Monday, April 15, 2019


A new type of attack or merely poor reporting (or maybe Garfield has no clue how ransomware works)?
Ransomware attack hits Garfield County, shutting off its computer access for weeks
A ransomware attack hit Garfield County's computer systems, crippling them for weeks before they were able to pay to get access to their own data, officials confirmed to FOX 13.
"All of our data had been taken," [Not encrypted in place? Bob] Garfield County Attorney Barry Huntington said of the recent data breach.
Someone clicked on a phishing email earlier this year that launched a ransomware attack, swiping up a number of county offices' data and locking it away.
"The Assessor's Office, the Recorder's Office, some of the files had been taken and we didn't know how or why," Huntington said Thursday. "Eventually we received an email stating that some terrorists had taken our information and if we wanted it back, we had to pay them."
"We were told to leave our computers off while the FBI and the state looked into it," Huntington said.
Garfield County ultimately paid a ransom to someone in Bitcoin to get access to its files, phones and systems again, the county attorney said. Access was restored in March.
Backups are essential. For many governments, they contract with outside services to provide IT support. Collins said it's a good practice for cities or counties to make sure offsite backups are continually working.
"Backup your files regularly, keep them offline," he said.
Huntington said Garfield County has largely recovered from the attack and has already spent money and taken steps to have more secure systems.




This could impact self-driving cars too.
The Russians are screwing with the GPS system to send bogus navigation data to thousands of ships, think tank claims
On May 15, 2018, under a sunny sky, Russian President Vladimir Putin drove a bright orange truck in a convoy of construction vehicles for the opening of the Kerch Bridge from Russia to Crimea. At 11 miles long, it is now the longest bridge in either Europe or Russia.
As Putin drove across the bridge, something weird happened. The satellite navigation systems in the control rooms of more than 24 ships anchored nearby suddenly started displaying false information about their location. Their GPS systems told their captains they were anchored more than 65 kilometers away — on land, at the Anapa Airport.
This was not a random glitch, according to the Centre for Advanced Defense, a security think tank. It was a deliberate plan to make it difficult for anyone nearby to track or navigate around the presence of Putin, C4AD says.
Your phone, law enforcement, shipping, airlines, and power stations — anything dependent on GPS time and location synchronization — are all vulnerable to GNSS hacking.




A warrant for data they know is unavailable?
What Happened When The DEA Demanded Passwords From LastPass
In one case—the first documented government request to any major password manager — the Drug Enforcement Administration (DEA) demanded logins and physical and IP addresses, as well as communications between a user and LogMeIn, the owner of massively popular tool LastPass. It’s an encrypted vault for storing passwords. The DEA was seeking information related to a LastPass customer, Stephan Caamano, suspected of dealing drugs via the dark Web and Reddit, according to a search warrant detailing the request.
Passwords were not handed over, but LastPass did return IP addresses used by the suspect, alongside information about when Caamano’s LastPass account was created and when it was last used. According to the government’s application for the search warrant, filed at the end of January 2019: “Such information allows investigators to understand the geographic and chronological context of LastPass access, use, and events relating to the crime under investigation.”
With enough evidence in hand, police arrested Caamano on May 29, when they seized a mobile device on which LastPass was installed. Police were also able to bypass encryption on the suspect’s CyberPowerPC, where they discovered an extension app for LastPass. But as they didn’t have the master password, the police couldn’t get access to the account and the logins within.
Despite its demand, the government could never have expected passwords from LastPass. A LogMeIn spokesperson explained: “User passwords stored on LogMeIn's servers are only done so in an encrypted format. The only way they get decrypted is on the user’s side, and the way that happens—the decryption key—is the user’s master password (used to log into LastPass), which is never received by or available to LogMeIn/LastPass. In other words, we have no means of decrypting user password information on our side, and thus, we are unable to provide these passwords.”




How will libraries be impacted by CCPA?
What e-books at the library mean for your privacy
cnet: “E-books and audiobooks, now standard at libraries, make protecting privacy harder. Titles are usually provided through private companies, which can access your data. And today’s software can create more comprehensive records about you than a simple list of the books you checked out. (You can also get many e-books and audiobooks online free and legally.)… Cybersecurity experts have found bugs in library apps. Erin Berman, who chairs a privacy subcommittee at the American Libraries Association, said a test of products she oversaw at the San Jose Public Library in 2018 found six apps with serious cybersecurity flaws…”




AI: good for the government(?) but bad for the people.
One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority
The Chinese government has drawn wide international condemnation for its harsh crackdown on ethnic Muslims in its western region, including holding as many as a million of them in detention camps.
Now, documents and interviews show that the authorities are also using a vast, secret system of advanced facial recognition technology to track and control the Uighurs, a largely Muslim minority. It is the first known example of a government intentionally using artificial intelligence for racial profiling, experts said.




One to watch?
Ai Everything: UAE to host the world's foremost AI summit to empower global dialogue on the future of government, business and society
Dubai World Trade Center (DWTC) is set to host the first-ever edition of what is to become the most influential Artificial Intelligence (AI) event to date, Ai Everything (AiE). The summit will run from April 30 – May 1, 2019 and will witness the highest calibre of AI talent engage with a thriving global AI community.




Perspective.
3 Reasons Why Investors Should Keep a Close Eye on the Ride-Sharing Market
1. Ride-sharing could be worth $285 billion by 2030
2. Americans' views on car ownership are changing
3. Ride-sharing usage is growing fast



No comments: