Tag Archive for: seek

Sens. Seek Info on Cyber Defenses and EINSTEIN Limitations – MeriTalk

/in


In a letter to top Federal cybersecurity experts, Homeland Security and Governmental Affairs Chairman Sen. Gary Peters, D-Mich., and Sen. Rob Portman, R-Ohio, ranking member on the committee, are requesting information on how U.S. cyber defenses were unprepared for the recent SolarWinds Orion and Microsoft Exchange compromises and on the limitations of the EINSTEIN system.

“As our hearing highlighted, there is no easy solution to advanced persistent cyber threats,” the senators wrote. “Time and again this Committee has discussed the challenges of defending against sophisticated, well-resourced, and patient cyber adversaries.  Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyber-attack.”

Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA) Brandon Wales and Federal CISO at the Office of Management and Budget (OMB) Chris DeRusha were each sent a letter. The two experts recently gave testimony to the committee as part of their investigation into the hacks.

The hearing also highlighted limitations of the EINSTEIN intrusion detection and intrusion prevention system, which “sits on the perimeter of civilian Federal agencies’ computer networks.” With the authorization for the Department of Homeland Security to operate EINSTEIN lapsing on Dec. 18, 2022, the senators want to work with CISA on determining whether and how to reauthorize the program to address limitations.

“Mitigating vulnerabilities and reducing legacy information technology that serve as open doors to malicious hackers is also important, the senators wrote. “So will be deterrence efforts that create real-world consequences for cyber-attacks against the United States— investigation, attribution, prosecution, and sanctions.”

They added that “at the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the Federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time.”

Source…

Microsoft seeks to disrupt Russian criminal botnet it fears could seek to sow confusion in the presidential election – The Washington Post

/in
  1. Microsoft seeks to disrupt Russian criminal botnet it fears could seek to sow confusion in the presidential election  The Washington Post
  2. Microsoft Disrupts Botnet Installing Ransomware  Infosecurity Magazine
  3. Microsoft takes action to disrupt botnet and combat ransomware – Asia News Center  Microsoft
  4. Microsoft takes down massive hacking operation that could have affected the election  CNN
  5. Microsoft attempts takedown of global criminal botnet  The Associated Press
  6. View Full Coverage on read more

“malware news” – read more

China-linked ‘Electric Panda’ hackers seek U.S. targets, intel agency warns – POLITICO

/in

China-linked ‘Electric Panda’ hackers seek U.S. targets, intel agency warns  POLITICO
“chinese hackers” – read more

Voluntary Virus Tracking Apps Seek To Get A Grip On The Coronavirus Problem

/in

Be the surveillance you don’t necessarily want to see in the world. That’s the plan detailed in this report by Thomas Brewster for Forbes. Dozens of countries are kicking around large-scale privacy violations to track the spread of the coronavirus. A handful of other countries are already doing this, including China, India, and Hong Kong.

But if you’re willing to give up your own privacy to help government entities track the virus and monitor those who are infected, there’s an app for that.

It was only last Friday when a team of 14 software engineers and data scientists at little-known health and nutrition startup ZOE started piecing together what would become the hottest coronavirus app on Apple’s App Store by Wednesday: the COVID Symptom Tracker.

Now claiming to have hit 1.2 million downloads in the U.K. alone, it asks people to upload their rough location and the details of any ailment they’re suffering, whether they’re related to coronavirus or not. Even if they don’t have any, users are being asked to share how they’re feeling. All the data is then anonymized by turning names into nonidentifiable codes, before being handed to a team of epidemiologists at King’s College London and the National Health Service.

A purely voluntary monitoring system is vastly preferable to some of the ideas being tossed around by government officials. Governments have a difficult relinquishing control once they’ve acquired it. There’s also the very real possibility of mission creep which would turn harmless disease tracking into warrantless tracking of people’s movements over a long period of time — something law enforcement would love to have, and these agencies are well-versed in the art of parallel construction.

Promising anonymization of data is a non-starter. With a little effort, nearly anyone can be identified even if their identifying info has been stripped from their location data. Considering most of the efforts being made right now rely on voluntary compliance by citizens (handwashing, isolation, social distancing), the relinquishment of location data should also be opt-in, rather than mandated.

Over in Israel, the government is doing a bit of both. The country’s prime minister has already authorized its national security agency to tap into a massive trove of location data to track the spread of the virus. Somewhat redundantly, the Ministry of Health is offering a voluntary virus-tracking app.

In Tel Aviv, Israeli Under 30 alum Omri Moyal has been overseeing the security and privacy of Ministry of Health app Hamagen (or “Protector”), which promises to let users know if they’ve been near infected citizens. He says he believes it’s now hit well over a million downloads—with at least 500,000 recorded on Google’s Play store alone—which would mean a ninth of the entire Israeli population has downloaded the tool since its release late last week.

The difference here is users don’t share their location data with the government. There’s no anonymization either. Users voluntarily hand over info about where they’ve been. In return, they’re notified if someone who’s been in the same locations they have has tested positive for the virus. Meanwhile, the approved surveillance by the Shin Bet intelligence agency continues to hum along in the background, with the agency notifying citizens if they’ve been exposed.

Voluntary efforts like these have yet to take off in the United States, Brewster reports. An app developed by the MIT Media Lab and Harvard University has less than 50,000 downloads so far. Another app developed by Harvard asks for location information from users, but the site’s stats make it clear very few people are visiting it, much less providing information.

Maybe US citizens value their privacy more than the benefits giving it up voluntarily could create. Maybe citizens believe this is still an abstraction, rather than the looming threat it actually is. Whatever the case is, it’s going to be difficult to persuade millions of Americans to opt into a voluntary tracking system — even when most Americans seem indifferent to the incredible amount of tracking being performed by wireless carriers and social media companies 24/7/365. Even so, I’d rather see under-utilized voluntary options than any mandated harvesting of location info by government agencies. There’s no reason to give agencies a new power they’ll be in no hurry to give up once the pandemic threat has passed.

Techdirt.