Tag: Fully | Page 3

3 months after cyberattack that threatened ‘public health crisis,’ Jersey City MUA computer systems still not fully restored

January 12, 2021/in Computer Security

The recent cyberattack at the Jersey City Municipal Utilities Authority inflicted damage that lasted months and threatened to cause a “public health crisis,” the agency said.

Officials from Jersey City and the autonomous utilities agency have said little about the Sept. 30 ransomware attack, which MUA documents said blocked access to “vital” water and sewer information.

But the MUA spent nearly half a million dollars to address the attack, and the agency’s computer systems were still not fully functional even three months after the cyber incursion, an MUA resolution passed last month shows.

At a Dec. 17 meeting, the MUA Board of Commissioners voted to approve a new $391,000 emergency contract with cyber security firm Digital Team Six for “technical restoration services,” according to a resolution obtained through an Open Public Records request. The new contract was “necessary to avert a public health crisis,” the resolution said.

“Despite repeated efforts … problems continued to be encountered with restoring all of the JCMUA’s internet technology network to full operation,” the resolution states, adding that “it has become increasingly apparent that advanced technical assistance will be required.”

But the extent of the potential “public health crisis” is unclear. JCMUA Executive Director Jose Cunha could not be reached for comment and MUA Board of Commissioners Chair Maureen Hulings declined to comment. Digital Team Six staff did not immediately respond to requests for comment.

The contract comes on the heels of an $18,675 contract with a different information technology firm, as well as a $25,000 contract with Pennsylvania law firm Mullen Coughlin to investigate the incident — putting known expenditures related to the incident at $434,675. MUA officials expected at least $25,000 of that to be covered by insurance.

It’s also unclear exactly what the hacker or hackers wanted to target. However, the attack caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” an October resolution reads.

In ransomware attacks, hackers block…

Source…

Acronis True Image 2021 Premium review: Fully integrated backup and cyber security

August 21, 2020/in Computer Security

Acronis True Image 2021 adds real-time malware protection to an already feature-laden backup and security solution. It’s a unique and comprehensive safe computing solution.
computer security – read more

Air Force cyberwarfare unit declared fully operational – UPI News

July 24, 2020/in Internet Security

Air Force cyberwarfare unit declared fully operational UPI News
“cyber warfare news” – read more

New Report Says Apple Dropped Plans To Fully Encrypt Backups After FBI Complained

January 21, 2020/in Internet Security

As Attorney General William Barr and other law enforcement officials continue to insist (falsely) that Apple refuses to cooperate with them in undermining encryption and security on all iPhones, plenty of people have been pointing out for years that the reality is that most iPhone encryption is effectively meaningless, because if a user has iCloud backups on, Apple retains the key to that data and can (and does!) open it up for legitimate law enforcement requests. In other words, it’s extremely rare that full device encryption actually keeps law enforcement out (and that leaves aside the fact that technological solutions exist for law enforcement to hack into most iPhones anyway). Indeed. as you might recall, during the FBI’s last big fight about encryption with Apple, over San Bernardino shooter Syed Farook’s iPhone, it was revealed that the FBI’s own incompetence resulted in Farook’s backups being wiped out before the FBI had a chance to access them.

For quite some time now, EFF and others have urged Apple to close this loophole and allow for truly encrypted iCloud backups, such that even Apple can’t get in. Apple has toyed with the idea, but as Tim Cook has said a few times, the company chose not to do it this way after weighing the pros and cons from a user’s perspective. The key issue: if something is fully encrypted and Apple doesn’t have the key, if you lose your password, the data is effectively gone. There is no “password reset” if Apple doesn’t retain the key:

There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back.

However, in that same interview, Cook did suggest that Apple would move towards encrypting backups as well:

It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.

I think that there are legitimate user-centric reasons for the decision that Apple made, though it seems clear that many, many people don’t realize that Apple still has the key to their backups. However, a new report from Reuters says that Apple killed plans to offer fully encrypted backups after the FBI got upset about it:

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

At the very least, this shows (yet again) that Barr and other law enforcement officials are blatantly lying when they say that Apple does not cooperate with law enforcement or that it doesn’t take the concerns they raise seriously. On the flip side, it is a bad look for Apple, in that it has chosen to avoid a more secure option for its users’ data, going against the company’s long-standing public support for encryption and protecting users’ data.

Again, even if there is a legitimate reason for not encrypting backups — and it’s equally true that if Apple did offer it, there would be public complaints of people no longer having access to their data — it’s troubling that Apple won’t even make this an option (with clear warning statements) for end users, and that they’re doing so because of blatant fearmongering by law enforcement officials.

Of course, the other way one might look at this decision is that if Apple had gone forward with fully encrypting backups, then the DOJ, FBI and other law enforcement would have gone even more ballistic in demanding a regulatory approach that blocks pretty much all real encryption. If you buy that argument, then failing to encrypt backups is a bit of appeasement. Of course, with Barr’s recent attacks on device encryption, it seems reasonable to argue that this “compromise” isn’t enough (and, frankly, probably would never be enough) for authoritarian law enforcement folks like Barr, and thus, it’s silly for Apple to even bother to try to appease them in such a manner.

Indeed, all of this seems like an argument for why Apple should actually cooperate less with law enforcement, rather than more, as the administration keeps asking. Because even when Apple tries to work with law enforcement, it gets attacked as if it has done nothing. It seems like the only reasonable move at this point is to argue that the DOJ is a hostile actor, and Apple should act accordingly.

Permalink | Comments | Email This Story

Techdirt.

Tag Archive for: Fully