Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Insurance industry embraces Blockchain, but when? Tomorrow or in 10 years?

Posted in eCommerce reported the comments of Paul Meeusen, head of distributed ledger technology at Swiss Re Ltd. in Zurich that using Blockchain to manage Insurance “seemed very intuitive that this technology was very suitable to some of the key issues we deal with in our industry.” The December 12, 2017 article entitled “Insurance well suited to blockchain, speakers say” was on a New York City Bar Association panel discussion including these comments from Nick Williams (Clifford Chance LLP, Senior Partner):

I think insurance is the perfect industry for blockchain,

Accuracy in pricing will increase as (distributed ledger technology) platforms increase the transparency of risk.

The big question is WHEN?

Of course, testing is 1 of the 5 easy steps to beat Ransomware!

Posted in Cyber

Unitrends issued a white paper which stated that “the truth is that all industries are vulnerable to ransomware. Email, databases and business applications run on similar infrastructure and operating systems across all industries.”  The white paper was entitled “Beat Ransomware in 5 Easy Steps, Be Prepared to Fight or Be Prepared to Pay” included these comments about Step 3 to Test, Test and Test Again:

Even the FBI agrees that the only truly effective way to combat ransomware is to regularly back up data and verify the integrity of those backups.

Testing provides many advantages in the fight against ransomware. Testing ensures:

  • backups are not infected with the ransomware and can be used for data recovery
  • recovery will be successful for both physical & virtual machines
  • RPO and RTO compliance reports can be generated for HIPAA and other certifications

Here are all 5 Steps:

Step 1 – Protect yourself

Step 2 – Secure your Infrastructure

Step 3 – Test, Test and Test Again

Step 4 – Proactive Detection

Step 5 – Fast Recovery

All businesses need to be ready for ransomware!

Note to Ransomware Criminals – North Carolina Counties will not pay ransom…so go elsewhere!

Posted in Cyber, eCommerce

The New York Times reported that Mecklenburg County, North Carolina (which includes the city of Charlotte) refused to “pay a $23,000 ransom to a group of hackers who seized control of several government computer systems” and the County was operating without “the internet, civil servants were doing their jobs using “paper processes.””  The December 6, 2017 report entitled “North Carolina County Refuses to Pay $23,000 Ransom to Hackers” included these comments:

Officials said they believed the hackers had not obtained the personal information of any employees or private citizens.

The targeted systems included those of the tax assessor’s office and the Parks and Recreation and Social Services Departments, the county said in a statement.

Dena R. Diorio (the Mecklenburg County manager) issued this statement:

I am confident that our backup data is secure and we have the resources to fix this situation ourselves,…

It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.

Let’s seek if the backup contained malware before Mecklenburg County is out of the woods!

Are you kidding me? Only 15% of US companies have insurance for their data!

Posted in Cyber, eCommerce

One might conclude it makes a lot of sense to insure business data after considering Tableau’s report that included Ponemon’s estimate that the “average total cost of a data breach was estimated at $3.62 million.”  The December 2017 report entitled “2018 Top 10 Business Intelligence Trends” included the #5 Rise of the Chief Data Officer (CDO)

The fact that CDO’s and/or CAO’s are being appointed and assigned accountability for business impact and improved outcomes, also demonstrates the strategic value of data and analytics in modern organizations.

Also the report included these comments from Peter Cregger (CDO at FNI):

My job is to bring tools and technologies and empower the team.

You have to decide where the pain point is.

What is the real risk to your business?

Here are all 10 trends:

  1. Don’t Fear AI (Artificial Intelligence)
  2. Liberal Arts Impact
  3. Promise of NLP (Natural Language Processing)
  4. Multi-Cloud Debate
  5. Rise of the CDO
  6. Crowd Sourced Governance
  7. Data Insurance
  8. Data Engineer Role
  9. Location IoT (Internet of Things)
  10. Academics Investment

No surprises in this list!

Uber paid a ransom to hackers who stole 57 million Uber records last year!

Posted in Cyber, eCommerce

The New York Times reported that Uber fired it security officer after “two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data.” The November 21, 2017 report entitled “Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data” included these details about how Uber reacted to the hackers:

The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter.

To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.

The fact that 48 states and 89 countries require breach reporting did not make it onto Uber’s radar which will surely be a problem as we watch this unfold.

Will the Supreme Court rely on a 1979 case (think 18,134 Internet years) for Internet/cellphone privacy in 2017?

Posted in Anonymous Internet Activity, Internet Privacy

On November 29th the US Supreme Court will consider the case of US v. Carpenter where “police acquired the data from Carpenter’s wireless carriers without a warrant showing probable cause”  which led to Timothy Carpenter’s conviction that he was  “leading a gang of robbers” and the “prosecution produced cellphone-tower data that tracked the whereabouts of Carpenter’s cellphone for more than four months and placed him at or near the sites of a string of armed robberies.”

The Washington Post had an article written by Stephen Sachs on November 26, 2017 who was Maryland’s Attorney General from 1979 to 1987 entitled “The Supreme Court’s privacy precedent is outdated” who commented that in 1979 he “argued and won Smith v. Maryland when I was Maryland’s attorney general. I believe it was correctly decided. But I also believe it has long since outlived its suitability as precedent.” As Mr. Sachs pointed out, the 6th Circuit Court of Appeal relied on Smith v. Maryland in the Carpenter case.

Mr. Sachs supports a new legal construction of privacy in 2017 relying on Justice Sonia Sotomayor, in her concurring opinion in the 2012 case of US v. Jones which held:

….that the clandestine and warrantless attachment of a GPS tracking device to a defendant’s car was an unconstitutional search.

…the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.

People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the email addresses with which they correspond to their internet service providers; and the books, groceries and medications they purchase to online retailers.

It will be interesting to see how the Supreme Court rules in the US v. Carpenter.

FBI recommends two-factor authentication & training to thwart Spearphishing!

Posted in Cyber, eCommerce, Uncategorized

Among a number of recommendations to avoid Spearphishing (aka Business Email Compromise – BEC) the FBI recommends that “employees to use two-factor authentication to access corporate e-mail accounts.” The November 14, 2017 FBI News Report entitled “FBI Tech Tuesday—Digital Defense Against Business E-mail Compromises” included this advice about training employees to:

  • watch for suspicious requests, such as a change in a vendor’s payment location
  • avoid clicking on links or attachments from unknown senders. Doing so could download malware onto your company’s computers, making you vulnerable to a hack.

All good advice, but Spearphishing/BEC continues to cause substantial losses…so people really need to follow this advice!

100% of businesses affected by mobile malware (think BYOD)!

Posted in Cyber, eCommerce

Darkreading reported that every “business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware.”  The November 17, 2017 report entitled “Mobile Malware Incidents Hit 100% of Businesses” included these comments:

…BYOD devices are usually more susceptible to attack than corporate devices because they are not managed by such security measures as an enterprise mobility management platform or mobile threat management platform.

These platforms can restrict some of the more liberal permissions and user settings on BYOD devices…

Is this a wake-up call, or just old news!

Whoa! Did you know that Equifax claims to own your data?

Posted in Cyber, eCommerce, Internet Privacy

In testimony before the US Senate we hear that “Equifax, and not consumers, that owns all the granular data collected about them, and that consumers cannot request to exit the company’s files.”  The Washington Post’s report on November 8, 2017 entitled “Equifax says it owns all its data about you” started with the comment that “personal information it harvests for profit” for Equifax which comes as no surprise.  During the Senate hearing Paulino do Rego Barros (Equifax the interim CEO) explained “ why consumers do not have a say in opting in or out of the company’s data collection”:

This is part of the way the economy works,

I think it’s not my perspective to say it’s right or wrong.

This pretty alarming and most consumers do not it see that way, so it will be interesting to see how the massive Equifax litigation uses this information.

Think twice before relying on search engine results since they may have MALWARE links!

Posted in Cyber, eCommerce

Darkreading reported that criminals are “using Search Engine Optimization (SEO) to populate search results with malicious links and distribute the Zeus Panda Banking Trojan through a compromised Word document.”  The November 3, 2017 article entitled “Hackers Poison Google Search Results to Deliver Zeus Panda” included these comments:

SEO enables hackers to make their links more dominant in search results.

In this case, attackers are “poisoning” the results for specific keywords related to banking and finance, effectively narrowing their victim pool to a specific group so they can steal financial information.

The article included these comments from Earl Carter (threat researcher for Cisco Talos and one of the authors who detailed this discovery):

SEO poisoning by itself isn’t really new,…People have always been trying to manipulate search results. What was unique is they’re using it in the distribution of malware.

We all need to rely on common sense with search engines!