Something very strange here.
https://www.cnn.com/2021/07/23/tech/kaseya-encryptor-ransomware-victims/
Software company's unveiling of decryption key comes too late for many victims of devastating ransomware attack
On Thursday, the software company Kaseya announced that it could help unlock any of its customers' systems that were still inaccessible following a devastating ransomware attack early this month that took down as many as 1,500 businesses worldwide. But for many victims it was too little, too late.
Kaseya had obtained a decryption key, the company said, that could release any file still locked down by malicious software produced by the criminal gang REvil, which is believed to operate from Eastern Europe or Russia.
For the organizations whose systems were still offline three weeks after the attack, the newfound availability of a decryptor tool offered a sign of hope, especially after REvil mysteriously disappeared from the internet and left many organizations unable to contact the group.
But for many others that have already recovered without Kaseya's help, either by paying off the ransomware gang weeks ago or by painstakingly restoring from backups, the announcement was no help -- and opens a new chapter of scrutiny for Kaseya as it declines to answer questions about how it obtained the key and whether it paid the $70 million ransom demand or another amount.
… In order to access the tool, Kaseya is requiring that businesses sign a non-disclosure agreement, according to several cybersecurity experts working with affected companies. While such agreements are not unusual in the industry, they could make it more difficult to understand what happened in the incident's aftermath. Kaseya declined to comment on the non-disclosure agreements.
Still trying to identify that tipping point. (Not just sanctions, all out cyber war.)
US & Intelligence Allies Formally Accuse Chinese State-Backed Hackers of the Microsoft Exchange Cyber Attacks, but Stop Short of Sanctions
The massive hack of the Microsoft Exchange email server software that took place early this year is estimated to have hit tens of thousands of victims, causing disproportionate chaos for smaller businesses. The Biden administration has formally declared that Chinese state-backed APT groups are to blame. While the attack was not considered a major national security threat (at least not on par with the SolarWinds breach), it was devastating to many American small businesses ill-equipped to respond to cyber attacks of this level of sophistication.
Establishing an absolute minimum. Stop there at your peril.
Connecticut Enacts Safe Harbor From Punitive Damages In Data Breach Cases
Jason Gavejian and Joseph Lazzarotti of JacksonLewis write:
Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119 ), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity program that meets certain requirements. Cyberattacks are on the rise – think Colonial Pipeline, Kaseya, JBS, and others – with ransomware attacks up 158 percent from 2019-2020 in North America.
Read more on JDSupra.
Should they all be discoverable?
Convenience Store Chain Can’t Shield Investigative Report on Data Breach From Discovery, Judge Rules
We often hear of firms having their counsel running incident response and contracting of forensics, etc., so that any reports would be protected by work product doctrine as well as attorney-client privilege. But if the attorney doesn’t word the contract carefully, any report may not be covered by the doctrine. We saw that in a Capital One case last year in the Eastern District of Virginia involving a 2019 breach, and now we’re seeing it again over another 2019 case, this time in the Middle District of Pennsylvania.
P.J. Annunzio reports:
A federal judge has ruled that because an investigative report commissioned by Pennsylvania-based convenience store chain Rutter’s in response to a data security breach was not prepared for litigation purposes, it is discoverable.
In a July 22 ruling granting the class action plaintiffs’ motion to compel the document, U.S. Magistrate Chief Judge Karoline Mehalchick of the Middle District of Pennsylvania held that the report done by consultant Kroll Cyber Security for Rutter’s was not covered by attorney-client and work product privilege.
Read more on Law.com.
Not-so-private mail.
https://www.makeuseof.com/what-is-email-tracking-pixel/
What Is An Email Tracking Pixel? How Do Companies Use Them to Access Your Private Data?
Companies have a way of tracking who is opening and reading their email content: the email tracking pixel. Although email tracking pixels fly under the radar for most people, many companies use them to gauge engagement with advertising and marketing campaigns.
So, how does an email tracking pixel work?
Once identified and discontinued as a bad idea, they brought it back. Should be interesting to see how mission creep impacts this system.
https://www.pogowasright.org/englands-nhs-data-sharing-to-third-parties-the-view-from-new-zealand/
England’s NHS data-sharing to third parties: the view from New Zealand
Ephraim Wilson of the NZ Privacy Commissioner’s Office writes:
In 2013, UK Prime Minister David Cameron tried to instigate the sharing of UK National Health Service (“NHS”) patient data to private organisations for a small fee. Despite plans to anonymise the data, the move was sufficiently controversial that the Government had to drop the plan – there were major concerns over transparency and privacy. Eight years later, a similar plan has emerged, this time during the pandemic response of Boris Johnson’s Government.
As part of its General Practitioner Data for Planning and Research Programme (“GPDPR”), the Government is planning to put the GP records of England’s 55 million enrolled patients into a single NHS database which will become available to third-party companies and researchers for a fee. It is an ‘opt-out’ programme, meaning that patients need to fill out a form to prevent their data from being included. Originally, GPDPR was supposed to come into action in July 2021 but has now been pushed back to September.
GPDPR will give private organisations access to the NHS Digital central database containing data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, and appointments, including information about physical, mental, and sexual health. The information will include data about patients’ gender, ethnicity, and sexual orientation.
Technically peoples’ data will be anonymised, but there are two qualifications. First, given how specific the data is, it will at least be possible to cross-reference with other databases to reidentify the data. Secondly, NHS Digital can unlock the codes to allow access in certain circumstances and where there is valid legal reason. No names and addresses will be available to researchers, but encoded postcodes will be included.
What about these third parties? According to NHS Digital, the data will only be used for health planning and research purposes by organisations that can show they have an appropriate legal basis and a legitimate need to use it. Any data sharing will be overseen by the British Medical Association (“BMA”), the Royal College of General Practitioners (“RCGP”), and the Independent Group Advising on the Release of Data (”IGARD”).
One issue is that neither the NHS, nor their chosen third parties, have had the best record when it comes to data sharing.
Read more on the New Zealand Privacy Commissioner’s Office Blog.
Two plus two does not always equal five.
Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority
Seen on Coveware:
If you had told us at the beginning of 2021 that then President elect Biden would be having a nose to nose face off with Putin over ransomware, we would have speculated that some serious escalation must have occurred. In reality, the lackadaisical indifference of one threat actor (DarkSide) set off a compounding series of events that have led us to where we are today. Given the volume of attacks that Ransomware-as-a-service (RaaS) groups conduct, and the de minimis diligence that these groups perform, we are quite certain that the DarkSide affiliate that attacked Colonial Pipeline, had no idea that a) Colonial controlled 45% of the gasoline supply on the US east coast, b) that shutting down that pipeline would cause a consumer run on gasoline, c) that NOTHING gets voters and their duly elected representatives out of their chairs like rising gasoline prices, and finally d) that if you mess with US gasoline prices, you are going to get the attention of the President. Other high profile attacks that would have otherwise garnered 12 hours of media attention were (FINALLY) codified proof that the US indeed has a major problem with ransomware.
But what does that have to do with ransomware payments declining, you ask? Read more on Coveware.
My AI says, “No that can never happen. Please stop asking.”
Can we build a computer with free will?
Do you have free will? Can you make your own decisions? Or are you more like an automaton, just moving as required by your constituent parts? Probably, like most people, you feel you have something called free will. Your decisions are not predetermined; you could do otherwise.
Yet scientists can tell you that you are made up of atoms and molecules and that they are governed by the laws of physics. Fundamentally, then – in terms of atoms and molecules – we can predict the future for any given starting point. This seems to leave no room for free will, alternative actions, or decisions.
Confused? You have every right to be. This has been one of the long outstanding unresolved problems in philosophy. There has been no convincing resolution, though speculation has included a key role for quantum theory, which describes the uncertainty of nature at the smallest scales. It is this that has fascinated me. My research interests include the foundations of quantum theory. So could free will be thought of as a macroscopic quantum phenomenon? I set out to explore the question.
Perspective. Well, maybe not everything...
What is AI? Here's everything you need to know about artificial intelligence
An executive guide to artificial intelligence, from machine learning and general AI to neural networks.
Back in the 1950s, the fathers of the field, Minsky and McCarthy, described artificial intelligence as any task performed by a machine that would have previously been considered to require human intelligence.
… Francois Chollet, an AI researcher at Google and creator of the machine-learning software library Keras, has said intelligence is tied to a system's ability to adapt and improvise in a new environment, to generalise its knowledge and apply it to unfamiliar scenarios.
"Intelligence is the efficiency with which you acquire new skills at tasks you didn't previously prepare for," he said.
Perspective. Fully self-driving? The end of this year? Ford must think this is the future.
Ford and Argo AI to launch self-driving cars with Lyft by the end of the year
Ford will launch an autonomous vehicle fleet with Lyft and Argo AI by the end of the year, the companies announced Wednesday.
Self-driving rides with safety drivers will begin this year in Miami. The companies said they plan to expand to Austin, Texas, in 2022 and roll out about 1,000 self-driving cars in multiple markets within five years.
The partnership comes as ride-hailing companies Uber and Lyft ditch their own in-house systems and instead look to outside partners for self-driving technology. Lyft announced plans in April to sell its autonomous vehicle unit to a subsidiary of Toyota for $550 million. In December, Uber sold its self-driving unit to start-up Aurora — which is backed by Hyundai and Amazon — amid safety concerns and extreme costs.
Perspective. Your next programming language?
JULIA IS CAUSING QUITE A STIR WITH CODE MODERNIZATION IN THE TECH INDUSTRY
The present tech industry is in dire need of a programming language that provides the best of C or C++ and the usability of Python. All of these capabilities are at the heart of what the open-source Julia language project set out to do over a decade ago. When Julia was conceived in 2009 at MIT, the goal was to solve a problem that still exists: the need to use two (or more) languages, one for high performance (C or C++) and another that made programming complex systems a more pleasant experience (the Python example). While using both could get the job done, there is inherent friction between those interfaces and processes. In addition to this basic mismatch, many of the codes in high-value science and engineering are the product of decades of building. They are inherently messy and rooted in codes that were state of the art in the 1980s, particularly in modeling and simulation.
Tools & Techniques.
https://www.makeuseof.com/use-microsoft-edge-solve-math-problems/
How to Use Microsoft Edge's to Solve Math Problems
… Developed by Microsoft, Math Solver is a tool built into the Edge browser that recognizes mathematical problems from an image, and solves them for you.