Monday, July 15, 2019


Once upon a time, governments cared about fair elections. How many “election officials” are elected?
AP Exclusive: New Election Systems Use Vulnerable Software
AP via US News – “Pennsylvania’s message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems. But there’s a problem: Many of these new systems still run on old software that will soon be outdated and more vulnerable to hackers. An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts. That’s significant because Windows 7 reaches its “end of life” on Jan. 14, meaning Microsoft stops providing technical support and producing “patches” to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023. Critics say the situation is an example of what happens when private companies ultimately determine the security level of election systems with a lack of federal requirements or oversight. Vendors say they have been making consistent improvements in election systems. And many state officials say they are wary of federal involvement in state and local elections…”




An increasingly common behavior. If your backup/recovery process isn’t already making significant progress, they know it probably never will.
Syracuse ransomware operators increase their demands as victims miss payment deadlines
Ransomware operators struck the schools as early as Monday last week, leaving the district struggling for seven days now. School administrators didn’t know why their systems were failing until they learned they had been infected with ransomware.
A spokesman said an “attack froze the district from accessing our own systems,” according to local news outlet Syracuse.com. Citing a source familiar with the matter, the report also reveals that, “the unknown hackers’ demands keep increasing as the district misses deadlines for payment.”
The SCSD’s insurer is urging administrators to pay the attackers, but the school district is following the FBI’s standard advice in ransomware cases — refrain from paying the criminals. [If you fail to follow the insurer’s advice, does that void your coverage? Bob]
It is unclear whether the FBI has stepped in to help or the SCSD is merely taking a page from the FBI’s booklet on dealing with ransomware.
The district’s insurer is increasingly restless about the damage it will have to cover in case the ransom is not paid, sources say. A spokesman said the district had been instructed to keep details under wraps until a forensic audit is completed.




Some interesting language.
FBI Wants to Invest in Social Media Surveillance Tool
The FBI is looking into gaining more control over social media and the content shared on these platforms, allegedly to keep a closer eye on terrorist organizations, crime groups and national security threats, the agency announced last week.
The organization issued a Request for Proposal (RFP) looking for contracts for a social media surveillance tool that would alert them to suspicious online behavior.
The tool would monitor keywords and gather data about social media users such as IDs, emails, IP addresses, phone numbers and location history, yet the FBI claims it would not violate civil liberties and user privacy.
It’s hard to believe the US government would not violate user privacy while conducting major surveillance over the web. The pervasiveness of any such tool is open to question, considering US President Donald Trump has expressed interest in using social platforms to monitor immigrants as well as people on disability benefits?




It probably is this simple.
4 Essentials for Complying With the New Data Privacy Regulations



No comments: