This
is significant. Remember, a lot of these ransomware gangs are state
sponsored. If the UK attacks, will their sponsor retaliate? Don’t
get me wrong, I think it’s long overdue.
https://gizmodo.com/britain-wants-to-use-its-new-cyber-command-to-hunt-rans-1847930905
Britain
Wants to Use Its New Cyber Command to 'Hunt' Ransomware Gangs
The
United Kingdom wants to use a recently formed cyber command to “hunt”
and hack ransomware gangs, a high-level government official recently
revealed.
Jeremy
Fleming, the director of Britain’s signals intelligence agency,
GCHQ, divulged the plans at this year’s US
Cipher Brief threat conference on
Monday. Fleming said that Britain had seen a significant uptick in
ransomware attacks and that the government was looking to use
offensive operations to deter future attacks.
Operations
of this kind would likely involve the government using its own
exploits to target and disable servers operated by criminal gangs,
the Financial
Times reports.
The UK’s National Cyber Force—a new unified command, created
last year—would be the vector for such activities.
In
his comments, Fleming insinuated that governments simply had not done
enough to impose costs on underworld operators.
(Related)
As long as it’s the criminals and not the state this will be
manageable.
https://threatpost.com/groove-ransomware-revil-revenge-us-cyberattacks/175726/
Groove
Calls for Cyberattacks on US as REvil Payback
Following
the recent international law enforcement effort that dismantled
the infrastructure for
the REvil ransomware group, fellow cybercrime group Groove called for
revenge — encouraging the wider cyber extortionist community to
band together to target U.S. interests.
At
a time when the U.S. is leading the international law enforcement
effort to make splashy
busts and
shows of force against cybercriminals, this seems like a bold bet by
Groove. But they have a plan.
BleepingComputer
published a translation of the Russian blog
post from Groove,
filled with chest-thumping threats against the “US public sector,
show this old man who is the boss here who is the boss and who will
be on the Internet.”
Think
your organization is any better?
https://www.cpomagazine.com/cyber-security/report-shows-appalling-state-of-employee-awareness-of-common-cyber-security-risks/
Report
Shows Appalling State of Employee Awareness of Common Cyber Security
Risks
The
cybersecurity awareness training firm KnowBe4 released its 2021
State of Privacy and Security Awareness Report detailing
the appalling state of employee awareness and practices.
The report
includes responses from 1,000 employees in small and midsize
businesses (SMBs) and large corporations in the United States.
It attempted
to determine how much cybersecurity training the workers received and
the impact it had on employee awareness of common cybersecurity
risks.
The report
found that employees could not identify social engineering attacks,
security expectations for standard and privileged users, and how
cybersecurity risks could adversely affect their employers.
...and in
local news.
https://www.databreaches.net/nearly-30k-former-and-current-cu-boulder-students-personal-information-hacked/
Nearly
30K former and current CU Boulder students’ personal information
hacked
Alex
Rose reports:
The
University of Colorado Boulder is sending emails to roughly 30,000
former and current students that have been impacted by a data breach,
according to a release from the university.
Most
of the people impacted are no longer CU students or employees,
according
to the release.
The
university said the third-party software, provided by Atlassian, had
a vulnerability that impacted a program used by the Office of
Information Security. The office did an analysis that showed some
data was accessed by a hacker.
Read
more on KDVR.
It
speaks volumes about what kind of year 2021 has been that the
university had to add this statement in its notification:
This
security incident is unrelated to the cyberattack on CU’s Accellion
service earlier this year.
A
checklist for my Ethical Hacking students. (One of many)
https://www.csoonline.com/article/3637732/10-essential-skills-and-traits-of-ethical-hackers.html?upd=1635252504158
10
essential skills and traits of ethical hackers
A
tool for evidence gathering?
https://www.bespacific.com/heres-the-fbis-internal-guide-for-getting-data-from-att-t-mobile-verizon/
Here’s
the FBI’s Internal Guide for Getting Data from AT&T, T-Mobile,
Verizon
Vice:
“The newly obtained document shows in granular detail the sort of
data that the country’s carriers keep, and for how long. Much of
the information reiterates what we already knew about law enforcement
access to telecommunications data—how officials can request
location data from a telecom with a warrant or use court orders to
obtain other information on a phone user, for example. But the
document does provide insights on what exactly each carrier collects,
a more recent run-down of how long each telecom retains certain types
of data for, and images of the tool the FBI makes available to law
enforcement agencies across the country to analyze cell phone tower
data. Ryan Shapiro, executive director of nonprofit
organization Property of the People,
shared the document with Motherboard after obtaining it through a
public record act request. Property of the People focuses on
obtaining and publishing government records.
Do you have access to similar documents?
We’d love to hear from you. Using a non-work phone or computer,
you can contact Joseph Cox securely on Signal on +44 20 8133 5190,
Wickr on josephcox, or email joseph.cox@vice.com
The
document, a
139 page slide presentation dated 2019,
is written by the FBI’s Cellular Analysis Survey Team (CAST)…”
My
AI refuses to read articles like this.
https://www.bespacific.com/the-law-of-ai/
The
Law of AI
Jotwell
Review
by Margot Kaminski: Michael Veale and Frederik Zuiderveen Borgesius,
Demystifying
the Draft EU Artificial Intelligence Act 22(4).
Computer
L. Rev. Int’l 97-112
(2021). [h/t Mary Whisner]
“The
question of whether new technology requires new law is central to the
field of law and technology. From Frank Easterbrook’s “law
of the horse”
to
Ryan Calo’s law
of robotics, scholars
have
debated the what, why, and how of technological,
social, and legal co-development and
construction.
Given how rarely lawmakers create new legal regimes around a
particular technology, the EU’s proposed “AI
Act”
(Regulation
of the European Parliament and of the Council Laying Down Harmonised
Rules on Artificial Intelligence and Amending Certain Union
Legislative Acts) should put tech-law scholars on high alert. Leaked
early this spring and officially released in April 2021, the AI Act
aims to establish a comprehensive European approach to AI
risk-management and compliance, including bans
on some AI systems.
In Demystifying
the Draft EU Artificial Intelligence Act,
Michael Veale and Frederik Zuiderveen Borgesius provide a helpful and
evenhanded entrée into this “world-first attempt at horizontal
regulation of AI systems.” One the one hand, they admire the Act’s
“sensible” aspects, including its risk-based approach,
prohibitions of certain systems, and attempts at establishing public
transparency. On the other, they note its “severe weaknesses”
including its reliance on “1980s product safety regulation” and
“standardisation bodies with no fundamental rights experience.”
For U.S. (and EU!) readers looking for a thoughtful overview and
contextualization of a complex and somewhat inscrutable new legal
system, this Article brings much to the table at a relatively concise
length. Continue
reading “The Law of AI”
Perhaps
it will be possible for a mere human to audit an AI.
https://singularityhub.com/2021/10/25/not-so-mysterious-after-all-researchers-show-how-to-crack-ais-black-box/
Not
So Mysterious After All: Researchers Show How to Crack AI’s Black
Box
The deep learning neural networks at the heart of
modern artificial intelligence are often described as “black boxes”
whose inner workings are inscrutable. But new research calls that
idea into question, with significant implications for privacy.
Unlike traditional software whose functions are
predetermined by a developer, neural networks learn how to process or
analyze data by training on examples. They do this by continually
adjusting the strength of the links between their many neurons.
By the end of this process, the way they make
decisions is tied up in a tangled network of connections that can be
impossible to follow. As a result, it’s often assumed that even if
you have access to the model itself, it’s more or less impossible
to work out the data that the system was trained on.
But
a pair of recent papers have brought this assumption into question,
according
to MIT
Technology Review,
by
showing that two very different techniques can be used to identify
the data a model was trained on. This could have serious
implications for AI
systems
trained on sensitive information like health records or financial
data.
The alternative would be a comparable UK company.
Can you think of one?
https://www.theguardian.com/uk-news/2021/oct/26/amazon-web-services-aws-contract-data-mi5-mi6-gchq
Amazon
given contract to store data for MI5, MI6 and GCHQ
The UK’s spy agencies have given a contract to
Amazon Web Services (AWS) to host classified material in a deal aimed
at boosting the use of data analytics and artificial intelligence for
espionage.
GCHQ had supported the procurement of a
high-security cloud system, which would be used by its sister
services, MI5 and MI6. Other government departments, such as the
Ministry of Defence, would also use the system during joint
operations.
The
agreement, estimated by industry experts to be worth £500m to £1bn
over the next decade, was signed this year with Amazon.com’s cloud
service unit AWS, the
Financial Times first
reported, citing people familiar with the discussions.
Perspective.
A podcast.
https://knowledge.wharton.upenn.edu/article/is-the-great-resignation-giving-rise-to-the-entrepreneur/
Is
the Great Resignation Giving Rise to the Entrepreneur?
Wharton
management professor Jacqueline
“Jax” Kirtley isn’t
making any predictions about when or how the Great Resignation will
end.
Nearly
4.3 million Americans quit
their jobs in
August, the highest number on record since the government began
collecting data 20 years ago. The quit rate coincides with a
dramatic
surge in
applications for new businesses since the COVID-19 pandemic began,
mostly for sole-proprietor ventures.
The
pandemic is to blame for these concussive shocks to the labor market,
but Kirtley is careful about drawing any conclusions.