Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

NIST – Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems

“This publication is intended to be used in conjunction with NIST Special Publication 800-160 Volume 1, Systems Security Engineering – Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. It can be viewed as a handbook for achieving the identified cyber resiliency outcomes based on a systems engineering perspective on system life cycle processes, allowing the experience and expertise of the organization to determine what is correct for its purpose. Organizations can select, adapt, and use some or all of the cyber resiliency constructs (i.e., goals, objectives, techniques, approaches, and design principles) described in this publication and apply them to the technical, operational, and threat environments for which systems need to be engineered. The system life cycle processes and cyber resiliency constructs can be used for new systems, system upgrades, or repurposed systems; can be employed at any stage of the system life cycle; and can take advantage of any system or software development methodology including, for example, waterfall, spiral, or agile. The processes and associated cyber resiliency constructs can also be applied recursively, iteratively, concurrently, sequentially, or in parallel and to any system regardless of its size, complexity, purpose, scope, environment of operation, or special nature. The full extent of the application of the content in this publication is informed by stakeholder protection needs, mission assurance needs, and concerns with cost, schedule, and performance. The tailorable nature of the engineering activities and tasks, and the system life cycle processes, ensure that the systems resulting from the application of the security and cyber resiliency design principles, among others, have the level of trustworthiness deemed sufficient to protect stakeholders from suffering unacceptable losses of their assets and associated consequences. Trustworthiness is made possible in part by the rigorous application of security and cyber resiliency design principles, constructs, and concepts within a structured set of systems life cycle processes that provides the necessary traceability of requirements, transparency, and evidence to support risk-informed decision making and trades.”

The dots in your email address do matter: how to scam a Gmail user

James Fisher: “I recently received an email from Netflix which nearly caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots… Continue Reading

Chrome Cleanup Tool on Windows PCs is scanning for malware

Motherboard: “As the head of Google Chrome security Justin Schuh explained on Twitter, the [Chrome Cleanup Tool’s] “sole purpose is to detect and remove unwanted software manipulating Chrome.” Moreover, he added, the tool only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its… Continue Reading

Zuckerberg apologizes defers to audit outcome accepts possible misuse by Russians while whistleblower details data gathering

Follow up to previous postings this week – Facebook, Cambridge Analytica, the 2016 Election, and a colossal misappropriation of social media data – Implications of Cambridge Analytica scandal widen in scope as do responses – updated – and NYT, Guardian – How Trump Consultants Exploited the Facebook Data of Millions – tonight Axios highlights the… Continue Reading

Paper – Law, Metaphor, and the Encrypted Machine

Gill, Lex, Law, Metaphor, and the Encrypted Machine (March 12, 2018). Osgoode Legal Studies Research Paper No. 72, Volume 13, Issue 16, 2018. Available at SSRN: https://ssrn.com/abstract=3138684 “The metaphors we use to imagine, describe and regulate new technologies have profound legal implications. This paper offers a critical examination of the metaphors we choose to describe… Continue Reading

Cyberattacks Put Russian Fingers on the Switch at Power Plant

“New computer screenshots released by the Department of Homeland Security on Thursday made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.” Nicole Perlroth and David Sanger in the NYT: Cyberattacks Put Russian Fingers on the Switch at Power Plants. “The Trump administration accused Russia… Continue Reading

IG Audit finds continues flaws in OPM security of federal employee data

NextGov: “The Office of Personnel Management inspector general again found flaws in the agency’s contracting for the credit monitoring and ID theft services it provides to the more than 21.5 million current, former and prospective federal employees affected by the 2015 data breaches. OPM has gone through two different contracts for post-breach protections. The IG… Continue Reading

ABA Journal – Cyberthreats 101: The biggest computer crime risks lawyers face

“Cyberattacks are on the rise, both in the number of incidents and the costs associated with the attacks. According to the ABA’s 2017 Legal Technology Survey Report, 22 percent of responding firms had been breached—an increase of 8 percentage points from the previous year’s survey. According to the ABA report, about 27 percent of firms… Continue Reading

SEC Adopts Statement and Interpretive Guidance on Public Company Cybersecurity Disclosure

“On February 20, 2018 the Securities and Exchange Commission voted unanimously to approve a statement and interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. “I believe that providing the Commission’s views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting… Continue Reading

New column on LLRX – Pete recommends – weekly highlights on cyber security issues

Via LLRX – Privacy and security issues impact every aspect of our lives – home, work, travel, education, health/medical, to name but a few. On a weekly basis, Pete Weiss highlights articles and information that focus on the increasingly complex and wide ranging ways our privacy and security is challenged and diminished, often without our… Continue Reading

CEA Report: The Cost of Malicious Cyber Activity to US Economy

[February 16, 2018] “the Council of Economic Advisers (CEA) released a report detailing the economic costs of malicious cyber activity on the U.S. economy. Please see below for the executive summary and read the full report here. This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are… Continue Reading

Interagency Report on Status of International Cybersecurity Standardization for Internet of Things

NIST: Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT) – “The Interagency International Cybersecurity Standardization Working Group (IICS WG) has developedthis draft report based upon the information available to the participating agencies. Comments arebeing solicited in order to augment that information, especially on the information about the state of… Continue Reading