Tag Archive for: executive

Cyber Security Executive Confesses To Hacking Hospitals

/in


Vikas Singla, an ex-COO of the US cybersecurity firm Securolytics has confessed to hacking two US hospitals with the intention to generate business for the company he was working for. In Court, Singla admitted responsibility for attacking the hospitals in Atlanta, part of the Gwinnett Medical Center.

Singla’s actions disrupted the hospital’s printers, phone systems and a digitizer (a device that allows input of handwritten notes into a computer) which resulted in financial losses exceeding $800,000 for Gwinnett Medical Center.

According to Cybernews, as part of the incident that occurred in September 2018, Singla disabled several hundred ASCOM phones used by the hospital staff, severely affecting the hospital’s work. That same day, he extracted several hundred patient names, dates of birth, and other data that was attached to a mammography machine. He later hijacked 200 printers in both hospitals and started printing the patient names that he stole, followed by a message reading “WE OWN YOU”.

He subsequently attempted to generate publicity about the attack, including the bpublication of information obtained without authorisation from the digitizer, with the aim to generate business for his company.

Singla set up a Twitter account several days later to post dozens of messages claiming that Gwinnett Medical Center was hacked and exposed stolen patient details to prove his point.  When the attack was complete, Securolytics emailed potential clients using the Gwinnett Medical Center hack as an example of inadequate security measures.

According to reports, prosecutors will recommend a sentence of 5 years probation, although the Judge can impose a maximum term of imprisonment of 10 years at a sentencing hearing scheduled in February next year.

Cybernews:    Washington Post:    New York Times:    I-HLS:     Bleeping Computer:    Lemmy:

Image: ckstockphoto

You Might Also Read: 

US Hospitals Knocked Offline For Weeks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access,…

Source…

How the White House’s AI Executive Order could increase U.S. cyber vulnerabilities

/in


On October 30, the White House released its “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” It is a lengthy document, spanning over 30 pages in the Federal Register. But two short portions of the Executive Order (EO) are of particular concern in terms of the cybersecurity vulnerabilities they will create: Under the EO, the government will institute mandatory reporting of information about the “physical and cybersecurity measures taken to protect” model weights associated with certain large AI models, as well as the location and computing power of “large-scale computing cluster[s].”

Reporting requirements

The EO instructs the Department of Commerce to require this reporting within 90 days of the date of the EO. It also instructs the Department of Commerce to develop criteria for what constitutes reportable AI models and computing clusters and provides the following interim criteria:

  • Reportable AI model: “any model that was trained using a quantity of computing power greater than 1026 integer or floating-point operations, or using primarily biological sequence data and using a quantity of computing power greater than 1023 integer or floating-point operations.”
  • Reportable computing cluster: “any computing cluster that has a set of machines physically co-located in a single datacenter, transitively connected by data center networking of over 100 Gbit/s, and having a theoretical maximum computing capacity of 1020 integer or floating- point operations per second for training AI.”

Cybersecurity exposures

The very fact of requiring AI companies to report the “physical and cybersecurity measures taken to protect” model weights will itself undermine the utility of those measures. After all, one of the most basic principles of security is to avoid disclosing too many details of how an asset is protected. A well-protected jewelry store is secure in large part because would-be thieves are left guessing as to the full set of security measures that are in place.

The most sophisticated AI models are the result of enormous investments in both dollars and human effort. Those models have extraordinary economic…

Source…

Key Moves in OC Executive Ranks

/in


It’s a season of change for Orange County tech company leaders, ranging from chipmaker Syntiant Corp. to internet security firm SecureAuth Corp. and the rebranded Mobilitie, among others.

Upstart Syntiant, led by Chief Executive Kurt Busch and with more than $120 million in funds raised since its founding in 2017, said May 31 it had added four new members to its advisory board, bringing its ranks to 10.

The newcomers include Greg Fischer, a board member at Semtech Corp. (Nasdaq: SMTC), a Camarillo-based provider of chips and high-tech services.

Meanwhile, Semtech itself is the next stop for Paul Pickle, who will become the company’s CEO this month after leaving computer components maker Lantronix Inc. (Nasdaq: LTRX) in Irvine.

Pickle is joining a much larger company; Semtech has a market cap of about $1.4 billion, while Lantronix’s market value is about $155 million.

A Lantronix spokesperson said “he is staying in Irvine” when asked whether Pickle will be relocating to Camarillo.

Of note, Busch previously served as the CEO and president of Lantronix, a provider of secure data access and management solutions for IoT and IT applications, prior to founding Syntiant.

Another addition to the Syntiant board is Magnus Eberstedt, the dean of the Henry Samueli School of Engineering at University of California, Irvine (for more, see the June 5 print edition). Busch studied at the school on his way to a bachelor of science degree in electrical engineering in 1993.

CalAmp

Also in Irvine, vehicle tracking and management company CalAmp Corp. (Nasdaq: CAMP) said CEO Jeff Gardner will step down by Oct. 30, and it’s started a search for his successor.

Gardner was appointed CalAmp’s president and CEO almost three years ago, and last year faced a potential board shakeup. The company’s shares were trading at $1.78 apiece as of June 1, down from $7.30 apiece as of a year ago, giving it a valuation of about $77 million.

“During his tenure, the company’s leadership team has been strengthened, CalAmp has exited or monetized certain non-strategic businesses and the cost structure has been optimized,” the company said in a statement.

Mobilitie Rebrand

Major changes are also coming to…

Source…

Executive interview: DNS designer Eric Holtzman discusses net security

/in


The domain name system (DNS), which enables any computer on the internet to be identified in a human-readable form, is often regarded as the modern equivalent to the classic phone book. It’s organised as a tree, with the root server and branches – known as top-level nameservers, such as .org, .com and .edu – followed by what are known as authoritative nameservers.

Eric Holtzman, who previously worked as chief scientist at IBM, is the designer of the global DNS registration system used by the Internet Corporation for Assigned Names and Numbers (ICANN), and now works as chief strategist at decentralised cyber security network Naoris Protocol.

The success of the DNS system has resulted in the explosion of servers on the internet, and has made it possible for anyone to have a website, which can be accessed if the URL is known or can be found through a web search. This is both powerful and a massive security risk. “The DNS system has fundamentally no security whatsoever, even today,” he says. “If you had even the remotest idea of what you were doing, you could sit in a hotel room on your laptop and take entire countries off the internet.”

There have been initiatives to harden DNS, but there is a lack of motivation to resolve the security issue. Holtzman says that a quarter of a century ago, the people behind the internet agreed on an improved DNS – DNSSec – to carry cryptographic identification information at each node on the DNS tree.

In his experience, company executives simply do not want to spend the extra money needed to fix internet security. “Why would you spend half a billion dollars to improve your security? That’s actually an issue for the regulators,” says Holtzman.

In some places, like the US, he says there is a lack of privacy and understanding of what security means. The fines imposed on companies for data losses are so insignificant that there is little incentive to improve security. For instance, pointing to Equifax, Holtzman says that one in every three Americans were affected by its data breach, yet it received a minimal fine, so the downside of a data breach is trivial.

According to Holtzman, another fundamental problem with the…

Source…