Wednesday, August 10, 2016

Cyber Titanic Experts Draw Line Between Active Defense, Illegal Hacking ...

History teaches us that men and nations behave wisely once they have exhausted all other alternatives.

~ Abba Eban

This is exactly like the Titanic if, instead of being a big boat they said was impossible to sink, the Titanic was a bunch of servers they said wouldn't go down while people tried to do the census that absolutely did. Despite the ABS claiming that the system was sufficiently tested and ready for the estimated 16 million people logging in to give away their personal details to some statistics nerds hidden in a bunker somewhere, the website has been intermittently going down tonight, with a complete outage occurring at time of writing.
Those people lucky enough to receive their login code who were then unlucky enough to have the site conk out on them while they were filling it out or even before they could start were not very impressed ...
Censusmas aka census night primer

*Where is the trust? Census DDoS claim faces early scepticism

New AUSTRAC team to unearth online terrorism financing

Australia to crack down on prepaid money cards to fight terrorism funding  

Vote early ... Often online ... Recent Breaches Raise Fears of Voting System Hacks

Intelligence agencies don't always rely on hacks to monitor and influence political events. Motherboard has learned that the UK's GCHQ created its own URL shortener,, to both disseminate pro-revolution talk during Iranian and Arab Spring ...

Anyone using a VPN to visit illegal sites or dodge a ban on using unauthorised voice over IP (VoIP) service faces a £400,000 fine or prison under a new law brought in by the United Arab Emirates (UAE). The text of the new legislation says: "Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery, shall be punished by temporary imprisonment and a fine of no less than Dh500,000 [£100,000] and not exceeding Dh2,0   00,000 [£400,000], or either of these two penalties

Use a VPN or proxy in the United Arab Emirates, risk a £400K fine or prison

Tobacco Tales

Australian tobacco executive bashed and stabbed in attempted kidnap

I am a modern speech recognition system: “The Scottish and our accent’s incompatibility with modern speech recognition systems has been well documented.

Bitcoin’s Latest Economic Problem – Market Ouvert Or Squatters’ Rights Forbes. As we’ve said, Bitcoin = prosecution futures The Age Old Story About Bitcoin without clothes 

Banner Health Hacked, Exposing Data On 3.7M People MedCity News 

The committee set up to investigate lack of transparency in Panama's financial system itself lacks transparency, Nobel Prize-winning economist Joseph Stiglitz told Reuters on Friday after resigning from the "Panama Papers" commission.

The leak in April of more than 11.5 million documents from the Panamanian law firm Mossack Fonseca, dubbed the "Panama Papers," detailed financial information from offshore accounts and potential tax evasion by the rich and powerful. Stiglitz and Swiss anti-corruption expert Mark Pieth joined a seven-member commission tasked with probing Panama's notoriously opaque financial system, but they say they found the government unwilling to back an open investigation.Both quit the group on Friday after they say Panama refused to guarantee the committee's report would be made public. "I thought the government was more committed, but obviously they're not," Stiglitz said. "It's amazing how they tried to undermine us." Exclusive: Stiglitz quits Panama Papers probe, cites lack of transparency

TaxGrrrl, Miami Judge Rules That Bitcoin Is Not Money. “Miami-Dade Circuit Judge Teresa Mary Pooler threw out all charges. On the first charge of engaging in business as a money services business, she wrote that ‘attempting to fit the sale of Bitcoin into a statutory scheme regulating money services businesses is like fitting a square peg in a round hole.'”

Assistant Commissioner Graham Whyte   said myTax has revolutionised the way Australians who prepare their own tax return lodge by making it quicker and easier:
“We’ve already noticed some interesting stats with myTax users this year. The average age of a myTax lodger is 35. The oldest myTax lodger so far was 105 years old, which shows you it’s never too late to get online.” “Around fifty-two per cent of myTax users are female, and New South Wales and Queensland are neck and neck for the most lodgments.” ATO Stats David Koch: Taxpayers taking ten minutes to file tax return online warned they may be missing refunds ; DK and JM

Face Recognition Technology: FBI Should Better Ensure Privacy and Accuracy [Reissued on August 3, 2016] GAO-16-267: Published: May 16, 2016 (Happy Birthday to MED)

Data Act: Initial Observations on Technical Implementation, GAO-16-824R: Published: Aug 3, 2016 Mitchell, Charles L., Do Something! The Active-Passive Transformation Internet Causes in Political Reasoning (July 24, 2016). Prepared for presentation at the 24th World Congress of the International Political Science Association, Poznań, Poland, July 24, 2016. Available for download at SSRN: The  motivating effect of Internet on politicians and social scientists has been presented in this paper. When the browser was introduced in 1994 and HTML language begun to produce sophisticated Internet content, an incredible about of motivational developments occurred. People who would not otherwise become involved with politics became opinion leaders. Social scientists reacted to the phenomenon that was happening with a substantial amount of research activity ...

This Boring Service Is Suddenly a Big Concern for Treasurys Wall Street Journal. Notice the lack of explanation as to why JP Morgan withdrew. You’d think they would have beefed about regulations, as Dimon is wont to do if that were the driver. So it must have been deemed to be too low margin, but weirdly no one is willing to say that. Or maybe those pesky IT systems were getting a bit too creaky, and JPM didn’t want to be caught out or have to invest more?

A panel of private information security experts and a chief with the National Security Agency on Thursday cautioned companies against taking an offensive approach to cybersecurity that could put them at odds with the law in the United States. Just as it would be illegal to break into someone’s home to retrieve property that you believe the occupant stole from you, it’s a violation of the law to break into another party’s network and retrieve data that you think has been stolen from you or your company, according to experts. “I think that’s a good framing point to begin the discussion. Bottom line is, it’s just illegal,” said Rob Joyce, chief of tailored access operations at the National Security Agency. It’s illegal, that is, in the United States. One expert said that companies do employ hackers who are willing to undertake offensive operations on their behalf from another jurisdiction where such activities may be considered acceptable. “People hire us hackers to go to another country, to take action. The government doesn’t sanction this. But they will fly you out to some nice island, and say make sure these things come down,” said Ed Skoudis, founder of Counter Hack, “I don’t participate myself but I have friends that do.” Mr. Joyce and Mr. Skoudis shared the podium with two other experts, Lance James, the chief scientist of Flashpoint, and Ron Tokazowski, senior researcher of PhishMe, during a panel at the International Conference on Cyber Security at Fordham University. “To me, that just sounds like war,” said Mr. James.

Cyber Experts Draw Line Between Active Defense, Illegal Hacking Back  

Step away from the ransom payment. That's the goal of the new "No More Ransom" initiative announced July 25 that aims to help PC users avoid becoming ransomware victims as well as to help victims decrypt their files. There's no law in the United States and Europe that prohibits paying ransoms
'No More Ransom' Portal Offers Respite From Ransomware

The website of technology outlet TechCrunch has been breached and defaced by a hacking group known as OurMine – a controversial collective claiming to be a 'security firm'. The spam-like posts, which have since been removed, said: "Hello Guys, don't worry we are just testing techcrunch (sic) security, we didn't change any passwords, please contact us." The defacement post took over one single article and, at the time of writing, was featured as the top story on the homepage. The article itself was spotted at roughly 12:30 BST and was live for roughly five minutes Technology website TechCrunch breached and defaced by OurMine hacking group

Warner, Richard and Sloan, Robert H., Defending Our Data: The Need for Information We Do Not Have (July 29, 2016). Available for download at SSRN:
“Data breaches occur at the rate of over two a day. The aggregate social cost is high. Security experts have long explained how to defend better. So why does society tolerate a significant loss that it has the means to avoid? Current laws are ineffective in providing an adequate incentive to avoid the loss.

When the Democratic National Committee discovered in April that its computer networks had been hacked, leaders there did not just alert government intelligence. They called CrowdStrike, a 5-year-old cybersecurity firm that makes millions of dollars from mercenary work sold with a promise: "We Stop Breaches."

These businesses are booming thanks to Russian hackers

“During O.J. Simpson’s famous, slow-speed police chase in the summer of ’94, Domino’s Pizza reported record-breaking pizza sales. (According to the same company, not a single person in the entire country ordered a pizza from them during the five minutes the Simpson verdict was read out the following year.)”

“The magic of the Internet — the recession of the material world in favor of a world of ideas — is not pure delight. It seems we are missing something very worthwhile and identity-forming from our predigital lives. Is it a handwritten letter? Is it an analog phone call? Is it a quality of celluloid film, a multivolume encyclopedia, or a leather-bound datebook? Is it a way of thinking or being or even falling in love?”
Los Angeles Times

A top ally of Republican Gov. Bruce Rauner abruptly resigned from the Illinois House on Sunday, citing “cyber security issues” that also prompted him to delete his social media accounts. Rep. Ron Sandack, R-Downers Grove, served as Rauner’s House floor leader, where he was known for his passionate defense of the governor’s policies that also bled into his online presence.
Suburban lawmaker abruptly resigns, citing hacked social media accounts

"Claiming 'conspiracy,' CBS lawyers ask Supreme Court to delay Alycia Lane lawsuit over email snooping": Joseph A. Slobodzian of The Philadelphia Inquirer has an article that begins, "After eight years of legal maneuvering and appeals, former CBS3 anchor Alycia Lane's negligence lawsuit against CBS for failing to stop former coanchor Larry Mendte from hacking her email and feeding salacious details and photos to gossip columnists was finally set for trial." 

Why Bitcoin will never be one hundred percent reserve banking 

President Barack Obama’s top cybersecurity adviser said the next president should keep focusing on cybersecurity concerns by forming strong partnerships between government and the private sector. Michael Daniel, cybersecurity coordinator for the Obama administration, said Aug. 4 the next administration may want updated legislation to help government tackle massive cyber breaches

When the administration announced the creation of a new Cyber Threat Intelligence Integration Center (CTIIC), not everyone in government was happy about the news

The digital currency Bitcoin plunged on Wednesday after Bitfinex, an exchange based in Hong Kong, said it had been hacked and funds stolen. The exchange said it had halted trading, deposits and withdrawals while it investigated which users had been affected. Bitcoin’s trading value fell about 20 percent early on Wednesday, local time in Hong Kong, but had recovered about half the loss by early afternoon

Last night, at the Paris Hotel in Las Vegas, seven autonomous bots proved that hacking isn’t just for humans. The Paris ballroom played host to the Darpa Cyber Grand Challenge, the first hacking contest to pit bot against bot—rather than human against human.

As the head of Poland’s Computer Emergency Response Team, Przemek Jaroszewski flies 50 to 80 times a year, and so has become something of a connoisseur of airlines’ premium status lounges. (He’s a particular fan of the Turkish Airlines lounge in Istanbul, complete with a cinema, putting green, Turkish bakery and free massages.) So when his gold status was mistakenly rejected last year by an automated boarding pass reader at a lounge in his home airport in Warsaw, he applied his hacker skills to make sure he’d never be locked out of an airline lounge again

A Russian web hosting service is providing an avenue for cybercriminals to set up sites for selling stolen passwords, credit cards, and other pilfered personal information, a cybersecurity firm said. The web hosting company has become popular among online thieves because it's easy to use and asks few questions from users, said Rick Holland, vice president of strategy at the cybersecurity firm Digital Shadows, on Tuesday at the Black Hat cybersecurity conference in Las Vegas

When cybersecurity researchers showed in recent years that they could hack a Chevy Impala or a Jeep Cherokee to disable the vehicles’ brakes or hijack their steering, the results were a disturbing wakeup call to the consumer automotive industry

Researcher Weston Hecker is unveiling a new way hackers could break into hotel rooms, swipe credit card numbers, swindle grocery store rewards points and, in general, wreak havoc on many systems designed to use magnetic stripes as input

On the first day of the sprawling RSA security industry conference in San Francisco, a giant screen covering the wall of the Moscone Center’s cavernous lobby cycles through the names and headshots of keynote speakers: steely-eyed National Security Agency director Michael Rogers in a crisp military uniform; bearded and besuited Whitfield Diffie and Ron Rivest, legendary inventors of seminal encryption protocols that made the Internet safe for communication and commerce.

The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don't have the ability to monitor a targeted end user's Internet connection.

A notorious black hat says he has more than 200 million hacked Yahoo accounts for sale on the dark Web

A famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes is now going after the computer software industry, whose standard practices all but guarantee that most products will be vulnerable to cyber attacks. Peiter Zatko, known in the hacker world as Mudge, was the best-known member of pioneering Boston hacking group the L0pht

A group of privacy advocates and internet providers has filed a new challenge to the U.K. government's use of bulk hacking abroad. U.K.-based Privacy International and five internet and communications providers aim to "bring the government's hacking under the rule of law," they said in a case lodged Friday with the European Court of Human Rights
  Tobacco Stories ...