into its desktop website to make its ad units
considerably more difficult for ad blockers to detect. [Stealth
ads? Bob]
Interesting. IT
Architecture impacts brick and mortar architecture. Surprising that delivery would be so
different?
E-Commerce Forces Shift in Warehouse Building
The rise of online
shopping is forcing warehouse builders to redraw the map of logistics hubs on
the East Coast.
Politicians always feel virtuous when they can create a
new “Sin Tax.” Bet on it!
State governments eye cash from fantasy sports
… More than half
of the nation’s state legislatures are set to debate measures to codify the
existence of daily and weekly fantasy sports sites, which could provide a
lucrative new revenue stream for cash-strapped governments.
Forsooth!
CU offering certificate in ‘Applied Shakespeare'
BOULDER - Valorous news! Thee can anon receiveth a c'rtificate f'r
studying the fine w'rks of the greatest playwright the w'rld hast ev'r seen.
The above sentence is an example of “Applied Shakespeare,”
which, coincidentally, is also the name of the latest graduate certificate
offered by the University of Colorado – Boulder.
You know this headline caught my eye. (Beer!
There’s an App for that!)
This smart glass earns you free beer
For the toolkit.
Not necessarily for my Ethical Hacking students.
How to Take Remote Control of Someone Else’s PC
Also for the toolkit.
Organize your projects!
11 Trello Tips and Workflow Features for Programmers
Trello is one of the
best productivity tools to hit the scene in the past decade, mainly due to the power of visual organization. It’s more than just a to-do list alternative. It’s an entirely different paradigm,
especially for programmers.
For my students. I
wonder if there is an index of these fairs?
http://inhomelandsecurity.com/virtual-career-fairs-intelligence-community/?google_editors_picks=true
Virtual Career Fairs: An Effective Recruiting Tool For The IC
… One of the most
popular questions I hear is, “Do these things [VCFs] work? Do people really get hired from these events?”
The answer is, unequivocally, YES. I have worked with numerous students who have
attended American Military University and American Public University’s National
Security VCF in the past and have been hired due to the connections they
made during the event. While exact
numbers can be hard to come by in the IC (for obvious reasons), the recruiters
are returning again and again.
… The IC hosts an annual VCF; the last
one was in March 2016. If the recruiters
weren’t finding high-quality talent at VCFs then flat-out, they would not
attend or host them.
I think I will re-arrange my priorities like Wally’s.
No comments:
Post a Comment