Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Those supposed;y secure passwords you routinely create are not secure at all

WSJ.com – “…Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” [this is the 2017 version] The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly. Long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S…”

  • Via NIST- “The Special Publication (SP) 800-63 suite provides technical requirements for federal agencies implementing digital identity services. The publication includes: an overview of identity frameworks; using authenticators, credentials, and assertions in a digital system; and a risk-based process to select assurance levels. Organizations have the flexibility to choose the appropriate assurance level for their needs. SP 800-63 comprises a suite of documents that can be used independently or in concert to meet identity needs.”

New Tool for Looking at Federal Cybersecurity Spending

“With malicious hacking and other cyber threats on the rise, Taxpayers for Common Sense recently turned our attention to how much the federal government spends to keep us safe from cyber threats and where it spends that money.  Our analysts spent two years reviewing hundreds of thousands of pages of federal budget documents in an attempt to answer those questions. When… Continue Reading

Your Social Security Number is a major target of ID theft – government has yet to implement an alternative

Social Security Numbers: OMB Actions Needed to Strengthen Federal Efforts to Limit Identity Theft Risks by Reducing Collection, Use, and Display, GAO-17-553: Published: Jul 25, 2017. Publicly Released: Jul 27, 2017. “Governmentwide initiatives aimed at eliminating the unnecessary collection, use, and display of Social Security Numbers (SSN) have been underway in response to recommendations that… Continue Reading

State Department Telecommunications: Information on Vendors and Cyber-Threat Nations

State Department Telecommunications: Information on Vendors and Cyber-Threat Nations, GAO-17-688R: Published: Jul 27, 2017. Publicly Released: Jul 27, 2017. “Federal telecommunications systems can include a variety of equipment, products, and services which may be produced by foreign manufacturers—and may potentially be vulnerable to manipulation by a cyber-threat nation like China, Iran, North Korea, or Russia.… Continue Reading

HHS Unveils Improved Web Tool to Highlight Recent Breaches of Health Information

“The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) today launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved.  The HIPAA… Continue Reading

New Initiative by Hillary Clinton and Mitt Romney – Defending Digital Democracy

The Washington Post: “The former managers of Hillary Clinton and Mitt Romney’s presidential campaigns are leading a new initiative called ‘Defending Digital Democracy’ in the hopes of preventing a repeat of Russia’s 2016 election interference. Robby Mook, Clinton’s 2016 campaign chief, and Matt Rhoades, who managed the 2012 run of GOP nominee Romney, are heading… Continue Reading

Paper – Metadata: The Most Potent Weapon in This Cyber War

Institute for Critical Infrastructure Technology – “Metadata, or “data about data,” is collected and recorded to describe data, identify trends, administer algorithmic solutions, and model potential scenarios. When one understands how to make sense of seemingly random metadata or how to pair the data with other exfiltrated data pools, there are limitless possibilities for social… Continue Reading

Report – 66% of US law firms reported a breach in 2016

NetSecurity – “The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments. The degree of preparation and vigilance… Continue Reading

Personal data of millions of Verizon customers exposed in cyber breach

Public Knowledge Urges FCC to Investigate Verizon Customer Data Breach – “Today, reports indicate that one of Verizon’s business partners, Nice Systems, exposed millions of Verizon customer records. According to ZDNet, “as many as 14 million records of subscribers who called [Verizon’s] customer services in the past six months were found on an unprotected Amazon S3… Continue Reading

Global Study – The need for a new IT security architecture

“Cyber-attacks happen by the minute—and in our industry on the whole, they’re not being handled adequately. To get a better view of why that is, Citrix teamed up with the Ponemon Institute to find out what’s holding up businesses from appropriately addressing security issues. Here’s what we found and how businesses can take smarter steps… Continue Reading

IG Audit of OPM IT Systems – Follow on to massive breach of employee data

Follow up to previous posting of November 2016 – Audit of OPM Security Systems Shows Continued Material Weakness – an update via NextGov: “More than two years after suffering a massive data beach [of over 20 million current and past federal employee personal data], the Office of Personnel Management still isn’t sufficiently vetting many of… Continue Reading

Cybersecurity: The cold war online

Cybersecurity: The cold war online, Steven Aftergood. Nature 547, 30–31 (06 July 2017) doi:10.1038/547030a. Published online 05 July 2017. “The Internet is under attack, and not just by hackers, thieves and spies. As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitized… Continue Reading