Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Security Risks of Government Hacking

Schneider on Security: “Some of us — myself included — have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include:

  • Disincentive for vulnerability disclosure
  • Cultivation of a market for surveillance tools
  • Attackers co-opt hacking tools over which governments have lost control
  • Attackers learn of vulnerabilities through government use of malware
  • Government incentives to push for less-secure software and standards
  • Government malware affects innocent users.

These risks are real, but I think they’re much less than mandating backdoors for everyone. From the report’s conclusion:

Government hacking is often lauded as a solution to the “going dark” problem. It is too dangerous to mandate encryption backdoors, but targeted hacking of endpoints could ensure investigators access to same or similar necessary data with less risk. Vulnerabilities will never affect everyone, contingent as they are on software, network configuration, and patch management. Backdoors, however, mean everybody is vulnerable and a security failure fails catastrophically. In addition, backdoors are often secret, while eventually, vulnerabilities will typically be disclosed and patched.

The key to minimizing the risks is to ensure that law enforcement (or whoever) report all vulnerabilities discovered through the normal process, and use them for lawful hacking during the period between reporting and patching. Yes, that’s a big ask, but the alternatives are worse. This is the canonical lawful hacking paper.

Decentralisation: the next big step for the world wide web

The Guardian – “The decentralised web, or DWeb, could be a chance to take control of our data back from the big tech firms. So how does it work and when will it be here? What is the decentralised web? It is supposed to be like the web you know but without relying on centralised… Continue Reading

GAO – Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach

Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach. GAO-18-559: Published: Aug 30, 2018. Publicly Released: Sep 7, 2018: Hackers stole the personal data of nearly 150 million people from Equifax databases in 2017. How did Equifax, a consumer reporting agency, respond to that event? Equifax said that it… Continue Reading

Facebook, Twitter Execs Admit Failures, Warn of ‘Overwhelming’ Threat to Elections

Gizmodo: “Openly recognizing their companies’ past failures in rare displays of modesty, Facebook and Twitter executives touted new efforts to combat state-sponsored propaganda across their platforms before the Senate Intelligence Committee on Wednesday, acknowledging that the task is often “overwhelming” and proving a massive drain on their resources.  Despite frequent and contradictory remarks by President… Continue Reading

West Virginia offers free cybersecurity training to the elderly

Axios: “West Virginia’s Attorney General Patrick Morrisey, who’s currently running for U.S. Senate, announced Tuesday that he’s partnering with two local community and technical colleges to connect senior citizens with college students for free cybersecurity training. Why it matters: Criminals steal $37 billion a year from elderly Americans through cyber scams, according to Bloomberg. This… Continue Reading

Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online

“This story is part of When Spies Come Home, a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones. A company that markets cell phone spyware to parents and employers left the data of thousands of its customers—and the information of the people they were monitoring—unprotected online. The data… Continue Reading

How encrypted communications apps failed to protect Michael Cohen

FastCompany: “Within the detailed federal allegations against former Trump lawyer Michael Cohen, who pleaded guilty yesterday to eight charges including campaign finance violations, are multiple references to texts sent by Cohen and even a call made “through an encrypted telephone application.” Cohen was apparently a fan of encrypted communications apps like WhatsApp and Signal, but… Continue Reading

Symantec – Mobile Privacy: What Do Your Apps Know About You?

Just how much personal information are your apps gathering? “And do they really need so much? The average smartphone user these days has between 60 and 90 apps on their device. Most of these apps request some sort of information about you and the device you are using. They may want to know your name,… Continue Reading

Researcher study – U.S. House candidates vulnerable to hacks

Reuters: “Three of every 10 candidates running for the U.S. House of Representatives have significant security problems with their websites, according to a new study by independent researchers that underscores the threat hackers pose to the November elections…A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua… Continue Reading

Study – How Do Americans Feel About Online Privacy in 2018?

The Best VPN – “Concerns around online privacy have come to a head in 2018. In mid-March, The New York Times and The Guardian reported that data from 50 million Facebook profiles was harvested for data mining firm Cambridge Analytica — a number that would eventually be revised to 87 million in one of the… Continue Reading

Foreign Economic Espionage in Cyberspace 2018

Foreign Economic Espionage in Cyberspace 2018 – Economic cyber espionage will only get worse, ODNI report says “In the 2011 report to Congress on Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, the Office of the National Counterintelligence Executive provided a baseline assessment of the many dangers facing the U.S. research, development, and manufacturing sectors… Continue Reading

Cybersecurity Role, Spend on the Rise for Corporate Legal

Association of Corporate Counsel: “More than 40 percent of in-house lawyers stated their companies plan to change data security standards, breach notification procedures, and incident response plans as a result of the upcoming European Union General Data Protection Regulation (GDPR), and 63 percent in the United States strongly favor the implementation of a federal law… Continue Reading