Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World

“The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more. The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. “People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” said EFF Director of Cybersecurity Eva Galperin. “This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life…”

CRS – Transatlantic Relations in 2018

Transatlantic Relations in 2018. January 10, 2018. IN10847. “As the second year of the Trump Administration begins, a degree of uncertainty lingers over transatlantic relations. The U.S.-European partnership could face challenges in 2018. Following the election of President Trump, numerous European officials and analysts expressed concern about the future trajectory of U.S.-European relations, particularly the… Continue Reading

Report to President on Enhancing Resilience of Internet and Communications Ecosystem Against Botnets and Distributed Threats

“This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for “resilience against botnets and other automated, distributed threats,” directing the Departments of Commerce and Homeland Security to “lead an open and transparent process to identify and promote action by appropriate… Continue Reading

Law, Metaphor and the Encrypted Machine

Gill, Lex, Law, Metaphor and the Encrypted Machine (2017). Available at SSRN: https://ssrn.com/abstract=2933269 – “The metaphors we use to imagine, describe and regulate new technologies have profound legal implications. This paper offers a critical examination of the metaphors we choose to describe encryption technology in particular, and aims to uncover some of the normative and legal… Continue Reading

U.S. Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040

The U.S. Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040, CRS report via FAS. “TRADOC Pamphlet 525-8- 6, The U.S. Army Concept for Cyberspace and Electronic Warfare Operations expands on the ideas presented in TRADOC Pamphlet 525-3- 1, The U.S. Army Operating Concept: Win in a Complex World (AOC). This document describes how the… Continue Reading

Bill Would Establish Cybersecurity Inspections, Impose Mandatory Penalties, and Compensate Consumers for Stolen Data

“United States Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) today introduced the Data Breach Prevention and Compensation Act to hold large credit reporting agencies (CRAs) – including Equifax – accountable for data breaches involving consumer data. The bill would give the Federal Trade Commission (FTC) more direct supervisory authority over data security at CRAs,… Continue Reading

What is the U.S. Digital Registry?

“Whether for access to emergency, financial or education public services, users need to trust they are engaging with official U.S. government digital accounts. To help prevent exploitation from unofficial sources, phishing scams, or malicious entities, the U.S. Digital Registry serves as a crowdsource resource for agencies, citizens, and developers to confirm the official status of… Continue Reading

DHS Handbook for Safeguarding Sensitive PII

Handbook for Safeguarding Sensitive PII Privacy Policy Directive 047-01-007, Revision 3. Published by the DHS Privacy Office. December 4, 2017. This Handbook provides best practices and DHS policy requirements to prevent a privacy incident involving PII/SPII during all stages of the information lifecycle: when collecting, storing, using, disseminating, or disposing of PII/SPII. This handbook explains:… Continue Reading

Tech giants responding to massive chip vulnerability alert

Just saying – don’t throw away all the paper and the books ok. Via Axios: “A nasty series of vulnerabilities affecting decades of chip processors from Intel and others is the root of the broadest security hole to date, affecting nearly all computers, smartphones and servers. Companies including Apple, Amazon, Microsoft and Google are scrambling… Continue Reading

ABA Journal – A strategy for defeating cyberthreats to lawyers

ABA Journal: ” Every week brings news of major new cyberattacks—the stealing of personal information from Equifax and the federal Office of Personnel Management, the Petya and WannaCry ransomware worms, the Russian hacking of the Democratic National Committee’s emails, to name a few. Indeed, the cyberthreat from criminals, hacktivists and state actors is growing. The… Continue Reading

Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR

Wachter, Sandra, Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR (December 6, 2017). Available at SSRN: https://ssrn.com/abstract=3083554 “In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user’s devices with unique identities, and provide seamless and linked up services.… Continue Reading

WaPo – Extensive interviews illuminate rejection of Russia’s threat to US national security

The Washington Post – Doubting the intelligence, Trump pursues Putin and leaves a Russian threat unchecked: “Nearly a year into his presidency, Trump continues to reject the evidence that Russia waged an unprecedented assault on a pillar of American democracy and supported his run for the White House. Interviews with more than 50 U.S. officials… Continue Reading