Even an entire country can be a relatively small breach.
Data on
almost every Ecuadorean citizen leaked
Names,
financial information and civil data about 17 million people,
including 6.7 million children, was
found by security company vpnMentor.
The massive
cache of data was found on an unsecured Amazon cloud server almost
anyone could look at.
If you put all
your eggs in one basket, you better protect that basket! Where are
the backups? They don’t know what happened, when it happened or
what was lost?
Robstown
police evidence, reports lost during data breach
A
data breach resulted in the loss of Robstown Police Department
evidence and reports in pending investigations from 2018 and 2019.
The
Nueces County District Attorney's Office announced the breach in
a news release Friday afternoon on Facebook.
"The
data was characterized as evidence (photos, videos, etc.) and reports
relating to pending investigations," the
release reads. "The
information we received was that the breach was the result of RPD's
servers being hacked and/or compromised by a virus sometime
in the last couple of weeks."
The
release goes on to say the department keeps a written list of cases
investigated by detectives. They will review that list and attempt
to track what data was lost, the release states.
For my Security class.
The
ransomware crisis is going to get a lot worse
There
is plenty of evidence to suggest that ransomware
attacks are getting bigger and
more sophisticated. In the space of just a few years ransomware has
gone from a minor irritation for PC users to being a significant
threat to large corporations and even nations. Major cybercrime
gangs are looking to cash in on attacks, and state-backed attackers
have realised the potential for creating both chaos and profit.
A
few examples of the scale of the ransomware problem:
WannaCry, the biggest cyber incident of 2017, with than 300,000 victims in over 150 countries, was a form of ransomware most likely unleashed by North Korea (it was rapidly followed by NotPetya, an attempt by the Russian authorities to cause havoc in Ukraine with ransomware which rapidly spread beyond those borders).
Earlier this year the authors of one ransomware strain announced they were retiring because they had already earned $2 billion. "We have proved that by doing evil deeds, retribution does not come," they said at the time.
No
surprise.
'ISRAEL'S
ELECTION ON TUESDAY WILL BE TARGET OF CYBER-ATTACKS'
At
the conclusion of the April 9 election, an Israeli watchdog group
exposed a network of hundreds of social media accounts, many of them
fake, used to smear opponents of Prime Minister Benjamin Netanyahu
and to amplify the messages of his Likud Party.
Shortly
before that, in January, it was reported that Iranians had been using
hundreds of fake accounts on Israeli social media pages, in an effort
to sow social division and influence the then upcoming Israeli
election.
Now
right before Israelis go to the polls, due to the proximity of the
two elections as well as the immediacy and scale of the threats, it
is highly doubtful that Israel has built a digital defense against
cyberattacks this time around either, said Dr. Gabriel Weimann, a
professor of communications at the University of Haifa.
(Related)
Exclusive:
Australia concluded China was behind hack on parliament, political
parties – sources
Australian
intelligence determined China was responsible for a cyber-attack on
its national parliament and three largest political parties before
the general election in May, five people with direct knowledge of the
matter told Reuters.
Australia’s
cyber intelligence agency - the Australian Signals Directorate (ASD)
- concluded in March that China’s Ministry of State Security was
responsible for the attack, the five people with direct knowledge of
the findings of the investigation told Reuters.
Are
we getting serious? Perhaps justifying retaliation?
France’s
Major Statement on International Law and Cyber: An Assessment
Last
week, the French Ministry of the Armies (formerly the Ministry of
Defense) released the most significant statement to date by any State
regarding the application of international law in cyberspace. Droit
International Appliqué aux Opérations dans le Cyberspace
(International Law Applicable to Operations in Cyberspace)
follows
on the heels of an important speech
by
the United Kingdom’s then Attorney General, Jeremy Wright, on
international cyber law last year at Chatham House. Estonia’s
President has also spoken out on certain key international law rules
as applied to cyberspace, which I discussed previously
at
Just Security. So too did the United States in speeches by the State
Department’s Legal Advisers Harold Koh
and
Brian Egan.
While other States have also proffered various comments on the
subject, the UK and French are noteworthy for having staked out
positions on a number of key unsettled issues.
This
post will highlight the key points made in the French position paper
and, where useful, compare and contrast them to statements by
representatives of other governments, as well as Tallinn
Manual 2.0 on
the International Law Applicable to Cyber Operations, which was
repeatedly cited in the French paper.
Will
organizations have the same problem complying with CCPA’s
requirements?
First
OCR Enforcement of HIPAA’s Right of Access
Days
after my recent blog
post on
the HIPAA Right of Access, the OCR released details of their first
enforcement action for
violation of the Right of Access.
The complaint,
received in August 2018, involved a mother who waited over 9 months
to receive prenatal records from Bayfront Health in St. Petersburg.
She requested the records of her unborn child in October 2017 and
after receiving incomplete records in March 2018, she did not receive
the complete records until August 2018 (via her lawyers). It was not
until after the OCR’s investigation in February 2019 that she
received the complete records directly. HIPAA requires medical
records to be provided within 30 days of the request.
The
OCR
concluded that
Bayfront violated 45 C.F.R. § 164.524 by failing to provide access
to PHI. Bayfront has paid $85,000
and agreed to a corrective action plan.
First
time enforcer?
Chicago
Brokerage to Pay $1.5 million Fine for Lack of Cybersecurity
A
Chicago-based futures brokerage will pay $1.5 million for letting
cyber criminals breach the firm’s email systems and withdraw $1
million from a customer’s account.
The
order
from
The
U.S. Commodities Futures Trading Commission
also finds that Phillip Capital Inc. failed to disclose the cyber
breach to its customers in a timely manner. The order also
finds that PCI failed to supervise its employees with respect to
cybersecurity policy and procedures, a written information systems
security program and customer disbursements.
… The
order also requires PCI to, among other things, provide reports to
the Commission on its remediation efforts.
Backgrounder?
The
Dark Web: A guide for business professionals
“The
Dark Web is used to sell stolen data, drugs, and weapons—but it’s
also used by legitimate outfits, like news organizations and the UN.
This
ebook looks at what the Dark Web is and how it affects you.
The Dark Web is a network of websites and servers that use encryption
to obscure traffic. Dark Web sites require the onion top-level
domain, use non-memorable URL strings, and can be accessed only by
using the open source, security-focused Tor browser. Because it’s
portable and disposable, Tails, a Linux-based operating system that
boots from a flash drive, adds a layer of security to Deep Web
activity.
…
But
the Dark Web is not all bad news. ProPublica, a well-respected
investigative news organization, has a Dark Web site to help the
company securely communicate with sources. The United Nations law
enforcement department, the Office on Drugs and Crime, monitors the
Dark Web and shares data with the public and global police
organizations. Even Facebook, the world’s largest social network,
has a Dark Web site relied on by more than one million users per
month…”
I
can see that.
Transparency
is key to ethical AI
The
concept of Artificial Intelligence (AI) is becoming commonplace in
relation to the running of our lives and businesses – we’re all
used to the idea, if not quite the practice, of using AI to improve
the way we live and work.
As
a result, the time has come to stop debating what it can do and start
discussing what it should do.
… Data
is the fuel that feeds AI, and as such it’s now also firmly a part
of public ethics across the globe. Regulations like
the EU’s GDPR and
South Korea’s Personal Information Protection Act have gone so far
as to enshrine certain data rights into law. Organisations have to
comply with these regulations, doing all they can to protect customer
data and secure consent for feeding that data to their algorithms.
… There
are no easy answers when it comes to ethics. Yet, when trying to
determine if your use of AI is ethical, you should ask yourself three
basic questions: do you know what your AI is doing, can you explain
it to your customers, and would they respond happily once you told
them? If the answer is ‘no’ to any one of these, then it’s
time for a rethink.
Do
we need an Underwriters Lab for AI?
There’s
a reason we don’t know much about AI
… In Britain, France and the European Union,
government agencies examine the ethical, social and economic impact
of artificial intelligence and other big new technologies used in
health care and elsewhere. But while a number of U.S. academic
centers study these issues, federal policymaking is practically nil.
This is an unprecedented and relatively recent
lapse, when you consider that the government previously reviewed
potentially risky technologies such as DNA modification, nuclear
physics and human genome science. It’s particularly baffling given
the real-world abuses of the new technologies, not least in China
where the state uses AI and facial recognition to track, control and
sometimes imprison millions of its Muslim citizens.
One reason for the curiosity gap is that the
United States no longer has a place to do that kind of technology
review. The Office of Technology Assessment conducted 750 studies on
topics ranging from biotechnology to robotics and fuel economy from
1972 until then-House Speaker Newt Gingrich and his allies shut it
down in 1995. Two other congressional research groups have suffered
severe cuts—the Government Accountability Office’s funding has
fallen by a third since 1990, the Congressional Research Service’s
by 40 percent. The White House’s Office of Science and Technology
Policy created an AI task force in 2018, but its concern was
promoting U.S. competitiveness, not oversight.
An early vision of AI. Tell me what has (and
hasn’t) changed.
This
article is part of Fast
Company’s
editorial series The
New Rules of AI.
More than 60 years into the era of artificial intelligence, the
world’s largest technology companies are just beginning to crack
open what’s possible with AI—and grapple with how it might change
our future. Click
here
to
read all the stories in the series.
… Back
in 1960, this was an excellent introduction to a subject that
mattered a lot—and which, as Wiesner explained, people were just
beginning to understand. It includes still-fascinating demos and
interviews with significant figures in the history of AI. Fifty-nine
years later after its first airing, its perspective on AI’s
progress and possibilities remains unexpectedly relevant.
Lawyers,
an AI developer’s resource?
How
patterns in data affect getting legal work done
FT.com
– Special Report – Innovative Lawyers in Europe – How
patterns in data affect getting legal work done –
This
article includes a annotated chart that ranks law firms and in-house
teams for Data, Knowledge and Intelligence per the FT Innovative
Lawyers Europe awards.
[From
the article:
Peter
Lee, co-founder and chief executive of UK legal engineering business
Simmons Wavelength (owned by law firm Simmons & Simmons), says
law firms are well placed to innovate with data because they generate
so much information in the course of their work. “Lawyers
often know more about the client’s business and future needs than
the client does,”
he says. However, the data they own is often controlled by different
sections of the firm, which means extracting
value can be complicated, and lawyers tend to lack skills in the
technology.
I
gotta ask: How does the Supreme Court interpret emojis in briefs?
Emojis
Have Unsettled Grammar Rules (and Why Lawyers Should Care)
Emojis
Have Unsettled Grammar Rules (and Why Lawyers Should Care) –
Eric
Goldman discusses
a new article by three Dutch researchers on the grammar of emojis, or
more precisely, the lack thereof. Their abstract concludes: “while
emoji may follow tendencies in their interactions with grammatical
structure in multimodal text-emoji productions, they lack grammatical
structure on their own.” Goldman states, in other words, when
emoji symbols are strung together, we don’t have a reliable way of
interpreting their meaning.
He goes on to discuss the impact of emojis and the law.
No comments:
Post a Comment