Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Former NSA contractor removed 50 terabytes of classified data

ZDNet: “An NSA contractor siphoned off dozens of hard drives’ worth of data from government computers over two decades, prosecutors will allege on Friday. The contractor, Harold T. Martin III, is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency. It’s not known exactly what Martin allegedly stole, but a report from The New York Times on Wednesday suggests that the recently-leaked hacking tools used by the agency to conduct surveillance were among the stolen cache of files. Prosecutors will on Friday charge Martin with violating the Espionage Act. If convicted, he could face ten years in prison on each count…”

Engadget: “The feds quietly arrested NSA contractor Harold Thomas Martin III back in August for stealing an enormous number of documents from the agency. Now, the investigators sifting through the documents found in his computers discovered what they were probably looking for from the start. According to the New York Times, the documents he stole included the NSA’s top secret hacking tools posted online by a group called Shadow Brokers earlier this year. Federal agents had to pore over terabytes upon terabytes of data to find those tools, since the classified materials found in Martin’s possession make the Panama Papers (2.6 terabytes) and Edward Snowden’s documents look insignificant in comparison…”

DOT Cybersecurity Incident Handling Is Ineffective and Incomplete

DOT IG Report – October 13, 2016 DOT Cybersecurity Incident Handling Is Ineffective and Incomplete Project ID:  FI-2017-001 “An effective response to cyber incidents minimizes disruptions to information systems and data losses. We conducted this audit because of DOT’s large number of information systems that contain sensitive data as well as the high number of… Continue Reading

USSS Faces Challenges Protecting Sensitive Case Management Systems and Data

“We performed this audit as a follow-up to a September 2015 Office of Inspector General (OIG) investigation regarding United States Secret Service (USSS) employees improperly accessing and distributing sensitive information onthe agency’s Master CentraIndex (MCI) mainframe system. Our objective was to determine whether adequate controls and data protections were in place on systems to which… Continue Reading

FTC – New Identity Theft Report helps you spot ID theft

“Do you ever hear from customers or employees who want you to know that they’ve been affected by identity theft? If so, you’ll probably start seeing them use the new FTC Identity Theft Report. It tells you that someone important to your business is a crime victim, has alerted law enforcement, and is working to… Continue Reading

White House Announces Russia Responsible for Hacking Democratic National Cmte

Reuters – Mark Hosenball, Dustin Volz and Jonathan Landay: “The U.S. government for the first time on Friday formally accused Russia of a campaign of cyber attacks against Democratic Party organizations ahead of the Nov. 8 presidential election. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could… Continue Reading

NIST study – Security Fatigue

Security Fatigue, Issue No. 05 – Sept.-Oct. (2016 vol. 18) ISSN: 1520-9202 pp: 26-32 DOI Bookmark: “Security fatigue has been used to describe experiences with online security. This study identifies the affective manifestations resulting from decision fatigue and the role it plays in users’ security decisions. A semistructured interview protocol was used to collect… Continue Reading

Online or on paper, get the latest FTC identity theft info

“Looking for information on dealing with identity theft? The FTC has new and revised identity theft publications that reflect features of that make it easier to report and recover from identity theft. Here’s what’s hot off the presses: Identity Theft – What to Know, What to Do gives an overview of identity theft and… Continue Reading

CRS – Encryption: Frequently Asked Questions

Encryption: Frequently Asked Questions, Chris Jaikaran, Analyst in Cybersecurity Policy. September 28, 2016. “Encryption is a process to secure information from unwanted access or use. Encryption uses the art of cryptography to change information which can be read (plaintext) and make it so that it cannot be read (ciphertext). Decryption uses the same art of… Continue Reading

Once again a contractor charged with removing classified NSA information

Politico, Josh Gerstein and Cory Bennett: “The U.S. government confirmed a potentially wide-ranging breach of classified information Wednesday, raising serious questions about the steps federal agencies and contractor Booz Allen Hamilton took to prevent leaks in the wake of the Edward Snowden’s seismic revelations about National Security Agency surveillance…During a court-ordered search of [the home… Continue Reading

IG – Major Management Challenges for the Fed Board and the CFPB

The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System (Board) and the Consumer Financial Protection Bureau (CFPB) is an independent and objective oversight authority established under the Inspector General Act of 1978, as amended: “Though not statutorily required, the OIG compiles annual listings of major management challenges facing… Continue Reading

Five EFF Tools to Help You Protect Yourself Online

“… five of EFF’s many technology tools and projects. In different ways, they all function to increase your security on the Internet—with the implicit assertion that personal privacy is at the foundation of that security.” Continue Reading

Translating Research for Action: Ideas and Examples for Informing Digital Policy

“The Berkman Klein Center for Internet & Society is pleased to release this series of papers, which aims to build a bridge between academic research and policymaking in the networked world by helping to identify opportunities in key areas related to digital technology and innovation. The series builds on the Center’s commitment to exploring new ways… Continue Reading