Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: E-Mail

Unprecedented mass hack of Democratic members of Congress

  • PCWorld: “The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group. Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and is promising journalists “exclusive materials” if they contact him directly. Although Guccifer 2.0 claims to be a lone hacktivist, some security experts believe he’s actually a persona created by Russian government hackers who want to influence the U.S. presidential election…A separate hacktivist website called DCLeaks has also been posting files stolen from U.S. politicians, but Russian hackers and Guccifer 2.0 may actually be behind the site, according to ThreatConnect.”
  • Washington Post – Alleged Russian links to DNC hack gives U.S. a taste of Kremlin meddling – It would be an unusually blunt challenge to the U.S. political system, but one familiar to Europe, where officials and analysts see Russian fingerprints on many initiatives designed to split Western unity and encourage acceptance of Kremlin policies.
  • Politico – Dems flooded with vulgar, suspicious messages following online data dump

NIST Updates Personal Identity Verification Guid

“NIST has recently expanded the flexibility and enhanced the security of Personal Identity Verification (PIV) credentials by updating the following guidelines: • Special Publication (SP) 800-156, Representation of PIV Chain-of-Trust for Import and Export, provides details regarding the use of chain -of -trust for import and export among PIV Card issuers. • SP 800-166, Derived… Continue Reading

EFF – How to: Avoid Phishing Attacks

EFF Surveillance Self Defense – “When an attacker sends an email or link that looks innocent, but is actually malicious, it’s called phishing. Phishing attacks are a common way that users get infected with malware—programs that hide on your computer and can be used to remotely control it, steal information, or spy on you. In… Continue Reading

HTTPS Windows exploit targets social security numbers, email addresses

Dan Goodin, arstechnica, August 3, 2016: “The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don’t have the ability to monitor a targeted end user’s Internet connection. The exploit is notable because it doesn’t… Continue Reading

New initiative from Privacy International tracks the global surveillance industry

“A new initiative launched today by Privacy International aims to track the growth and scale of the global surveillance industry, a shadowy sector consisting of companies selling a wide range of electronic surveillance technology to government agencies across the world. Made available today is the world’s largest publicly available educational resource of data and documents… Continue Reading

Report by 3 companies – Cyber resiliency in the Fourth Industrial Revolution

Cyber resiliency in the Fourth Industrial Revolution – A roadmap for global leaders facing emerging cyber threats “The First Industrial Revolution, in the late 18th century, was driven largely by steam engines. The second, in the late 19th century, introduced mass production and the division of labor. The third, in the late 20th century, involved… Continue Reading

McCaul – Warner Commission on Digital Security

“Chairman Michael McCaul and Senator Mark Warner introduced the Digital Security Commission Act on February, 29, 2016. The purpose of this Commission is to collectively address the larger issue of protecting national security and digital security, without letting encrypted communications become a safe haven for terrorists. This Commission brings together the most capable experts and stakeholders from… Continue Reading

LC target of DNS attack and a commentary on LC and digitization challenges

FCW.com, July 18, 2016: “The Library of Congress was the target of a denial-of-service attack that has knocked out Congress.gov and the U.S. Copyright Office website, and caused outages at other sites hosted by the library. Library spokesperson Gayle Osterberg told FCW that the DNS attack was launched July 17 and continues to affect library… Continue Reading

MuckRock launching a national database of FOIA exemptions

Michael Morisy – We’re building an open guide to every state’s public records law – Help track down and fight every public records exemption across the country. “With agencies increasingly using an array of exemptions to deny access to information, we want to help requesters fight back. We’re launching a project to track every public… Continue Reading

House Homeland Security Report – Going Dark, Going Forward: A Primer on the Encryption Debate

June 29, 2016: “Terrorist attacks in Paris and San Bernardino have sparked a public debate on the use of encryption in our society because the attackers used encrypted communications to evade detection, a phenomenon known as “going dark.” Today, the Majority Staff of the House Homeland Security Committee released a new report entitled, Going Dark,… Continue Reading

2015 Wiretap Report: Intercept Orders Rise 17 Percent

United States Courts, June 30, 2016: “The number of federal and state wiretaps terminated in 2015 increased nearly 17 percent over 2014, according to an annual report submitted to Congress by the Administrative Office of the U.S. Courts. As in previous years, drug investigations and telephone wiretaps accounted for the large majority of cases. The… Continue Reading

IG – Audit Finds Inactive Accounts Within the Department of State’s Active Directory

OIG, U.S. Department of State, Management Assistance Report: Inactive Accounts Within the Department of State’s Active Directory, AUD-IT-16-37, Office of Audits. June 2016. “According to the National Institute of Standards and Technology, inactive accounts should be automatically disabled after a defined period of time. The Foreign Affairs Handbook states that Department officials must disable inactive… Continue Reading