Friday, April 21, 2017

Going Dark Implications of Cyber Trends

First link first courtesy of LM Steady hand Mike Pence offers insight into Donald Trumps thinking on Australian trip

Agencies failing to meet cybersecurity norms

Cyber security attacks have wiped at least $52.4 billion (42 billion pounds) off the value of shares in recent years, according to a report published Wednesday. The study by cyber security consultant CGI and Oxford Economics found that a "significant connection between a severe cyber breach and a company's share price performance" meant that share prices fall 1.8% on average on a permanent basis. Investors in a typical FTSE 100 company would be worse off by an average of 120 million pounds after a breach, according to the study

Spy equipment producers are breaking laws and circumventing international sanctions by agreeing to sell stock to countries known for human rights abuses, and to clients who do not declare the end user – meaning surveillance tools could easily fall into the hands of armed groups, corporations, governments cracking down on dissent, or opposition leaders, an exclusive investigation by Al Jazeera reveals. During "Spy Merchants", a four-month undercover operation, Al Jazeera secretly filmed representatives of two Italian companies and one Chinese business agreeing to sell spyware that is capable of tracking millions of people online and able to intercept phone calls and text messages without anyone finding out

.. iD crime  elaborate ASIC email scam


People Love Talking About Bitcoin More Than Using It WSJ

Ukraine launches big blockchain deal with tech firm Bitfury Reuters Given that Ukraine is one of the most corrupt countries in the world, this does not look like all that positive a development
Aga app ‘could let hackers turn off oven’ BBC (Clive). The pictured Aga stove looks like it goes for $13,999. You’d think for that kind of money you could escape the Internet of Shit, but n-o-o-o-o-o. “The AGA Isn’t An Appliance. It’s a Way of Life!” Indeed….


Most Cited: NSA-leaking Shadow Brokers just dumped its most damaging release yet - Ars Technica 

The Large Bitcoin Collider Is Generating Trillions of Keys and Breaking Into Wallets Motherboard (resilc). We’ve long said Bitcoin = “prosecution futures.”
Private equity bets big on software FT

Being forced to buy digital money is the worst kind of scam. Minecraft is trying to cash in

A security vulnerability in Centrelink’s online system put users at greater risk of having their credentials stolen through phishing attacks. Freelance web application specialist Eric John Hurley discovered the flaw when using the service earlier this month, iTnews can reveal  After logging out of the Centrelink portal, users are redirected back to the main log in page. But the log out function contained a unvalidated redirect vulnerability that meant attackers could set their own destination URL MyGov 

The recently released WikiLeaks archives of alleged CIA hacking tools have led some cybersecurity specialists to believe that a unit called Umbrage is facilitating CIA false flag operations by acquiring and repurposing techniques – either those found online, stolen from other governments, or purchased from private security firms and illicit groups acting as brokers. Whether the CIA conducts such false flag operations remains unconfirmed. Some commentators – including WikiLeaks – have alleged that that the intention of repurposing tools is to imitate other actors, rather than that the CIA is simply improving its own arsenal. This charge rests on shaky ground at best. After all, once attacks are deployed, others can copy their techniques. A thriving market for hacking techniques has appeared in recent years. It would be surprising if government spy agencies were not taking advantage of it.
To add to the confusion, multiple actors sometimes use the same tools. For example, the 2012 attack against Saudi Aramco and the 2014 attack against Sony Pictures had in common a disk-wiping tool called RawDisk. Yet the Saudi Aramco attack has largely been attributed to Iran, while the Sony attack was blamed on North Korea – even resulting in U.S. imposed sanctions.
If a false flag operation is to be successful, it cannot rely on a single bogus lead. Some experts question whether any false flag operation can completely deceive everyone. Some false flag gambits may be meant as warning shots. “A state might try to send a signal to another state,” says Maurer, “knowing the victim state will be capable of attributing the true source, while all or most other states will not notice.”
Who can see past the false flags to fix blame for cyber attacks? The Kaspersky Lab paper argues that major signals intelligence agencies, particularly the NSA and the UK’s GCHQ, are capable of attributing attacks with certainty and confidence. The problem is, the secret agencies cannot make their cases in public. “As intelligence agencies,” the paper says, “they are blessed with the ability to see but not to publically substantiate, the gift to attribute without being believed.”

This is the kind of report which used to fill you with confidence about our spy agencies, but now makes you wonder exactly whom those tools are being used against.

Hacker documents show NSA tools for breaching global money transfer system

HONG KONG/SAN FRANCISCO, April 16 (Reuters) - Documents and computer files released by hackers provide a blueprint for how the U.S.

Fears Google Hire could allow employers to see your entire search history

MEdia Dragons

THE tech giant is working on a job site called Google Hire, which could let prospective employers snoop your embarrassing search history

How the Government Is Turning Protesters Into Felons Esquire

Courts are ignoring the big questions in privacy cases. [Slate]

How virtual reality (VR) may give rise to tort claims [2-part Volokh Conspiracy: firstsecond]

That is a new article on economics of prisons by Peter N. Salib, at the University of Chicago, here is the abstract:

This Article argues that we should not imprison people who commit crimes. This is true despite the fact that essentially all legal scholars, attorneys, judges, and laypeople see prison as the sine qua non of a criminal justice system. Without prison, most would argue, we could not punish past crimes, deter future crimes, or keep dangerous criminals safely separate from the rest of society. Scholars of law and economics have generally held the same view, treating prison as an indispensable tool for minimizing social harm. But the prevailing view is wrong. Employing the tools of economic analysis, this Article demonstrates that prison imposes enormous but well-hidden societal losses. It is therefore a deeply inefficient device for serving the utilitarian aims of the criminal law system — namely, optimally deterring bad social actors while minimizing total social costs. The Article goes on to engage in a thought experiment, asking whether an alternative system of criminal punishment could serve those goals more efficiently. It concludes that there exist economically superior alternatives to prison available right now. The alternatives are practicable. They plausibly comport with our current legal rules and more general moral principles. They could theoretically be implemented tomorrow, and, if we wished, we could bid farewell forever to our sprawling, socially-suboptimal system of imprisonment.

One of the suggested alternatives is (non-prison) mandatory labor in the highest-value available jobs, combined with monitoring, and also restitution to the victims or the government.

Juha Saarinen

Stewart, Daxton, Killer Apps: Vanishing Messages, Encrypted Communications, and Challenges to Freedom of Information Laws When Public Officials “Go Dark” (April 13, 2017). Available at SSRN: link playing up

This Man Can Help You Escape the IRS Forever Mother Jones

John Clark a lover of all birds 
“In the early weeks of the new presidential administration, White House staffers were communicating among themselves and leaking to journalists using apps such as Signal and Confide, which allow users to encrypt messages or to make them vanish after being received. By using these apps, government officials are “going dark” by avoiding detection of their communications in a way that undercuts freedom of information laws. In this paper, the author explores the challenges presented by encrypted and ephemeral messaging apps when used by government employees, examining three policy approaches – banning use of the apps, enhancing existing archiving and record-keeping practices, or legislatively expanding quasi-government body definitions – as potential ways to manage the threat to open records laws these “killer apps” present.”

It all will be about failing fast and succeeding fast ...
Cybersecurity in 2025: Skills that we’ll need to tackle threats of the future ...
House GOP Tax Writers Ask Attorney General To Reopen Criminal Investigation Of Lois Lerner

On April 9, 2014, the House Committee on Ways and Means voted to send a letter to the Department of Justice referring former IRS Exempt Organizations Division Director Lois G. Lerner for criminal prosecution.  As indicated in the attached letter, the Committee’s nearly three-year investigation uncovered evidence of willful misconduct on the part of Ms. Lerner.  Despite this fact, and for what many believe were purely partisan reasons, the prior Administration refused to review Ms. Lerner’s misconduct.  For the reasons described below, I respectfully request the Department of Justice to take a fresh look at the evidence presented in the attached referral in order to restore taxpayers’ trust in the IRS.Stolen IDs elaborate ASIC emailscamID crime ASIC email scamSeptember 2017 challenge agencies to cyber war-games