A reminder: Just because we rarely see their name
in the list of ‘usual suspects’ does not mean they aren’t
capable.
Saudi
foreign minister calls Iran most dangerous nation for cyber attacks
… Asked who he believed was the most dangerous
nation in terms of cyber attacks and Al-Jubeir was unequivocal.
"The most dangerous nation behind cyber
attacks? Iran," Al-Jubeir said.
"Iran is the only country that has attacked
us repeatedly and tried to attack us repeatedly. In fact they tried
to do it on a virtually weekly basis."
… Last September, the U.S. Treasury Department
added two Iran-based hacking networks and eight individuals to a U.S.
sanctions list, accusing them of taking part in cyber-enabled attacks
on the U.S. financial system in 2012 and 2013, Reuters reported.
(Related) Our allies have some skills too.
… The hack had targeted Belgacom, Belgium’s
largest telecommunications provider, which serves millions of people
across Europe. The company’s employees had noticed their email
accounts were not receiving messages. On closer inspection, they
made a startling discovery: Belgacom’s internal computer systems
had been infected with one of the most advanced pieces of malware
security experts had ever seen.
As The Intercept reported
in 2014, the hack turned out to have been perpetrated by U.K.
surveillance agency Government Communications Headquarters, better
known as GCHQ. The British spies hacked into Belgacom employees’
computers and then penetrated the company’s internal systems. In
an eavesdropping mission called “Operation Socialist,” GCHQ
planted bugs inside the most sensitive parts of Belgacom’s networks
and tapped into communications processed by the company.
For my future managers: How do you fail to notice
that you only sent 100,000 letters to notify 600,000 people? I would
never call this a programming error, the program correctly did what
the manager asked it to do.
Jack Corrigan reports:
A programming error kept the IRS from notifying hundreds of thousands of identity theft victims about criminals using their Social Security numbers to get themselves jobs in 2017, according to an internal investigation.
Last year, more than half a million Americans had their identities used by others to get hired, but only first-time victims received a notification from the IRS, the Treasury Inspector General for Tax Administration found. As a result, nearly 460,000 previous victims of employment identity theft were left in the dark about their information getting stolen yet again.
“Most identified victims remain unaware that their identities are being used by other individuals for employment,” TIGTA wrote in its report.
Read more on NextGov.
For my “Why you need a lawyer” lecture.
Revision Legal has a post about insider
leaks. The article starts by discussing the Morrisons case in the
UK, where an employee vindictively leaked data. In a ruling that
surprised many, the court held that although Morrisons was a victim
of their employee, other employees who sued Morrisons could hold
Morrisons liable:
This creates, in effect, a form a strict liability for an employee data leak (at least in the UK). If the ruling is upheld, Morrisons will face a massive legal liability and, without question, the remaining 94,500 employees will join the class action or file their own lawsuits. Further, it is possible that British regulators will follow the court’s ruling and impose heavy regulatory fines and penalties.
The article then turns to legal principles in the
U.S. that would relate to holding an employer liable for an
intentional leak by an employee. As the authors note, it’s
“complicated.”
Read more on JDSupra.
Just in time for the chapter on Law &
Regulation.
David M. Stauss and Gregory Szewczyk of Ballard
Spahr LLP write:
As
we first reported in our January
22, 2018, alert, the Colorado legislature is considering
legislation that, if enacted, would significantly change Colorado
privacy and data security law. On Wednesday, February 14, 2018, the
bill’s sponsors submitted an amended
bill that addresses issues raised by numerous stakeholders,
including Ballard Spahr. The amended bill also was heard before the
House Committee on State, Veterans, and Military Affairs, where it
was unanimously approved.
The
most significant changes are highlighted below.
Read more on The
National Law Review. And yes, read more, as the state statute
has some interesting overlap but also differences between the
proposed state law and HIPAA and GLBA. And if adopted, HIPAA-covered
entities would no longer have a 60-day window from discovery to
notify – they might have only 30 days.
Now we have to depend on the Postal Service to
safeguard the elections? So I have to get a code for Facebook before
I can place an ad like “Bob for President.” Can I get that code
now? I don’t want to wait until Russia send me the text of the ad
they want me to run. (Let’s hope no one else reads this “secret”
code that is written on the postcard!)
Facebook
plans to use U.S. mail to verify IDs of election ad buyers
Facebook Inc will start using postcards sent by
U.S. mail later this year to verify the identities and location of
people who want to purchase U.S. election-related advertising on its
site, a senior company executive said on Saturday.
… The process of using postcards containing a
specific code will be required for advertising that mentions a
specific candidate running for a federal office, Katie Harbath,
Facebook’s global director of policy programs, said. The
requirement will not apply to issue-based political ads, she said.
“If you run an ad mentioning a candidate, we are
going to mail you a postcard and you will have to use that code to
prove you are in the United States,” Harbath said at a weekend
conference of the National Association of Secretaries of State, where
executives from Twitter Inc and Alphabet Inc’s Google also spoke.
“It won’t solve everything,” Harbath said in
a brief interview with Reuters following her remarks.
But sending
codes through old-fashioned mail was the most effective method the
tech company could come up with to prevent Russians and
other bad actors from purchasing ads while posing as someone else,
Harbath said.
No comments:
Post a Comment