Proposed Legislation Would Give Legal Right to Hack Back
Hacking
back is a perennial and contentious issue. Its latest instance comes in the form of a
'Discussion Draft' bill proposed by Representative Tom Graves (R-GA): The Active Cyber Defense
Certainty Act. Graves claims
it is gaining bipartisan support, and he expects to present it to the House of
Representatives for vote within the next few months.
The Draft Bill (PDF)
is an amendment to the Computer Fraud and Abuse Act (CFAA).
… It is discussed
in detail and expanded in the study
titled Into the Grey Zone: The Private Sector and Active Defense against Cyber
Threats published by the George Washington University in October 2016.
… So, two
immediate problems with allowing hacking back is that a lack of expertise could
either compromise forensic evidence, or accidentally cause actual harm to the
attackers' supposed computers. Without
adequate expertise, the supposed servers might not even be the attackers'
servers. "Because of (compromised)
proxies," comments F-Secure's security advisor Sean Sullivan,
"hacking back/active defense is complicated and it's quite unlikely that
the US Congress would be able to properly define what should be allowed or
not."
This would be interesting.
“Cut off our hard currency with sanctions and we’ll just rob your banks?”
North Korea Said to Be Target of Inquiry Over $81 Million
Cyberheist
Federal prosecutors are investigating North Korea’s
possible role in the theft of $81 million from the central bank of Bangladesh
in what security officials fear could be a new front in cyberwarfare.
The United States
attorney’s office in Los Angeles has been examining the extent to which the
North Korea government aided and abetted the bold heist in February 2016,
according to a person briefed on the investigation who was not authorized to
speak publicly.
… News of the
criminal investigation into North Korea’s role in the Bangladesh bank attack
was reported earlier on Wednesday by The
Wall Street Journal. It was not
clear whether any charges from the investigation were imminent.
(Related).
JOHN MCCAIN: There's a 'crazy fat kid' running North Korea
I’ll have to find an article with more details, but the
idea of government mandated minimum
standards is interesting.
Dror Halavy reports:
The Knesset Law and
Constitutional Committee has approved measures that will require companies and
groups that collect data on Israelis to protect the information from hackers. The new rules, which supply specific criteria to organizations on the types of security needed,
will apply equally to government and private sector organizations.
The measures are based on
research done by the Justice Ministry, and recently completed at the behest of
Justice Minister Ayelet Shaked. Under
the measures, organizations will determine whether the data they hold is of
low, medium, or high sensitivity for privacy; for example, medical information
will be considered as part of the latter category, while membership in a store
club might be listed in the former categories.
Each level of sensitivity will
require more severe cyber-security strictures and standards. Organizations
will have to apply specific approved solutions that meet standards described in
the measures. Failure to do so could
leave them subject to civil or criminal actions in the event of a security
breach.
Read more on Hamodia.
Mission creep?
Joe Cadillic writes:
Imagine
driving down the road and being stopped by a Border Patrol agent for speeding. Imagine Border Patrol agents responding to
domestic abuse calls at people’s homes. Imagine
the Border Patrol responding to trespassing calls and detaining motorists with
K-9’s.
You can
stop imagining, because it’s happening in New York, Vermont, Maine and now New
Hampshire. House Bill 1298 gives
DHS’s Border Patrol agents police powers in NH.
Read more on MassPrivateI.
[From the
article:
Americans can forget about DHS's 100
mile border zone inside the U.S., because now the Border Police
Patrol has arrest powers throughout entire states!
A boarder search going the other
direction?
Mar. 20 – Cause of Action Institute (“CoA Institute”)
today filed an amicus
curiae brief in support of Defendant Hamza Kolsuz who in February,
2016 was arrested at a Virginia airport attempting to board a plane bound for
Istanbul, Turkey.
…
The brief states:
At the time of the search,
neither Mr. Kolsuz nor his smartphone were in the process of crossing any
border. The Government was not
furthering any interest in prohibiting the entry or exit of contraband,
enforcing currency control, levying duties or tariffs, or excluding travelers
without the property documentation to enter the country…
The full brief is available here.
A different take. Why would this be illegal? Isn’t it similar to using a dashboard camera? They are looking at cars on a public road and
using technology available at any high school (for measuring the speed of
baseballs). The letter reads as if they
were trespassing on state controlled land (the highway).
The state of Virginia is not
happy that the Insurance Institute for Highway Safety (IIHS) set up speed
cameras on Virginia highways without any authority to do so. State officials sent a warning letter
to the industry lobbying group in October.
“We recently received a concern
claiming your organization set up equipment on property controlled by the
Virginia Department of Transportation (VDOT),” Northern Virginia District
Administrator Helen Cuervo wrote. “In
reviewing our records, it does not appear that your organization had a legal
permit to do so.
Read more on TheNewspaper.com. So they get to keep the data they illegally
obtained and then used to lobby for changes that would benefit their industry? They should be made to destroy the data.
If venture capital was easy to find, everyone would be entrepreneurs!
US Tech Startups’ China money spooks Pentagon
A new white paper commissioned by the US defense
department says Beijing isn’t just investing in critical technologies at home,
they are doing it in the US as well. The
New York Times reports that some tech startups working on projects with
military applications have received money from state-run Chinese firms. Lawmakers calling for stricter oversight of
Chinese investments note that the scope of the interagency Committee on Foreign
Investment in the US (Cfius) does not include smaller investments, such as
those into tech startups. Despite the
increased scrutiny, many firms say the Chinese investors are their only option.
Clearly, Tillerson does not like people looking over his shoulder.
Apparently, they failed to inform the
Records Retention people that he was using an alias. (But just for one year near the end of that
period?)
Exxon admits it lost up to a year's worth of Rex Tillerson's
'Wayne Tracker' emails
Exxon Mobil lost up to a year's worth of emails sent by
former CEO and current Secretary of State Rex Tillerson under the pseudonym
"Wayne Tracker," court documents show.
Exxon is under investigation by New York State Attorney
General Eric T. Schneiderman for allegedly misleading shareholders and
investors about risk-management issues related to climate change.
Tillerson used the Wayne Tracker alias to communicate
with Exxon officials about "risk-management issues related to climate
change." Tillerson — whose middle name is Wayne — allegedly used the alias
for a period of seven years, between 2008 and 2015, according to Schneiderman's
office.
No comments:
Post a Comment