Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Friday, November 3, 2023

An Apparent Cyberattack Hushes the British Library; The New York Times, November 3, 2023

 Alex Marshall, The New York Times; An Apparent Cyberattack Hushes the British Library

"Tasmina Islam, a lecturer in cybersecurity education at King’s College London said in an email that the motivation for attacking a library could be financial.a

“Cybercriminals can access a lot of information from a library, including users’ personal data,” she said. Libraries also “store electronic books, research articles and various intellectual properties, all of which cybercriminals can exploit for illegal distribution,” Islam added.

The British Library incident “served as a warning for other libraries and institutions to assess their own security measures thoroughly,” she said."

Wednesday, May 4, 2022

Chinese hackers took trillions in intellectual property from about 30 multinational companies; CBS News, May 4, 2022

NICOLE SGANGA, CBS News; Chinese hackers took trillions in intellectual property from about 30 multinational companies

"A yearslong malicious cyber operation spearheaded by the notorious Chinese state actor, APT 41, has siphoned off an estimated trillions in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

A new report by Boston-based cybersecurity firm, Cybereason, has unearthed a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia. 

"We're talking about Blueprint diagrams of fighter jets, helicopters, and missiles," Cybereason CEO Lior Div told CBS News. In pharmaceuticals, "we saw them stealing IP of drugs around diabetes, obesity, depression." The campaign has not yet been stopped.

Cybercriminals were focused on obtaining blueprints for cutting-edge technologies, the majority of which were not yet patented, Div said.

The intrusion also exfiltrated data from the energy industry – including designs of solar panel and edge vacuum system technology. "This is not [technology] that you have at home," Div noted. "It's what you need for large-scale manufacturing plants.""

Tuesday, March 29, 2022

See ‘Spot’ Save: Robot Dogs Join the New York Fire Department; The New York Times, March 17, 2022

Chelsia Rose Marcius, The New York Times; See ‘Spot’ Save: Robot Dogs Join the New York Fire Department

Plans to use two new robot dogs only in precarious search and rescue missions may help avoid the controversy that met the Police Department’s robots last year. 

"“It’s like every piece of equipment we have,” he said. “We hope to never, ever have to use it. But when we need it, it’s important that we have the right thing.”"

Sunday, January 9, 2022

Ethical aspects relating to cyberspace: copyright and privacy; Israel Defense, January 9, 2022

Giancarlo Elia Valori , Israel Defense; Ethical aspects relating to cyberspace: copyright and privacy

"A further right - the right to privacy - is one of the most fundamental rights: it reflects the natural human need for privacy, confidentiality and autonomy, as well as for the protection of one's own “personal sphere” from outside intrusion, and the ability to make decisions without being spied on and to remain oneself and maintain one’s own individuality.

It is no coincidence that in all international documents declaring human rights and freedoms, as well as in all codes of ethics related to the sphere of information, privacy is proclaimed as a fundamental moral value, which constitutes the foundation of human freedom and security, and therefore requires respect and protection."

Friday, May 21, 2021

Ransomware is a national security threat and a big business — and it’s wreaking havoc; The Washington Post, May 15, 2021

 

 
"But many of the actors are in countries outside the reach of U.S. and allied authorities. DarkSide, for example, is believed to be based in Russia and many of its communications are in Russian. 
 
“They’ve become the 21st century equivalent of countries that sheltered pirates,” said Daniel, the Obama White House cyber coordinator. “We have to impose diplomatic and economic consequences so they don’t see it as in their interest to harbor those criminals.”"

Friday, April 3, 2020

Thousands of Zoom video calls left exposed on open Web; The Washington Post, April 3, 2020

 

Many of the videos include personally identifiable information and deeply intimate conversations, recorded in people’s homes.

"Thousands of personal Zoom videos have been left viewable on the open Web, highlighting the privacy risks to millions of Americans as they shift many of their personal interactions to video calls in an age of social distancing...

The discovery that the videos are available on the open Web adds to a string of Zoom privacy concerns that have come to public attention as the service became the preferred alternative for American work, school and social life.

The company reached more than 200 million daily users last month, up from 10 million in December, as people turned on their cameras for Zoom weddings, funerals and happy hours at a time when face-to-face gatherings are discouraged or banned."

Friday, January 31, 2020

Users Lament PAIR Changes During USPTO Forum; IP Watchdog, January 30, 2020

Eileen McDermott, IP Watchdog; Users Lament PAIR Changes During USPTO Forum

"Jamie Holcombe, Chief Information Officer at the U.S. Patent and Trademark Office (USPTO), seemed surprised to learn on Wednesday that both the Public and Private versions of the USPTO’s Patent Application Information Retrieval (PAIR) System have serious issues that are making workflows untenable for users.

Holcombe was participating in a public Forum on the PAIR system, where USPTO staff listened to stakeholders’ experiences since the Office implemented major security changes to the system on November 15, 2019. “The USPTO disabled the ability to look up public cases outside of a customer number using Private PAIR,” explained Shawn Lillemo, Software Product Manager at Harrity LLP, who attended the Forum. “Most patent professionals prior to the change could retrieve all the PAIR information they needed from Private PAIR. That is no longer true.”"

Tuesday, February 19, 2019

NATO Group Catfished Soldiers to Prove a Point About Privacy; Wired, February 18, 2019

Issie Lapowsky, Wired; NATO Group Catfished Soldiers to Prove a Point About Privacy

"For the military group that OK'd the research, the experiment effectively acted as a drill. But for the rest of us—and certainly for the social media platforms implicated in the report—the researchers hope it will serve as concrete evidence of why a fuzzy concept like privacy matters and what steps can be taken to protect it."

Wednesday, January 30, 2019

Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones; The New York Times, January 29, 2019

Nicole Perlroth, The New York Times; Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones


"A bug this easy to exploit is every company’s worst security nightmare and every spy agency, cybercriminal and stalker’s dream. In emails to Apple’s product security team, Ms. Thompson noted that she and her son were just everyday citizens who believed they had uncovered a flaw that could undermine national security." 

“My fear is that this flaw could be used for nefarious purposes,” she wrote in a letter provided to The New York Times. “Although this certainly raises privacy and security issues for private individuals, there is the potential that this could impact national security if, for example, government members were to fall victim to this eavesdropping flaw."

Thursday, January 10, 2019

All of Us program wants to change the face of medicine; University of Pittsburgh: University Times, January 8, 2019

Susan Jones, University of Pittsburgh: University Times; All of Us program wants to change the face of medicine

"Dr. Steven Reis wants all of you to become part of All of Us.

Pitt received a $46 million award in 2016 from National Institutes of Health to build the partnerships and infrastructure needed to carry out the All of Us initiative, which seeks to gather health information from 1 million people nationwide to create a database to study different diseases and other maladies, and in the process change the face of medicine.

In Pennsylvania, Pitt is responsible for recruiting 120,000 participants and by early this week had reached 11,610. Nationally, there are more than a dozen other organizations now gathering participants and more than 80,000 people have enrolled nationwide. There are between 40 and 50 people working on the project at Pitt...

The institute “supports translational research, meaning how to get research from the bench to the bedside, to the patient, to practice, to the community, to health policy,” Reis said...

The information will be stored in a secure central database created by Vanderbilt University Medical Center, Verily Life Sciences (a Google company) and the Broad Institute in Cambridge, Mass. Volunteers will have access to their study results, along with summarized data from across the program."

Pennsylvania High Court Decision Regarding Data Breach Increases Litigation Risk for Companies Storing Personal Data; Lexology, January 8, 2019

Ropes & Gray LLP , Lexology; Pennsylvania High Court Decision Regarding Data Breach Increases Litigation Risk for Companies Storing Personal Data

"This decision could precipitate increased data breach class action litigation against companies that retain personal data. No state Supreme Court had previously recognized the existence of a negligence-based duty to safeguard personal information, other than in the narrow context of health care patient information."

Monday, November 19, 2018

Yes, Facebook made mistakes in 2016. But we weren’t the only ones.; The Washington Post, November 17, 2018

Alex Stamos, The Washington Post; Yes, Facebook made mistakes in 2016. But we weren’t the only ones.

"Alex Stamos is a Hoover fellow and adjunct professor at Stanford University. He served as the chief security officer at Facebook until August...

It is time for us to come together to protect our society from future information operations. While it appears Russia and other U.S. adversaries sat out the 2018 midterms, our good fortune is unlikely to extend through a contentious Democratic presidential primary season and raucous 2020 election.

First, Congress needs to codify standards around political advertising. The current rules restricting the use of powerful online advertising platforms have been adopted voluntarily and by only a handful of companies. Congress needs to update Nixon-era laws to require transparency and limit the ability of all players, including legitimate domestic actors, to micro-target tiny segments of the population with divisive political narratives. It would be great to see Facebook, Google and Twitter propose helpful additions to legislation instead of quietly opposing it.

Second, we need to draw a thoughtful line between the responsibilities of government and the large technology companies. The latter group will always need to act in a quasi-governmental manner, making judgments on political speech and operating teams in parallel to the U.S. intelligence community, but we need more clarity on how these companies make decisions and what powers we want to reserve to our duly elected government. Many areas of cybersecurity demand cooperation between government and corporations, and our allies in France and Germany provide models of how competent defensive cybersecurity responsibility can be built in a democracy."

 

Monday, November 5, 2018

Pitt Sets Course for Student Success With Inaugural Advanced Analytics Summit; PittWire, November 2, 2018

PittWire; Pitt Sets Course for Student Success With Inaugural Advanced Analytics Summit


"Ann Cudd, provost and senior vice chancellor at Pitt, said that as advanced analytics moves forward at the University, two topics of focus include identifying whether the use of data is universally good and what potential dangers exist, and how to keep the human components to avoid generalizing...

While the vast amounts of information may be overwhelming, data privacy is seen as a key fundamental of building and maintaining trust between students and universities.

“It is vitally important that the storage of data be secure,” [Stephen] Wisniewski [vice provost for data and information at the University of Pittsburgh] said. “To that end, experts in the field collectively work to understand and address the ever-changing technology landscape to protect sensitive data.”

Wisniewski said that Pitt’s focus on advanced analytics has one driving principle.

“The primary reason is to better serve our students. That is our ultimate goal,” he said.  “That’s what we want out of this. We want them to have the best experience possible and we’re using analytics to help that process.”"

Thursday, October 25, 2018

Hackers Are Breaking into Medical Databases to Protect Patient Data; The Scientist, October 1, 2018

Catherine Offord, The Scientist; Hackers Are Breaking into Medical Databases to Protect Patient Data

"The first few times Ben Sadeghipour hacked into a computer, it was to access the video games on his older brother’s desktop. “He would usually have a password on his computer, and I would try and guess his password,” Sadeghipour tells The Scientist. Sometimes he’d guess right. Other times, he wouldn’t. “So I got into learning about how to get into computers that were password protected,” he says. “At the time, I had no clue that what I was doing was considered hacking.”

The skills he picked up back then would become unexpectedly useful later in life. Sadeghipour now breaks into other people’s computer systems as a profession. He is one of thousands of so-called ethical hackers working for HackerOne, a company that provides services to institutions and businesses looking to test the security of their systems and identify vulnerabilities before criminals do."

Wednesday, August 8, 2018

The Chinese threat that an aircraft carrier can’t stop; The Washington Post, August 7, 2018

The Washington Post; The Chinese threat that an aircraft carrier can’t stop

"America’s vulnerability to information warfare was a special topic of concern. One participant recalled a conversation several years ago with a Russian general who taunted him: “You have a cybercommand but no information operations. Don’t you know that information operations are how you take countries down?”"

Tuesday, July 24, 2018

My terrifying deep dive into one of Russia's largest hacking forums; The Guardian, July 24, 2018

Dylan Curran, The Guardian; 

My terrifying deep dive into one of Russia's largest hacking forums


[Kip Currier: I had a similar reaction to the author of this article when I attended a truly eye-opening 4/20/18 American Bar Association (ABA) Intellectual Property Law Conference presentation, "DarkNet: Enter at Your Own Risk. Inside the Digital Underworld". One of the presenters, Krista Valenzuela with the New Jersey Cybersecurity and Communications Integration Cell in West Trenton, New Jersey, did a live foray into the Dark Web. The scope of illicit activities and goods witnessed in just that brief demo was staggering and evoked a feeling that scenes of "black market" contraband and "bad actors" endemic to dystopian sci-fi fare like Blade Runner 2049 and Netflix's Altered Carbon are already part of the present-day real-world.]
 
"It’s fascinating to see how this community works together to take down “western” systems and derive chaos and profit from it. Typically, hackers in first-world countries are terrified to work together due to the multiplicative risk of a group being caught. In Russia, however, the authorities don’t seem to care that these hackers are wreaking havoc on the west. They are left to their own devices, and most users on this forum have been regular members for over six years.

A lot of the information on this forum is incredibly worrying, even if a lot of it is harmless 15-year-olds trying to be edgy and hack their friend’s phones. In any case, it’s important to know these communities exist. The dark underbelly of the internet isn’t going anywhere."

Saturday, April 28, 2018

Data on a genealogy site led police to the ‘Golden State Killer’ suspect. Now others worry about a ‘treasure trove of data’; The Washington Post, April 27, 2018

Justin JouvenalMark BermanDrew Harwell and Tom Jackman, The Washington Post; Data on a genealogy site led police to the ‘Golden State Killer’ suspect. Now others worry about a ‘treasure trove of data’

"Prosecutors say they see the private genealogical databases as an investigative gold mine, and they worry that privacy concerns could block them from the breakthroughs needed to track down future predators.

“Why in God’s name would we come up with a reason that we not be able to use it, on the argument that it intrudes onto someone’s privacy?” said Josh Marquis of the National District Attorneys Association. “Everything’s a trade-off. Obviously we want to preserve privacy. But on the other hand, if we’re able to use this technology without exposing someone’s deepest, darkest secrets, while solving these really horrible crimes, I think it’s a valid trade-off.”

Some legal experts compared the use of public genetic databases to the way authorities can scan other personal data provided to third-party sources, including telephone companies and banks. Others suggested further scrutiny as the amount of publicly available DNA multiplies.

“The law often lags behind where technology has evolved,” said Barbara McQuade, a University of Michigan law professor and former U.S. attorney. With DNA, “most of us have the sense that that feels very private, very personal, and even if you have given it up to one of these third-party services, maybe there should be a higher level of security.”"

Wednesday, March 7, 2018

Top priest shares ‘The Ten Commandments of A.I.’ for ethical computing; internet of business, February 28, 2018

Chris Middleton, internet of business; Top priest shares ‘The Ten Commandments of A.I.’ for ethical computing

"A senior clergyman and government advisor has written what he calls “the Ten Commandments of AI”, to ensure the technology is applied ethically and for social good.

AI has been put forward as the saviour of businesses and national economies, but how to ensure that the technology isn’t abused? The Rt Rev the Lord Bishop of Oxford (pictured below), a Member of the House of Lords Select Committee on Artificial Intelligence, set out his proposals at a policy debate in London, attended by representatives of government, academia, and the business world.

Speaking on 27 February at a Westminster eForum Keynote Seminar, Artificial Intelligence and Robotics: Innovation, Funding and Policy Priorities, the Bishop set out his ten-point plan, after chairing a debate on trust, ethics, and cybersecurity."

Tuesday, March 6, 2018

The dangers of digital things: Self-driving cars steer proposed laws on robotics and automation, ABA Journal, March 2018

Victor Li, ABA Journal; The dangers of digital things: Self-driving cars steer proposed laws on robotics and automation

"Some states are standing in a legal gray area. Pennsylvania, for example, is a training ground for Uber’s collaboration with Carnegie Mellon to deploy autonomous vehicles throughout Pittsburgh. At press time, Pennsylvania did not have a statute that speaks to the legality of driverless cars.

However, Roger Cohen, policy director at the Commonwealth of Pennsylvania Department of Transportation, says the state has long operated under the assumption that autonomous cars are allowed on public roadways—as long as a human driver is at the steering wheel ready to take over. PennDOT has taken the lead in promulgating policies relating to autonomous vehicles with the goal of their formal adoption into law.

“That policy was deemed to be a more effective tool for the public oversight of testing operations because of its ability to be flexible and nimble and rapid in responding to what are fast-moving, unpredictable, hard-to-anticipate new developments,” Cohen says.

As with Michigan, Cohen says time is of the essence, adding that although Pennsylvania’s regulatory structure has an important purpose, it generally takes one to two years to process feedback and review the rules. “That was deemed to be ineffective for emerging technology,” Cohen says.

Instead, PennDOT has been freed up to develop policies while collaborating with a wealth of stakeholders—including academics, sister agencies, lawyers, technology companies and members of the automotive industry. Cohen says bills are pending in both state legislative houses, and he is optimistic that they’ll be passed.

“When it comes to car accidents, we must drive down the death rate toward zero, which is our goal,” Cohen says. “We have a technology that gives us our best chance to do that. I think there are real issues concerning data ownership, data privacy and cybersecurity. But there’s every reason to be optimistic.”"

Sunday, August 6, 2017

Bobby Sticks It to Trump; New York Times, August 5, 2017

Maureen Dowd, New York Times; Bobby Sticks It to Trump

"We are in for an epic clash between two septuagenarians who both came from wealthy New York families and attended Ivy League schools but couldn’t be more different — the flamboyant flimflam man and the buttoned-down, buttoned-up boy scout. (And we know the president has no idea how to talk to scouts appropriately.)

One has been called America’s straightest arrow. One disdains self-promotion and avoids the press. One married his sweetheart from school days. One was a decorated Marine in Vietnam. One counts patience, humility and honesty as the virtues he lives by and likes to say “You’re only as good as your word.”

And one’s president."