Once inside as Admin, the bad guys could go global? Probably better to divide your IT systems.

https://www.cbronline.com/news/norsk-hydro-update

Norsk Hydro Attack Contained, New Website Live, Samples Analysed

Two days after first announcing a crippling cyber attack, major metals producer Norsk Hydro has launched a new website, says it has succeeded in “detecting the root cause” of the problems and is currently working to restart the company’s IT systems.

… The company added: “Currently, the only known way to remove LockerGoga from your system is to restore from backup.”

(Related)

https://www.grahamcluley.com/hydro-working-hard-to-recover-following-ransomware-attack/

Hydro working hard to recover following ransomware attack

… Hydro’s entire global network was taken down by the attack. The company’s US factories were amongst those affected, as well as smelting plants in Norway. However, other facilities - including the firm’s power plants - are functioning normally.

The Norwegian National Security Authority (NSM) has said that the relatively new LockerGoga ransomware was to blame for the incident.

… Unlike many other families of ransomware, LockerGoga appears to only be being used in a limited fashion, with specific organisations being targeted for attack. And for that reason it doesn’t have its own mechanism of spreading throughout an organisation.

That makes LockerGoga different from other hard-hitting ransomware such as Wannacry or NotPetya, which cared little about the organisations it infected. For LockerGoga to be successfully deployed inside a targeted organisation it needs to already have admin rights.

Easily automated. A good thing my Ethical Hacking students pledge not to do this.

https://www.zdnet.com/article/lithuanian-man-pleads-guilty-to-scamming-google-and-facebook-out-of-123-million/

Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million

A Lithuanian man admitted today to defrauding Google and Facebook out of $123 million by using fake invoices to trick employees into wiring money to his bank accounts.

… US officials said Rimasauskas operated by using a company he set up that employed a name similar to Quanta, a reputable provider of data center hardware products.

He targeted Google and Facebook because both companies run their own data centers and were known to have had business relations with Quanta.

… He used fake invoices, contracts, and letters that fooled Google and Facebook employees into sending requested payments to the bank accounts provided by Rimasauskas, located at banks in Latvia and Cyprus.

US authorities said that as soon as the suspect received payments in these bank accounts, they were immediately transferred to other banks in Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong, at accounts controlled by Rimasauskas.

Rimasauskas ran the scheme for three years between 2013 and 2015, allegedly defrauding Google out of $23 million and Facebook out of $100 million.

An article for my lawyer friends who STILL don’t encrypt client data.

The Lawyer’s Duty When Client Confidential Information is Hacked From the Law Firm

Anton Janik, Jr. of Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. writes:

As attorneys, our livelihood is often heavily dependent upon the keeping of secrets. But in this complex electronic-data driven environment we work in, where physical security via locked doors and piercing alarms may no longer be solely sufficient to keep client confidences from prying eyes, what is the modern attorney supposed to do? ABA Opinion 483 provides guidance on a lawyer’s duty when client confidential information is hacked from the law firm.

Read more on JDSupra.

Periodically I need to introduce my students to the “Streisand Effect.”

https://www.washingtonpost.com/technology/2019/03/20/devin-nunes-cow-twitter-account-gained-more-followers-than-congressman-after-he-sued-it/?utm_term=.14d084a85921

Devin Nunes sued an obscure Twitter account. Now ‘Devin Nunes’ Cow’ has more followers than the congressman

The Twitter account “Devin Nunes’ cow,” which professes to be “hanging out on the dairy in Iowa looking for the lil’ treasonous cowpoke,” has more than 550,000 followers as of Thursday morning, a dramatic increase from the 1,000 or so before Rep. Devin Nunes (R-Calif.) filed a lawsuit Tuesday accusing the cow account (@DevinCow), Twitter, and two other users of defamation.

Nunes’s own verified account has 396,000 followers.

The suit alleges that the cow account, as well as one called @DevinNunesMom, “repeatedly tweeted and retweeted abusive and hateful content” about the congressman in violation of Twitter user guidelines.

https://en.wikipedia.org/wiki/Streisand_effect

Does this increase Volvo’s liability? “Your system failed to stop the car that crashed into my car!” Is this Okay under the GDPR or California Privacy law?

https://www.engadget.com/2019/03/20/volvo-cameras-sensors-drunk-driving/

Volvo will use cameras to fight drunk and distracted driving

Volvo plans to use cameras and sensors inside cars to combat drunk and distracted driving. The vehicles may intervene if a driver doesn't respond to warning signals – cars may limit their speed, alert the Volvo on Call service (which will contact the driver) or perhaps even slow down and park. Volvo on Call may send additional help if necessary.

… With those cameras and sensors, however, come inevitable concerns about surveillance and whether drivers will be comfortable with being explicitly monitored while they're behind the wheel. Volvo is aware of those worries though. It "wants to start a conversation about whether car makers have the right or maybe even the obligation to install technology in cars that changes their drivers' behavior," it said in a press release.

Perspective. Perhaps “percent of revenue” should be replaced with “percent of market value.” Or whichever is greater?

https://www.cnbc.com/2019/03/20/google-eu-fine-investors-not-worried.html

Google was slapped with another huge EU fine — and investors didn’t bat an eye

Google was hit with another fine from EU antitrust regulators Wednesday, and investors didn’t bat an eye.

The stock rose 2 percent by the end of trading, outpacing Apple and Microsoft for the day and adding nearly $17 billion to the company’s market value.

Perspective. I see this as a very good thing. The scut work was always handed to new Project Management people (the same thing happens in most fields) so many just dropped out.

https://www.zdnet.com/article/whither-project-managers-ai-will-take-80-percent-project-management-tasks-says-gartner/

Whither project managers? AI will take 80 percent project management tasks, says Gartner

Gartner projected that by 2030, 80 percent of that tasks involved in project management will be eliminated. Things like data collection, tracking and reporting will be taken over by AI.

… Gartner recommends that project and portfolio management leaders look into using conversational AI, machine learning and robotic process automation.

Also a scut work issue, as lots of police work seems to be.

https://www.cnet.com/news/facial-recognition-overkill-how-deputies-solved-a-12-shoplifting-case/

Facial recognition overkill: How deputies cracked a $12 shoplifting case

On a Saturday afternoon in late November 2017, a woman walked into a Wilco Farm store in Oregon, stuffed a $130 pair of Georgia Boots in her purse and walked out.

About 24 hours later, she turned herself in to the Washington County jail.

… The speedy investigation was made possible by Amazon's Rekognition, facial recognition software that let the Washington County Sheriff's Office create its own searchable database of county jail mugshots. A WCSO deputy watched a surveillance recording of the woman pilfering the boots, grabbed pictures of her face from the footage and imported them into the sheriff's office's new tool. He quickly got back a digital lineup of mugshots and found a possible match.

… WCSO officials confirmed they've mostly trained this sophisticated and controversial tool on mundane crimes, including one in which a woman stole a $12 gas tank from an Ace Hardware store, a CNET investigation into WCSO police reports found.

… "The investigation of petty crimes does not justify the creation of a massive facial recognition database like this one," he said. [But since they already have the database, why not use it for anything it can help them with? Bob]

This isn’t funny.

https://dilbert.com/strip/2019-03-21

That’s it! Tomorrow I’m converting this to a ‘Beauty Blog!’

https://www.cnn.com/2019/03/19/tech/glossier-valuation-unicorn/index.html

Glossier started as a beauty blog and is now valued at $1 billion

Glossier is now a unicorn.

The New York-based beauty brand is now valued at $1.2 billion following its latest funding round, according to a source familiar with the deal.

… In 2010, Weiss started a popular blog called "Into the Gloss" with beauty tips, trends and tutorials. She used it to launch beauty and skincare brand Glossier four years later, which offers simple and affordable products.

Glossier has since attracted a cult-like following with nearly 2 million followers on Instagram. Weiss has been credited with being especially effective at using social media to reach customers.