It’s amazing how quiet CyberWar is.
U.K.
Launched Major Cyberattack on Islamic State: Spy Chief
The
head of Britain’s Government Communications Headquarters (GCHQ)
revealed this week that the U.K. has launched a major cyberattack on
the Islamic State (IS) group, significantly disrupting its
operations.
The
attack was launched by the GCHQ in collaboration with the U.K.
Ministry of Defence. The operation was the “first time the UK has
systematically and persistently degraded an adversary’s online
efforts as part of a wider military campaign,” GCHQ director Jeremy
Fleming told an audience at the Cyber UK conference in Manchester.
… According
to Fleming, these operations have been aimed at disrupting services
or a specific online activity, deter an individual or group, or
destroy equipment and networks used by the Islamic State, which is
also known as ISIL, ISIS and Daesh.
“In
2017 there were times when Daesh found it almost impossible to spread
their hate online, to use their normal channels to spread their
rhetoric, or trust their publications. Of course, the job is never
done – they will continue to evade and reinvent. But this campaign
shows how targeted and effective offensive cyber can be,” Fleming
said.
… “From
a legal point of view, it may be a tricky question, however,”
Kolochenko added, “as some of their targets may be European or
American citizens, raising complicated issues of the international
law.”
The
US military's secretive Cyber Command (CYBERCOM)
and Europol
have also been conducting operations aimed at the Islamic State’s
online activities.
So, Apple phones were never really that secure?
iPhone
unlocking tool GrayKey sees increased use across all levels of law
enforcement
Back in early 2016, Apple famously refused to
assist the FBI in unlocking
an iPhone 5c belonging to Syed Rizwan Farook, one of the shooters
in that year's San Bernardino attack. The FBI later got into the
device on their own, setting off an entire round of disputes between
the company and federal law enforcement.
Both federal law enforcement and local police
departments have
begun using GrayKey, a relatively inexpensive encryption bypass
tool, and
other tools like it, according to an investigative
piece published by Motherboard.
Vice found, using public records
requests, that the State Department has purchased GrayKey technology,
as have the Indiana and Maryland State Police. The Secret Service
and Drug Enforcement Agency are planning to, and the Indianapolis and
Miami-Dade police departments either have bought the equipment or
have sought it.
… The device can unlock
an iPhone in a matter of hours for a four-digit
passcode, but six-digit passcodes, now the standard, can take as long
as three days, according to an analysis by MalwareBytes.
Describing an increasingly significant target for
the coming cyberwar?
The Smart
Grid: Status and Outlook
CRS report via FAS – The
Smart Grid: Status and Outlook. Richard J. Campbell, Specialist
in Energy Policy. April 10, 2018. “The electrical grid in the
United States comprises all of the power plants generating
electricity, together with the transmission and distribution lines
and systems that bring power to end-use customers. The “grid”
also connects the many publicly and privately owned electric utility
and power companies in different states and regions of the United
States. However, with changes in federal law, regulatory changes,
and the aging of the electric power infrastructure as drivers, the
grid is changing from a largely patchwork system built to serve the
needs of individual electric utility companies to essentially a
national interconnected system, accommodating massive transfers of
electrical energy among regions of the United States. The
modernization of the grid to accommodate today’s more complex power
flows, serve reliability needs, and meet future projected uses is
leading to the incorporation of electronic intelligence capabilities
for power control purposes and operations monitoring. The “Smart
Grid” is the name given to this evolving intelligent electric power
network. The U.S. Department of Energy (DOE) describes the Smart Grid
as “an intelligent electricity grid—one that uses digital
communications technology, information systems, and automation to
detect and react to local changes in usage, improve system operating
efficiency, and, in turn, reduce operating costs while maintaining
high system reliability.”
Why no fine? Have they “agreed” to be treated
just like everyone else?
Uber has agreed to
expand a settlement it reached with the Federal Trade Commission
(FTC) last year in light of a massive data breach that the company
revealed months after the agreement with regulators to settle
previous privacy violations.
Like the
previous
settlement, which was reached in August, the revised agreement
does not include a monetary fine for the breach that compromised
information for 57 million people.
… Under
the terms of the new agreement, Uber has to disclose any future data
breaches to the FTC or risk fines.
My Computer Security students will build their own
encryption system.
Russian
court bans access to Telegram messenger
A Russian court on Friday ordered that access to
the Telegram messenger service should be blocked in Russia, Russian
news agencies reported, heralding communication disruption for scores
of users - including government officials.
The decision came a week after Russia’s state
communication watchdog filed a lawsuit to limit access to Telegram
messaging app following the company’s refusal to give Russian state
security services access to its users messages.
An interesting commentary on a program that might
be coming to a neighborhood near me.
Joe Cadillic doesn’t just advocate online. He’s
active offline and in his community. After attending a recent public
meeting on the use of the Boston police cam-share program, Joe
submitted a letter to the editors of the Dorchester Reporter.
And not for nothing, but Joe tells me that after
he made his public comments at the community hearing, the police told
the attendees at the meeting that they didn’t appreciate Joe
discussing it all in front of the public.
I just bet they didn’t appreciate it. You ROCK,
Joe!
Here’s Joe’s submitted letter, reproduced with
his permission:
BPD’s Community Cam-Share Privacy Concerns
I am a Clam Point resident who recently became aware of the Boston Police Department’s (BPD) new Community Cam-Share program.
Businesses sharing CCTV footage with police after a crime has been committed and police have issued a subpoena, has been going on for years with great success. Sharing video footage of an alleged crime aids law enforcement in arresting criminals and helps keep our neighborhoods safe.
But there are privacy concerns about the new cam-share program that business owners and residents should be aware of.
Police cam-share programs have been popping up across the country under different names like ProjectNola and Project Greenlight. These programs begin with police asking businesses and homeowners to voluntarily link their CCTV cameras to a police department but after a year or two they become mandatory.
A comment made by then District 11 Captain Tim Connolly to the Dorchester Reporter revealed how the police hope to eventually create a city wide surveillance network using community cam-share cameras. (https://www.dotnews.com/2017/police-seek-catalog-private-security-cameras)
Connecting every CCTV camera to a city-wide surveillance center run by the Boston Regional Intelligence Center is disconcerting. Especially after it was just revealed that they have been secretly spying on residents social media without City Hall’s knowledge. (https://www.aclu.org/blog/privacy-technology/internet-privacy/boston-police-used-social-media-surveillance-years-without)
Why does the BPD retain all rights to video footage from a business camera? Why aren’t business owners allowed to release any footage or still images at their own discretion? What precautions are in place to ensure it won’t be deleted or edited? (http://columbiasavinhillcivic.org/wp/wp-content/uploads/2017/11/Cam-Share-Registration-FormUPDATED.pdf)
With violent crimes in Boston and across the country declining or at all-time lows, the questions residents should be asking is why do we need more surveillance? Boston used to be known as the ‘cradle of liberty’, let’s keep it that way.
Joe Cadillic is a former private investigator, member of the Digital Fourth and a privacy, civil rights blogger. (https://massprivatei.blogspot.com/)
Good questions all, but it’s hard not to do
better than the Senate.
What
Wharton Faculty Would Have Asked Mark Zuckerberg
… Sen. Orrin Hatch (R-Utah), for example,
asked Zuckerberg, “How do you sustain a business model in which
users don’t pay for your services?” With a straight face, the
Facebook CEO said, “Senator, we run ads.” Social media had a
field day lampooning members of Congress with cheeky
memes and YouTube video
clips.
Perspective. Personal Computers are being
replaced by several newer technologies. Can you name four or five?
Gartner:
Global PC shipments fell 1.4% in Q1 2018, 14th straight quarter of
decline
… Gartner and IDC analysts have pointed to a
variety of factors as contributing to this past quarter’s decline,
including component shortages and a rising bill for materials that
translates to higher prices. The only consistent factor every
quarter, however, is that the
PC simply isn’t as in-demand as it once was.
Something for the
toolkit!
NIST’s
New Quantum Method Generates Really Random Numbers
“Researchers at the National Institute of
Standards and Technology (NIST) have developed
a method for generating numbers guaranteed to be random by quantum
mechanics. Described
in the April 12 issue of (link is external)Nature
(link is external), the experimental technique surpasses all
previous methods for ensuring the unpredictability of its random
numbers and may enhance security and trust in cryptographic systems.
The new NIST method generates digital bits (1s and 0s) with photons,
or particles of light, using data generated in an improved version of
a
landmark 2015 NIST physics experiment. That experiment showed
conclusively that what Einstein derided as “spooky action at a
distance” is real. In the new work, researchers process the spooky
output to certify and quantify the randomness available in the data
and generate a string of much more random bits. Random numbers are
used hundreds of billions of times a day to encrypt data in
electronic networks. But these numbers are not certifiably
random in an absolute sense. That’s because they are generated by
software formulas or physical devices whose supposedly random output
could be undermined by factors such as predictable sources of noise.
Running statistical tests can help, but no statistical test on the
output alone can absolutely guarantee that the output was
unpredictable, especially if an adversary has tampered with the
device…”
No comments:
Post a Comment