It could be a hack for ransom or it could be a
terrorist testing a new tool. We had better find out which.
NBCLA reports:
A
Southern California hospital was a victim of a cyber attack,
interfering with day-to-day operations, the hospital’s president
and CEO said.
Staff
at Hollywood Presbyterian Medical Center began
noticing “significant IT issues and declared an internal emergency”
on Friday, said hospital President and CEO Allen Stefanek.
A
doctor who did not want to be identified said the system was hacked
and was being held for ransom.
Read more on NBCLA.
There is no statement on the hospital’s web site at the time of
this posting, and I don’t see where there are any tweets from
entities claiming responsibility for the hack.
[From
the article:
The unnamed doctor said that departments are
communicating by jammed fax lines because they have no email and that
medical office staff does not have access to email.
The computers are essential for documentation of
patient care, transmittal of lab work, sharing of X-rays and CT
scans, the doctor said. Also, previous medical records for patients
who have been admitted previously and who are newly admitted are
inaccessible, "very dangerous."
Many patients there were transported to other
hospitals.
And here I thought any conversation
between an attorney and client was privileged. I guess in Missouri
you have make prior arrangements. Interesting article.
The Intercept follows up on its earlier
report in which a hack of Securus revealed that
70 million phone calls had been recorded – many involving what
should be privileged communications between attorneys and their
clients.
Jordan Smith and Micah Lee report:
The Intercept’s analysis, to the contrary, estimated that the hacked data included at least 14,000 records of conversations between inmates and attorneys. In the wake of the story’s publication, we informed Bukowsky that her phone number had been found among the records and provided her a spreadsheet of the calls made to her office — including the name of the client and the date, time, and duration of the calls. In turn, Bukowsky searched her case files for notes and other records, ultimately confirming that at least one call with McKim — which was prearranged with the Missouri DOC to be a private attorney call — was included in the data. The privileged call, more than 30 minutes long, was made at the height of Bukowsky’s preparations for McKim’s hearing. A unique recording URL accompanied each of Bukowsky’s calls included in the data, suggesting that audio had been recorded and stored for more than two years — and ultimately compromised by the unprecedented data breach.
Read more on The
Intercept.
See? Double secret probation is not adequate.
You actually have to tell someone and take appropriate action!
Shawn E. Tuma writes:
When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.
In Tank Connection, LLC v. Haight, 2016 WL 492751 (D. Kan. Feb. 8, 2016), the court granted the former employee’s motion for summary judgment against the employer’s CFAA claim.
Read more on the Cybersecurity
Law Blog.
What is it with teenage hackers in the UK?
Cops arrest
teen for hack and leak of DHS, FBI data
A 16-year-old boy living in England has been
arrested in connection with the recent hack of FBI and DHS data, as
well as the personal email accounts of CIA director John Brennan and
homeland security chief Jeh Johnson.
Fox has confirmed that British authorities have
arrested the still- unnamed teen with help from the FBI and that they
are looking for possible accomplices.
The alleged hacker had told Motherboard
webzine that he had swiped the names, titles and contact information
for 20,000 FBI employees and 9,000 Department of Homeland Security
employees. He told Motherboard this was possible through a
compromised Department of Justice email.
Authorities believe this is the same hacker who
compromised the private email accounts of Brennan and Johnson in
October, though officials say neither man used these accounts for
government use.
(Related) Is this serious or script-kidde
hyperbole?
DOJ Hacker
Also Accessed Forensic Reports and State Department Emails
… The hacker also took several screenshots
while he was inside the Department of Justice’s intranet,
highlighting what a serious data breach this really was. However,
the obtained cache is much smaller in size than the 200GB originally
claimed, totaling only around 20MB, and it has not been publicly
released. It is not totally clear whether the hacker downloaded more
data than what has been shared with Motherboard.
… According to CNN's
report of the arrest, investigators found that the hacker had
reached sensitive documents such as those related to investigations
and legal agreements. The cache of files obtained by Motherboard
seem to support that.
The hacker also seemingly downloaded just under
400 emails from the State Department. However, many of these appear
to be from the HR division, and are marked as unclassified.
Try to keep up.
2015
Reported Data Breaches Surpasses All Previous Years
We are pleased
to release our Data Breach QuickView report that shows 2015 broke the
previous all-time record, set back in 2012, for the number of
reported data breach incidents. The 3,930 incidents reported during
2015 exposed over 736 million records.
… Risk Based
Security’s newly released 2015
Data Breach QuickView report shows that 77.7% of reported
incidents were the result of external agents or activity outside the
organization with hacking accounting for 64.6% of incidents and 58.7%
of exposed records.
I suspect we have already crossed this line.
Interesting article, if a bit too late.
Voter
targeting becomes voter surveillance
Political candidates have always done everything
in their power to target voters. But in the current election cycle,
with primary election season officially under way, technology is
giving them a lot more power than before.
It is at the point where privacy advocates are
referring to it as “voter surveillance.”
… What is new, and more ominous, according to
Evan Selinger, senior fellow with the Future of Privacy Forum and a
professor at Rochester Institute of Technology, is what he calls, “an
asymmetry of knowledge.
“Average voters have no idea how much
information campaigns have compiled on them and how fast a dossier
can be updated,” he said. “If they did know, they might object
to some of it being taken out of its original context of use, and
being put to new use as political fodder.”
That is also one of the major arguments in an
article
titled “Engineering the public: Big data, surveillance and
computational politics” by Zeynep Tufekci, who wrote that while the
Internet has enabled much more powerful social movements due to
“horizontal communication” that can connect people throughout
nations and the world, those same digital technologies, “have also
given rise to a data-analytic environment that favors the powerful,
data-rich incumbents.”
… The title of a 2012 paper
published by the University of Pennsylvania’s Annenberg School for
Communications summed it up rather bluntly: “Americans Roundly
Reject Tailored Political Advertising.”
… There is also the potential security
problem. Colin J. Bennett, in an article
titled “Trends in Voter Surveillance in Western Societies,” wrote
that sensitive voter data, “can be put in the hands of multiple
volunteers and campaign workers, who may have no privacy or security
training.
Ah the French. It's like they have a whole
different legal system. Could we ever agree on a “virtual
jurisdiction” where the laws are the same for everyone?
French
Court Rules Facebook Can Be Sued for Censorship in Nude Painting Case
… Back in 2011, Frederic Durand-Baissas, a
57-year-old teacher from Paris, discovered that his Facebook account
had been deleted immediately after he posted a well-known nude
painting by 19th century painter Gustave Courbet, called L'Origine du
Monde (The Origin of the World).
Durand-Baissas sued the company, demanding it
restore his account and pay him 20,000 euros (around $25,000) in
damages. Facebook's legal team argued that the case could only go
before a court in Santa Clara, Calif., where the company is
headquartered, because of a provision in the site's terms and
conditions. Last year, a high court in Paris ruled that the case
should be heard in France, and last week, a Paris appeals court
upheld that decision.
What is the best way? I like the idea of
comedians poking holes in their logic, but we probably need multiple
avenues of approach
Facebook
Adds New Tool to Fight Terror: Counter Speech
Tuesday mornings, Monika Bickert and her team of
content cops meet to discuss
ways to remove hate speech and violent posts from Facebook Inc.,
the world’s largest social network. Recently, the group added a
new tool to the mix: “counter speech.”
Counter speakers seek to discredit extremist views
with posts, images and videos of their own. There’s no precise
definition, but some people point to a 2014 effort by a German group
to organize 100,000 people to bombard neo-Nazi pages on Facebook with
“likes” and nice comments.
… Members also debated how to raise the
visibility of counter speech on Facebook and Instagram. Once such
content is created, “How do you get it to the right people?” Ms.
Bickert asked.
… Facebook also has provided ad credits of up
to $1,000 to counter speakers, including German comedian Arbi el
Ayachi. Last year, Mr. el Ayachi filmed a video to counter claims
from a Greek right-wing group that eating halal meat is poisonous to
Christians. The one-minute video “was our take on how humor can be
used to diffuse a false claim,” Mr. el Ayachi said.
Perspective.
The
Amazon-Netflix Alliance
Netflix has completed its "cloud transition"
to Amazon.com cloud services.
… Netflix now accounts for 37%
of the Internet's traffic during peak viewing times - you can think
of it as the 900-pound gorilla of Internet streaming. But after a
seven-year transition, during which it did everything it could have
done, technically, to reduce its dependence on Amazon Web Services,
Netflix is signaling that it's more dependent than ever.
… Facebook bit the bullet on this years ago,
and began building its own cloud data centers, using cash flow from
its basic business to do so. Alphabet can easily afford the $1
billion/quarter cost of being in the game from its search business,
and now from YouTube revenue. Microsoft has used software as an ante
into the cloud game, and Apple is now investing the necessary cash to
get into it, according to Oppenheimer
analyst Tim Horan.
But Amazon's lead now has less to do with raw
capital power and more to do with hard-won
lessons learned in making that investment. Cloud
has consolidated, and Amazon
is the winner.
… Amazon has several billion-dollar
"competitors" who use its delivery infrastructure to serve
their customers. It has many other companies using its payment
infrastructure, especially now that sales taxes on online sales are
becoming routine, raising the cost of compliance beyond what many
small players can afford.
Amazon is an infrastructure company.
Do not analyze it as a retailer. Do not analyze it as a streaming
company. Don't even analyze it based on cloud revenues. Amazon is
infrastructure, infrastructure on which global commerce is
increasingly dependent.
For my Data Management students.
How GM Uses
Social Media to Improve Cars and Customer Service
… Because of the exponential growth of social
media in recent years, and the fact nearly half of U.S. social media
users actively seek customer service through social media, according
to Nielsen and McKinsey Incite, we’ve made getting globally
aligned one of GM’s priorities.
Another week of things worth knowing?
Hack
Education Weekly News
… “A Florida proposal requiring public high
schools to offer virtual or in-person computer science classes –
and classifying those courses as foreign language – has passed in
the Florida House of Representatives,” Edsurge
reports.
… You thought the president of Mount St.
Mary’s comment about treating struggling students bunnies needing
to be drowned was bad? Oh man. It’s gotten worse. The provost
who challenged the president’s retention plans has
been fired, as have two
professors (one tenured) – charged with “lack of loyalty,”
whatever the hell that means. The school’s accreditor says
it’ll investigate. The latest (at time of publishing) from
The Chronicle of Higher Education: “Mount St. Mary’s Tells
Tenured Professor It Fired That He Remains on the Payroll but Is
Suspended.” “Tenure Protects Nothing,” Slate’s
Rebecca Schuman concludes.
… Via
the News Tribune: “A $100 million computer software system for
Washington’s 34 community colleges is so far behind schedule and
operating so poorly that it will likely cost another $10 million
before it’s installed in all schools.”
I'll teach spreadsheets again in the Spring.
35 Everyday
Microsoft Excel Keyboard Shortcuts for Windows & Mac
I learned a bit, but not too much.
The Perfect
Email
Okay, here’s a little test. See if you can
decide which email is most likely to elicit a response:
1. Hey, I was thinking
about you earlier. Do you want to get pizza?
2. Hey, I’d definitely like to get together next week. Do you want to get pizza?
3. Hey, it would be really great to see you and catch up. Do you want to get pizza?
4. Hey! It would be absolutely wonderful to see you! Do you want to get pizza? I’m so excited!
2. Hey, I’d definitely like to get together next week. Do you want to get pizza?
3. Hey, it would be really great to see you and catch up. Do you want to get pizza?
4. Hey! It would be absolutely wonderful to see you! Do you want to get pizza? I’m so excited!
The correct answer is—drumroll—the
second one. It’s in the Goldilocks zone of email tonality: not too
positive, not too negative, not flat-out neutral. Just right.
That’s according to a new analysis by the email-efficiency service
Boomerang. The company
anonymized and aggregated data from more than 5.3 million messages,
and figured out which qualities made an email most likely to prompt a
response.
… Boomerang found that emails that were
slightly positive or slightly negative were most likely to get
responses. Asking a couple of questions is good, but more than three
starts working against you. “Flattery works, but excessive
flattery doesn’t,” they wrote in a
blog post about the findings.
… So, you know, play it cool. But not too
cool. Also, no need to write long. The optimum length for an email
is 50 to 125 words.