Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

FireEye – Uncovering Malware Backdoor that Uses Twitter

FireEye announcement: “It hides in network communications, in all the noise—designed so that defenders can neither detect nor characterize its activity. But its purpose is transparent: to use Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks. Download the report [reg. req’d] and read about the recently discovered HAMMERTOSS, a malware backdoor created by the Russian advanced persistent threat (APT) group APT29. Learn:

  • How HAMMERTOSS works—the five stages, from looking for a Twitter handle to executing commands, including uploading victim’s data to cloud storage services
  • Who APT29 is—their history, targets and methodology
  • Why it’s difficult to detect HAMMERTOSS”

Cyber Intrusion into U.S. Office of Personnel Management: In Brief

CRS – Cyber Intrusion into U.S. Office of Personnel Management: In Brief, July 17, 2015. “On June 4, 2015, the U.S. Office of Personnel Management (OPM) revealed that a cyber intrusion had impacted its information technology systems and data, potentially compromising the personal information of about 4.2 million former and current federal employees. Later thatContinue Reading

CRS Insights – OPM Data Breach

OPM Data Breach: Personnel Security Background Investigation Data. Michelle D. Christensen, Analyst in Government Organization and Management, July 24, 2015 (IN10327): “In a July 9, 2015, news release on the cyber-intrusions of its systems, OPM “concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from theContinue Reading

Hackers continue to leak federal government employee data

NextGov.com: “The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online. The hack was in protest of TTIP (Transatlantic Trade and Investment Partnership), which is an agreement being negotiated between the U.S. and E.U. critics say would increase corporate power and make it moreContinue Reading

NIST – Securing Electronic Health Records on Mobile Devices

“Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices toContinue Reading

White Paper – Comparing Expert and Non-Expert Security Practices

Google Online Security Blog: “Today, you can find more online security tips in a few seconds than you could use in a lifetime. While this collection of best practices is rich, it’s not always useful; it can be difficult to know which ones to prioritize, and why. Questions like ‘Why do people make some securityContinue Reading

GAO Reports – Defense Infrastructure, Federal Green Building, IRS Examination Selection, Low-Income Housing Tax Credit, Teacher Preparation Programs

Defense Infrastructure: Improvements in DOD Reporting and Cybersecurity Implementation Needed to Enhance Utility Resilience Planning, GAO-15-749: Published: Jul 23, 2015. Publicly Released: Jul 23, 2015. Federal Green Building: Federal Efforts and Third-Party Certification Help Agencies Implement Key Requirements, but Challenges Remain, GAO-15-667: Published: Jul 23, 2015. Publicly Released: Jul 23, 2015. IRS Examination Selection: InternalContinue Reading

Leaked drone company emails reveal plans to deliver spyware using drones

Cora Currier – The Intercept: “There are lots of ways that government spies can attack your computer, but a U.S. drone company is scheming to offer them one more. Boeing subsidiary Insitu would like to be able to deliver spyware via drone. The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infectContinue Reading

General guide to account opening – consultative document

Bank for International Settlements: “The Basel Committee on Banking Supervision has today issued for public consultation a revised version of the General guide to account opening, which was first published in February 2003. Most bank-customer relationships start with an account opening procedure. The customer information collected and verified at this stage is crucial in orderContinue Reading

Handing Over the Keys to the Castle

Handing Over the Keys to the Castle – OPM Demonstrated that Antiquated Security Practices Harm National Security. Institute for Critical Infrastructure Technology. July 2015. “In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorizedContinue Reading

FFIEC Cybersecurity Assessment Tool June 2015

FFIEC Cybersecurity Assessment Tool June 2015. OMB Control 1557-0328. Expiration Date: December 31, 2015. “In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. TheContinue Reading

Optimal Design and Defense of Networks Under Link Attacks

“Bravard, Christophe and charroin, liza, Optimal Design and Defense of Networks Under Link Attacks (July 1, 2015). Available for download at SSRN: http://ssrn.com/abstract=2631443 “Networks facilitate the exchange of goods and information and create benefits. We consider a network composed of complementary nodes, i.e., nodes that need to be connected to generate a positive payoff. ThisContinue Reading