Russian Hackers Attack Two U.S. Voter Databases: Reports
Russian-based hackers may
have been responsible for two recent attempts to breach US voter registration
databases in two states, raising fears Moscow is trying to undermine November's
presidential election, US media said Monday.
The incidents led the FBI to send a "flash alert" to election
officials earlier this month, asking them to watch for similar
cyber-attacks.
The FBI alert, first reported by Yahoo News, did not
mention Russia.
However, the authorities have attributed the attacks to
Russian spy agencies, NBC News quoted US intelligence officials as saying.
… Although the alert does not identify targeted states, Yahoo News quoted officials as saying they were Illinois and
Arizona.
[Dilbert
explains: http://dilbert.com/strip/2016-05-01
(Related)
How Electronic Voting Could Undermine the Election
Things just got a lot worse for St. Jude. What could they recover if they can “prove”
their innocence? (What will they lose if
they can’t?)
From the you’re-not-really-surprised-by-this-are-you?
dept., Don DeBenedictis reports:
In a class action that sounds
like a Tom Clancy novel, a patient claims that pacemakers and other implanted
heart devices sold by St. Jude Medical can be attacked by hackers to steal
personal information and even harm patients.
Clinton W. Ross Jr. claims that
several lines of St. Jude’s heart-regulating devices designed to be monitored
remotely with in-home equipment, rather than during in-person visits to the
doctor, lack “even the most basic security defenses” to safeguard their
computer communications from outsiders.
Gee, what could have possibly given him that
idea?
Read more on Courthouse
News.
For my Computer Security student debate on Incident
Response. Too extreme or just
right?
Daniel Tyson reports:
Appalachian Regional Hospitals in
Beckley and Summers County computer systems were breached Saturday afternoon,
but company officials were tight-lipped as to the extent or what information
was seized by the hackers.
The hospitals’ parent company,
Appalachian Regional Healthcare, issued a two-paragraph statement that their
hospitals in West Virginia and Kentucky are on an Emergency Operations Plan,
after hackers planted a computer virus in its electronic web-based services and
electronic communications.
A spokesperson for ARH said all
computers were shut down to prevent further spreading of the virus, which
affected Beckley Appalachian Regional Hospital and Summers
County Appalachian Regional Hospital in Hinton.
By Saturday afternoon, all
patient care, registration, medication, imaging and laboratory services were
managed manually.
Read more on The
Register-Herald.
The
FBI has been called in to investigate, and patients are concerned
that their personal information may have been stolen or compromised, but at
this point, there’s no indication from the healthcare system that any
information was exfiltrated and this may turn out to be a situation in which
the data was just locked up for ransom. The biggest concern, of course, was that
hospital operations were threatened, even though it sounds like the system
quickly implemented its emergency plan so it could continue to provide services
to patients.
“We have a great law, but we don’t have any way to enforce
it.”
Shawn Shinneman reports:
The Office of the Attorney
General hasn’t disciplined a single Texas company for failing to notify
customers of a data breach – and records show it is only directly notified of a
small portion of the incidents, the Dallas Business Journal has
learned.
The issue could stem from the way
Texas’ cybersecurity law is constructed. Although it calls for the OAG to penalize
companies who don’t notify their customers about data breaches, Texas’ standard
doesn’t require businesses to
actually report breaches to any governmental agency.
The state is effectively looking
for speeders without a radar gun.
Read more on the Dallas
Business Journal.
Fodder for dossier builders? How many database duplicate the same
information?
EFF – Transparency Hunters Capture More than 400 California
Database Catalogs
by Sabrina
I. Pacifici on Aug 29, 2016
Dave Maass – A team of over 40 transparency activists aimed
their browsers at California this past weekend, collecting more than 400
database catalogs from local government agencies, as required under a new state
law. Together, participants in the
California Database Hunt shined light on thousands upon thousands of government
record systems. California S.B. 272 requires every
local government body, with the exception of educational agencies, to post
inventories of their “enterprise systems,” essentially every database that
holds records on members of the public or is used as a primary source of
information. These database catalogs
were required to be posted online (at least by agencies with websites) by July
1, 2016. EFF, the Data
Foundation, the Sunlight Foundation, and Level
Zero, combined forces to host volunteers in San Francisco, Washington,
D.C., and remotely. More than 40
volunteers scoured as many local agency websites as we could in four
hours—cities, counties, regional transportation agencies, water districts, etc.
Here are the rough numbers:
680 – The number of unique
agencies that supporters searched
970 – The number of searches conducted (Note: agencies found on the first pass not to have catalogs were searched a second time)
430 – Number of agencies with database catalogs online
250 – Number of agencies without database catalogs online, as verified by two people…”
970 – The number of searches conducted (Note: agencies found on the first pass not to have catalogs were searched a second time)
430 – Number of agencies with database catalogs online
250 – Number of agencies without database catalogs online, as verified by two people…”
Download a spreadsheet of local government database
catalogs: Excel/TSV
Download a spreadsheet of cities and counties where we did not find S.B. 272 catalogs: Excel/TSV
Download a spreadsheet of cities and counties where we did not find S.B. 272 catalogs: Excel/TSV
Speaking of dossier creators…
Kashmir Hill writes:
Facebook’s ability to figure out
the “people we might know” is sometimes eerie. Many a Facebook user has been creeped out when
a one-time Tinder date or an ex-boss from 10 years ago suddenly pops up as a
friend recommendation. How does the
big blue giant know?
While some of these incredibly
accurate friend suggestions are amusing, others are alarming, such as this
story from Lisa*, a psychiatrist who is an infrequent Facebook user, mostly
signing in to RSVP for events. Last
summer, she noticed that the social network had started recommending her
patients as friends—and she had no idea why.
Read more on Fusion.
Background for budget time.
What's the Real Value of "Cost of Breach" Studies?
The European Union Agency for Network and Information
Security (ENISA) published The cost of incidents affecting CIIs – a review
‘of studies concerning the economic impact of cyber-security incidents on
critical information infrastructures’. Published
this month, it is an analysis of ‘cost of breach’ reports; and it draws some
worrying conclusions.
… Ponemon’s latest report
puts the average cost of a breach at $4 million, or at $158 per stolen record. In a study conducted for the UK government, PwC put the overall cost of a breach for major companies at
between £1.46 million and £3.14 million (smaller companies £75,000 to
£311,000). In 2015 Kaspersky
Lab put the average direct cost at $551,000 for large companies and
$38,000 for SMBs (with indirect costs adding an extra $69,000 and $8,000
respectfully).
I have a rather high percentage of
international students this quarter. We
should probably talk about not carrying the “Ethical Hacking” textbook through
Customs.
Constitutional law professor Noah Feldman writes:
Wall Street Journal reporter
Maria Abi-Habib made waves in journalistic circles last month after she posted
on Facebook that Department of Homeland Security officials tried to seize her
phones as she entered the U.S. at Los Angeles International Airport.
What was striking about her post
was that Homeland Security’s demand (which it eventually gave up) was probably
lawful and certainly constitutional. Under
established U.S. Supreme Court precedent, there is an exception to the Fourth
Amendment privacy right when you are at the border entering or leaving the country.
Read his full commentary on The
Commercial Appeal.
For my IT Architecture class.
Private Clouds a ‘Big Priority’ for Dell
Dell Inc. hopes its pending $60
billion acquisition of EMC Corp. will
make the combined company a favored supplier in the rapidly growing market for
cloud computing, where companies tap software programs via the internet.
Dell Chief Executive Michael Dell
appeared Monday at the annual conference of EMC’s VMware unit, underscoring the
deal’s importance for Dell’s future. He
is betting that companies will use Dell’s equipment to build “private clouds,”
where their employees access software programs through the internet. “A big priority for us is making private
clouds easy,” Mr. Dell told the VMworld conference Monday.
If everyone loved what Iran was
selling, this would not be necessary. They
know that and yet they waste money creating a very porous wall rather than
anything attractive and convincing.
Strange, but not unusual.
Iran rolls out domestic internet
…
The state news agency Irna said the initiative would offer
"high quality, high speed" connections at "low costs".
But critics suggest the true aim is to tighten the
authorities' control over citizens' use of the net.
Although Iran already blocks access to overseas-based
social media services - including Twitter and Facebook - many users still
access them via proxy sites and virtual private networks (VPNs).
In aggregate, this data is useful. Targeting individuals is a different story.
Ford, MIT use Bostonians’ cellphone location data for traffic
planning
By collecting the anonymous cellphone location data from
nearly two million Bostonians, MIT and Ford were able to produce near-instant
urban mobility patterns that typically cost millions of dollars and take years
to build.
The big data experiment holds the promise of more accurate
and timely data about urban mobility patterns that can be used to quickly
determine whether particular attempts to address local transportation needs are
working.
In making decisions about infrastructure development and
resource allocation, city planners rely on models of how people move through
their cities -- on foot, in cars and by public transportation. Those models are largely based on
socio-demographic information from costly, time-consuming manual surveys, which
are in small sample sizes and infrequently updated. Cities
might go more than a decade between surveys.
Of course they do.
Jamie Williams writes:
Imagine being convicted of a
crime for logging into a friend’s social media account with their permission? Or for logging into your spouse’s bank
account to pay a bill, even though a pop-up banner appeared stating that only
account holders were permitted to access the system? The Ninth Circuit Court of Appeals last month
issued two decisions—by two different 3-judge panels in two separate
cases—which seem to turn such actions into federal crimes. We teamed up with the ACLU and ACLU of Northern California to ask the court
to review both decisions en
banc—with 11 judges, not just 3—and issue a ruling that will ensure
innocent Internet users are not transformed into criminals on the basis of
innocuous password sharing. We want the
court to come up with a clear and limited interpretation of the notoriously
vague statute at the heart of both cases, the Computer Fraud and Abuse Act (CFAA).
Read more on EFF.
This will put a small dent in the petty cash fund. (You don’t think Ireland was planning this
all along, do you?)
Apple should repay Ireland 13bn euros, European Commission
rules
After a three-year investigation, it has concluded that
the US firm's Irish tax benefits are illegal.
The Commission
said Ireland enabled the company to pay substantially less than other
businesses, in effect paying a corporate tax rate of no more than 1%.
… "Member
states cannot give tax benefits to selected companies - this is illegal under
EU state aid rules," said Commissioner Margarethe Vestager.
Then add in hobby drones and illegal drones – we may never
see the sun again!
FAA Expects 600,000 Commercial Drones In The Air Within A
Year
3D printing and raspberry pi, my students will love this
article! (I want the cryptex!)
30 Useful Ways 3D Printing Could Be Used At Home
Great consultants choose their words carefully.
No comments:
Post a Comment