Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

What to Do When You Suspect a Data Breach: FTC Issues Video and Guide for Businesses

“If your business has experienced a data breach, you are probably wondering what to do next. The Federal Trade Commission’s new Data Breach Response: A Guide for Business, an accompanying video and business blog can help you figure out what steps to take and whom to contact. Among the key steps are securing physical areas, cleaning up your website, and providing breach notification. The guide also includes a model data breach notification letter. For related advice on implementing a plan to protect customer information and prevent breaches, check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business. The guide and the video are both in the public domain, so business people can share them with employees and customers, and through their websites and newsletters.”

Extensive botnet DDoS attacks take major sites offline

TechCrunch: “Several waves of major cyberattacks against an internet directory service knocked dozens of popular websites offline today, with outages continuing into the afternoon. Twitter, SoundCloud, Spotify, Shopify, and other websites have been inaccessible to many users throughout the day. The outages are the result of several distributed denial of service (DDoS) attacks on the DNS provider… Continue Reading

Former NSA contractor removed 50 terabytes of classified data

ZDNet: “An NSA contractor siphoned off dozens of hard drives’ worth of data from government computers over two decades, prosecutors will allege on Friday. The contractor, Harold T. Martin III, is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency. It’s not known exactly… Continue Reading

DOT Cybersecurity Incident Handling Is Ineffective and Incomplete

DOT IG Report – October 13, 2016 DOT Cybersecurity Incident Handling Is Ineffective and Incomplete Project ID:  FI-2017-001 “An effective response to cyber incidents minimizes disruptions to information systems and data losses. We conducted this audit because of DOT’s large number of information systems that contain sensitive data as well as the high number of… Continue Reading

USSS Faces Challenges Protecting Sensitive Case Management Systems and Data

“We performed this audit as a follow-up to a September 2015 Office of Inspector General (OIG) investigation regarding United States Secret Service (USSS) employees improperly accessing and distributing sensitive information onthe agency’s Master CentraIndex (MCI) mainframe system. Our objective was to determine whether adequate controls and data protections were in place on systems to which… Continue Reading

Fortune – Publishing Hacked Private Emails Can Be a Slippery Slope

“It may be hard for the media to resist a big email dump, but there are long-term risks. Regular dumps of classified documents and other internal communications have become a fixture of modern life, thanks in part to stateless—and frequently lawless—entities like WikiLeaks. But is publishing those leaks always the right thing to do? That’s… Continue Reading

FTC – New Identity Theft Report helps you spot ID theft

“Do you ever hear from customers or employees who want you to know that they’ve been affected by identity theft? If so, you’ll probably start seeing them use the new FTC Identity Theft Report. It tells you that someone important to your business is a crime victim, has alerted law enforcement, and is working to… Continue Reading

White House Announces Russia Responsible for Hacking Democratic National Cmte

Reuters – Mark Hosenball, Dustin Volz and Jonathan Landay: “The U.S. government for the first time on Friday formally accused Russia of a campaign of cyber attacks against Democratic Party organizations ahead of the Nov. 8 presidential election. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could… Continue Reading

NIST study – Security Fatigue

Security Fatigue, Issue No. 05 – Sept.-Oct. (2016 vol. 18) ISSN: 1520-9202 pp: 26-32 DOI Bookmark: “Security fatigue has been used to describe experiences with online security. This study identifies the affective manifestations resulting from decision fatigue and the role it plays in users’ security decisions. A semistructured interview protocol was used to collect… Continue Reading

Online or on paper, get the latest FTC identity theft info

“Looking for information on dealing with identity theft? The FTC has new and revised identity theft publications that reflect features of that make it easier to report and recover from identity theft. Here’s what’s hot off the presses: Identity Theft – What to Know, What to Do gives an overview of identity theft and… Continue Reading

CRS – Encryption: Frequently Asked Questions

Encryption: Frequently Asked Questions, Chris Jaikaran, Analyst in Cybersecurity Policy. September 28, 2016. “Encryption is a process to secure information from unwanted access or use. Encryption uses the art of cryptography to change information which can be read (plaintext) and make it so that it cannot be read (ciphertext). Decryption uses the same art of… Continue Reading

Once again a contractor charged with removing classified NSA information

Politico, Josh Gerstein and Cory Bennett: “The U.S. government confirmed a potentially wide-ranging breach of classified information Wednesday, raising serious questions about the steps federal agencies and contractor Booz Allen Hamilton took to prevent leaks in the wake of the Edward Snowden’s seismic revelations about National Security Agency surveillance…During a court-ordered search of [the home… Continue Reading