Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Global Cybercrime: The Interplay of Politics and Law

The Centre for International Governance Innovation (CIGI) - Aaron Shull, June 2014

“Examining global cybercrime as solely a legal issue misses an important facet of the problem. Understanding the applicable legal rules, both domestically and internationally, is important. However, major state actors are using concerted efforts to engage in nefarious cyber activities with the intention of advancing their economic and geostrategic interests. This paper explores the recent unsealing of a 31-count indictment against five Chinese government officials and a significant cyber breach, perpetrated by Chinese actors against Western oil, energy and petrochemical companies. The paper concludes by noting that increased cooperation among governments is necessary, but unlikely to occur as long as the discourse surrounding cybercrime remains so heavily politicized and securitized. If governments coalesced around the notion of trying to prevent the long-term degradation of trust in the online economy, they may profitably advance the dialogue away from mutual suspicion and toward mutual cooperation.”

Report – Elite Russian hackers breached Nasdq and inserted a digital bomb

BloombergBusinessWeek – Mike Riley: “In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq. It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country.Continue Reading

NIST Cryptographic Standards and Guidelines Development Process

Report and Recommendations of the Visiting Committee on Advanced Technology of the National Institute of Standards and Technology, July 2014 “This report from Visiting Committee on Advanced Technology (VCAT) of the National Institute of Standards and Technology (NIST) to the NIST Director contains the VCAT’s recommendations on how NIST can improve the cryptographic standards and guidelinesContinue Reading

No silver bullet: De-identification still doesn’t work

Arvind Narayanan and Edward W. Felten. July 9, 2014 “Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies,Continue Reading

67 Percent of Critical Infrastructure Providers Were Breached Last Year

Jeff Goldman - eSecurity PlanetJeff Goldman - “A recent survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries has found that 67 percent have experienced at least one security breach in the past 12 months that led to the loss of confidential information or the disruption of operations. The survey, conductedContinue Reading

Banks Try to Tame Gadget-Flooded Workplace with Management Software

American Banker: “MDM [mobile device management] software has been available for awhile, but it is being slowly adopted by banks. Many of these banks once used only BlackBerry products, but the Ponemon study found that 23% of banks are migrating from BlackBerry to a multi-OS mobile environment and 18% plan to do so. And a recent ForresterContinue Reading

European ATM Security Team Faud Report – ATM Card Scimming

“EAST [European ATM Security Team] has just published its second European Fraud Update for 2014. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 33rd EAST meeting held at the European Cybercrime Centre (EC3) at Europol in TheContinue Reading

Forward Secrecy Brings Better Long-Term Privacy to Wikipedia

EFF – “Wikipedia readers and editors can now enjoy a higher level of long-term privacy, thanks to the Wikimedia Foundation’s rollout last week of forward secrecy on its encrypted connections. Forward secrecy is an important Web privacy protection; we’ve been tracking its implementation across many popular sites with our Encrypt the Web Report. And though it may soundContinue Reading

The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities

Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities,  by Clark, Fry, Blaze and Smith “Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate ofContinue Reading

The State of Data Centric Security

News release: ‘Informatica Corporation, the world’s number one independent provider of data integration software, today announced the availability  of a new research report by the Ponemon Institute LLC, entitled, The State of Data Centric Security. Based on a global survey of more than 1,500 IT and IT security professionals, the study reveals how organizations understand and respond toContinue Reading

Is Your Android Device Telling the World Where You’ve Been? – EFF

“Do you own an Android device? Is it less than three years old? If so, then when your phone’s screen is off and it’s not connected to a Wi-Fi network, there’s a high risk that it is broadcasting your location history to anyone within Wi-Fi range that wants to listen. This location history comes in theContinue Reading

Digital Life in 2025 – Net Threats

Pew Research Center: “As Internet experts look to the future of the Web, they have a number of concerns. This is not to say they are pessimistic: The majority of respondents to this 2014 Future of the Internet canvassing say they hope that by 2025 there will not be significant changes for the worse andContinue Reading