Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Cybersecurity, Encryption and United States National Security Matters

Cybersecurity, Encryption and United States National Security Matters, Senate Armed Services Committee, September 13, 2016 (published September 2017), via FAS.

Steven Aftergood, Secrecy News: “What constitutes an act of war in the cyber domain? It’s a question that officials have wrestled with for some time without being able to provide a clear-cut answer. But in newly-published responses to questions from the Senate Armed Services Committee, the Pentagon ventured last year that “The determination of what constitutes an ‘act of war’ in or out of cyberspace, would be made on a case-by-case and fact-specific basis by the President.” “Specifically,” wrote then-Undersecretary of Defense (Intelligence) Marcel Lettre, “cyber attacks that proximately result in a significant loss of life, injury, destruction of critical infrastructure, or serious economic impact should be closely assessed as to whether or not they would be considered an unlawful attack or an ‘act of war.'” Notably absent from this description is election-tampering or information operations designed to disrupt the electoral process or manipulate public discourse. Accordingly, Mr. Lettre declared last year that “As of this point, we have not assessed that any particular cyber activity [against] us has constituted an act of war.”

Active Cyber Defense Certainty Act

The Register: “Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in America… Continue Reading

Business Email Scams: Protecting Your Company’s Information

From the Pennsylvania Department of Banking and Securities, a succinct and very useful Infographic guide: “Business Email Compromise is a cyber threat targeted against businesses, both large and small, that typically involves a con artist targeting employees with access to company financial or sensitive documents. The scammers lead the employees to believe they are a… Continue Reading

EPIC Urges Congress To Hold Equifax Accountable, Update Data Protection Law

“EPIC has sent statements to Congress ahead of hearings in the House and Senate on the Equifax data breach. EPIC underscored the risk to American consumers of data breaches which are increasingly severe. EPIC urged Congress to require prompt data breach notification, data minimization, and privacy enhancing techniques. In 2011 EPIC testified in the House… Continue Reading

Report – Phish For the Future

“This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from… Continue Reading

Are VPNs really protecting your privacy and security?

An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps. MC 2016, November 14-16, 2016, Santa Monica, CA. DOI: http://dx.doi.org/10.1145/2987443.2987471. “Millions of users worldwide resort to mobile VPN clients to either circumvent censorship or to access geo-blocked con- tent, and more generally for privacy and security purposes. In practice, however, users have… Continue Reading

Secure EDGAR data breach exploited for possible insider trading w updates

Statement on Cybersecurity Chairman Jay Clayton, Sept. 20, 2017 “…Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems.  In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain… Continue Reading

Preventing and Responding to Identity Theft

US Cert Security update: Preventing and Responding to Identity Theft “You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through… Continue Reading

Wharton – After Equifax, Can Our Data Ever Be Safe?

Follow up to previous posting – Equifax is one of many companies that collect information about you – via Knowledge@Wharton – “In the annals of data breaches, the Equifax hacking stands alone due to its sheer scale: Digital thieves traipsed through the personal information of 143 million Americans for several months to do with it… Continue Reading

Equifax is one of many companies that collect information about you

Via NBR/CNBC: “There are literally hundreds of smaller consumer-reporting companies [33-page PDF] operating in the U.S. and the smaller ones are collecting information you might not expect. The Consumer Financial Protection Bureau maintains a self-reported list of the companies. Consider Milliman IntelliScript, for example. The company collects information on the prescription drugs you buy. If… Continue Reading

Under EU General Data Protection Regulation large fines result from failure to protect consumer data

eSecurity Planet: “The massive Equifax breach that recently affected 143 million consumers would have led to hugely significant fines if the European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, had already been in place. Under the new rules, organizations that fail to protect sensitive data can be fined up to… Continue Reading

FTC alerts consumers about post Equifax scams

Ring, ring. “This is Equifax calling to verify your account information.” Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue. That’s just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal… Continue Reading