Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis

CRS – Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis. N. Eric Weiss, Specialist in Financial Economics. December 11, 2014.

“Data breaches, such as those at Target, Home Depot, Neiman Marcus, and JPMorgan Chase, affecting financial records of tens of millions of households seem to occur regularly. Companies typically respond by trying to increase their cybersecurity by hiring consultants and purchasing new hardware and software. Policy analysts have suggested that sharing information about these breaches could be an effective and inexpensive part of improving cybersecurity. Firms share information directly on an ad hoc basis and through private-sector, nonprofit organizations such as Information Sharing and Analysis Centers (ISACs) that can analyze and disseminate information. Firms sometimes do not share information because of perceived legal risks, such as violating privacy or antitrust laws, and economic incentives, such as giving useful information to their competitors. A firm that has been attacked might prefer to keep such information private out of a worry that its sales or stock price will fall. Further, there are no existing mechanisms to reward firms for sharing information. Their competitors can take advantage of the information, but not contribute in turn. This lack of reciprocity, called “free riding” by economists, may discourage firms from sharing. In addition, the information shared may not be applicable to those receiving it, or it might be difficult to apply. Because firms are reluctant to share information, other firms suffer from vulnerabilities that could be corrected. Further, by not sharing information about effective cybersecurity products and techniques, the size and quality of the market for cybersecurity products suffer. Some industry leaders call for mandatory sharing of information concerning attacks. Other experts advocate a strictly voluntary approach, because they believe it could impose fewer regulatory costs on businesses and cost less for taxpayers. Several bills have been introduced in the 113th Congress to encourage information sharing. H.R. 624, the Cyber Intelligence Sharing and Protection Act, and S. 2588, the Cybersecurity Information Sharing Act of 2014, aim to increase information sharing by directing the Department of Homeland Security and the Department of Justice to develop procedures for receiving and sharing information and by providing liability protection for private entities acting in good faith for a cybersecurity purpose. H.R. 624 passed the House, and S. 2588 was reported out of the Senate Select Committee on Intelligence.”

Congress Tells DoD to Report on Leaks

Secrecy News – Steven Aftergood: For the next two years, Congress wants to receive quarterly reports from the Department of Defense on how the Pentagon is responding to leaks of classified information. The reporting requirement was included in the pending National Defense Authorization Act for FY 2015 (Sec. 1052). “Compromises of classified information cause indiscriminate andContinue Reading

Data Brokers and Your Privacy

Privacy Rights Clearinghouse, Posted September 2014, Revised September 2014: “Technological advances allow us to do many useful things and to simplify our daily tasks.  The flip-side of these advances in technology is the unprecedented ability to collect, store, manipulate, and disseminate virtually unlimited amounts of data about people.  Numerous companies known as data brokers have entered thisContinue Reading

CIGI-Ipsos Global Survey on Internet Security and Trust

“The CIGI-Ipsos Global Survey on Internet Security and Trust, undertaken by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, reached 23,376 Internet users in 24 countries, and was carried out between October 7, 2014 and November 12, 2014. The countries included: Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain,Continue Reading

Unprecedented leak of Sony Pictures internal personal data

“After sifting through almost 40GB of leaked internal data, one thing is clear: Sony Pictures appears to have suffered the most embarrassing and all-encompassing hack of internal corporate data ever made public. The data dump, which was reviewed extensively by BuzzFeed News, includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationaleContinue Reading

Experian Data Breach Resolution releases second annual data breach industry forecast

“Preventing and managing data breaches have become two of the highest priorities facing businesses today. To help executives plan ahead, Experian Data Breach Resolution announces the release of its second annual Data Breach Industry Forecast, a complimentary white paper outlining key issues and trends to watch for in 2015. Many evolving factors such as new threats, regulatory changesContinue Reading

WaPo – Is Uber’s rider database a sitting duck for hackers?

Craig Timberg – Washington Post: “Before #Ubergate recedes entirely from the news, let’s pause on one aspect of the story that hasn’t gotten much attention so far: the cybersecurity risk of collecting massive troves of private travel information in online databases. Imagine for a second that your job is to gather intelligence on government officials in Washington, or financiersContinue Reading

Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering

Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering – Daniel M. Zimmerman and Joseph R. Kiniry, Galois, Inc., 421 SW 6th Ave., Suite 300, Portland, OR 97204. November 7, 2014 “Abstract – In order to highlight the dangers associated with Internet voting carried out over electronic mail with PDF forms, we show that an off-the-shelf home Internet router can be easilyContinue Reading

Home Depot SEC Filing – Pretax Breach Cost $43 million

eSecurity Planet – “In a recent SEC filing, Home Depot stated that a recent data breach that exposed 56 million credit cards and 53 million email addresses cost the company $43 million in the third quarter of 2014 alone. Specifically, Home Depot says it “recorded $43 million of pretax expenses related to the data breach, partially offsetContinue Reading

Internet Security Threat Report 2014

“Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec™ Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System,Continue Reading

The Miner’s Dilemma – Paper

The Miner’s Dilemma – Ittay Eya, November 26, 2014 “An open distributed system can be secured by requiring participants to present proof of work and rewarding them for participation. The Bitcoin digital currency introduced this mechanism, which is adopted by almost all contemporary digital currencies and related services.  A natural process leads participants of such systemsContinue Reading

Regin: Top-tier espionage tool enables stealthy surveillance

Symantec Security Response: ” An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.  An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since atContinue Reading