Tag: Rejects | SpinSafe

Silent cyber coverage here to stay? New Jersey Appellate Court rejects insurers’ attempt to expand scope of the war exclusions to cyber claims

October 18, 2023/in Internet Security

The War and Hostile Action Exclusions have been standard exclusions in property and general liability policies for decades. With the rise of cyber claims, insurers have turned to these exclusions to deny coverage where the bad actor may have governmental roots. In a win for policyholders, the New Jersey Appellate Division rejected the insurers’ attempt to deny coverage and held that the hostile/warlike action exclusion did not apply to non-military, cyber-attack claims. See Merck & Co. v. ACE American Insurance Co.¹ This ruling affirms the traditional scope of these exclusions and establishes that coverage under a commercial property policy for property damage caused by cyber-related incidents, colloquially known as “silent cyber” coverage, persists.

Merck & Co. v. ACE American Insurance Co.

On June 27, 2017, New Jersey pharmaceutical company, Merck & Co. (“Merck”), suffered a cyber-attack that left thousands of Merck’s computers damaged and encrypted by the malware known as NotPetya. The malware caused large-scale disruption to Merck’s business, resulting in $699,475,000 in losses. Although the exact origin of the malware was unknown, it was believed to have originated from the Russian Federation.

Merck tendered the claim to its all-risk property insurance carriers. The insurers reserved their right to deny coverage pursuant to hostile/warlike action exclusions and then subsequently denied coverage. Specifically, these exclusions exclude coverage for “loss or damage caused by hostile or warlike action” which was caused by “any government or sovereign power . . . or by military, naval or air forces . . . or by an agent of such government . . . .”² The insurers argued that the word “hostile” should be broadly read to mean any antagonistic, unfriendly, or adverse action by a government or sovereign power, including the Russian Federation. Rejecting the insurers’ argument, the trial court held that the hostile/warlike action exclusions were inapplicable to the NotPetya related claims. The insurers appealed.

The New Jersey Court of Appeals Narrowly Construed the Hostile/Warlike Action Exclusion

On appeal, the Court looked to the plain and ordinary…

Source…

French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

October 13, 2022/in Internet Security

France’s Supreme Court has referred a criminal case that relies on evidence from the hacked EncroChat encrypted phone network back to the court of appeal after finding that prosecutors failed to disclose sufficient information about the hacking operation.

The Cour de Cassation in Paris found that French investigators and prosecutors had failed to supply a certificate to authenticate intercepted phone data and messages obtained from EncroChat phones as required by French law. There was also an absence of technical data about the hacking operation, the court found.

French police and prosecutors refused to disclose how a joint Dutch and French operation to hack EncroChat, which led to thousands of arrests of suspected organised criminals around the world, was undertaken – citing defence secrecy.

Defence lawyer Robin Binsard, co-founder of law firm Binsard Martine, which took the case to the Supreme Court, said last night that the case would be re-heard by the court of appeal to determine whether adequate legal guarantees were in place.

“The Supreme Court stated that, in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat,” he wrote on Twitter.

“The Supreme Court stated that in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat”

Robin Binsard, Binsard Martine

The hearing follows an operation by French cyber experts to harvest 120 million messages from EncroChat phone users in multiple countries, in a novel interception operation that provided a rich source of intelligence and evidence on the activities of criminal groups in 2020.

In the UK, the National Crime Agency (NCA), working with regional organised crime units, the Metropolitan Police and other law enforcement agencies, made more than 2,600 EncroChat-related arrests using the French data by…

Source…

GitHub case: Twitter rejects urgent request for accounts details, says it’s not national security matter

January 6, 2022/in Computer Security

Twitter is said to have denied details of two handles thought to be connected to the case where a female journalist’s photo was uploaded on a website alongside disparaging comments, saying this was not a “national security threat matter” and that the Delhi Police should approach it through the proper channel instead.

Days after lodging an FIR against unknown persons, the police had written to the software development platform GitHub for details of the website developer, and from Twitter, they sought information about two accounts they believe had tweeted about the app first. The accounts were deactivated when the victims started sharing their ordeal online. “Sensing the gravity of the case, we asked Twitter to provide details of their IP addresses on an urgent basis, but they responded on Tuesday, asking us to come through proper channels since it’s not a national security threat matter,” a senior police officer privy to the investigation said.

The website was made using GitHub on December 31 and doctored photos of at least 100 Muslim women, along with lewd remarks, were posted there. GitHub subsequently removed the content, but many Twitter users tagged the women and posted screenshots.

On January 2, the south-east district police lodged an FIR against unknown persons and subsequently transferred the case to its Intelligence Fusion and Strategic Operations unit on January 4. The police are planning to get the go-ahead for a Mutual Legal Assistance Treaty to seek information about the app from its foreign-based hosting platform.

The Indian Computer Emergency Response System (Cert-In), the nodal agency for monitoring cyber security incidents and related threats, has been asked to form “a high-level committee” to probe the incident and coordinate with the cyber cells of state police forces, senior government officials said.

In her complaint to police on Saturday, the Delhi-based journalist had accused unknown persons of promoting enmity, sexual harassment, and insulting women. “I was shocked to find…that a website/portal…had a doctored picture of me in an improper, unacceptable and clearly lewd context… The…content…is clearly aimed at insulting…

Source…

China rejects hacking charges, accuses US of cyberspying

July 21, 2021/in Internet Security

Beijing – China on Tuesday rejected an accusation by Washington and its Western allies that Beijing is to blame for a hack of the Microsoft Exchange email system and complained Chinese entities are victims of damaging U.S. cyberattacks.

A foreign ministry spokesman demanded Washington drop charges announced Monday against four Chinese nationals accused of working with the Ministry of State Security to try to steal U.S. trade secrets, technology and disease research.

The announcement that the Biden administration and European allies formally blame Chinese government-linked hackers for ransomware attacks increased pressure over long-running complaints against Beijing but included no sanctions.

A woman wearing a face mask to help curb the spread of the coronavirus walks by the Microsoft office building in Beijing, Tuesday, July 20, 2021.

“The United States ganged up with its allies to make unwarranted accusations against Chinese cybersecurity,” said the spokesman, Zhao Lijian. “This was made up out of thin air and confused right and wrong. It is purely a smear and suppression with political motives.”

“China will never accept this,” Zhao said, though he gave no indication of possible retaliation.

China is a leader in cyberwarfare research along with the United States and Russia, but Beijing denies accusations that Chinese hackers steal trade secrets and technology. Security experts say the military and security ministry also sponsor hackers outside the government.

On Monday, U.S. authorities said government-affiliated hackers targeted American and other victims with demands for millions of dollars. Officials alleged contract hackers associated with the MSS engaged in extortion schemes and theft for their own profit.

Microsoft Corp. blamed Chinese spies for the Microsoft Exchange attack that compromised tens of thousands of computers around the world. The British foreign secretary, Dominic Raab, on Monday called that “a reckless but familiar pattern of behavior.”

Source…

Tag Archive for: Rejects