Tuesday, January 01, 2019

Should be interesting.
While most people in the U.K. and U.S. might have been preparing for New Year’s Eve celebrations, the hackers known as thedarkoverlord had their own plans for the evening, and their plans seemed to involve spoiling the plans of a number of corporative executives on both sides of the Atlantic.
Earlier in the day, the hackers, whose past hacks and extortion demands have been covered extensively on this site, announced that a law firm hack earlier in 2018 that had not garnered much notice had been one of their hacks. That hack, they claim, had reportedly given them access to files from major insurers such as Hicsox Group and Lloyd’s of London.
But it was in poring through the files they obtained that the hackers realized that they had acquired a treasure trove of files concerning the World Trade Center attacks and post-attack litigation. And as you might expect with such complex litigation involving subrogation, there were files containing Sensitive Security Information “from the likes of the FBI, CIA, TSA, FAA, DOD, and others.”
By the time they were done pillaging, thedarkoverlord had acquired what they described as 18,000 files relating to the litigation.
Consistent with their past methods, thedarkoverlord claims that they had offered to keep the files out of the public’s eye if their victim paid them . And the victim did pay, they say, but as in the Larson Studio case, the victim then allegedly cooperated with law enforcement, which thedarkoverlord viewed as a breach of their contract. When the victim was unwilling to pay an additional penalty, thedarkoverlord went public with a sample of files, a new Twitter account (@tdo_h4ck3rs) to tweet out some files, and some threats.




A good backgrounder for my students. (Have someone read this to a Congressman)
Artificial intelligence can’t save us from human stupidity | Editorial
Looking over the year that has passed, it is a nice question whether human stupidity or artificial intelligence has done more to shape events. Perhaps it is the convergence of the two that we really need to fear.
… It is possible to make them represent their reasoning in ways that humans can understand. In fact, in the EU and Britain it may be illegal not to in certain circumstances: the General Data Protection Regulation (GDPR) gives people the right to know on what grounds computer programs make decisions that affect their future, although this has not been tested in practice. This kind of safety check is not just a precaution against the propagation of bias and wrongful discrimination: it’s also needed to make the partnership between humans and their newest tools productive.




Background for my Computer Security students.




A job my students should consider. (And some skills I have to teach.)
The New (And Misunderstood) Role of the GDPR Data Protection Officer
… Core competencies
Three areas of significant experience are absolute requirements for this position:
  • Knowledge of how GDPR regulations and all applicable national data protection law apply to the organization’s data processing practices;
  • Significant experience with IT security audits and threat assessment; and
  • Strong communication skills across a variety of organizational positions and departments.




Interesting and worth thinking about.
Look Beyond the Regulations to See What 2019 Has in Store for the Privacy Industry
… here are my predictions concerning data privacy in 2019:
The Rise of the CISO and CTO – Privacy is a data issue, and that’s the responsibility of the CTO and sometimes the CISO.
The Data Protection Continuum – Privacy and security will start to be seen as a Data Protection Continuum, with privacy telling you “what” is important and “why,” and security telling you “how” to protect it
Privacy vs. Data Industrial Complex – In 2019, organizations will recognize they need to be concerned about the private data they hold – even if they themselves don’t intend to monetize it.
Growth of Data Privacy Automation – People will realize that automation at the data layer is the only feasible way to ensure continuous compliance related to data privacy laws. [This is why I changed so many of my lectures on Security and Software Architecture. Bob]




Perspective. The Luddites of 2019?
Wielding Rocks and Knives, Arizonans Attack Self-Driving Cars
… “They didn’t ask us if we wanted to be part of their beta test,”
At least 21 such attacks have been leveled at Waymo vans in Chandler, as first reported by The Arizona Republic. Some analysts say they expect more such behavior as the nation moves into a broader discussion about the potential for driverless cars to unleash colossal changes in American society. The debate touches on fears ranging from eliminating jobs for drivers to ceding control over mobility to autonomous vehicles.
“People are lashing out justifiably," said Douglas Rushkoff, a media theorist at City University of New York and author of the book “Throwing Rocks at the Google Bus.” He likened driverless cars to robotic incarnations of scabs — workers who refuse to join strikes or who take the place of those on strike.




If you really, really love movies…


No comments: