Cyber Round Up: Telecommunications Regulatory Power—FCC or FTC?; Tech Giants Lobby for Limits on Gov’t Surveillance; New Ransomware Virus has Reached U.S.
- The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade held a hearing last week where Foreign Trade Commission (FTC) Commissioner, Maureen Ohlhausen argued for “the repeal of the communications common carrier exemption which would transfer regulatory power of telecommunications networks from the [FCC] to the FTC[,]” according to the ACLU. This would significantly limit government privacy oversight.
- The New York Times reports that eight leading tech companies are lobbying for new limits on government surveillance. Their plan, presented in the form of a presentation and open letter in prominent national newspapers, is coupled with the companies’ continued efforts to change their technological structures in a way that works to thwart spying and boost security.
- Senator Edward J. Markey (D-Mass.) has said that he plans to introduce legislation very soon that will boost consumer privacy protections through, for example, adding a warrant requirement to police investigations that desire cellphone location information from wireless providers, according to The New York Times.
- The boom of increased security measures online, such as encrypted email and secure instant messaging, may not be as effective as the public thinks, reports the Associated Press. Rather, the extra security steps are often of variable quality and can, instead, overwhelm computer systems without keeping out adversaries.
- Finally, SF Gate reports that a new virus has emerged just in time for the holidays. Cryptolocker, which originated in the UK and is now spreading through the US, is a ransomware virus that permits hackers to encrypt a computer’s files and demand the owner or user pay in bitcoins in order to undo the encryption.
After Germany’s Attorney General concluded to stand down in order to prevent “serious harm to the Federal Republic […]”, the Swiss Federal Prosecutor’s Office has now launched investigations into National Security Agency (NSA) operations in Switzerland. As the International Service of the Swiss Broadcasting Corporation reported on Sunday, “article 271 of the penal code, which lists punishable acts by a foreign state, had been broken, according to the office”.
Meanwhile, Brazil and Germany have submitted their draft resolution to the United Nations (UN) general assembly. The document is calling the pervasive surveillance illegal, as it violates “the right to privacy and freedom of expression”, threatening “the foundations of a democratic society”. Following that, the UN special raporteur on counter-terrorism, Ben Emmerson, announced on Monday that he would launch an investigation on the Snowden revelations and give recommendations for the UN general assembly 2014. While international law tolerates espionage, the international community may agree that snooping around at the level of the revealed NSA activities exceeds tolerable espionage due to excessive human rights violations (Articles 12 and 19 Universal Declaration of Human Rights).
Legal consequences on the NSA’s pervasive surveillance activities from outside the United States can therefore take two ways: foreign domestic law and international law. Their impacts, though, remain subject to a different analysis.
The Committee on Assessing the Dangers of the Israeli Telecom Towers Directed Toward Lebanese Territory reported to the Parliament of Lebanon that Israel is waging “cyber war” on the nation, according to Press TV.
Specifically, Press TV reports, the Israeli regime penetrated the Internet systems and telecom networks of the Lebanese Army and the UN Interim Force in Lebanon (UNIFIL). The committee also assessed that Israel has expanded its surveillance network in thirty-nine border locations with the additions of more towers and antennae.
The Lebanese Committee denounced Israel’s activities as violations of Lebanese sovereignty, right to privacy, and security, and called such acts “aggression” against Lebanon.
Ernst & Young recently conducted a Global Information Security Survey for 2013-2014 concluding that mining and metals companies have emerged as priority targets for cyber criminals.
The report, which analyzed information from 1,909 respondents from 144 countries, attributes this trend to mining and metals firms’ susceptibility to attack. Specifically, centralizing business functions requires increased and more sophisticated IT systems and network infrastructure, which increases an entity’s “exposure to, and dependence on, the Internet.”
These threats, according to Ernst & Young, are compounded by the intelligence and surveillance activities of sovereign states.
The objective may be the passive collection of commercially sensitive intelligence to assist national or state-owned companies in contract negotiations. However, the possibility of it being more sinister, with the use of malware to incapacitate important facilities (made infamous by the Stuxnet attack on the Iranian nuclear facilities), should not be ruled out. It is worthwhile considering the impact of disabling a remote operations center that controls trucks, drills, trains, ship loaders, mills or concentrators, or even the individual physical equipment being disabled.
Microsoft Security Blog recently published a series of whitepapers and videos designed to help companies better understand the risks posed by cyber threats.
Some of the papers cover potential adversaries to be aware of, targeted attacks, Pass-the-Hash (PtH) attacks, and best practices. The videos also offer techniques to mitigate threat and harm to vital networks. You can find the videos and the whitepapers here.
Cyber Roundup: Kenya Supports Invasive Cyber Law; FBI Adds Five to “Cyber Most Wanted List”; Anonymous Claims Responsibility for Singapore Cyber Strike
The Daily Nation reports that a convention in the African Union that would, at a minimum, require persons or corporations engaging in electronic financial transactions to provide full identifying information, such as PIN numbers and addresses, will be supported by Kenya. Opponents are reportedly concerned about the invasiveness of the law, its costs, and the risks it will present in terms of unprotected confidential data.
The Federal Bureau of Investigation (FBI) recently added five hackers to its “Cyber Most Wanted List,” according to State of Security. A cash reward of $100,000 is being offered for information leading to the arrest of the following: (1) Alexsey Belan, a Russian national wanted for allegedly remotely accessing U.S.-based company computer networks to steal data and employee identities; (2) Andrey Nabilevich Taame, a Syrian national wanted for his alleged role in the malware scheme “Operation Ghost Click”; (3) Carlos Perez-Melara, wanted for, among other alleged cyber crimes, running a fraudulent website that downloaded spyware to unsuspecting would-be customers looking to “catch a cheating lover”; and, (4) Farhan Arshad and (5) Noor Aziz Uddin, Pakistani nationals who are both wanted for their alleged participation in an international telecommunications hacking scheme.
Earlier this month, hacktivist group Anonymous and alleged hacker “The Messiah” claimed responsibility for a cyber strike on websites controlled by the government of Singapore, according to reports by Yahoo! News. The attack reportedly caused outages across nineteen government sites; however, Infocomm Development Authority of Singapore (IDA) attributed the disruption to routing and hardware failures.
The Navy Times reports the United States Navy is looking for approximately 1,000 additional Cyberwarfare sailors to join Fleet cyber Command by fiscal year 2016. To effectuate this goal, the Navy is changing its selection criteria and extending the application deadline in the hopes of increasing the number of applicants.
Similarly, according to Computer World UK, the National Crime Agency (NCA) is launching a campaign to recruit up to 400 trainee cyber and intelligence officers within the next year. The agency will reportedly keep the application period open until it receives 800 applicants.
The New York Times reports that a recently revealed but classified National Security Agency (NSA) document authorizes the agency to conduct surveillance activities targeting Great Britain (and other close allies), without consent or knowledge, despite a pact between the nations to the contrary.
Labeled “secret” and “NOFORN” (an indication it may not be shared with foreign nations), the draft document is dated January 2005, according to The Times, and seemingly reflects an understanding between the United States and Britain that spying on each other’s citizens may be permissible under extraordinary circumstances.
The Times reached out to the NSA for comment and received the following reply to its questions:
NSA works with a number of partners and allies in meeting its foreign-intelligence mission goals, and in every case those operations comply with US and with the applicable laws under which those partners and allies operate.
The President’s Council of Advisors on Science and Technology (PCAST) released the following report entitled, “Immediate Opportunities for Strengthening the Nation’s Cybersecurity.”
Generally, it appears PCAST believes the Obama Administration could be doing more to protect our nation’s cyber interests. Specifically, one of the report’s findings is that:
The Federal Government rarely follows accepted best practices. It needs to lead by example and accelerate its efforts to make routine cyber attacks more difficult by implementing best practices for its own systems.
Another finding concludes:
Many private-sector entities come under some form of Federal regulation for reasons not directly related to national security. In many such cases there is opportunity, fully consistent with the intent of the existing enabling legislation, for promoting and achieving best practices in cybersecurity.
Cyber Roundup: iPhone 5s Fingerprint Sensor Hacked; New Cyberlaw in Pakistan Carries Penalty of Death; London Pros Participate in Cyber Simulation
IsTouchIDHackedYet, a site created by Nick DePetrillo and Robert David Graham, offered more than $16,000 in cash and other prizes to the first person to successfully hack the Touch ID fingerprint sensor on the new iPhone 5S. The winner was Starbug who pledged the funds to Raumfahrtagentur, a spinoff from CCC-Berlin.
According to The New York Times, the CIA is paying AT&T more than $10 million per year for access to its phone records database to assist with its overseas counterterrorism investigations.
Pakistan recently promulgated a new law that imposes heavy punishment (ranging from ten years imprisonment to death) for “crimes against computers including cyber crimes, internet offences and other crimes related to information technology” when committed with the purpose of waging war against Pakistan or threatening its security, The News reports.
The Raw Story reports that earlier this year the Seattle Police Department purchased a “mesh network” that will allow emergency responders “to determine the IP address, device type, downloaded applications, current location, and historical location of any devices that searches for a Wi-Fi signal.” The network is reportedly not yet turned on.
Earlier this month, London bankers, regulators, government officials, and market infrastructure providers participated in a cyber attack simulation “designed to test the City’s defense against online saboteurs.” According to Reuters, the test proved to be a “productive exercise” and participants are now better equipped to respond to a real cyber attack.
- Cyber Round Up: Telecommunications Regulatory Power—FCC or FTC?; Tech Giants Lobby for Limits on Gov’t Surveillance; New Ransomware Virus has Reached U.S.
- NSA Surveillance: Legal Repercussions from Abroad
- Social Engineering Exploits Cyberspace’s Most Promising Vulnerability
- Lebanese Committee Denounces Israel’s Cyber Activities as “Acts of Aggression”
- EY: Mining and Metals Companies are Priority Cyber Targets
- Friday Morning JETLawg — Good Luck in Fall 2013 Exams | JETLaw: Vanderbilt Journal of Entertainment & Technology Law on SCOTUS Rejects EPIC’s Challenge of FISC Statutory Jurisdiction
- Friday Morning JETLawg — Good Luck in Fall 2013 Exams | JETLaw: Vanderbilt Journal of Entertainment & Technology Law on New FBI Dir.: “resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats”
- Crossroads Blog » Briefs Available in the Case of Verizon v. FCC on DC Court of Appeals: Oral Arguments Presented in Case Over 2010 Open Internet Order
- Crossroads Blog » SCOTUS Rejects EPIC’s Challenge of FISC Statutory Jurisdiction on FISA Court Permits Controversial NSA Surveillance to Continue: PART I of II
- Crossroads Blog » SCOTUS Rejects EPIC’s Challenge of FISC Jurisdiction on FISA Court Releases Declassified Order Upholding NSA Phone Program
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010