Category: Cybercrime

Intel takes cybersecurity measures to protect cars

September 15, 2015 Shelby Bice Leave a comment Cybercrime, Security, Tech

Innovation has allowed cars to be outfitted with rear-end cameras, internet connectivity, computerized maintenance systems, and other technological components that can greatly benefit drivers. Unfortunately, new technology sometimes leads to new problems. The instant a car connects to networks,  it is opened up to cyberattacks, which could eventually lead to hackers controlling the car remotely. This could potentially create a multitude of problems, which has caused Intel to create the Automotive Security Review Board. The goal of the ASRB is to diminish the risk that cyberattacks present to vehicles. Chris Young, the Senior Vice President and General Manager of Intel Security, states that “with the help of the ASRB, Intel can establish security best practices and encourage that cyber-security is an essential ingredient in the design of every connected car.”

The board seeks to use ongoing security tests and audits to determine how best to advise automobile manufacturers. This, in turn, will keep cars and their drivers safer. Considering that some companies are already recalling cars due to security breaches, the ASRB and their findings will be useful to automotive companies. Intel will provide its advanced development platforms to assist with the board’s research into security and has already published an initial version of its automotive cybersecurity best practices that will be updated as the ASRB continues to conduct research. A key component of Intel’s advice centers on the fact that vehicle security is something that needs to be monitored and updated even after the sale of the car is finalized. As Intel stated in their report on best practices, “Threat analysis and risk assessment continues throughout the life of the car as old vulnerabilities are patched and new ones come to light, so the risk of attack can even increase with time.” As new threats are presented to technology, especially to its applications in cars, manufacturers will need the cybersecurity research that organizations like the Automotive Security Review Board are conducting.

Article via CNET, September 14, 2015

Photo: Urban Congestion via Doug [Creative Commons Attribution-NonCommercial-NoDerivs]

Should law firms share information about cyber threats?

September 8, 2015 Shelby Bice Leave a comment Cybercrime, In the Law, Legal News, Tech for Lawyers

With law firms and their clients facing cyber threats more and more frequently, it makes sense that firms would want to come together and share what information they know about these threats in order that each firm can be better prepared to advise their clients. The Legal Services Information Sharing and Analysis Organization, or LS-ISAO for short, was formed to allow this kind of collaboration between firms. The new alliance is connected with a similar organization, the Financial Services Information Sharing and Analysis Organization, or FS-ISAO, which has been requiring private and public financial sectors to share information on cyber security and other threats since 1999. While LS-ISAO was formed after several law firms contacted the FS-ISAO, not all law firms are eager to join the alliance.

Although any law firms are educating their members on cyber threats or even have teams specifically dedicated to cybersecurity, most law firms guide their response to cyber threats based upon their clients’ opinions. For example, Chanley Howell, a member of the cybersecurity team at Foley & Lardner, isn’t very keen on becoming a part of the alliance, but explains, “If we start hearing clients recommend it, we’ll probably join.” Though it may seem counterintuitive for a cybersecurity team to put off joining an organization created to spread knowledge about cyber threats, Jeremiah Buckley, a founder member of Buckley Sandler who writes about cyber risk, argues that there are some potential drawbacks an organization that shares cybersecurity information so freely. Namely, if a law firm shares what they learned from a cyber threat with the alliance, even though everything is required to be anonymous, other firms could still determine which law firm was involved and then use that information to attack and discredit the firm. On the flip side, firms should be wary of information that is shared anonymously since there is no way to prove that the information is correct. Finally, firms are still competing with one another, and giving someone else a leg up may not always be in a firm’s best interests.

Even though there may be some issues associated with the new alliance, the Legal Services Information Sharing and Analysis Organization is still young. With time, according to the Vice President of Products and Services at the FS-ISAO, trust will develop between its members.

Article via Bloomberg BNA, August 21, 2015

Photo: Two People-Business Meeting via Stephen D [Creative Commons Attribution-NonCommercial-NoDerivs]

Hacking Team’s clientele- corrupt governments

September 4, 2015 Abby Shulman Leave a comment Cybercrime, Economy, Government, Human Rights, Justice, News, Privacy, Security, Tech

In July of 2015, 400 gigabytes of documents outlining the dealings of spyware company Hacking Team were released. The for-profit surveillance firm was found to work with oppressive regimes across the globe, including those of Russia, Ethiopia, Azerbaijan, Kazakhstan, Vietnam, Saudi Arabia, and Sudan. Also benefiting from the company’s exploitive surveillance tools is the US Bureau of Investigation, which has spent $775,000 on Hacking Team tools since 2011.

Hacking Team’s abilities are expansive. The firm can steal pre-encrypted data and passwords typed in Web browsers, as well as activate the microphone and camera on a target device. Users of Google Play and Apple stores may also be activating surveillance malware coded by Hacking Team.

Privacy and human rights advocates are outraged by the lack of legislation regulating firms like Hacking Team and its rival Gamma International, but regulation can be tricky. Badly drafted export controls could create red tape for journalists to circumvent when trying to access communications mechanisms or antivirus software. Syrian activists, for example, have cited American export controls as one of the leading obstacles of installing anti-surveillance software on phones and computers to protect their communications from the Assad regime.

The discussion is subtle, as it must take into account the personal liberties of global citizens, the dynamic nature of the technology industry, and the diverse interests of country governments.

Article via Committee to Protect JournalistsJuly 13, 2015

Photo: On the Phone via Artform Canada [Creative Commons Attribution-NonCommercial-NoDerivs]

 

 

 

Using mobile devices in health care, safely

September 1, 2015 Abby Shulman Leave a comment Cybercrime, Health Justice, Privacy, Security, Tech

The National Institute of Standards and Technology (NIST) released a practice guide on how health care providers can share patient information securely through mobile devices. The guide is the first in a series dedicated to the development of advanced cybersecurity for all organizations.

Tablets and smartphones are already integrated in the health professions, as 87% of physicians report using a tablet or smartphone in the workplace. Physicians can exchange patient information, submit medical claims, access electronic records, and e-prescribe through mobile devices. In general, the use of mobile devices for these tasks is efficient and less susceptible to error.

However, the use of tablets and smart phones for secure health information carries significant risk. Vital patient information could be leaked if the device were lost or stolen, or if a patient sent data through insecure cellular networks. Without developed authentication or data encryption, patients face the threat of “medical identity theft,” disastrous for both their own health and the success of their provider.

NIST guide seeks to mitigate risks through explicit instructions and hypothetical scenarios. The guide will take comments from the public until Sept. 25, 2015.

Article via Ice Miller Strategies LLC, August 6, 2015

Photo: Man at work–physician assistant via yooperann [Creative Commons Attribution-NonCommercial-NoDerivs]

Traders and hackers team up for $100M worth of cybercrime

August 28, 2015 Shelby Bice Leave a comment Criminal Law, Cybercrime

Over one hundred million dollars were obtained illegally by the largest cybercrime collaboration between rogue members of Wall Street and hackers to date. In order to obtain crucial information about publicly traded companies before it became public knowledge, these stock traders living in Pennsylvania, Georgia, and New York would email hackers located in the Ukraine with a list of news releases concerning certain companies that they wished to have. The hackers would respond with recorded instructions on how to obtain the stolen articles. By having advance access to news  containing earnings and other details, the stock traders were able to make favorable trades before anyone else knew about the information. For their skills, the hackers were paid a portion of the profits from the illegal trades or a flat fee.

This is not the first time hackers and stock traders have colluded to commit cybercrime. A similar case in 2005 involved stock traders in Estonia hacking into Business Wire in order to make well-informed trades. Cases such as these show that cybercrime goes far beyond identity theft, stealing bank information, or obtaining sensitive personal information. Additionally, some stock brokers in Manhattan were charged last month with illegally obtaining millions of email addresses and planning to spam them in order to try to manipulate the worth of certain stocks, and another hacker group tried to steal information from emails in the pharmaceutical industry to gain access to deals that could affect the stock market. In all of these cases, cybercrime is centered around market-altering information. As former Manhattan prosecutor Matthew L. Schwartz states, “hackers can obtain access to all sorts of valuable information and can and will profit off of it in every way imaginable.”

Article via New York Times, August 11, 2015

Photo: Frankfurt Stock Exchange via Tobias Leeger [Creative Commons Attribution-NonCommercial-NoDerivs]

New ruling bolsters cybersecurity

August 27, 2015 Abby Shulman Leave a comment Cybercrime, Government, News, Privacy, Security

In a ruling by the US Court of Appeals on Aug. 24, the Federal Trade Commission (FTC) has the authority to prosecute corporations that have insufficient cybersecurity to protect customers against hackers.

The Third Circuit ruled in favor of the FTC, which litigated the international hotel company Wyndham Worldwide Corporation for failing to prevent the theft of 619,000 customer’s personal and financial information by hackers. The hacking resulted in over $10.6 million in counterfeit charges.

Wyndham attempted to counter the Commission’s lawsuit in the US Court of Appeals, but the recent ruling declared the FTC’s actions legal.

The FTC will be expected “to increase its regulatory activity in this area now that its authority has been upheld,” says Michael Hindelang, head of the data security/privacy litigation and e-discovery/information management practice groups at Honigman Miller Schwartz and Cohn.

 

Article via Legaltech News, August 26, 2015

Photo: statue at Federal Trade Commission via sha in LA [Creative Commons Attribution-NonCommercial-NoDerivs]