Saturday, March 06, 2021

Am I missing something here? If the state sent it to the wrong (i.e. the hacker’s) bank account, they should have a record of it, right? Or their bank should. How can they not know what happened to the money?

https://www.databreaches.net/pa-delco-school-district-missing-millions-suggests-hackers-took-it/

PA: Delco School District Missing ‘Millions,’ Suggests Hackers Took It

NBC10 reports:

A law enforcement investigation is underway Friday after a school district reported it was missing an expected multimillion-dollar payment from the state, and a district official speculated it was due to hackers.
The receiver of the Chester Upland School District, Juan Baughn, told the Philadelphia Inquirer Thursday that “millions” were lost due to a “cyber issue.”

Read more on NBC10.





Shocking. First does this indicate that Facebook is actually thinking about Privacy (or at least GDPR based lawsuits) before they act? Second, will this introduce bias?

https://onezero.medium.com/facebook-scraped-1-billion-pictures-from-instagram-to-train-its-a-i-but-spared-european-users-621cc47a2a21

Facebook Scraped 1 Billion Pictures From Instagram to Train Its A.I. — But Spared European Users

Facebook researchers announced a breakthrough yesterday: They have trained a “self-supervised” algorithm using 1 billion Instagram images, proving that the algorithm doesn’t need human-labeled images to learn to accurately recognize objects.

But Facebook didn’t just select any billion Instagram images to train the algorithm. The team purposely excluded Instagram images from the European Union, noting in its paper that images were “random, public, and non-EU images.”





Privacy and more at risk?

https://udayton.edu/news/articles/2021/02/thaddeus_hoffmeister_book_internet_of_things_and_the_law.php

If you have devices connected to the Internet, this book about legal pitfalls of the Internet of Things is for you

With Wi-Fi seemingly around most every corner; devices in our hands, bodies, cars and homes connected to the Internet; and questions about the reliability and security of this connectivity, it's inevitable the "Internet of Things" will be the subject of legal battles. A new book by University of Dayton law professor Thaddeus Hoffmeister will help anyone with legal questions and issues about connected devices.

"The Internet of Things is defined as anything embedded with technology to allow it to interact in real time with the environment around it, people or other devices," Hoffmeister said. "At a minimum, anybody with a cell phone or devices hooked to Wi-Fi at home should be concerned about the law of the Internet of things. But if people take the time to drill down further into their everyday lives, this affects banking, medical records and ordering food most anywhere. In 2020, it's a rare occasion when somebody does something that isn't affected by some form of Internet connectivity.

In addition to defining "Internet of Things," the book, The Internet of Things and the Law, examines the current regulatory framework, privacy and security, and contracts and intellectual property related to the Internet of Things plus protections for consumers and how to prosecute offenders.





Parole is not what it used to be…

https://www.theguardian.com/global-development/2021/mar/04/they-track-every-move-how-us-parole-apps-created-digital-prisoners

They track every move’: how US parole apps created digital prisoners

Is smartphone tracking a less intrusive reward for good behaviour or just a way to enrich the incarceration industry?

In 2018, William Frederick Keck III pleaded guilty in a court in Manassas, Virginia, to possession with intent to distribute cannabis. He served three months in prison, then began a three-year probation. He was required to wear a GPS ankle monitor before his trial and then to report for random drug tests after his release. Eventually, the state reduced his level of monitoring to scheduled meetings with his parole officer. Finally, after continued good behaviour, Keck’s parole officer moved him to Virginia’s lowest level of monitoring: an app on his smartphone.

… “It’s saving countless hours on the officer’s part,” Jacobson says. He believes, from anecdotal evidence, that slightly fewer low-risk probationers are getting arrested since Virginia began using Shadowtrack instead of calling landlines at probationers’ curfew locations. As the pandemic wore on, the department started using the app’s video-conference function to conduct safe meetings with probationers deemed at higher risk of reoffending. “I can’t imagine it going away,” Jacobson says.





I don’t think any of these ideas will work. Isn’t it already too late?

https://www.technologyreview.com/2021/03/05/1020376/resist-big-tech-surveillance-data/

How to poison the data that Big Tech uses to surveil you

researchers at Northwestern University are suggesting new ways to redress this power imbalance by treating our collective data as a bargaining chip. Tech giants may have fancy algorithms at their disposal, but they are meaningless without enough of the right data to train on.

In a new paper being presented at the Association for Computing Machinery’s Fairness, Accountability, and Transparency conference next week, researchers including PhD students Nicholas Vincent and Hanlin Li propose three ways the public can exploit this to their advantage:

  • Data strikes, inspired by the idea of labor strikes, which involve withholding or deleting your data so a tech firm cannot use it—leaving a platform or installing privacy tools, for instance.

  • Data poisoning, which involves contributing meaningless or harmful data. AdNauseam, for example, is a browser extension that clicks on every single ad served to you, thus confusing Google’s ad-targeting algorithms.

  • Conscious data contribution, which involves giving meaningful data to the competitor of a platform you want to protest, such as by uploading your Facebook photos to Tumblr instead.



Friday, March 05, 2021

Lacking an immediate declaration of war. Why?

https://www.idginsiderpro.com/article/3609889/solarwinds-its-pearl-harbor.html#tk.rss_all

SolarWinds: "IT's Pearl Harbor."

What do SolarWinds, Fidelis, FireEye, Microsoft, Mimecast, Palo Alto Networks, and Qualys all have in common? Each and every one were victims of the SolarWinds software supply chain attack. There are more, many more. The Russian government's hack of SolarWinds's proprietary software, Orion network monitoring program, ruined top government agencies' and tech companies' security. Months after it was first revealed, we're still trying to get our arms around just how bad the breach was.



(Related) Russia gets a pass?

https://www.theregister.com/2021/03/05/bide_administration_interim_national_security_guidance/

Biden administration labels China top tech threat, promises proportionate responses to cyberattacks





Any guidance helps.

https://www.lexology.com/library/detail.aspx?g=cd9af394-e70f-49fc-8061-4785f57323ed

KIPO Publishes Examination Guidelines on Artificial Intelligence

The Korean Intellectual Property Office (KIPO) announced Patent Examination Guidelines for key technology areas related to the Fourth Industrial Revolution, including machine learning based artificial intelligence ("AI"), on January 18, 2021. In the Examination Guidelines for AI, KIPO outlines specific guidelines on description and novelty/inventiveness requirements for different categories of AI inventions (e.g., AI model training invention and AI application invention, as depicted below), in addition to eligibility requirements which correspond to that of computer-related inventions.





Why we can’t make it work...

https://sloanreview.mit.edu/article/execs-bullish-on-ai-but-wary-of-data-leadership/

Execs Bullish on AI but Wary of Data Leadership

we are somewhat heartened by the 2021 survey for several reasons: a higher-than-ever participation rate (85 large companies), the absence of major COVID-19-related problems for the surveyed companies, the more-than-typical positivity of respondents regarding technology, and some slight improvements in perspectives on the data executive role. Of course, the challenges of changing human behavior and organizational culture remain substantial. To cite only one survey result that illustrates the issue, 92% of respondents attributed the “principal challenge to becoming data-driven” to “people, business processes, and culture,” with only 8% identifying technology as the culprit. This response has remained constant over several years of surveys.





You can fool some of the people all the time?

https://www.wired.com/story/right-wing-fake-news-more-engagement-facebook/

Fake News Gets More Engagement on Facebook—But Only If It's Right-Wing



Thursday, March 04, 2021

Looks like Microsoft is driving here. DHS is dictating actions, but only if agencies have the expertise.

https://www.makeuseof.com/homeland-security-declares-microsoft-exchange-attack-emergency/

Homeland Security Declares Microsoft Exchange Attack "Emergency"

Homeland Security has declared an ongoing attack against Microsoft Exchange as an emergency. The attacks, which began earlier this week, target Microsoft Exchange Servers, stringing together several zero-day exploits to access secure email accounts.

Homeland Security issued Emergency Directive 21-02 late on March 3, delivering some background information on the Microsoft Exchange attack.

Microsoft has pointed the figure squarely at a Chinese nation-state hacking group known as HAFNIUM. Usually, companies take a little longer before committing to naming a suspect, but Microsoft is in little doubt that a "highly skilled and sophisticated actor" is behind the attack.





Not sure I understand the subtle reasoning…

https://www.databreaches.net/court-upholds-insurers-denial-of-6m-crime-claim-for-phishing-loss/

Court Upholds Insurers’ Denial of $6M Crime Claim for Phishing Loss

Andrew G. Simpson reports:

Real estate software maker RealPage has been denied a $6 million computer crime insurance coverage claim because the stolen funds were not in its possession but were instead being held by a payment processing firm at the time of a phishing scheme.
National Union Fire Insurance Co. (a unit of American International Group-AIG) and Beazley Insurance Co., insurers for RealPage, won dismissal of all claims against them in an opinion by Judge Jane J. Boyle of the U.S. District Court in Dallas.

Read more on Insurance Journal.

[From the article:

The court found that funds that are “maintained in a commingled account in a third party’s name, at a third-party bank, which the insured can direct but not access, are not funds ‘held’ by the insured.”

The court recognized that RealPage might have intended to “hold” the client’s funds and further acknowledged that the bad actors utilized RealPage credentials to obtain the funds. Nevertheless, the court concluded that based on the plain language, RealPage did not hold the funds.





What does Alexa think?

https://www.pogowasright.org/study-reveals-extent-of-privacy-vulnerabilities-with-amazons-alexa/

Study Reveals Extent of Privacy Vulnerabilities with Amazon’s Alexa

From the North Carolina State University:

A recent study outlines a range of privacy concerns related to the programs that users interact with when using Amazon’s voice-activated assistant, Alexa. Issues range from misleading privacy policies to the ability of third-parties to change the code of their programs after receiving Amazon approval.
When people use Alexa to play games or seek information, they often think they’re interacting only with Amazon,” says Anupam Das, co-author of the paper and an assistant professor of computer science at North Carolina State University. “But a lot of the applications they are interacting with were created by third parties, and we’ve identified several flaws in the current vetting process that could allow those third parties to gain access to users’ personal or private information.”
At issue are the programs that run on Alexa, allowing users to do everything from listen to music to order groceries. These programs, which are roughly equivalent to the apps on a smartphone, are called skills. Amazon has sold at least 100 million Alexa devices (and possibly twice that many ), and there are more than 100,000 skills for users to choose from. Because the majority of these skills are created by third-party developers, and Alexa is used in homes, researchers wanted to learn more about potential security and privacy concerns.
… The researchers also found that Amazon allows multiple skills to use the same invocation phrase.
… Amazon does have some privacy protections in place, including explicit requirements related to eight types of personal data – including location data, full names and phone numbers. One of those requirements is that any skills requesting this data must have a publicly available privacy policy in place explaining why the skill wants that data and how the skill will use the data.
But the researchers found that 23.3% of 1,146 skills that requested access to privacy-sensitive data either didn’t have privacy policies or their privacy policies were misleading or incomplete.
The paper, “Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem,” was presented at the Network and Distributed Systems Security Symposium 2021, which was held Feb. 21-24.

Reference:

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem”

Authors: Christopher Lentzsch and Martin Degeling, Ruhr-Universität Bochum; Sheel Jayesh Shah, Anupam Das and William Enck, North Carolina State University; and Benjamin Andow, Google Inc.

Presented: Feb. 21-24, Network and Distributed Systems Security Symposium 2021

DOI: 10.14722/ndss.2021.23111





Time to close the loopholes?

https://www.techradar.com/news/gdpr-is-already-out-of-date-founder-warns

GDPR is already out of date, founder warns

German MEP Axel Voss, one of the strongest proponents of the EU’s General Data Protection Regulation (GDPR) firmly believes that it’s time to give it an overhaul.

GDPR was passed in 2016 and is hailed as one of the most significant privacy-related legislations with equally vocal supporters and detractors. However in an interview with the Financial Times, Voss argues that that GDPR isn’t ready to tackle the challenges of the current environment.

“We have to be aware that GDPR is not made for blockchain, facial or voice recognition, text and data mining [ . . . ] artificial intelligence,” Voss told FT.





We can, therefore we must.

https://www.vice.com/en/article/bvx4bq/talon-flock-safety-cameras-police-license-plate-reader

Inside ‘TALON,’ the Nationwide Network of AI-Enabled Surveillance Cameras

Hundreds of pages of emails obtained by Motherboard show how little-known company Flock has expanded from surveilling individual neighborhoods into a network of smart cameras that spans the United States.

… Flock, whose cameras use automatic license plate reader technology, is well on its way to deploying a connected network of AI-powered cameras that detect the movements of cars across the United States.





Tossing out a lot of facts?

https://www.axios.com/state-of-artificial-intelligence-stanford-university-f5d71c41-251e-4fb4-b9b2-89fdee48bb3c.html

AI is industrializing

This morning, the Stanford Institute for Human-Centered Artificial Intelligence (HAI) released its annual AI Index, a top overview of the current state of the field.



Wednesday, March 03, 2021

Will this thinking come to the US?

https://www.pogowasright.org/phone-data-must-be-limited-to-major-crime-probes-top-eu-court-says/

Phone Data Must Be Limited to Major Crime Probes, Top EU Court Says

Molly Quell reports:

Personal cellphone data can be used only in the investigation of serious crimes, the EU’s high court found on Tuesday.
In its decision, the European Court of Justice noted that, unless it’s for a serious crime or in the interest of public safety, countries are prohibited from obtaining location data under the European Union’s 2002 Privacy and Electronic Communications Directive.

Read more on Courthouse News.



(Related) possibly not…

https://www.pogowasright.org/hawley-asks-fbi-director-about-consumer-data-collected-in-capitol-riot-investigation/

Hawley asks FBI director about consumer data collected in Capitol riot investigation

Bryan Lowry reports:

Missouri Republican Sen. Josh Hawley questioned FBI Director Christopher Wray about data the bureau has collected from banks, cellular companies and social media platforms in the wake of the Jan. 6 Capitol attack.
[…]
Hawley’s questioning focused on data the bureau has collected in its investigation — rather than on the causes of the attack — suggesting that the agency may be overreaching its legal authority.
He asked Wray about geolocation data and metadata collected from cell phone companies.

Read more on McClatchy. You may despise Hawley (or love him), but regardless, the questions are good questions to ask and to pursue to make sure that the government doesn’t use the insurrection as an opportunity to expand its ability to gather and use data without a warrant or even reasonable suspicion.





Gary Alexander pointed to this article (that I had missed) about legal machinations after a breach. “We gotta sue somebody!’

https://www.cyberscoop.com/solarwinds-hack-court-lawsuits-regulators/

SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?

Every massive breach comes with a trail of lawsuits and regulatory ramifications that can last for years. Home Depot, for instance, only last month settled with a group of state attorneys general over its 2014 breach.

The SolarWinds security incident that U.S. officials have pinned on state-sponsored Russian hackers is unlike anything that came before, legal experts say, meaning the legal liability could take even longer to resolve in court.

The most likely kind of case to come to court involves allegations of securities fraud. Several law firms have have announced investigations meant to round up investors who took a financial hit when SolarWinds stocks dropped after the company’s role became known. Stock trades some company executives made not long before the revelations — a reported $280 million worth — are feeding into that consternation.





We knew this was coming...

https://thehill.com/policy/technology/541290-virginia-governor-signs-comprehensive-data-privacy-law

Virginia governor signs comprehensive data privacy law

Virginia Gov. Ralph Northam (D) signed the Consumer Data Protection Act on Tuesday, making Virginia the second state in the U.S. to pass a comprehensive data privacy law.

The bill will give consumers the right to opt out of having their personal data processed for targeted advertising and the right to confirm if their data is being processed.

… The law will go into effect in 2023 and applies to all businesses that control or process the proposal data of at least 100,000 consumers, derive more than 50 percent gross revenue from the sale of personal data or process the personal data of at least 25,000 consumers.





Always useful…

https://fpf.org/blog/event-report-brussels-privacy-symposium-2020-research-and-the-protection-of-personal-data-under-the-gdpr/

EVENT REPORT: BRUSSELS PRIVACY SYMPOSIUM 2020 – RESEARCH AND THE PROTECTION OF PERSONAL DATA UNDER THE GDPR

On December 2, 2020, the Future of Privacy Forum (FPF) and the Brussels Privacy Hub of Vrije Universiteit Brussel (VUB) hosted the Brussels Privacy Symposium 2020: Research and the protection of Personal Data Under the GDPR.

A new report ... summarizes and offers context to the discussions at the event.





AI is not just, ‘start the program and stand back.’

https://fortune.com/2021/03/02/it-only-looks-simple-the-complex-human-decisions-behind-an-easy-a-i-use-case/

It only looks simple: the complex human decisions behind an “easy” A.I. use case

As we’ve noted in this newsletter before, sometimes even simple applications of A.I. can be transformative. But it is worth remembering that simple things can take a lot of thought, planning, and skill to do right.

A case in point: The luxury fashion brand Chanel a few weeks ago debuted Lipscanner. It’s an iPhone app that allows a user to take a photo of any color and find the lipstick shade from Chanel’s collection that most closely matches it. Then the user can “try that lipstick on” virtually, using augmented reality on their camera phone.

Sounds simple, right? But as Cedric Begon, the director of the Connected Experience Innovation Lab at Chanel, which built Lipscanner, says, it isn’t. “This wasn’t easy at all,” he tells me.

The team that built the product worked on it for more than 18 months.

… He said the team involved in the creation of the A.I.-enabled tool included designers and product managers, data scientists and machine learning engineers, IT experts, marketing experts and lawyers. “This product goes to the heart of the nature of the relationship between the customer and the product and that requires a sophisticated integration of many points of view,” he says.

You’ll notice Begon mentioned lawyers there. One of the biggest issues around a product like Lipscanner is not only the data used to train the A.I. system and where it comes from, but also what happens with the data it uses when making the lipstick suggestions and virtual try-ons: the images users capture on their phones. That can be thorny legal terrain, especially in Europe, where a company might easily run afoul of the European Union’s stringent data protection laws (the General Data Protection Regulation, or GDPR).





Perspective. (Streaming sales were 10 times greater.)

https://www.makeuseof.com/vinyl-defeats-cds-first-time-34-years/

Vinyl Defeats the CD for the First Time in 34 Years

The figures are in, as the RIAA (Recording Industry Association of America) 2020 year-end report crowns vinyl the victor in the physical format war, announced via an RIAA blog post.

2020 saw vinyl sales grow by almost 29% in value, year-over-year. At the end of December, vinyl sales had amassed a value in excess of $625 million.

By contrast, the CD continues down its slippery slope, with a reduction in sales of around 23% based on last year's figures. The value of all CD sales accounted for $483 million of all physical sales. The CD has seen marked decreases in sales (year-on-year) for several years, now.





So my niece can build her own backup band.

https://www.guitarworld.com/news/googles-tone-transfer-uses-ai-to-transform-your-guitar-into-a-saxophone-trumpet-flute-or-violin

Google's Tone Transfer uses AI to transform your guitar into a saxophone, trumpet, flute or violin

… if you’re among those who are more interested in making their guitar sound like a totally different instrument, you may want to have Tone Transfer on your radar.

The free website – designed by Google and Team Magenta – allows users to upload any sound sample and convert it into either saxophone, trumpet, flute or violin.





Because I like lists and SciFi. More to read!

https://bookriot.com/sci-fi-books-about-robots-and-ai/

10 INNOVATIVE SCI-FI NOVELS ABOUT ROBOTS AND AI

… The novels on this list are included because they all offer unique and innovative perspectives on robots and/or artificial intelligence. Even though every book on this list is so different, they all imagine worlds where artificial intelligence and robots feel like an incredibly real and plausible part of our future.



Tuesday, March 02, 2021

I just got a “heads up” from Prof Soma regarding the Spring Privacy Foundation Seminar. It will be focused on “US State and EU Recent Privacy Developments.” Not sure of the date yet. If you have some insights into this topic you would be willing to share, you should contact Professor Soma.

https://www.law.du.edu/privacy-foundation





What risks meanwhile? 18 months of “not fixed yet” is the same as inviting the hackers back. Will they be looking for the “next hack” while they struggle to fix the holes the last one took advantage of?

https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/

Recovering from the SolarWinds hack could take 18 months

Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery.

Brandon Wales, the acting director of CISA, the US Cybersecurity and Infrastructure Agency, says that it will be well into 2022 before officials have fully secured the government networks compromised by Russian hackers. The list includes at least nine federal agencies, including the Department of Homeland Security and the State Department. Even fully understanding the extent of the damage will take months.





What should we think about how this was handled? Disclosure seems a bit weak. They are allowing the Bad Guys to dictate the story.

https://www.databreaches.net/updating-the-maze-attack-on-fairfax-county-public-schools/

Updating the Maze attack on Fairfax County Public Schools

In September, 2020 Fairfax County Public Schools in Virginia was hit with Maze ransomware. The attack was announced on Maze’s dedicated leak site in early September, and after multiple queries by this site, FCPS issued a statement confirming that they had been attacked.

One month later, the threat actors started dumping some data on their leak site. Shortly thereafter, the data was removed, leading to speculation that FCPS had paid ransom for the removal of the data. The district never made any public statement about whether they had paid ransom, but FCPS data was never reuploaded to Maze’s leak site and no additional data was ever dumped.

On November 9, FCPS notified the Maine Attorney General’s office of the breach, reporting that 19,653 people were impacted. They also notified their community that since their initial community notification about the breach in September, they had identified more people who would be receiving notification letters.

This week, FCPS filed a new report indicating that they had notified people of the breach on January 21. Now their estimated total number of people affected by the Maze attack was listed as 172,128. Based on the district’s census, that number likely reflects both students and employees.

DataBreaches.net sent an inquiry to FCPS asking them if they had paid ransom to the attackers, if the attackers had ever given them a copy of all data exfiltrated, and if they had found any evidence that any of the data had shown up on anywhere on the dark web or clear net, other than the original data dump sample the attackers had dumped in October and then removed. No response to the inquiries has been received by the time of this publication. This post will be updated if a reply is received.





Not quite a Terminator, but like that.

https://www.c4isrnet.com/opinion/2021/03/01/who-will-lead-the-world-in-artificial-intelligence/

Who will lead the world in artificial intelligence?

A new report emphasizes why it is urgent that the Department of Defense and Congress work together to modernize the way defense programs and budgets develop, integrate and deploy the latest technologies in support of American national security. Released by the National Security Commission on Artificial Intelligence, a federal body created to review and recommend ways to use artificial intelligence for national security purposes, the report recommends the use of AI to update America’s defense plans, predict future threats, deter adversaries and win wars.





Even lawyers can benefit from competitive intelligence.

https://abovethelaw.com/2021/03/lexisnexis-context-expands-to-ai-driven-attorney-insights/

LexisNexis Context Expands To AI-Driven Attorney Insights

Back in 2018, LexisNexis unveiled their Context application, taking Ravel Law’s AI technology, marrying it to the LexisNexis data, and producing a remarkable “killer application” for legal artificial intelligence. By typing in the name of your judge, the system would show not just their record in adjudicating substantially similar questions but highlight the exact language and case citations that the judge defaults to whenever hearing that issue. The initial launch also gathered expert reports allowing easy reference to root out the mercenary expert who flip-flops on specific issues every time the wind blows. Last year, the company expanded the offering to include company data, providing an easily navigable snapshot of a company’s litigation and news profile.

Today, the company announces the latest extension of the Context universe — Contextiverse? — the ability to search attorneys.





Education future? Teaching students who do not speak the professor’s language?

https://www.zdnet.com/article/ciscos-webex-debuts-free-real-time-translation-from-english-to-100-languages/

Cisco's Webex debuts free, real-time translation from English to 100+ languages

Cisco on Tuesday announced free-real, time translation for Webex, its fast-growing videoconferencing platform. The feature, available in preview this month and generally available in May, will translate spoken English into captions in any one of more than 100 languages.





Developing competitive job-seekers.

https://www.bespacific.com/how-to-identify-and-apply-for-unposted-job-opportunities/

How to identify and apply for unposted job opportunities

Fast Company – “If you’re looking for a job, your first step may be to peruse job boards. While it’s a tried-and-true method, a growing number of jobs are “hidden,” as more companies move to employee referrals and professional networks for sourcing qualified candidates more quickly, according to a study by Jobvite. If you don’t have an inside connection, you may think finding these leads is a matter of pure luck. However, it’s possible to get into the talent pipeline via the hiring manager’s inbox. “The reality is that a lot of markets and industries are in constant flux and chaos,” says Ivan Shovkoplias, head of content for Resume.io, an online résumé builder. “Many companies reorganize slower than needs appear, and openings aren’t anticipated by managers. Also, the infrastructure for job listings is not up to speed with what companies need. The world is changing faster than the tools.” … Once you’ve got a lead on a company that might be hiring, you need to determine the right person to contact. You’ll want to identify a hiring manager as well as the manager of the department in which you’d be working. “A manager may be able to walk your résumé to HR and be an ambassador,” Shovkoplias says. LinkedIn’s search tool is a good place to find appropriate people. Once you’ve got names, use a tool like Hunter.io to dig up their email addresses…”