A variation on the Nigerian Prince?
Florida
colleges receive extortion demands to avert attacks on campuses
(UPDATED)
Stephanie Brown reports:
An extortion
email apparently sent to several colleges and universities demands
payment in Bitcoin, threatening to commit an attack against campus
students and faculty.
We first told
you Wednesday that the
University
of North Florida
confirmed they had received an emailed extortion threat. The UNF
Crime Alert said law enforcement believed the threat was “likely
non-credible”, but that state and federal partners continued to
investigate, in an effort to find out who was responsible.
UNF is not
disclosing the contents of the email they received, but our partner
Action News Jax obtained the email that was sent to Hillsborough
Community College. Action News Jax also checked with
the University of Florida, where a spokesperson says she believes
this threat was the same as UNF received.
Read more on
WOKV.
Okay, I probably know what you’re wondering. I’m curious,
too, but no one’s posted a copy of the threat email, so there’s
not enough information to go on. The reporting doesn’t even
clearly indicate whether either of the colleges were actually hacked
and data exfiltrated or what.
If anyone has more details on these threats, please let me know.
Updated: A report from
TBO
provides additional details that sound familiar to me. Noting that
it is not yet clear how many institutions received the 1,250-word
message from the threat actors, or whether it was limited to Florida,
they report that:
The suspicious email is written so that it doesn’t make
any reference to a specific campus or institution. It demands a
payment of 1.2 bitcoin, or about $18,035 in the volatile, untraceable
digital currency.
Should the recipient refuse, the sender threatens to wage
a campaign of confusion, making repeated false threats of bombings
and mass shootings.
“One of these threats will be legitimate. Which one
will be a surprise,” the email reads. “You will be forced to
evacuate the campus.”
The sender adds a dramatic twist: “Every night I will
roll a single die. If a six comes up, I will instruct my compatriots
to follow through on the attack and kill as many people as possible …
It will be public knowledge that you failed to take this threat
seriously.”
Old technology is not “proven” technology.
https://hotforsecurity.bitdefender.com/blog/russian-atm-hacked-with-5-keystrokes-video-19381.html
Russian ATM hacked with 5
keystrokes – Video
In early December, an employee of Russian website Habrahabr went
to get some cash from a Sberbank ATM that incidentally had a
full-size keyboard. Out of boredom, as the man recalls, he started
hitting the Shift key repeatedly when, all of the sudden, the Sticky
Keys feature switched on, giving him full access to the machine’s
underlying
Windows XP
operating system.
… By pressing the Shift key five times in a row, Windows
serializes keystrokes, allowing the user to press and release
modifier keys. This eliminates the need to hold one key with a
finger while reaching for other keys.
While it’s certainly helpful to users who have physical
disabilities or to those with Emacs Pinky syndrome, Sticky Keys
leaves Windows-based ATMs vulnerable to attacks – especially when
customers are offered a full-size keyboard. The hack was captured on
video and posted to YouTube (embedded below) for everyone’s viewing
pleasure.
“What you are” is a password.
https://hotforsecurity.bitdefender.com/blog/behavioral-biometrics-will-replace-passwords-by-2022-gartner-19401.html
Behavioral biometrics will
replace passwords by 2022 – Gartner
… Gartner analysts believe on-device AI, as opposed to
cloud-based AI, will mark a paradigm shift in digital security, and
will do so sooner than most people think.
… The research company outlines 10 AI solutions expected to
run on 80% of smartphones in 2022 that will become an essential part
of vendor roadmaps and our everyday lives. At least four of them
impact security.
… “Smartphones will be an
extension of the user, capable of recognizing them and predicting
their next move,” reads
the
report. “They will understand who you are, what you want, when
you want it, how you want it done and execute tasks upon your
authority.”
… New-generation smartphones will
collect behavioral data to more accurately profile the user, paving
the way for dynamic protection and assistance in emergency
situations. It will also benefit insurers. Gartner
speculates that car insurers will be able to adjust insurance rates
based on driving behavior.
… A device with on-board AI could
automatically detect inappropriate content – such as objectionable
images, videos or text – and flag it, or block it altogether.
… Probably the boldest, but also
the most-likely-to-materialize prediction from the report is the idea
that on-device AI will render password-based authentication obsolete
A resource for policy writers?
https://www.bespacific.com/dhs-handbook-for-safeguarding-sensitive-pii/
Handbook
for Safeguarding Sensitive PII Privacy Policy Directive 047-01-007,
Revision 3. Published by the DHS Privacy Office. December 4,
2017.
This Handbook provides best practices and DHS policy requirements
to prevent a privacy incident involving PII/SPII during all stages of
the information lifecycle: when collecting, storing, using,
disseminating, or disposing of PII/SPII. This handbook explains: how
to identify PII and SPII, how to protect PII and SPII in different
contexts and formats, and what to do if you believe PII and/or SPII
has been lost or compromised…”
How should your policy define harassment?
https://www.bespacific.com/january-4-2018-crossing-the-line-what-counts-as-online-harassment/
Crossing the Line: What
Counts as Online Harassment?
Americans
agree that certain behaviors constitute online harassment, but they
are more divided on others – “Pew Research Center surveys
have found that online harassment is a
common
phenomenon in the digital lives of many Americans, and that a
majority of Americans feel harassment online is a major problem.
Even so, there is considerable debate over what online harassment
actually means in practice. In an effort to examine more deeply
where people “draw the line” when it comes to online harassment,
the Center conducted a survey in which respondents were presented
with fictional scenarios depicting different types of escalating
online interactions. The survey then asked them to indicate which
specific elements of the story they considered to be harassment.
Their answers indicate that Americans broadly agree that certain
behaviors are beyond the pale. For instance, in various contexts
most agree that online
harassment occurs when people make direct personal threats against
others. At the same time, the public is much more divided
over whether or not other behaviors – such as sending unkind
messages or publicly sharing a private conversation – constitute
online harassment….”
Or not...
https://www.recode.net/2018/1/4/16851892/fcc-final-order-text-net-neutrality-repeal-free-internet
Read all 539 pages of the
FCC’s final order repealing net neutrality
Roughly a month after the Federal
Communications Commission voted to scrap the U.S. government’s net
neutrality rules, the agency has released the full, final text of its
repeal.
… It also gives us a lot more to read: as in
539
pages (which you can read in full below). Pai and his fellow
Republican commissioners —
Michael
O’Rielly and
Brendan
Carr — also released fuller statements explaining their votes,
as did their Democratic counterparts —
Jessica
Rosenworcel and
Mignon
Clyburn — who opposed the repeal.
I like this approach. No monopoly. City can upgrade to “all
fiber.” Many other potential benefits.
https://venturebeat.com/2018/01/04/fort-collins-colorado-moves-ahead-with-civic-broadband-after-net-neutrality-repeal/?google_editors_picks=true
Fort Collins, Colorado
moves ahead with civic broadband after net neutrality repeal
This week, the Fort Collins City Council voted to move ahead with
a ballot measure approved by 57 percent of voters in November, which
allowed, but did not require, the city council to establish a
telecommunications utility to provide broadband services.
Specifically, the city voted this week to approve some of the
first steps needed to install civic broadband. They voted to provide
a
$1.8
million loan to “support first year startup costs associated
with recruiting and hiring personnel, consulting, equipment, and
branding to support the initiative” and to make certain changes to
the city code that will allow the city to become a telecommunications
provider.
… The city of Fort Collins laid out a
broadband
business plan on its website, which “does not call for any
restrictions on access, including uploads, downloads, delivery
methods, or providers (email, Skype, Netflix, etc.).” The plan
also notes that the city will develop additional policies concerning
net neutrality and security.
… One of the best-known municipal broadband networks in the
U.S. is the one
installed
by the city of Chattanooga in 2010. At the time, the city
garnered national attention as the only city-wide network with speeds
of up to 1 gigabyte per second.
Maybe Social Media IS mind control!
http://dilbert.com/strip/2018-01-05