Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Privacy Laws in Asia – free download available

Bloomberg BNA – “With its critical impact on the world economy and global trade, privacy legislation in Asia has been extremely active in the last several years. A recently released report, Privacy Laws in Asia, written by Cynthia Rich of Morrison & Foerster LLP for Bloomberg BNA, analyzes commonalities and differences in the privacy and data security requirements in countries including Australia, India, Hong Kong and more. This report gives you at-a-glance access to:

  • A side-by-side chart comparing four key compliance areas, including registration requirements, cross-border data transfer limitations, and data breach notification, and data protection officer requirements.
  • A country-by-country review of the differences and special characteristics in the law, as well as a look at privacy legislation in development.
  • Explanations of the common elements of the laws in 11 jurisdictions with comprehensive privacy laws with regards to Notice, Opt-In and Consent issues, Data Retention, and more.”

 

FireEye – Uncovering Malware Backdoor that Uses Twitter

FireEye announcement: “It hides in network communications, in all the noise—designed so that defenders can neither detect nor characterize its activity. But its purpose is transparent: to use Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks. Download the report [reg. req’d] and read about the recently discovered HAMMERTOSS,Continue Reading

Cyber Intrusion into U.S. Office of Personnel Management: In Brief

CRS – Cyber Intrusion into U.S. Office of Personnel Management: In Brief, July 17, 2015. “On June 4, 2015, the U.S. Office of Personnel Management (OPM) revealed that a cyber intrusion had impacted its information technology systems and data, potentially compromising the personal information of about 4.2 million former and current federal employees. Later thatContinue Reading

CRS Insights – OPM Data Breach

OPM Data Breach: Personnel Security Background Investigation Data. Michelle D. Christensen, Analyst in Government Organization and Management, July 24, 2015 (IN10327): “In a July 9, 2015, news release on the cyber-intrusions of its systems, OPM “concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from theContinue Reading

Hackers continue to leak federal government employee data

NextGov.com: “The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online. The hack was in protest of TTIP (Transatlantic Trade and Investment Partnership), which is an agreement being negotiated between the U.S. and E.U. critics say would increase corporate power and make it moreContinue Reading

NIST – Securing Electronic Health Records on Mobile Devices

“Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices toContinue Reading

White Paper – Comparing Expert and Non-Expert Security Practices

Google Online Security Blog: “Today, you can find more online security tips in a few seconds than you could use in a lifetime. While this collection of best practices is rich, it’s not always useful; it can be difficult to know which ones to prioritize, and why. Questions like ‘Why do people make some securityContinue Reading

GAO Reports – Defense Infrastructure, Federal Green Building, IRS Examination Selection, Low-Income Housing Tax Credit, Teacher Preparation Programs

Defense Infrastructure: Improvements in DOD Reporting and Cybersecurity Implementation Needed to Enhance Utility Resilience Planning, GAO-15-749: Published: Jul 23, 2015. Publicly Released: Jul 23, 2015. Federal Green Building: Federal Efforts and Third-Party Certification Help Agencies Implement Key Requirements, but Challenges Remain, GAO-15-667: Published: Jul 23, 2015. Publicly Released: Jul 23, 2015. IRS Examination Selection: InternalContinue Reading

Leaked drone company emails reveal plans to deliver spyware using drones

Cora Currier – The Intercept: “There are lots of ways that government spies can attack your computer, but a U.S. drone company is scheming to offer them one more. Boeing subsidiary Insitu would like to be able to deliver spyware via drone. The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infectContinue Reading

General guide to account opening – consultative document

Bank for International Settlements: “The Basel Committee on Banking Supervision has today issued for public consultation a revised version of the General guide to account opening, which was first published in February 2003. Most bank-customer relationships start with an account opening procedure. The customer information collected and verified at this stage is crucial in orderContinue Reading

Handing Over the Keys to the Castle

Handing Over the Keys to the Castle – OPM Demonstrated that Antiquated Security Practices Harm National Security. Institute for Critical Infrastructure Technology. July 2015. “In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorizedContinue Reading

FFIEC Cybersecurity Assessment Tool June 2015

FFIEC Cybersecurity Assessment Tool June 2015. OMB Control 1557-0328. Expiration Date: December 31, 2015. “In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. TheContinue Reading