Friday, December 09, 2016

Cyber Matters: All Days Are Night

Thousands of TalkTalk and Post Office customers have had their internet access cut by an attack targeting certain types of internet routers. A spokeswoman for the Post Office told the BBC that the problem began on Sunday and had affected about 100,000 of its customers. Talk Talk also confirmed that some of its customers had been affected, and it was working on a fix. It is not yet known who is responsible for the attack. Earlier in the week, Germany's Deutsche Telekom revealed that up to 900,000 of its customers had lost their internet connection as a result of the attack. It involves the use of a modified form of the Mirai worm - a type of malware that is spread via hijacked computers, which causes damage to equipment powered by Linux-based operating systems. Mirai was also involved in an earlier attack that caused several of the world's leading websites to become inaccessible, including Spotify, Twitter and Reddit. Several models of router are vulnerable to the latest cyber-assault, including the Zyxel AMG1302, which is used by the Post Office

PAC raises “serious concerns” about HMRC's digital plans

Defence votes no to enterprise agreement for a third time

ATO deploys Alex aka Sarsha a talking "Siri for tax" digital assistant you can talk to - Report on the ATO's official unveiling of a software to implement a virtual assistant called Alex in the style of Siri to allow people to serve themselves

"They are not dilettantes," he said. "They are professionals, but in real life, and in cybercrime. They plan their operations very carefully, they have trusted people on the team of different professionals, so they have lawyers and ex-law enforcement officers. They also have professional forgers if they need to establish shell companies and need fake documents. They have people responsible for money laundering. They have real estate developers that help them build a legitimate business empire on the profits they make from illegal activities."

“In an exclusive interview in Russia with Yahoo Global News Anchor Katie Couric, Edward Snowden, the fugitive whistleblower who leaked information about U.S. surveillance activities, says he is “kind of encouraged” by the idea that Russian President Vladimir Putin might return him to the U.S. to stand trial because that would show the world he’s not a spy and Russia “doesn’t own me.” But he also acknowledged he isn’t eager to return home to face U.S. justice, saying such a prospect “would be a threat to my liberty and to my life.” Speaking for 90 minutes in a Moscow hotel room, Snowden — calm and completely unrepentant — also took new swipes at top U.S. intelligence officials, claiming they have accused him of damaging national security only because they were “embarrassed” by his disclosures of classified National Security Agency documents and worried about their “reputations.””  This link includes a slideshow and the actual video interview

Lew Taishoff, NOTICING THE WEB. “Judge Wherry reminds us that government agencies have websites.”

IRS, Security Summit Partners, Remind Taxpayers to Protect Themselves Online (IRS). “Scammers, hackers and identity thieves are looking to steal taxpayers’ personal information and ultimately their money. But, there are simple steps taxpayers can take to help protect themselves, like keeping computer software up-to-date and being cautious about giving out their personal information.”

Annette Nellen, Virtual currency – recent tax matters. “IRS concerns include no information reporting for the transactions, articles about people using bitcoin to avoid tax reporting, exchanging money for virtual currency through foreign banks, and use for crimes including money laundering.”
End the Corporate Shell Games  

Pilgrim castigated the bank for continuing to give the boss of the mortgage agency full access to his former employee’s personal account details in CommSee, even after he notified head office of the potential conflict of interest, and asked for her loans to be taken off his mortgage book CBA salesman monitored ex-workers data during unfair dismissal case

Former Atlassian security chief takes role cyber growth centre

The U.S. Department of Defence has turned to well-intentioned hackers and independent security researchers to help the government agency find software bugs and vulnerabilities in its computer systems. But in Canada, the government appears to still have no formal policy or public guidelines, which makes it difficult for those who do find flaws to know what to do, or how the government might respond.

Daily cyber attacks mean it is time to collaborate for what threatens to be a long battle

Three members of our Law Professor Blogs Network are in the ABA Journal Blawg 100 Hall of Fame:

Gooligan, as researchers from security firm Check Point Software Technologies have dubbed the malware, has been found in at least 86 apps available in third-party marketplaces. Once installed, it uses a process known as rooting to gain highly privileged system access to devices running version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) of Google’s Android operating system. Together, the vulnerable versions account for about 74 percent of users.
The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

“When the Internal Revenue Service (IRS) has shared data, including Personally Identifiable Information, taxpayer information, and other sensitive data, with external entities, it has not always adequately protected the data through secure file transfer technology, according to an audit report that the Treasury Inspector General for Tax Administration (TIGTA) released today. The IRS shares data with various outside entities including Federal, State, and local agencies; financial institutions; and contractors for tax administration purposes. IRS and Federal guidelines require that sensitive data is protected during transmission to prevent unauthorized access or disclosure. TIGTA initiated this audit to determine whether the IRS is properly protecting this data and whether it is maintaining encryption controls and other security configurations in accordance with the National Institute of Standards and Technology. The IRS uses three methods to transfer data to external partners: 1) a commercial off-the-shelf product for transfers over the Internet, 2) a commercial off-the-shelf product for direct mainframe-to-mainframe data transfers, and 3) drop boxes to allow the IRS and its external partners to place and retrieve data transfers. In reviewing all three of these external file transfer methods, TIGTA found the IRS did not ensure that encryption requirements are being enforced and ensure that nonsecure protocols are not being used in order to fully protect information during transmission. These protocols include File Transfer Protocol and Telnet, which are known insecure transfer protocols. The IRS also did not remediate high-risk vulnerabilities or install security patches on file transfer servers in a timely manner. For example, TIGTA found 61 servers with high-risk vulnerabilities, 10 servers with outdated versions of Windows and UNIX operating systems still in operation, and 32 servers missing 18 unique security patches, of which four were deemed as critical. Lastly, the IRS did not ensure that corrective action plans for security control weaknesses met IRS standards. This reduced the assurance that the IRS would correct weaknesses timely. IRS IG – Improvements Are Needed to Ensure the Protection of Data the IRS Transfers to External Partners.”

“No matter how Trump feels about the media, the fourth estate did not die the day he got elected. It should be ready now more than ever because the next four years will prove to be the most consequential in recent American history. And the media cannot be a footnote — but a decider — in telling the difference between fact and fiction.” — Bankole Thompson, Detroit News columnist

A Slate writer went 5,000 years back in time to find out if the old days were really all that good. He finds, for instance, that many people suffered from "neurasthenia" and that is not a good thing. Read it.