Tag Archive for: Law”

No federal privacy law? After the 23andMe hack, it’s time to take action

/in


This is a guest post by Kate Krauss, a digital rights advocate based in Philadelphia.

On Oct. 6, 23andMe announced the loss of customer data to hackers who targeted Ashkenazi Jews. The data of as many as a million people was reportedly stolen and is currently being sold anonymously on the Internet. The hack exploited customers who reused passwords and the platform’s feature called “DNA Relatives,” linking one person to another.

We won’t easily forget this awful hack — but every year, tens of millions of Americans become victims of information leaks, so many that they have begun to blur together. Microsoft, for one, has been hacked at least 10 times since 2018.

Victims range from ordinary people, like those in the 23andMe hack, to the most politically sensitive: the State Department’s China diplomats; the Secretary of Commerce. Hackers access people’s email and steal their social security numbers or their home addresses, and in one case, in-depth psychological profiles needed for top security clearances.

If we use the frog-in-hot-water analogy for Americans and their information privacy, this frog is dead.

Weak laws let companies get away with weak security.

Current US privacy laws are so ineffective that Europeans are afraid to send their data here lest it be hacked, leaked, or surveilled. This fear was the basis of the tensely negotiated “Data Privacy Framework” between the EU and the US over whether and how to allow the personal data of European citizens to be sent to this country.

Without the risk of a giant fine or, say, jail time, many tech giants can and do get away with managing their data security badly. They fail to update security keys, encrypt users’ credit card numbers or enforce multi-factor authentication.

Weak laws let companies get away with weak security. For instance, 23andMe didn’t require users to use two-factor authentication or warn users about the dangers of enabling “DNA Relatives.” If they have to pay a small fine — small to them — that’s the cost of doing business.

In 2019, the year that the Cambridge Analytica scandal caught up with Facebook, the company paid $5 billion to the FTC for illegally sharing…

Source…

Russian hackers attack computer systems of law enforcement officers – State Special Communications Service

/in


Russian spies are using hackers to attack law enforcement computer systems in Ukraine to identify and obtain evidence related to alleged Russian war crimes.

Source: Yurii Shchyhol, head of the State Special Communications Service of Ukraine, in an interview with Reuters

Details: Hackers working with Russia’s foreign, domestic and military intelligence agencies have stepped up digital intrusion campaigns at Ukraine’s Prosecutor General’s Office and departments documenting war crimes

Quote: “There’s been a change in direction, from a focus on energy facilities towards law enforcement institutions which had previously not been targeted that often.

This shift towards the courts, prosecutors and law enforcement units, shows that hackers are gathering evidence about Russian war crimes in Ukraine

The groups we’ve identified as being engaged in this activity are part of Russia’s GRU and FSB intelligence agencies.”

Details: Espionage activities will be outlined in an upcoming State Department report due to be published on Monday.

The report, a copy of which was reviewed by Reuters, states that the hackers also tried to collect intelligence on Russian citizens arrested in Ukraine in order to “help these individuals avoid prosecution and move them back to Russia”.

Shchyhol declined to name which units were targeted by the hacking campaign, citing security concerns. The number of documented cybersecurity incidents, he said, rose 123% in the first six months of this year compared with the second half of 2022.

He also stated that Russian hackers targeted government agencies and tried to gain access to their email servers.

There is also evidence that Russian hackers gained access to private surveillance cameras in Ukraine to monitor the results of long-range missile and drone strikes.

Ukrainska Pravda is the place where you will find the most up-to-date information about everything related to the war in Ukraine. Follow us on Twitter, support us, or become our patron!

Source…

New law could turn UK into a hacker’s playground

/in


It looks as if people are at last waking up to a second extraordinarily dangerous requirement buried within a UK government bill designed to promote the nation as a surveillance state. It means bureaucrats can delay or prevent distribution of essential software updates, making every computer user far less secure.

A poor law

This incredibly damaging limitation is just one of the many bad ideas buried in the UKs latest piece of shoddy tech regulation, the Investigatory Powers Act. What makes the law doubly dangerous is that in the online world, you are only ever as secure as your least secure friend, which means UK businesses will likely suffer by being flagged as running insecure versions of operating systems.

I’ve written about the bill before, of course. The proposals are so appalling that Apple, WhatsApp, Meta, and others are quite prepared to shutter messaging services for UK customers if need be.

I expect Apple will make good on this threat; it is not prepared to negotiate the safety of its users. You can read its nine-page statement on the matter for more insights.

The UK becomes a hacker’s playground

Make no mistake, the proposals from the UK Home Office will make the internet less secure. UK users will become magnets for complex attacks as hackers, rogue governments, and well-organized criminals exploit any newly revealed threats in the UK as they know the law will automatically generate a delay before software updates ship.

The rest of the world might have patched any such flaws, but the UK might not. That means if you want to create a botnet, spread phishing attacks, or design complex multi-stage attacks, you’ll target UK computer users first, because they will be less well-protected by design.

Source…

Experts Discuss Cyber Risk, From Law Enforcement to Insurance Claims

/in


To combat cyber activity, law enforcement agencies in the United States and abroad interact to exchange information about their cyber adversaries. The FBI maintains 56 field offices, each with a multiagency cyber task force manned with investigators, special agents, intelligence analysts, digital forensic technicians, and more, all with a focus on helping victims of cybercrime. These offices work with the Intelligence Community, the National Cyber Investigative Joint Task Force, and cyber assistant legal attachés to protect national security against cyber threats worldwide.

These agencies share intelligence information to keep the United States safe from cyber threats, and they also aim to develop relationships with private sector companies to share information about cyber activity before an attack occurs. Therefore, it’s important for the agencies to develop relationships with companies in the private sector. The agencies can deploy their cyber action teams within hours, domestically and globally, to assist companies onsite when a major incident or attack does happen. 

“If … a private sector company is about to get hit by a ransomware attack or by any other type of intrusion, we want to get out there immediately and let that victim know how they can best mitigate that attack,” said Scott. “We only can do that if we have the relationship built, and the better we do that ahead of time, the stronger those relationships are.”

As a success story, Scott discussed how the agencies worked as a team and shared information to take down the HIVE ransomware group. Hive was a ransomware variant that was a threat worldwide. In July 2022, the team gained persistent access to Hive’s control panel, which enabled the team to get the decryption key. Having that, the team was able to reach out and provide assistance to victims as they were being victimized by Hive. They responded to 1,500 victims in 48 states and 88 countries, preventing an estimated loss of $130 million to victims.

The FBI had always estimated that only 20% to 25% of cyber victims report a cyber incident. As a result of the team’s interaction with Hive victims, the FBI was able to substantiate that percentage.

Source…