Monday, January 09, 2023

I would be shocked if the cyberattack part of the war crime did not also occur outside of war zones.

https://www.politico.eu/article/victor-zhora-ukraine-russia-cyberattack-infrastructure-war-crime/

Kyiv argues Russian cyberattacks could be war crimes

One of Ukraine's top cyber officials said some cyberattacks on Ukrainian critical and civilian infrastructure could amount to war crimes.

Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said Russia has launched cyberattacks in coordination with kinetic military attacks as part of its invasion of Ukraine, arguing the digital warfare is part of what Kyiv considers war crimes committed against its citizens.

When we observe the situation in cyberspace we notice some coordination between kinetic strikes and cyberattacks, and since the majority of kinetic attacks are organized against civilians — being a direct act of war crime — supportive actions in cyber can be considered as war crimes,” Zhora told POLITICO in an interview.

Classifying Russia's digital attacks on Ukrainian infrastructure as part of war crimes would be a first. Academics and researchers have been making the case for it since earlier this year, asking the Office of the Prosecutor at the ICC to add cyberattacks to their investigations into the war in Ukraine.





When writing Insurance is too risky (too expensive) sell some of that risk to others.

https://www.ft.com/content/a945d290-a7f1-427c-84a6-b0b0574f7376

Insurer Beazley launches first catastrophe bond for cyber threats

Lloyd’s of London insurer Beazley has launched the first cyber catastrophe bond, opening up one of the fastest-growing areas of the underwriting industry to investors as companies and governments seek to shield themselves from ransomware strikes.

The $45mn private bond will pay out to Beazley if total claims from a cyber attack on its clients exceed $300mn — a structure intended to give some protection to the insurer’s balance sheet from “remote probability catastrophe and systemic events”.

Adrian Cox, Beazley’s chief executive, told the Financial Times that the new instrument gave the insurer access to a much larger source of capital.

What that taps into is a pool that is trillions [of dollars] rather than hundreds of billions, and is a pathway for us to be able to hedge and grow,” Cox said. Beazley hoped, he added, to scale this “new tool” to eventually provide billions of dollars worth of reinsurance cover.





This likely will happen to most law firms. Plan for it now.

https://abovethelaw.com/2023/01/cyberattack-forces-biglaw-firm-to-take-document-management-system-down-for-weeks/

Cyberattack Forces Biglaw Firm To Take Document Management System Down For Weeks

We are confident that our process has been professional and appropriate. In fact, I am proud to say that we have received overwhelming praise from our clients for our transparency and the professionalism of our response to this attack.

Pat Quinn, managing partner of Cadwalader, in a statement given to the American Lawyer, concerning the firm’s response to a mid-November cyberattack that forced the Am Law 100 mainstay to wipe hard drives and take many of its systems offline, some of them for weeks (like its internal document management system). Quinn went on to note that the firm quickly informed clients about the issue and hired “renowned external cybersecurity experts and legal counsel.” Cybersecurity experts told Am Law that Cadwalader’s response was in-line with industry best practices.





Cell phone surveillance is complicated.

https://www.schneier.com/blog/archives/2023/01/identifying-people-using-cell-phone-location-data.html

Identifying People Using Cell Phone Location Data

The two people who shut down four Washington power stations in December were arrested. This is the interesting part:

Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents.

Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional. But way back in 2012, the Canadian CSEC—that’s their NSA—did some top-secret work on this kind of thing. The document is part of the Snowden archive, and I wrote about it:

The second application suggested is to identify a particular person whom you know visited a particular geographical area on a series of dates/times. The example in the presentation is a kidnapper. He is based in a rural area, so he can’t risk making his ransom calls from that area. Instead, he drives to an urban area to make those calls. He either uses a burner phone or a pay phone, so he can’t be identified that way. But if you assume that he has some sort of smart phone in his pocket that identifies itself over the Internet, you might be able to find him in that dataset. That is, he might be the only ID that appears in that geographical location around the same time as the ransom calls and at no other times.

There’s a whole lot of surveillance you can do if you can follow everyone, everywhere, all the time. I don’t even think turning your cell phone off would help in this instance. How many people in the Washington area turned their phones off during exactly the times of the Washington power station attacks? Probably a small enough number to investigate them all.





Reasonable suspicion overrules any Rights I might have?

https://www.bespacific.com/the-right-to-equal-protection-and-fourth-amendment-rights-are-distinct-rights/

The Right to Equal Protection and Fourth Amendment Rights Are Distinct Rights

Courts Must Protect Both: “On behalf of MACDL, Attorney Wood and a team of attorneys from Wilmer Cutler Pickering Hale and Dorr recently filed an amicus brief urging the Supreme Judicial Court to fully enforce people’s rights not to be targeted for stops based on their race, regardless of whether the police have reasonable suspicion. The Commonwealth [of Massachusetts] has repeatedly argued that if the police have reasonable suspicion, then it does not matter whether someone has been targeted because of their race. This argument is pernicious, essentially reading the equal protection clause out of the constitution. The SJC must reject such arguments.”



No comments: