I bet this will not be part of the Trump-Putin
discussion.
Hackers Are Targeting Nuclear Facilities, Homeland Security
Dept. and F.B.I. Say
Since May, hackers have been penetrating the computer
networks of companies that operate nuclear power stations and other energy
facilities, as well as manufacturing plants in the United States and other
countries.
Among the
companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs
a nuclear power plant near Burlington, Kan., according to security consultants
and an urgent joint report issued by the
Department of
Homeland Security and the Federal Bureau of Investigation last week.
… In most cases, the attacks targeted people — industrial
control engineers who have direct access to systems that, if damaged, could
lead to an explosion, fire or a spill of dangerous material, according to two
people familiar with the attacks who could not be named because of
confidentiality agreements.
… Hackers wrote
highly targeted email messages containing fake résumés for control engineering
jobs and sent them to the senior industrial control engineers who maintain
broad access to critical industrial control systems, the government report
said.
The fake résumés
were Microsoft Word documents that were laced with malicious code. Once the recipients clicked on those
documents, attackers could steal their credentials and proceed to other
machines on a network.
(Related). …and
apparently, this news was not ‘fit to print.’
Hackers breached at least a dozen US nuclear power sites —
and officials are zeroing in on a familiar player
US officials have concluded that hackers working on behalf
of a foreign power recently breached
at least a
dozen US nuclear power sites,
Bloomberg reported on Thursday.
… But the hacks
have raised red flags for investigators who worry Russia may
be gearing up to levy an attack against the US power grid. If that were the case, it would fit into a
pattern adopted by Russia in the past, particularly as it relates to
Ukraine.
How many organizations would confirm a change like
this? (We call the ones who do not “victims.”)
A Georgia man pleaded guilty Thursday to federal charges
he was part of an e-mail spoofing scheme that cost Sedgwick County more than
$566,000, U.S. Attorney Tom Beall said.
George S. James,
49, Brookhaven, Ga., pleaded guilty to one count of wire fraud.
In his plea, James admitted that on Oct. 7, 2016, Sedgwick
County sent approximately $566,088 to his bank
account [Makes the investigation rather simple. Bob] at a Wells
Fargo bank in Georgia. James transferred
part of the money he received from Sedgwick County to a bank account in
Shanghai, China, and part of the money to an account at Deutsche Bank in
Bremen, Germany. James also spent some
of the money.
In his plea, James denied that the fraud scheme was his
idea. He said that on Sept. 23, 2016, he was contacted by a person identified
in court records as A.H., who asked to deposit some money into James’ account
at Wells Fargo. James said he knew A.H.
was engaged in fraud, but James denied knowing that Sedgwick County was the
victim.
In his plea, James said it was A.H. – or someone working
with A.H. – who sent an email to Sedgwick County on Sept. 23, 2016, purporting
to be from Cornejo and Sons, LLC, and requesting
the county send future payments to a new account number at Wells Fargo.
On Oct. 7, 2016, the county sent
$566,088 to James’ account at Wells Fargo. The county learned later that Cornejo did not
request the change of account and did not receive the payment.
SOURCE: U.S. Attorney’s Office, Eastern District of Kansas
Is it sufficient to offer one year of anti-fraud coverage
to breach victims?
Veronica Miracle reports:
Three Fresno suspects, accused of
living off other people’s money– investigators said they found Andrew Clement,
Katie Whala, and Randall McKinney with troves of stolen personal information
last month.
[…]
“There was stolen mail, there
were checks, there was a spreadsheet from the Unified School District– so this
wasn’t just one item,” said Sgt. Jason Kadluboski, Gilroy Police Department.
The hard part now is finding the
victims and figuring out how all this information ended up in the wrong hands. Gilroy Police said there is no way to pinpoint
where or when the FUSD data breach happened– but it appears the information is a couple of years old.
When they find the guilty party, they might bash them with
a chair… (WWE = World Wrestling
Entertainment)
Three million WWE fan accounts exposed online
Databases containing the personal information of more than
three million WWE fans have been found lying unprotected online, allowing
anyone with the correct address to view the plain text data.
Bob Dyachenko, of security firm Kromtech, told
Forbes that he had
discovered a massive trove of data stored on an Amazon Web Services (AWS) S3
server without username or password protection.
The data included home and email addresses, the ages and
dates of birth of customers and their children, as well as their genders and
ethnicity, although no financial information was stored. Dyachenko speculated that the database likely
belonged to one of the WWE's marketing teams, as social media tracking data was
also found.
If that wasn't bad enough, a second database was found
shortly after, held on another AWS server and again entirely unprotected. This one appeared to hold data primarily on
European customers, and contained only addresses, names and telephone numbers.
Something to get my students thinking. What is it and why would my organization be targeted?
…
The Oxford
English Dictionary
defines cyberwar as the “use of computer technology to
disrupt the activities of a state or organization.”
It is for this reason that many experts
dispute that cyberwarfare actually constitutes war.
Instead, they believe that cyberwarfare is
better viewed as a sophisticated version of sabotage or espionage.
A new term of art?
Apple’s ‘Differential Privacy’ Is About Collecting Your
Data—But Not Your Data
… "Differential
privacy is a research topic in the areas of statistics and data analytics that
uses hashing, subsampling and noise injection to enable...crowdsourced learning
while keeping the data of individual users completely private.
Is the Enterprise Social Media be used anti-socially? If so, who is liable?
Wiretap Raises $4.9 Million to Monitor Enterprise Social
Networks
Wiretap has developed a platform that provides visibility
into an increasingly important but dark aspect of corporate life: the enterprise
social network (ESN). Slack is a prime
example, although there are many others such as Microsoft Yammer, and Workplace
by Facebook.
ESNs provide the modern 'water-cooler' environment, where
employees meet informally for both corporate and social collaboration.
The difficulty for management is that it has
no visibility into that environment, leaving a new and
unmeasured threat vector.
… Wiretap monitors
the ESNs and provides unique visibility into corporate sentiment. Using artificial intelligence, including
behavioral and linguistic analysis, it provides management awareness of corporate social health. [Might be fun to ask my
students to define that… Bob] This could be used to highlight the problems
that initially cause dissatisfaction and ultimately lead to insider threats,
allowing HR to intervene and address the problem. Or it could be used to monitor for potential
or actual leaks of PII or IP.
At the intersection of Privacy and Anti-trust?
…
In an earlier
article, two of us (Bala and Srinivasa) provided a context
to understand the respective argument of the EU and Google using the lens of
digital-age markets.
We highlighted how
antitrust, the underpinnings of which are based on industrial-age economic
theories, needs new thinking in the digital age to ensure that antitrust
policies continue to remain effective guardians of consumer welfare without
inadvertently impeding economic progress.
I continue to watch…
Twitter’s lawsuit over U.S. surveillance gag order moves
forward
A U.S. judge ruled on Thursday that Twitter could move
forward with a lawsuit that aims to free technology companies to speak more
openly about surveillance requests they receive from the U.S. government.
The U.S. government had failed to show the kind of “clear
and present danger” that could possibly justify restraints Twitter’s constitutional
right to talk about surveillance requests, U.S. District Judge Yvonne Gonzalez
Rogers in Oakland, California, said in a written order.
Perspective.
June's Windows numbers: Microsoft Windows 7 maintains grip
… June's Windows 7
user share -- an estimate of the percentage of the world's personal
computers powered by the eight-year-old operating system -- was 49%, according
to U.S. analytics company Net Applications. However, Windows 7 ran 53.6% of all Windows
machines. (The difference between the
two figures stems from the fact that Windows powers 91.5% of the globe's
personal computers, not 100%.)
Windows 7's share has not budged in the last 12 months,
even as other editions have gone through substantial shifts.
Any value for Criminal Justice students?
When it launched in 2014, the Serial podcast
pumped new life into the audio genre. The
weekly investigative journalism format was an immediate hit. And listeners couldn’t get enough of host Sarah
Koenig’s in-depth reporting into the criminal trial of Adnan Syed.
For many listeners and podcasters alike, Serial
is what invigorated their interest in podcasts. Whether or not that’s the case for you, Serial
is a great example of investigative journalism in podcasting at its absolute
finest.
If you’re looking for similarly well-researched and
binge-worthy podcasts — which you can
manage using Pocket Casts — look no further than the
podcasts below.
Of course I’m interested.
Kaspersky Releases Open Source Digital Forensics Tool
Kaspersky Lab researcher
Vitaly Kamluk has released the source code of Bitscout, a compact and
customizable tool designed for remote digital forensics operations.
Bitscout, which is not an official Kaspersky product,
initially started as a hobby project a few years ago, and it has been
continually improved based on the requirements that arose in Kaspersky
investigations involving digital forensics.
Bitscout 2.0 – version 1.0 was never released to the
public – enables forensic investigators to remotely analyze a system, while
allowing the system’s owner to monitor the expert’s activities and ensure that
their access is limited to the targeted disks. The tool can be useful to researchers, law
enforcement cybercrime units, and educational institutions.
…
The Bitscout
source code and basic usage instructions are available on GitHub.
For all my spare time?
…
Big Library Read calls
itself the first global book club.
And
it could very well be true because, so far, the idea of an “online book club”
has been used rather loosely.
Yes, there
are Facebook Groups by the bucketful, and there are Goodreads book groups too,
and Oprah’s book club is also insanely popular.
But Big Library Read is something different. I t works
like an actual book club and it sends you back to where it all started — your
local library.
·
OverDrive is the big organization behind the
Big Library Read program.
Its catalog
holds over 2 million ebooks, audiobooks, and videos.
Chances are your library will be among the
30,000 libraries in 40+ countries in their network.
· Find if your library is among the OverDrive
partners with the help of their
library finder.
· If it is, you can borrow ebooks and
audiobooks instantly, for free, with Libby (the OverDrive app
for iOS, Android, and Windows Phones).