Everything is Broken Medium. Brian C: “In light of the recent hacking stories in the news, I thought it would be a good time to share one of my favorite blog posts of all time. I have been reading about information technology and working with it since about 1974, and I have never found a narrative that so perfectly captures my personal observations of the state of computer technology today.”
The leader of a gang of Nigerian business email compromise and romance scammers, who headed a network of at least 40 criminals, has been arrested and his operation disbanded, according to Interpol. A 40-year-old Nigerian known as "Mike" was arrested by local police in June along with a 38-year old accomplice in Port Harcourt, in the south of the African nation, Interpol said. The pair face charges of hacking, conspiracy and obtaining money under false pretences, and are on administrative bail as police continue the investigation. Aussie businesses hit hard by busted Nigerian email scam ring
Residents are being warned to keep their guard up against bogus callers as a spate of phone scams hits the Gold Coast... Second Commissioner Mr Geoff Leeper said the tax office was very concerned about taxpayer privacy and he reminded people of the key differences between a scam of this nature and a genuine call from the ATO.
“We would never cold call you about a debt, we would never threaten jail or arrest, and our staff certainly wouldn’t behave in an aggressive manner,” he said. “If you have a debt, we will write to you first. If we do ring you, our staff will identify themselves and let you know how you can call us back using our publicly listed phone number. “If the person calling you is rude and aggressive, threatening police or legal action if you don’t do something immediately, it’s not the ATO.”
Mr Leeper said a person’s tax agent would be able to confirm claims of a debt.
“We will never request the payment of a tax debt via gift or prepaid cards such as iTunes and Visa cards. Nor will we ask for direct credit to be paid to a personal bank account,” he said. “If you’re not sure (about a caller), hang up and call us back on 1800 008 540.”
Gold Coast elderly targeted by Unitycare and ATO scammers
Geoff Leeper from the Client Identity Unit to fight identity fraud. Photo: Lyn Mills
The US Department of Justice has a battle on its hands, as dozens of lawyers question evidence the FBI obtained using hacking techniques across a string of ongoing cases. In 2015, the FBI used a piece of malware to identify suspected visitors of a dark web child pornography site. Now, nearly 30 legal teams across the country have pushed to get all evidence thrown out of court, and many attorneys have decided to pool their efforts in a “national working group.” The cases revolve around Operation Pacifier, in which the FBI briefly assumed control of the “Playpen” website.
Hacker puppets explain how they find your passwords in non-technical ways
The head of the Digital Transformation Office, Paul Shetler, said one of the biggest attractions of the job was the opportunity to do a few things better than GDS, on which DTO is based
GovHack was originally an Australian initiative by Web Directions. They ran the first GovHack in 2009 which was funded by the Gov 2.0 Taskforce as part of their MashUp Australia initiative.
GovHack is a two-day event held simultaneously around Australia to create working prototypes with government data, and to help find new ways to solve the challenges facing government and contributes towards social and economic development. GovHack includes a number of locations around Australia with participation from federal, state and local governments.
This is a non-profit event proudly run by a team of passionate volunteers and mentors that collaborate from all corners of Australia and New Zealand to form the GovHack Coordination Team GovHackthon 2016 ; A series of sample files of individual tax return information for more advanced users Australian taxation office taxation statistics individual sample files
Discovery and Reuse of Open Datasets: An Exploratory Study – Sara Mannheimer, Montana State University-Bozeman; Leila Belle Sterman, Montana State Univeristy-Bozeman; Susan Borda, Montana State University-Bozeman. Publication Date 7-19-2016. DOI Link http://dx.doi.org/10.7191/jeslib.2016.1091
A panel of
private information security experts and a chief with the National Security
Agency on Thursday cautioned companies against taking an offensive approach to
cybersecurity that could put them at odds with the law in the United States.
Just as it would be illegal to break into someone’s home to retrieve property
that you believe the occupant stole from you, it’s a violation of the law to
break into another party’s network and retrieve data that you think has been
stolen from you or your company, according to experts. “I think that’s a good
framing point to begin the discussion. Bottom line is, it’s just illegal,” said
Rob Joyce, chief of tailored access operations at the National Security Agency.
It’s illegal, that is, in the United States.
Zulfikar bin Mohamad Shariff: Australian resident detained for 'terrorism-related activities' in Singapore
Will Preemptive Accusations Against Russia Cover Up Voting Fraud? Moon of Alabama
How Is the Federal Government Using the Internet of Things? By Daniel Castro, Joshua New & Alan McQuinn. July 25, 2016: “The Internet of Things (IoT)—a term used to describe the set of physical objects embedded with sensors or actuators and connected to a network—offers numerous opportunities for the federal government to cut costs and improve citizen services
Qld pays $300k to build an app already available for free
Dark Patterns are designed to trick you (and they’re all over the Web) ars technica
Court ruling shows the internet does have borders after all CSO Online. Stunning that techies ever thought otherwise. Did they not understand that Wikileaks has its servers in Sweden for a reason
Algorithms that predict future criminals get a thumbs up from Wisconsin Supreme Court Fusion
An Interview With Cyberwarrior Eugene Kaspersky
Court ruling shows the internet does have borders after all CSO Online. Stunning that techies ever thought otherwise. Did they not understand that Wikileaks has its servers in Sweden for a reason
Algorithms that predict future criminals get a thumbs up from Wisconsin Supreme Court Fusion
An Interview With Cyberwarrior Eugene Kaspersky
In 2010,
analysts working for Russian cybersecurity magnate Eugene Kaspersky discovered
Stuxnet, the first cyberweapon ever used for offensive purposes. Last year,
they also discovered the Equation Group, one of the most sophisticated cyberweapons
to date. Experts say the U.S. and Israel developed Stuxnet to slow the
development of Iran’s nuclear program. The terrifying potential consequences of
its effect on the global internet grid are the subject of a documentary
released earlier this month called Zero Days. He spoke to Newsweek about
cyberwar, Edward Snowden and privacy in the digital age
The Digital Transformation Office says transparency and better service delivery are the aims of its new performance dashboard system, which displays live info-graphics about how government initiatives are going. DTO Happy Birthday - Jeden
Cyber resiliency in the Fourth Industrial Revolution – A roadmap for global leaders facing emerging cyber threats
“The First Industrial Revolution, in the late 18th century, was driven largely by steam engines. The second, in the late 19th century, introduced mass production and the division of labor. The third, in the late 20th century, involved digital automation and information technology.
Who’s Hillary’s Hacker and Why?
For example, at its simplest, I would expect a middling-competency hacker to find an open wifi hub across town to connect to, then VPN to server in, say, Tonga, then VPN from there to another box in Sweden, then connect to a PC previously compromised in Iowa, then VPN to yet another anonymous cloud server in Latvia, and (assuming the mountain dew is running low, gotta get cracking) then RDP to the target server and grab as many docs as possible. RAR those up and encrypt them, FTP them to a compromised media server in South Korea, email them from there to someones gmail account previously hacked, xfer them to a P2P file sharing app, and then finally access them later from a completely different set of servers.
Can we even know who hacked the DNS email
Health and
Human Services Department officials think the public and private sectors need
to collaborate to fend off cyberthreats. HHS plans to provide grants to
“information sharing and analysis organizations” -- up to $250,000 a year for
five years -- that would encourage health care IT professionals and regulators
to combine their knowledge about impending cyberthreats.
HHS Will Fund Cyberthreat Information Sharing
HHS Will Fund Cyberthreat Information Sharing
Cyber resiliency in the Fourth Industrial Revolution – A roadmap for global leaders facing emerging cyber threats
“The First Industrial Revolution, in the late 18th century, was driven largely by steam engines. The second, in the late 19th century, introduced mass production and the division of labor. The third, in the late 20th century, involved digital automation and information technology.
Who’s Hillary’s Hacker and Why?
For example, at its simplest, I would expect a middling-competency hacker to find an open wifi hub across town to connect to, then VPN to server in, say, Tonga, then VPN from there to another box in Sweden, then connect to a PC previously compromised in Iowa, then VPN to yet another anonymous cloud server in Latvia, and (assuming the mountain dew is running low, gotta get cracking) then RDP to the target server and grab as many docs as possible. RAR those up and encrypt them, FTP them to a compromised media server in South Korea, email them from there to someones gmail account previously hacked, xfer them to a P2P file sharing app, and then finally access them later from a completely different set of servers.
Can we even know who hacked the DNS email
"N.J. Supreme Court to decide if government metadata is public": Jan Hefler of The Philadelphia Inquirer has an article that begins, "The New Jersey Supreme Court has agreed to hear a case brought by an open-government activist who contends that the public should be allowed to view electronic data and metadata kept by local government agencies."
Bill O’Reilly melts down over ‘slaves were well-fed’ criticism: Liberals ‘want me dead’ Raw Story
Mitigating the Cybersecurity Skills Shortage – Top Insights and Actions from Cisco Security Advisory Services
“Increasingly sophisticated threat campaigns. High-profile data breaches. Determined threat actors. The sophistication of the technology and tactics used by criminals has outpaced the ability of IT and security professionals to address these threats. Security Magazine reports that “most organizations do not have the people or systems to monitor their networks consistently and to determine how they are being infiltrated.” Cisco estimates there are more than 1 million unfilled security jobs worldwide.”
Searching for the Internet of Things on the Web: Where It Is and What It Looks Like. Ali Shemshadi, Quan Z. Sheng, Wei Emma Zhang, Aixin Sun, Yongrui Qin, Lina Yao (Submitted on 23 Jul 2016).
“The Internet of Things (IoT),
in general, is a compelling paradigm that aims to connect everyday
objects to the Internet. Nowadays, IoT is considered as one of the main
technologies which contribute towards reshaping our daily lives in the
next decade. IoT unlocks many exciting new opportunities in a variety of
applications in research and industry domains.Dudley Kneller of Madgwicks Lawyers fame: This paper briefly examines some of the new social media technologies available and considers the compliance and risk issues lawyers need to be aware of when advising their clients in this space. It provides some guidance on advising on these compliance risks and makes recommendations on assisting clients to implement a digital marketing strategy which seeks to use such technologies effectively while properly complying with applicable legal and regulatory requirements. So, how best to advise your clients on this new risk to their business?
Technology and compliance — uncomfortable bed-fellows! (via Lexis)
Our Digital Expanses Have Made Us Confidently Arrogant. Where’s The Value In Humility?
PRESIDENTIAL POLICY DIRECTIVE/PPD-41 SUBJECT: United States Cyber Incident Coordination, July 26, 2016
“The advent of networked technology has spurred innovation, cultivated knowledge, encouraged free expression, and increased the Nation’s economic prosperity.
Jack
Johnson — whose six-second bursts of comedy on Vine have propelled him to a
fledgling pop-rap career — is one of the internet’s biggest stars. Last week he
told his nearly four million Twitter followers to send him their passwords. And
in an hour, tens of thousands of fans complied — all for the slim chance to see
a personalized video from Mr. Johnson pop up inside their accounts. At first
glance, this stunt, which Mr. Johnson called “#HackedByJohnson,” looks like
another case of teenagers traipsing through a social media minefield, oblivious
to the real-world consequences. But Mr. Johnson’s fans are not naïve. Handing
over their passwords to some strange, cute boy actually constitutes a minor act
of youthful rebellion. The whole encounter delivers a heady mix of intimacy and
transgression — the closest digital simulation yet to a teenage crush.
Fearful of
Russian cyber attack or invasion, the Baltic state of Estonia is planning to
make a virtual copy of itself — in Britain. Negotiations are under way between
Tallinn and London for Estonia to back up terabytes of data — everything from
birth records and the electoral roll to property deeds, banking credentials and
the entire government bureaucracy — to deposit in a secure location in the UK,
according to Estonian officials.
Data modeling or database design is the process of producing a detailed model of a database. The start of data modeling is to grasp the business area and functionality being developed. When we work with an Agile process (in this case, Scrum), there is a tendency to assume that everyone can work with everything. However, I would like to point out flaws in that idea and my recommendations related to data modeling and Scrum.
Data Modeling in Agile Development: One Data Modeler’s Experience
The Defense
Department’s R&D group is buying a system that could rely on a network’s
behavioral patterns, and any deviation from those, to detect cyberthreats. The
Defense Advanced Research Projects Agency awarded a $6 million contract to
Galois, a Portland, Oregon-based computer science company, to build out a
product that can identify “advanced persistent threats” -- cyberintrusions that
allow the actor to remain in the system for an extended period. The solution
would detect “subtle but potentially malicious activities” by tracking the
behavioral patterns of a complex network and noting “causality in system
activity,” according to Galois’ description of the project. The company is also
working with the National Institute of Standards in Technology on an internet
of things pilot.
While the
White House plans to fill thousands of cybersecurity jobs within the federal
government this year, the administration is also looking for a host of other
professionals — from lawyers to economists to behavioral scientists — to boost
agency practices securing digital networks. Two top White House cybersecurity
officials — Cybersecurity Coordinator Michael Daniel and Chief of the Office of
Management and Budget’s Cyber and National Security Unit Trevor Rudolph —
expounded on the recently released cyber workforce strategy Wednesday, saying
it’s going to be a large task to cut away the red tape needed to get the right
people hired inside agencies. “This is a strategy that will be executed over
the long term,” Daniel said at an ACT-IAC event. “We did not get
ourselves into this situation quickly, and we are not going to get out of
quickly. It’s going to take a while.” Released last week, the strategy calls
for the hiring of 3,500 more IT security professionals before the year ends.
While Daniel acknowledged that means thousands of jobs dedicated to the
technical part of information security, there are a plenty of other related
positions he wants to see filled as well. “It’s not just your coders at the
keyboard. We also need, and are short on, lawyers who understand cybersecurity
and economists that understand cybersecurity,” Daniel said. “It’s not along a
single axis of education to address the problem.”
According to Verizon's 2015 Data Breach Investigations Report, about 50 percent of all security incidents — any event that compromises the confidentiality, integrity or availability of an information asset — are caused by people inside an organization. And while 30 percent of all cases are due to worker negligence like delivering sensitive information to the wrong recipient or the insecure disposal of personal and medical data, roughly 20 percent are considered insider misuse events, where employees could be stealing and/or profiting from company-owned or protected information.
After DNC hack, the case for paper ballots. Are paper ballots really a superior technology to voting machines? Absolutely... (Paper Tax Returns next?)
FBI
cyberthreat assessment should be more than a 'gut check,' IG says The
Federal Times
The FBI should avoid
prioritizing cyberthreats on the basis of a "gut check" or assess
them based on the "loudest person in the room," according to a report
released by the Justice Department’s Office of Inspector General. The FBI should
change its procedures to detect cyberthreats in a more timely way and track
whether agents’ efforts are aligned to the most serious priorities, the July 21
report by Justice Department IG Michael Horowitz said. The FBI does not
prioritize cyberthreats in an agile, objective, data-driven, auditable manner,
the report said.
The Federal Communications Commission has decided to make a European-owned company the clearinghouse for routing billions of cellphone calls and text messages across the United States, despite claims by critics that the plan poses national security risks, officials said on Thursday. The F.C.C.’s approval, which has not been publicly announced, will give a New Jersey subsidiary of Ericsson, the Swedish technology giant, the obscure but critical job of operating a sprawling national system to track and route wireless calls and texts among hundreds of service providers. The routing system began in the 1990s as a way for people to keep their cellphone numbers when they switched carriers, but intelligence and law enforcement agencies have come to rely on it to track and trace phone numbers in investigations.
A hacking group called the Turk Hack Team is taking credit for a shutdown of the Library of Congress website and hosted systems including Congress.gov, the Copyright Office, Congressional Research Service and other sites.
The House Science, Space and Technology Committee is questioning whether foreign nationals may have had direct access to sensitive Office of Personnel Management data before a historic OPM hack attack was disclosed last summer.
A little
bit over a year ago, the normally quiet Twitter account of Hacking Team, an
Italian company that sells spying tools to governments all over the world,
started acting weird. “Since we have nothing to hide, we’re publishing all our
e-mails, files, and source code,” read a Tweet published on late Sunday, July
5, 2015. The tweet was accompanied by a link to a torrent file of around 400
gigabytes, practically everything Hacking Team had on its corporate servers:
internal emails, confidential documents, and even the company’s source code.
A journalist
convicted of hacking was ordered Thursday to begin serving his two-year prison
sentence. Matthew Keys was scheduled to begin serving his term last month, but
a federal appeals court stayed his custody to determine whether he should
remain free from the federal prison camp in Atwater, California pending an appeal
of his federal conviction under the Computer Fraud and Abuse Act (CFAA).