An unusually large post from DataBreaches, but
that’s good for my students.
Protenus,
Inc. has released its February Breach
Barometer, with its analysis of 39 health data incidents compiled
for them by this site. As I have done in companion posts to their
previous reports, I am providing a list, below, of the incidents upon
which their report is based. Where additional details are available,
I have linked to them. In some cases, as in past months, the only
information we have is what HHS has posted on their public breach
tool (referred to by some as the “Wall of Shame”). Because HHS’s
reporting form results in ambiguous reports, some incidents reported
to HHS wind up being coded as “UNKNOWN” for breach vector in
Protenus’s analyses. Similarly, HHS’s form does not seem to
result in accurate estimates of the role of third parties or Business
Associates, and Protenus’s report contains more reports involving
third parties than HHS’s list would suggest or indicate.
Unlike previous months’ reports, though, you
will see four “nonpublic” incidents in this
month’s tally. I will be discussing those four incidents later in
this post, but let’s start with a few of the highlights from
Protenus’s report for February:
-
39 incidents, with details for 28 of them;
-
348,889 records for the 28 incidents for which we had numbers;
-
16 Insider incidents, accounting for 177,247 records: 15 out of 16 were insider-error, and 1 was insider-wrongdoing;
-
13 Hacking incidents, accounting for 160,381 records;
-
11 Business Associate/Third Party incidents; and
-
23 of the 39 incidents involved providers.
See their report for additional statistics and
analyses, including their analyses of gap to discovery of breaches
and gap to reporting/disclosing of breaches. Here is the list of the
39 incidents compiled for February:
Something my students will be discussing this
Quarter. At last, a recommendation for a paper trail! But no way to
match it to vote totals?
Senate
Intel Committee gives Homeland Security its election security wish
list
In a press conference today, the Senate Select
Committee on Intelligence presented its urgent recommendations for
protecting election systems as the U.S. moves toward midterm
elections later this year.
[The one
page PDF:
https://www.burr.senate.gov/imo/media/doc/One-Pager%20Recs%20FINAL%20VERSION%203-20.pdf
Lots to chew on here. How much it will change
Facebook or social media in general remains to be seen. Probably not
much.
Facebook,
Cambridge Analytica, the 2016 Election, and a colossal
misappropriation of social media data
News about the media frenzy linking a whole lot of
high profile news stories together – Facebook
CEO Zuckerberg’s disappearing act, Cambridge
Analytica’s ‘harvesting’ of 50 million FB users’ data
[without permission – and directed by Steve
Bannon] which helped explain the role that the company played
when it was embedded
with the Trump campaign in 2016]; the Mueller
investigation, the Comey
book, the McCabe
firing, and the weather (happy Spring – enjoy
Washington’s biggest snowstorm of the season) is yet to reach a
crescendo, so hang in there. Along with the impact of the DC area
snow storm on budget funding deadline, we are also waiting for
Facbook’s
official response to yet another ‘breach’ of trust and data,
and more evidence about how the social media data of tens of millions
of users was appropriated and used by a UK
conglomerate that has some very troubling history with its
involvement
in elections in the US and UK and beyond – and
it use of self destructing email to cover its trail.
I
posted over a dozen references and sources on this issue when it
began to break, and I use the word ‘began’ cautiously. The
massive, unmonitored [dubbed
harvesting] collection of social media user data is far greater than
users of various applications have been willing to address, or even
attempt to mitigate against future harvesting efforts [if they have
any capability of doing so in the first place – which remains
unclear]. This premise stands completely separate from the concept
of any regulatory function or layer that may exist between users and
the companies, here and abroad, that acquire our data (often at no
cost at all) and use it until such time that a whistleblower
or two enter from stage left and lift the curtain on all the backend
techie sausage making.
And via Cory Doctorow – Yet
Another Lesson from the Cambridge Analytica Fiasco: Remove the
Barriers to User Privacy Control
See also via MIT Technology Review – The
Cambridge Analytica affair reveals Facebook’s “Transparency
Paradox”
(Related) I shouldn’t have to tell my students,
but it can’t hurt.
https://www.eff.org/deeplinks/2018/03/how-change-your-facebook-settings-opt-out-platform-api-sharing
How To
Change Your Facebook Settings To Opt Out of Platform API Sharing
(Related)
Facebook
has lost nearly $50 billion in market cap since the data scandal
Clearly we (NSA) have weapons. When can they be
used and against what targets?
U.S.
Military Should Step Up Cyber Ops: General
General John Hyten, who leads US Strategic Command
(STRATCOM), told lawmakers the US has "not gone nearly far
enough" in the cyber domain, also noting that the
military still lacks clear rules of cyber engagement.
"We have to go much further in treating
cyberspace as an operational domain," Hyten told the Senate
Armed Services Committee.
"Cyberspace needs to be looked at as a
warfighting
domain, and if somebody threatens us in cyberspace we need to
have the authorities to respond."
Hyten noted, however, that the US had made some
progress in conducting cyber attacks on enemies in the Middle East,
such as the Islamic State group.
His testimony comes weeks after General Curtis
Scaparrotti, commander of NATO forces in Europe, warned that US
government agencies are not coordinating efforts to
counter the cyber threat from Russia, even as Moscow conducts a
"campaign of destabilization."
And last month, Admiral Michael
Rogers, who heads both the NSA – the leading US electronic
eavesdropping agency – and the new US Cyber Command, said President
Donald Trump had
not yet ordered his spy chiefs to retaliate against Russian
interference in US elections.
(Related) The terrorist organization and
individual actors; how about funding sources and nations that provide
shelter and training?
'Slingshot'
Campaign Outed by Kaspersky is U.S. Operation Targeting Terrorists:
Report
Earlier this month, Kaspersky published a report
detailing the activities of a threat actor targeting entities in the
Middle East and Africa — sometimes by hacking into their Mikrotik
routers. The group is believed to have been active since at least
2012 and its members appear to speak English, the security firm said.
The main piece of malware used by the group has
been dubbed Slingshot
based on internal strings found by researchers. Kaspersky identified
roughly 100 individuals and organizations targeted with the Slingshot
malware, mainly in Kenya and Yemen, but also in Afghanistan, Libya,
Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.
CyberScoop
claims to have learned from unnamed current and former U.S.
intelligence officials that Slingshot is actually an operation of the
U.S. military’s Joint Special Operations Command (JSOC), a
component of Special Operations Command (SOCOM), aimed at members of
terrorist organizations such as ISIS and al-Qaeda. SOCOM is well
known for its counterterrorism operations, which can sometimes
include a cyber component.
Something to liven up those dull PowerPoint
slides? Screaming, groaning, weeping students perhaps?
ZapSplat -
Thousands of Free Sound Effects
ZapSplat
is a website that offers more than 20,000 sound effects and songs
that you can download and
re-use for free. The licensing that ZapSplat uses is
quite clear.
As long as you cite
ZapSplat, you can use the sound effects and music in your
videos, podcasts, and other multimedia projects.
ZapSplat
does require you to create an account in order to download the MP3
and WAV files that it hosts. Once you have created an account you
can download as many files as you like. ZapSplat does offer a "Gold"
account. The benefit of a Gold account is that you don't have to
cite ZapSplat and access to an expanded library of sounds.
No comments:
Post a Comment