Tag: Justice | Page 5

US Justice Department Confirms It Was Victim of SolarWinds Hack | Voice of America

January 6, 2021/in Computer Security

The U.S. Department of Justice confirmed on Wednesday that it had been the victim of a massive hacking operation linked to Russian intelligence.

In a statement, Justice Department spokesman Marc Raimondi said about 3% of the agency’s email accounts appeared to have been compromised, although no classified information was accessed.

“After learning of the malicious activity, the Office of Chief Information Officer eliminated the identified method by which the actor was accessing the … email environment,” Raimondi said.

Raimondi said the department learned about the previously unknown hack on its networks on Christmas Eve and determined that it constituted a “major” security incident.

The disclosure came a day after U.S. intelligence agencies said that the hack was part of an ongoing intelligence operation and likely being carried out by Russia.

This Wednesday, Feb. 11, 2015 photo shows FireEye offices in Milpitas, Calif. The cybersecurity firm said Tuesday, Dec. 8, 2020… — FILE – This Feb. 11, 2015, photo shows FireEye offices in Milpitas, Calif.

The hack came to light in early December when private cybersecurity firm FireEye disclosed that its networks had been compromised. Investigators have traced the breach to SolarWinds, a Texas-based network management software company that the hackers used to penetrate the computer networks.

In a statement Tuesday, the FBI, the Cybersecurity & Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) said that of the approximately 18,000 SolarWinds customers impacted by the hack, “a much smaller number has been compromised by follow-on activity on their systems.”

FILE – The SolarWinds logo is seen outside its headquarters in Austin, Texas, Dec. 18, 2020.

“We have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted,” the agencies said.

Officials had previously confirmed that the departments of Defense, Treasury, State, Homeland Security, Commerce and Energy were impacted. Among targeted businesses were Microsoft and Amazon.

U.S. President…

Source…

Chinese hackers compromised Indian government websites: US Justice Department – WION

September 20, 2020/in Internet Security

Chinese hackers compromised Indian government websites: US Justice Department WION
“chinese hackers” – read more

Violent clashes erupt between far-right groups and racial justice protesters in Portland and other cities – The Washington Post

August 19, 2020/in Internet Security

Violent clashes erupt between far-right groups and racial justice protesters in Portland and other cities The Washington Post
“HTTPS hijacking” – read more

As Expected, US Surveillance Of Social Media Leads To EU Court Of Justice Rejecting EU/US Privacy Shield

July 16, 2020/in Internet Security

This one sounds boring, but stick with it because it’s important. Because the US and the EU have vastly different privacy regulation regimes, there has always been some conflict over how (mainly) US internet companies handle data from the EU. For years, this was “settled” by a weird and mostly useless “EU-US data protection safe harbor” agreement, in which US companies would have to get “certified” that they kept EU-originated data protected at an “equivalent” level to how it would be protected in the EU when transferring it across the Atlantic to US-based data centers. It was a bit of a nuisance as a company (we went through the process ourselves), but in 2015 the entire safe harbor agreement was invalidated by the EU Court of Justice because of the NSA’s ongoing snooping on data from those internet companies, as revealed by Ed Snowden.

The EU and US freaked out, and had a frantic negotiation to come up with a new “safe harbor” agreement with the catchier name of “Privacy Shield,” but as we pointed out when it was announced, the problem wasn’t the text of the agreement, but rather the NSA’s surveillance practices with regards to internet data. Here’s what I wrote four years ago:

The real issue here is mass surveillance overall. The only real way to fix this issue is to stop mass surveillance and go back to saying that intelligence agencies and law enforcement need to go back to doing targeted surveillance using warrants and true oversight. But, instead, the EU and the US keep trying to paper over this by coming up with a new agreement.

Since then, the Privacy Shield was challenged and the challenge took its sweet time to go through the courts — again brought by Max Schrems, whose lawsuit had sunk the original safe harbor as well. And, now, finally, four years later exactly what we expected to happen has happened. The CJEU has invalidated the Privacy Shield agreement, by basically saying “hey, the US surveillance regime remains the same, and that was the problem all along.” You can read the full decision if you want to get deep into the details.

But the short summary is that while the Privacy Shield framework offered a few ways for EU residents to seek redress from some forms of surveillance, the CJEU says that’s not nearly enough:

While individuals, including EU data subjects, therefore have a number of avenues of redress when they have been the subject of unlawful (electronic) surveillance for national security purposes, it is equally clear that at least some legal bases that U.S. intelligence authorities may use (e.g. E.O. 12333) are not covered. Moreover, even where judicial redress possibilities in principle do exist for non-U.S. persons, such as for surveillance under FISA, the available causes of action are limited … and claims brought by individuals (including U.S. persons) will be declared inadmissible where they cannot show “standing” …, which restricts access to ordinary courts …

As you may recall, Executive Order 12333 is the tool under which the US does most of its foreign surveillance totally outside of the oversight of Congress. This has always been a massive problem, and here the CJEU is basically saying “if the US doesn’t do wholesale surveillance reform, there’s going to be a serious problem with transferring data from the EU to the US.”

Now, there is some argument here that EU surveillance is just as bad, and it’s perhaps more than a little silly that the CJEU basically ignores that as if it’s not important.

Either way, the key point to all of this is that if US companies want to be able to transfer data over from the EU to the US long term (there are ways they can do it for now), the US government needs to vastly reform its surveillance practices. Well, assuming there was a competent government that actually cared about these things. I’m a bit worried that the current administration will just ignore this or use it to attack the EU, which would be somewhat disastrous for US internet companies.

I’ve seen some people saying that this is a ruling against the internet companies and their data collection practices, but that’s not really accurate. The problem is not so much that — it’s how the NSA spies on people with that data (with or without cooperation of the companies). This really should lead to the US internet industry pressuring the US government to stop mass surveillance — just like we said four years ago.

Techdirt.

Tag Archive for: Justice