Agencies failing to meet cybersecurity norms
Cyber security attacks have wiped at least $52.4 billion (42 billion pounds) off the value of shares in recent years, according to a report published Wednesday. The study by cyber security consultant CGI and Oxford Economics found that a "significant connection between a severe cyber breach and a company's share price performance" meant that share prices fall 1.8% on average on a permanent basis. Investors in a typical FTSE 100 company would be worse off by an average of 120 million pounds after a breach, according to the study
Spyware
firms in breach of global sanctions Al Jazeera April 10,
2017
Spy
equipment producers are breaking laws and circumventing international sanctions
by agreeing to sell stock to countries known for human rights abuses, and to
clients who do not declare the end user – meaning surveillance tools could
easily fall into the hands of armed groups, corporations, governments cracking
down on dissent, or opposition leaders, an exclusive investigation by Al
Jazeera reveals. During "Spy Merchants", a four-month undercover
operation, Al Jazeera secretly filmed representatives of two Italian companies
and one Chinese business agreeing to sell spyware that is capable of tracking
millions of people online and able to intercept phone calls and text messages
without anyone finding out
.. iD crime elaborate ASIC email scam
TOP INCOME INEQUALITY IN THE 21ST CENTURY: SOME CAUTIONARY NOTES NBER
.. iD crime elaborate ASIC email scam
TOP INCOME INEQUALITY IN THE 21ST CENTURY: SOME CAUTIONARY NOTES NBER
People Love Talking About Bitcoin More Than Using It WSJ
Aga app ‘could let hackers turn off oven’ BBC (Clive). The pictured Aga stove looks like it goes for $13,999. You’d think for that kind of money you could escape the Internet of Shit, but n-o-o-o-o-o. “The AGA Isn’t An Appliance. It’s a Way of Life!” Indeed….
Ukraine launches big blockchain deal with tech firm Bitfury Reuters Given that Ukraine is one of the most corrupt countries in the world, this does not look like all that positive a development
The Large Bitcoin Collider Is Generating Trillions of Keys and Breaking Into Wallets Motherboard (resilc). We’ve long said Bitcoin = “prosecution futures.”
Private equity bets big on software FT
A security vulnerability in Centrelink’s online system put users at greater risk of having their credentials stolen through phishing attacks. Freelance web application specialist Eric John Hurley discovered the flaw when using the service earlier this month, iTnews can reveal After logging out of the Centrelink portal, users are redirected back to the main log in page. But the log out function contained a unvalidated redirect vulnerability that meant attackers could set their own destination URL MyGov
NEWS YOU CAN USE: How Spy Agency Hackers Pose As – Anybody.
The recently released WikiLeaks archives of alleged CIA hacking tools have led some cybersecurity specialists to believe that a unit called Umbrage is facilitating CIA false flag operations by acquiring and repurposing techniques – either those found online, stolen from other governments, or purchased from private security firms and illicit groups acting as brokers. Whether the CIA conducts such false flag operations remains unconfirmed. Some commentators – including WikiLeaks – have alleged that that the intention of repurposing tools is to imitate other actors, rather than that the CIA is simply improving its own arsenal. This charge rests on shaky ground at best. After all, once attacks are deployed, others can copy their techniques. A thriving market for hacking techniques has appeared in recent years. It would be surprising if government spy agencies were not taking advantage of it.To add to the confusion, multiple actors sometimes use the same tools. For example, the 2012 attack against Saudi Aramco and the 2014 attack against Sony Pictures had in common a disk-wiping tool called RawDisk. Yet the Saudi Aramco attack has largely been attributed to Iran, while the Sony attack was blamed on North Korea – even resulting in U.S. imposed sanctions.If a false flag operation is to be successful, it cannot rely on a single bogus lead. Some experts question whether any false flag operation can completely deceive everyone. Some false flag gambits may be meant as warning shots. “A state might try to send a signal to another state,” says Maurer, “knowing the victim state will be capable of attributing the true source, while all or most other states will not notice.”Who can see past the false flags to fix blame for cyber attacks? The Kaspersky Lab paper argues that major signals intelligence agencies, particularly the NSA and the UK’s GCHQ, are capable of attributing attacks with certainty and confidence. The problem is, the secret agencies cannot make their cases in public. “As intelligence agencies,” the paper says, “they are blessed with the ability to see but not to publically substantiate, the gift to attribute without being believed.”
This is the kind of report which used to fill you with confidence about our spy agencies, but now makes you wonder exactly whom those tools are being used against.
AOL |
MEdia Dragons |
THE tech giant is working on a job site called Google Hire, which could let prospective employers snoop your embarrassing search history
How the Government Is Turning Protesters Into Felons Esquire
Courts are ignoring the big questions in privacy cases. [Slate]
How virtual reality (VR) may give rise to tort claims [2-part Volokh Conspiracy: first, second]
That is a new article on economics of prisons by Peter N. Salib, at the University of Chicago, here is the abstract:
This Article argues that we should not imprison people who commit crimes. This is true despite the fact that essentially all legal scholars, attorneys, judges, and laypeople see prison as the sine qua non of a criminal justice system. Without prison, most would argue, we could not punish past crimes, deter future crimes, or keep dangerous criminals safely separate from the rest of society. Scholars of law and economics have generally held the same view, treating prison as an indispensable tool for minimizing social harm. But the prevailing view is wrong. Employing the tools of economic analysis, this Article demonstrates that prison imposes enormous but well-hidden societal losses. It is therefore a deeply inefficient device for serving the utilitarian aims of the criminal law system — namely, optimally deterring bad social actors while minimizing total social costs. The Article goes on to engage in a thought experiment, asking whether an alternative system of criminal punishment could serve those goals more efficiently. It concludes that there exist economically superior alternatives to prison available right now. The alternatives are practicable. They plausibly comport with our current legal rules and more general moral principles. They could theoretically be implemented tomorrow, and, if we wished, we could bid farewell forever to our sprawling, socially-suboptimal system of imprisonment.
One of the suggested alternatives is (non-prison) mandatory labor in the highest-value available jobs, combined with monitoring, and also restitution to the victims or the government.
Stewart, Daxton, Killer Apps: Vanishing Messages, Encrypted Communications, and Challenges to Freedom of Information Laws When Public Officials “Go Dark” (April 13, 2017). Available at SSRN:https://ssrn.com/abstract= link playing up
This Man Can Help You Escape the IRS Forever Mother Jones
This Man Can Help You Escape the IRS Forever Mother Jones
John Clark a lover of all birds |
“In the early weeks of the new presidential administration, White House staffers were communicating among themselves and leaking to journalists using apps such as Signal and Confide, which allow users to encrypt messages or to make them vanish after being received. By using these apps, government officials are “going dark” by avoiding detection of their communications in a way that undercuts freedom of information laws. In this paper, the author explores the challenges presented by encrypted and ephemeral messaging apps when used by government employees, examining three policy approaches – banning use of the apps, enhancing existing archiving and record-keeping practices, or legislatively expanding quasi-government body definitions – as potential ways to manage the threat to open records laws these “killer apps” present.”
Letter from Kevin Brady (Chair, Ways & Means Committee) & Peter Roskam (Chair, Subcommittee on Tax Policy) to Attorney General Sessions (Apr. 12, 2017):
On April 9, 2014, the House Committee on Ways and Means voted to send a letter to the Department of Justice referring former IRS Exempt Organizations Division Director Lois G. Lerner for criminal prosecution. As indicated in the attached letter, the Committee’s nearly three-year investigation uncovered evidence of willful misconduct on the part of Ms. Lerner. Despite this fact, and for what many believe were purely partisan reasons, the prior Administration refused to review Ms. Lerner’s misconduct. For the reasons described below, I respectfully request the Department of Justice to take a fresh look at the evidence presented in the attached referral in order to restore taxpayers’ trust in the IRS.Stolen IDs elaborate ASIC emailscamID crime ASIC email scamSeptember 2017 challenge agencies to cyber war-games