Pages

Monday, July 23, 2018

Surveillance and Legal Research Providers

Every word and every move We make is monitored - May Kafka's Wisdom Prevail  


“The meaning of life is that it ends”


― Franz Kafka





What does it mean to acquire a taste for something, whether classical music, coffee, or conservatism? It means shedding who we are and becoming who we aspire to be  Taste 



They’re from a book Wertz wrote & illustrated called Tenements, Towers & Trash: An Unconventional Illustrated History of New York City. Gothamist recently interviewed Wertz about the book and her work.

myGov scam offering tax refund out to steal credit card details and ...


Doctors outraged that police, ATO can access My Health Record


 Liberal Tim Wilson opts out of My Health Record and says it should be opt-in



Not My Health Record: Liberal MP Tim Wilson opts out of Government system - ABC News (Australian Broadcasting Corporation)

WSJ (paywall) – “…We’re moving toward a world in which everything with a plug or battery can respond to a voice command. Apple’s next AirPods could have many of the capabilities that Vesper claims its microphones will enable, such as built-in noise cancellation. (In the past, Apple has used several suppliers for its microphones.) Meanwhile, the CEO of Samsung’s consumer-electronics division recently told The Wall Street Journal that by 2020 his company plans to equip every single device it sells—from TVs to refrigerators—with microphones. It could be unnerving to be surrounded by listening devices, but the paradox is that as the technology develops, so does our ability to free these gadgets from having to connect to the internet. Consider the voice-controlled trash can from Simplehuman. Say “Open can” and it opens—and then closes on its own once the user walks away. That’s it. While it’s easy to make fun of a high-tech trash can, especially one that costs $200, this one tackles one of the biggest concerns that comes with smart assistants: the fact that they record what we tell them and send it back to their parent companies. Simplehuman’s trash can doesn’t do this, says Guy Cohen, the company’s director of electronics engineering. That’s because the latest microphones and their attached microprocessors process human speech in the gadget itself, without connecting to the cloud…”  

Via LLRX.com – Surveillance and Legal Research Providers: What You Need to Know – Legal research companies are selling surveillance data and services to law enforcement agencies including ICE. Their participation in government surveillance raises ethical questions about privacy, confidentiality and financial support: How private is your search history when your legal research vendors also sell surveillance data? Are you funding products that sell your patrons’ and clients’ data to ICE and other law enforcement agencies? Law professor professor and faculty services librarian Sarah Lamdan’s article focuses on how librarians uphold their privacy and intellectual freedom standards when they rely on surveillance companies for their research resources.

Liberal Tim Wilson opts out of My Health Record and says it should be opt-in


The future of work: is it something completely different?
SPEECH: How to avoid a world of technology-driven haves and have-nots as the digital transformation is effected. Karen Chester suggests a range of practical measures to get us there.

Think the dual citizenship saga does not affect state parliamentarians?
Clearly, some of our state provisions are substantially different from the dual citizenship prohibition at the national level. 




Inside No 10: how Theresa May's machine has changed since the election
"There are much better mechanisms for listening, but at the end of the day the prime minister is enormously stubborn." (Civil Service World)


DTA calls out contractors and consultants as barriers to change
"Our in-depth interviews with people across federal government organisations have shed light on what helps and slows transformation." (IT News
)
 




New York: In the biggest identity theft scam in the US history, 111 people, including at least 13 of Indian origin, have been charged by federal authorities for stealing credit card data of thousands of customers to buy high-end products worth over $13 million, including Apple gadgets and fancy bags from Gucci.

Among those indicted in 'Operation Swiper' are bank tellers, store employees and restaurant workers who allegedly skimmed customers' personal IDs.  
13 Indians charged in biggest credit card fraud in US - Firstpost
EFF: “We’ve long known that the FBI is heavily invested in developing face recognition technology as a key component in its criminal investigations. But new records, obtained by EFF through a Freedom of Information Act (FOIA) lawsuit, show that’s not the only biometric marker the agency has its eyes on. The FBI’s wish list also includes image recognition technology and mobile devices to attempt to use tattoos to map out people’s relationships and identify their beliefs. EFF began looking at tattoo recognition technology in 2015, after discovering that the National Institute for Standards & Technology (NIST), in collaboration with the FBI, was promoting experiments using tattoo images gathered involuntarily from prison inmates and arrestees. 



A walk on the wild side as Trump meets Putin at Finland station Asia Times. Pepe Escobar
The Helsinki Summit: Trying to Turn the Page on the New Cold War Zero Anthropology (UserFriendly)
Trump Today: President backtracks, now says he accepts Russia meddled in U.S. election MarketWatch
Ron and Rand Paul Call Out Foreign Policy Hysteria American Conservative
Helsinki Talks – How Trump Tries To Rebalance The Global Triangle Moon of Alabama
Stephen F. Cohen on Helsinki Summit: Media Held A “Kangaroo Court” And Found Trump Guilty Real Clear Politics. Posting this even though I know Lambert did so on yesterday’s Water Cooler.
US Media is Losing Its Mind Over Trump-Putin Press Conference Consortium News
Disgraceful, treasonous: US media, politicians pull no punches to slam Trump-Putin meet Scroll.in
France Shuts Trade Agency In Russia On Worsening Conditions International Business Times

CNET: “When you sign up forFacebook on your phone, the app isn’t just giving you the latest updates and photos from your friends and family. In the background, it’s utilizing the phone’s gyroscope to detect subtle movements that come from breathing. It’s measuring how quickly you tap on the screen, and even looking at what angle the phone is being held. Sound creepy? These are just some of the ways that Facebook is verifying that you’re actually human and not one of the tens of millions of bots attempting to invade the social network each day. That Facebook would go to such lengths underscores the escalation of the war between tech companies and bots that can cause chaos in politics and damage public trust. Facebook isn’t alone. Twitter on Wednesday began removing millions of blocked accounts, andGoogle is looking to stamp out malicious trolls on YouTube. The road to salvation, they believe, is paved with artificial intelligence. Facebook CEO Mark Zuckerberg repeatedly pointed to AI as a solution to his social network’s flaws during his testimony before Congress and again at the company’s F8 developers conference. Google wants to be an AI-first company and Twitter likewise wants to use the technology to stamp out trolls.

“It is already pretty much a fundamental part of everyday life,” Michael Connor, the executive director of Open MIC, a technology policy nonprofit, said. “AI is becoming part of the way we listen to music, how we handle our medical issues, and how we drive our cars.”


FCW
July 19, 2018
The Department of Homeland Security's Continuous Diagnostics and Mitigation program hasn't been around for very long, but overseers in Congress want to make sure the cybersecurity program remains on the cutting edge of the technology landscape for years to come. A draft bill introduced by Rep. John Ratcliffe (R-Texas), chairman of the House Homeland Security subcommittee on Cybersecurity and Infrastructure Protection, would amend the 2002 Homeland Security Act to include CDM. The bill also gives the secretary of the Homeland Security added flexibility around purchasing and reimbursement decisions that have vexed agency partners in the past. It would also call for "regular improvement" of the CDM program, saying the secretary should "regularly deploy new technologies and modify existing technologies" where appropriate.

CyberScoop
July 18, 2018
The United States should respond with offensive cyber-operations if the Russian government tries to meddle in the 2018 U.S. midterm elections like it did in the 2016 presidential election, according to an influential Republican lawmaker. “Personally, if [the Russians] attempt to do that again in the 2018 midterms, I think there should be an offensive response to it,” Texas Rep. Michael McCaul, chairman of the House Homeland Security Committee, told reporters Wednesday

The Hill
July 18, 2018
A legislative proposal aimed at securing U.S. election systems from cyberattack is picking up additional support in the Senate as lawmakers grapple with how to respond to Russian election interference.

Reuters
July 18, 2018
Sanctions targeting key Russian economic sectors would kick in swiftly if U.S. authorities determined the Kremlin had meddled again in a U.S. election, under a bill gaining momentum in the Senate on Wednesday. It was uncertain whether such a bill, or any other legislative response, could pass Congress after President Donald Trump at a Helsinki summit on Monday gave credence to Russian denials on the question of its interference in the 2016 U.S. election. Lawmakers, alarmed with Trump's conduct only days after U.S. authorities indicted 12 Russian spies on meddling charges, were trying to formulate a legislative response.

CyberScoop
July 17, 2018
Interest is rising in a program that stations technology experts with Congress, giving lawmakers a sorely needed way to understand the litany of society-shifting tech issues that come to their attention.cybersecurity.

Vice Motherboard
July 17, 2018
The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.


ADMINISTRATION

CyberScoop
July 20, 2018
Private sector security companies had a key role in the U.S. government’s attribution of last year’s WannaCry ransomware epidemic to North Korea, an official at the Office of the Director of National Intelligence (ODNI) said on Friday. Speaking at a Washington Post Live event, Tonya Ugoretz, director of ODNI’s Cyber Threat Intelligence Integration Center (CTIIC), said that the small agency she leads acted as a liaison to get critical information about the global attack from the private sector to U.S. intelligence agencies. Ugoretz said that CTIIC learned of information about WannaCry that had been fed to Department of Homeland Security by its private sector partners. The information would play an important role in the attribution to North Korea months later, Ugoretz explained. CTIIC comprises staff from intelligence, law enforcement and other federal agencies with the goal of helping coordinate responses to cyberthreats.

Nextgov
The Trump administration is developing a national risk management initiative aimed at tightening communication lines between government and industry about major cyber vulnerabilities, a top Homeland Security Department official said Friday.
FCW
July 20, 2018
The Federal Energy Regulatory Commission has ordered the group that ensures the safety and reliability of North American power grids to tighten up rules for power companies' cybersecurity incident reporting. 

The Washington Post
July 19, 2018
The Justice Department plans to alert the public to foreign operations targeting U.S. democracy under a new policy designed to counter hacking and disinformation campaigns such as the one Russia undertook in 2016 to disrupt the presidential election.

CyberScoop
July 19, 2018
Veteran government IT official Grant Schneider will serve as federal chief information security officer, an influential policy role charged with implementing cybersecurity practices across the executive branch, the Office of Management and Budget announced Thursday.

The Wall Street Journal
July 19, 2018
Three of the top cybersecurity officials at the Federal Bureau of Investigation are retiring from government service, according to people familiar with the matter—departures that come as cyberattacks are a major concern for the country’s security agencies.

AP
July 19, 2018
Florida lawmakers on Thursday approved the use of a $19 million federal grant to improve election security, a week after a federal indictment alleged Russian hackers targeted county offices before the 2016 presidential election.

The New York Times
Under unrelenting pressure from congressional Republicans, his own advisers and his allies on Fox News, President Trump abruptly reversed course on Tuesday and claimed he had misspoken during a news conference with President Vladimir V. Putin about whether Russia tried to influence the 2016 presidential election.

The Washington Post
July 17, 2018
The head of the nation’s largest electronic spy agency and the military’s cyberwarfare arm has directed the two organizations to coordinate actions to counter potential Russian interference in the 2018 midterm elections.

Defense One
July 17, 2018
The Pentagon could stop awarding contracts to companies whose weapons are deemed vulnerable to cyber attacks, according to senior U.S. Defense Department officials. Today, companies are responsible for assessing whether their own products meet DoD cybersecurity standards.

The Hill
When Raffi Krikorian joined the Democratic National Committee (DNC) as chief technology officer, the party was still reeling from its devastating loss in 2016 — and the stunning cyberattacks that resulted in high-level officials’ emails being embarrassingly leaked online.

Nextgov
July 17, 2018
The Defense Department wants to move some of its defensive cyber operations to the cloud, according to a contracting document posted Monday.

The New York Times
President Trump stood next to President Vladimir V. Putin of Russia on Monday and publicly challenged the conclusion of his own intelligence agencies that Moscow interfered in the 2016 presidential election, wrapping up what he called a “deeply productive” summit meeting with an extraordinary show of trust for a leader accused of attacking American democracy.

FCW
July 16, 2018
With approaches to election security still up in the air, a group of former cybersecurity officials are concerned about the cybersecurity of another democratic foundation: the decennial census.

Nextgov
July 16, 2018
A new procurement rule took effect Monday barring the Russian anti-virus company Kaspersky Lab or any of its partners or distributors from contracts at the Pentagon, General Services Administration or NASA, despite a last-minute Kaspersky effort to halt the ban. Kaspersky told a federal appeals court last week that the ban would cause the company “reputational and financial damage” and asked the court to temporarily halt the ban while it considers Kaspersky’s underlying legal challenge.

Ars Technica
July 16, 2018
A Kentucky man has pleaded guilty to federal charges he developed, marketed, and provided technical support for a "remote access trojan," or RAT—that is, software he knew customers used illegally to take control of other people’s computers. Colton Grubbs used the handle "KFC Watermelon" to advertise the LuminosityLink administrative tool on Hackforums[dot]net, federal prosecutors alleged in an indictment filed last month. The indictment said the tool provided a variety of malicious capabilities including the ability for purchasers to control others’ computers, surreptitiously record users’ activities, and to view their files, login credentials, and personal information. Prosecutors said the defendant also used the hacker forum and a website located at luminosity[dot]link to teach users how to conceal their identities and prevent antivirus programs from detecting the tool.


INDUSTRY

Ars Technica
July 20, 2018
In a panel discussion at the Aspen Institute's Security Summit yesterday, Microsoft Corporate Vice President for Customer Security and Trust Tim Burt said that in the course of hunting for phishing domains targeting Microsoft customers, members of Microsoft's security team detected a site set up by Russian actors that was being used in an attempt to target congressional candidates.

Bleeping Computer
July 20, 2018
For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google's security scans and sneaking malicious apps into the official Play Store.

FCW
July 19, 2018
The Better Identity Coalition, a recently formed trade group that represents banks, insurers, credit card issuers and others with skin in the e-commerce game, is looking to government to take a more authoritative role in digital identity.

Wired
July 18, 2018
Amazon Web Services is the world's biggest cloud provider. As a result, its security directly influences that of countless websites and online services. And those concerns aren't just theoretical; dangerous lapses happen all the time.

Quartz
Selling stolen personal data is a big business for hackers: Somewhere on the dark web, your e-mail address and a few passwords are probably for sale (hopefully, old ones). Cyber criminals buy troves of this information to try to login to websites where they can grab something valuable like cash, airline points, or merchandise like expensive cheese.

Gov Info Security
July 17, 2018
Medical laboratory testing firm LabCorp is investigating a weekend cyberattack on its IT network, which resulted in the company taking certain of its systems offline, temporarily impacting its test processing and client access to lab results.


INTERNATIONAL

NBC
Iranian hackers have laid the groundwork to carry out extensive cyberattacks on U.S. and European infrastructure and on private companies, and the U.S. is warning allies, hardening its defenses and weighing a counterattack, say multiple senior U.S. officials.

Defense One
Four days before U.S. and Russian leaders met in Helsinki, hackers from China launched a wave of brute-force attacks on internet-connected devices in Finland, seeking to gain control of gear that could collect audio or visual intelligence, a new report says

The Wall Street Journal
July 20, 2018
Hackers stole the personal health records of Prime Minister Lee Hsien Loong and 1.5 million others in an unprecedented data breach, officials said, casting a light on the risks facing cities around the world as they begin centralizing data to provide smoother government services.

Reuters
Technical and supply-chain issues with equipment made by Chinese firm Huawei have exposed Britain’s telecom networks to new security risks, a government report said on Thursday.

Ars Technica
July 19, 2018
A prolific hacking group has struck again, this time stealing close to $1 million from Russia’s PIR Bank. The July 3 heist came about five weeks after the sophisticated hackers first gained access to the bank’s network by compromising a router used by a regional branch. The theft—which according to kommersant[dot]ru is conservatively estimated at about $910,000—is the latest achievement of a group researchers at security firm Group-IB call the MoneyTaker group. In a report published last November that first detailed the group, researchers said its members had conducted 20 successful attacks on financial institutions and legal firms in the US, UK, and Russia. In a follow-up report, Group-IB said MoneyTaker netted about $14 million in the hacks, 16 of which were carried out on US targets, five on Russian banks, and one on a banking-software company in the UK.

Defense One
When international hardware and software vendors come to Russia seeking sales, they must open up their wares for inspection by the Federal Service for Technical and Export Control, or FSTEC, a Russian agency ostensibly set up to warn government and private-sector users about bugs and other vulnerabilities.

CyberScoop
Russian cybercrime suspect Alexander Vinnik will be extradited to France after a Greek court ruling Friday. Vinnik, 38, has pleaded not guilty to charges of laundering $4 billion in bitcoin while running the cryptocurrency exchange BTC-e. Although Vinnik was arrested under a U.S. warrant, Greek authorities will extradite him to France where he is charged with hacking, money laundering, extortion and involvement in organized crime. The Russian Foreign Ministry criticized the ruling and said the country will look to a response. Vinnik’s lawyer is filing a response, according to Russia’s TASS news agency.


TECHNOLOGY

Vice Motherboard
July 17, 2018
It seemed like any other warm September night in the suburbs of Salt Lake City. Rachel Ostlund had just put her kids to bed and was getting ready to go to sleep herself. She was texting with her sister when, unexpectedly, her cell phone lost service. The last message Rachel received was from T-Mobile, her carrier. The SIM card for her phone number, the message read, had been “updated.” Rachel did what most people would have done in that situation: she turned the phone off and on again. It didn’t help. She walked upstairs and told her husband Adam that her phone wasn’t working. Adam tried to call Rachel’s number using his cell phone. It rang, but the phone in Rachel’s hands didn’t light up. Nobody answered. Rachel, meanwhile, logged into her email and noticed someone was resetting the passwords on many of her accounts. The couple didn’t know it yet, but they had just become the latest victims of hackers who hijack phone numbers in order to steal valuable Instagram usernames and sell them for Bitcoin. That late summer night in 2017, the Ostlunds were talking to a pair of these hackers who’d commandeered Rachel’s Instagram, which had the handle @Rainbow. They were now asking Rachel and Adam to give up her @Rainbow Twitter account. In the buzzing underground market for stolen social media and gaming handles, a short, unique username can go for between $500 and $5,000, according to people involved in the trade and a review of listings on a popular marketplace. Several hackers involved in the market claimed that the Instagram account @t, for example, recently sold for around $40,000 worth of Bitcoin.