Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

EFF – Here’s How Congress Should Respond to the Equifax Breach

“There is very little doubt that Equifax’s negligent security practices were a major contributing factor in the massive breach of 145.5-million Americans’ most sensitive information. In the wake of the breach, EFF has spent a lot of time thinking through how to ensure that such a catastrophic breach doesn’t happen again and, just as importantly,… Continue Reading

Mueller Investigation Criminal Indictments Against Three Trump Campaign Officials

On May 17, 2017, Robert S. Mueller III was appointed by acting Attorney General Rod J. Rosenstein to serve as Special Counsel by the order below. Order 3915-2017 Related Court Documents and a selected overview of articles pertaining to the indictments: U.S. v. Paul J. Manafort, Jr., and Richard W. Gates III (1:17-cr-201, District of… Continue Reading

FERC Proposes New Security Management Controls for Grid Cyber Systems

“The Federal Energy Regulatory Commission (FERC) [on October 19, 2017] proposed new cyber security management controls to further enhance the reliability and resilience of the nation’s bulk electric system. These include mandatory controls to address the risks posed by malware from transient electronic devices like laptop computers, thumb drives and other devices used at low-impact… Continue Reading

How Fiction Becomes Fact on Social Media

The New York Times: “…In the coming weeks, executives from Facebook and Twitter will appear before congressional committees to answer questions about the use of their platforms by Russian hackers and others to spread misinformation and skew elections. During the 2016 presidential campaign, Facebook sold more than $100,000 worth of ads to a Kremlin-linked company,… Continue Reading

Common Internet of Things Devices May Expose Consumers to Cyber Exploitation

From FBI News Release, October 17, 2017: “In conjunction with National Cyber Security Awareness Month, the FBI is re-iterating the growing concern of cyber criminals targeting unsecure Internet of Things (IoT) devices. The number of IoT devices in use is expected to increase from 5 billion in 2016 to an estimated 20 to 50 billion… Continue Reading

NIST – Passphrases are the new way to protect your digital world

NIST Blog, Mike Garcia: “…First, I’m going to share the takeaways from our new password guidance. Simply put: Use passphrases, not passwords. Then, I’m going to explain the absolute most important thing to know about passwords: Try not to use them at all. And if you do, don’t rely on passwords, or even passphrases, alone.… Continue Reading

DHS issues operational network security directive to all federal agencies

FCW.com: “The Department of Homeland Security is requiring agencies to use new email and web security guidelines that address man-in-the-middle attacks. A binding operational directive from DHS gives federal agencies 90 days to implement a pair of tools, Domain-based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to… Continue Reading

Cybersecurity, Encryption and United States National Security Matters

Cybersecurity, Encryption and United States National Security Matters, Senate Armed Services Committee, September 13, 2016 (published September 2017), via FAS. Steven Aftergood, Secrecy News: “What constitutes an act of war in the cyber domain? It’s a question that officials have wrestled with for some time without being able to provide a clear-cut answer. But in… Continue Reading

Active Cyber Defense Certainty Act

The Register: “Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in America… Continue Reading

Business Email Scams: Protecting Your Company’s Information

From the Pennsylvania Department of Banking and Securities, a succinct and very useful Infographic guide: “Business Email Compromise is a cyber threat targeted against businesses, both large and small, that typically involves a con artist targeting employees with access to company financial or sensitive documents. The scammers lead the employees to believe they are a… Continue Reading

EPIC Urges Congress To Hold Equifax Accountable, Update Data Protection Law

“EPIC has sent statements to Congress ahead of hearings in the House and Senate on the Equifax data breach. EPIC underscored the risk to American consumers of data breaches which are increasingly severe. EPIC urged Congress to require prompt data breach notification, data minimization, and privacy enhancing techniques. In 2011 EPIC testified in the House… Continue Reading

Report – Phish For the Future

“This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from… Continue Reading