Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

How a Chinese National Gained Access to Arizona’s Terror Center

ProPublica:  The un-vetted computer engineer plugged into law enforcement networks and a database of 5 million Arizona drivers in a possible breach that was kept secret for years

“LIZHONG FAN’S DESK WAS AMONG A CROWD of cubicles at the Arizona Counter Terrorism Information Center in Phoenix. For five months in 2007, the Chinese national and computer programmer opened his laptop and enjoyed access to a wide range of sensitive information, including the Arizona driver’s license database, other law enforcement databases, and potentially a roster of intelligence analysts and investigators. The facility had been set up by state and local authorities in the aftermath of the 9/11 terror attacks, and so, out of concerns about security, Fan had been assigned a team of minders to watch him nearly every moment inside the center. Fan, hired as a contract employee specializing in facial recognition technology, was even accompanied to the bathroom. However, no one stood in Fan’s way when he packed his equipment one day in early June 2007, then returned home to Beijing. There’s a lot that remains mysterious about Fan’s brief tenure as a computer programmer at the Arizona counterterrorism center. No one has explained why Arizona law enforcement officials gave a Chinese national access to such protected information. Nor has anyone said whether Fan copied any of the potentially sensitive materials he had access to. But the people responsible for hiring Fan say one thing is clear: The privacy of as many as 5 million Arizona residents and other citizens has been exposed. Fan, they said, was authorized to use the state’s driver’s license database as part of his work on a facial recognition technology. He often took that material home, and they fear he took it back to China.”

New on LLRX – Four Part Series on Privacy and Data Security Violations

Via LLRX.com – fours new articles by law professor Daniel J. Solove on privacy, data protection and the harm caused by breaches. Privacy and Data Security Violations: What’s the Harm? - Daniel J. Solove is a Law professor at George Washington University Law School, an expert in information privacy law, and founder of TeachPrivacy, a privacy and securityContinue Reading

Backoff: New Point of Sale Malware

“This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharingand Analysis Center (FS-ISAC), and Trustwave Spiderlabs, acting under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense. Recent investigations revealedContinue Reading

Paper – TSA device flaws compromise airport security

Via FCW.com: “The cybersecurity vulnerabilities uncovered in a number of the Transportation Security Administration’s electronic security and personnel management devices are part of a growing problem for federal IT managers, according to the expert that discovered and reported the flaws. Billy Rios, director of threat intelligence at Qualys, a large security tech firm, presented a paper in earlyContinue Reading

Consumer advisory: Virtual currencies and what you should know about them

CFPB: “You may have heard about virtual currencies like Bitcoin, XRP, and Dogecoin. But what are virtual currencies? What’s this “to the moon!” business on the internet about? And, as a consumer, what risks should you be aware of? While virtual currencies offer the potential for innovation, a lot of big issues have yet to beContinue Reading

Extensive interview of Edward Snowden – Wired

James Bamford, via Wired: “..Snowden will continue to haunt the US, the unpredictable impact of his actions resonating at home and around the world. The documents themselves, however, are out of his control. Snowden no longer has access to them; he says he didn’t bring them with him to Russia. Copies are now in the handsContinue Reading

Two Factor Auth

Two Factor Auth (2FA): “Two-step verification, abbreviated to TSV (not equal to two step authentication TSA nor to Two-factor authentication, abbreviated to TFA) is a process involving two subsequent but dependent stages to check the identity of an entity trying to access services in a computer or in a network with just one factor or secret,Continue Reading

Developing the Cyber Experts of the future – GCHQ certifies Master’s Degrees in Cyber Security

News release: “The certification of six Master’s degrees in Cyber Security was announced by Rt.Hon Francis Maude, Minister for the Cabinet Office, when he visited GCHQ today. This marks another significant step in the development of the UK’s knowledge, skills and capability in all fields of Cyber Security as part of the National Cyber Security Programme. The National CyberContinue Reading

HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack

“HP Fortify on Demand is pleased to announce the release of its Internet of Things State of the Union Study, revealing 70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities. Why we did the study - Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security,Continue Reading

US-CERT: Backoff Point-of-Sale Malware

Systems Affected - Point-of-Sale Systems - Alert (TA14-212A) “This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS.  The purpose of this release is to provide relevant andContinue Reading

NY AG Releases Report Showing Rise In Data Breaches, Provides Security Tips To Small Businesses & Consumers

“Attorney General Eric T. Schneiderman today issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. Using information provided to the Attorney General’s Office pursuant to the New York State Information Security Breach & Notification Act, the report, titled “Information Exposed: Historical Examination of Data Security in NewContinue Reading

Stealing Trade Secrets and Economic Espionage: An Overview of 18 U.S.C. 1831 and 1832

CRS - Stealing Trade Secrets and Economic Espionage: An Overview of 18 U.S.C. 1831 and 1832. Charles Doyle, Senior Specialist in American Public Law. July 25, 2014. “Stealing a trade secret is a federal crime when the information relates to a product in interstate or foreign commerce, 18 U.S.C. 1832 (theft of trade secrets), or when the intended beneficiaryContinue Reading