~Michael Crichton
Kristina Keneally uses maiden speech to defend record as NSW Premier
Fair Work orders Teys to bargain with workers on pay rise
Beijing: The young couple, Kim Jong-un and his wife Ri Sol-ju, waved goodbye eagerly out the car window to Chinese President Xi Jinping and his wife Peng Liyuan.
Here’s what Geoffrey Berman, U.S. attorney for the Southern District of New York, said when announcing charges against a group of Iranian “cyber attackers”:
“We have worked tirelessly to identify you,” Berman said. “You cannot hide behind a keyboard halfway around the world and expect not to be held to account. Together, along with our law enforcement partners, we will work relentlessly and creatively to apply the legal tools at our disposal to unmask and charge you. We will do all we can to bring you to justice. While the defendants remain at large, they are now fugitives from the American judicial system.
So what are these horrendous people being charged with? Stealing unreleased scripts of Game of Thrones and a bunch of academic articles. I am not making this up.
…members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.
(That is from the press release and here is the earlier press release on GOT, with which this has been combined in many news accounts. The full indictment is here).
In other words, the Iranians were running something like Sci-Hub, the website that some of you have probably used to bypass publisher paywallsto read articles linked to on MR that you haven’t paid for. I don’t defend such actions but neither do I want the federal attorney working tirelessly to identify you. As crimes go this is a yawner.
Indeed, since Sci-Hub is already used in Iran, one wonders how useful the additional Iranian hacking was. A few companies are also listed as targets, although they turn out to be publishers, a stock image company, two online car companies etc. A few government agencies are thrown in for good measure although that appears to be window dressing.
The federal attorney claims the hacking (hacking not attacking) cost billions which they estimate because:
Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.
That’s just DoJ making up some number to make them look good. The direct losses in this scheme almost certainly amount to zero, bupkiss, nada. Universities certainly haven’t lost anything – the data was copied, not taken. The publishers might have lost a bit, but even then it would only be the revenue they would have got from papers that would have been bought if they hadn’t been copied. A useful estimate of the size of that loss still being zero, bupkiss, nada.
Frankly, this is a joke of an indictment. But headlines like “US Charges 9 Iranians With Massive Cyberattack” are certainly fortuitously timed for new national security designate John Bolton and others who want to take a hardline on Iran.
Even in the witness stand, bank executives can't resist the spin. Over the past two weeks, a parade of bankers - mostly dull men in sharp suits - have trooped through the financial services royal commission to answer questions about a dizzying array ...
FCW March 20,
2018
The Senate
Select Committee on Intelligence released a set of recommendations to combat
efforts by hostile states to interfere with U.S. elections. The move comes a
day ahead of a panel hearing on election security. "We’re now at a point
where we have wrapped up one piece of our investigation which deals with
election security," Chairman Sen. Richard Burr (R-N.C.)
The Hill March 19,
2018
House
lawmakers on Monday passed legislation that would codify into law the
Department of Homeland Security’s cyber incident response teams that help
protect federal networks and critical infrastructure from cyberattacks.
Lawmakers passed the bill, sponsored by House Homeland Security Committee
Chairman Michael McCaul (R-Texas), in a voice vote Monday afternoon. The legislation
would authorize the “cyber hunt and incident response teams” at Homeland
Security to help owners and operators of critical infrastructure respond to
cyberattacks as well as provide strategies for mitigating cybersecurity risks.
The bill would also allow Secretary of Homeland Security Kirstjen Nielsen to
add cybersecurity specialists from the private sector to the response teams.
Trump
administration hits Iranian hacker network with sanctions, indictments in vast
global campaign
The Hill March 20,
2018
Travel
website Orbitz on Tuesday disclosed a possible breach that may have resulted in
hackers making away with personal information on 880,000 customer payment
cards. Orbitz, which is now owned by Expedia, described the episode as a “data
security incident,” saying that an internal investigation revealed that hackers
may have accessed card information stored on a consumer and business partner
platform between October and December of last year. The company said the Orbitz
website was not involved in the incident and that there is no “direct evidence”
of information actually being stolen. In total, the company said hackers may
have gained access to personal information on roughly 880,000 payment cards,
including payment card information, names, birth dates, phone numbers and email
and billing addresses.
The
Financial Times March 19,
2018
US
drugmaker Merck was hit by a massive cyber attack on June 27 last year.
Manufacturing, research and sales operations around the world were all gummed
up. At one point the company had to borrow supplies of a vaccine for the human
papilloma virus from a US government stockpile in order to meet demand. The
after-effects of the incident lasted for months. The company lost $260m of sales
last year and incurred $320m of costs for additional marketing and production.
Merck says it will lose another $200m of sales this year because of the attack.
The good news for Merck is that it will not have to pick up the full bill
because of the insurance policy it had taken out before the attack. The company
has already received $45m from its insurers, and Verisk PCS, an analytics
group, thinks the final total could be much higher — potentially up to $275m.
Cyber cover has become one of the fastest-growing parts of the global
insurance industry. Attacks such as NotPetya — which hit Merck — along with
WannaCry and individual incidents such as the huge data loss at Equifax
reported last September, have brought home to companies the potential costs of
a cyber attack. They are responding by buying insurance in ever greater
numbers.
Reuters March 20,
2018
Retired
Mossad chief Tamir Pardo said he has assembled a team of more than 30 hackers
from Israel’s security and intelligence services into a startup called XM Cyber
that seeks to keep companies’ networks safe by imitating how real hackers work.
Pardo, who headed the Israeli spy agency from 2011-2016, started XM Cyber two
years ago and serves as its president. “I thought there are so many companies
with great products but they are not focusing on the right question,” Pardo told
Reuters. “The real question is are my crown jewels really protected.” Pardo
brought with him hackers that were on the offence teams of Israel’s security
services, including the Mossad, the Shin Bet and the army’s elite 8200 unit.
Fifth
Domain March 19,
2018
Sometimes
in the alphabet soup of military parlance, an acronym emerges that actually
hits the mark. Take, for instance, C-RAPID, a product of the Army’s Program
Executive Officer - Enterprise Information Systems. The Cyberspace Real-time
Acquisition Prototyping Innovation Development promises to do just what it
says: Generate cutting-edge solutions to evolving cyber threats. Unlike other
military efforts to partner with industry for real-time solutions, C-RAPID will
be an actual place, a “forge” where cyber troops will test emerging defenses
for quick deployment. The cyber forge is slated to open at Fort Belvoir,
Virginia, in April and to be fully operational by June. Early trials of the
C-RAPID approach suggest it could dramatically speed delivery of cyber
solutions. In one test case, a team was able to remediate an emerging network
threat in just eight days, a task that normally takes weeks. “We can do it. But
it takes a revolutionary approach in terms of how we look at the problem and
look at the tools we can use,” said LTC Scott Helmore, the product manager for
Defensive Cyber Operations (DCO) at PEO EIS.
The
Daily Beast March 22,
2018
Guccifer
2.0, the “lone hacker” who took credit for providing WikiLeaks with stolen
emails from the Democratic National Committee, was in fact an officer of
Russia’s military intelligence directorate (GRU), The Daily Beast has learned.
It’s an attribution that resulted from a fleeting but critical slip-up in GRU
tradecraft. That forensic determination has substantial implications for the
criminal probe into potential collusion between President Donald Trump and
Russia. The Daily Beast has learned that the special counsel in that
investigation, Robert Mueller, has taken over the probe into Guccifer and
brought the FBI agents who worked to track the persona onto his team. While
it’s unclear what Mueller plans to do with Guccifer, his last round of
indictments charged 13 Russians tied to the Internet Research Agency troll farm
with a conspiracy “for the purpose of interfering with the U.S. political and electoral
processes, including the presidential election of 2016.” It was Mueller’s first
move establishing Russian interference in the election within a criminal
context, but it stopped short of directly implicating the Putin regime.