Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Cyberintrusions by Russia put US power infrastructure in jeopardy!

Posted in Cyber

The Washington Post reported that “Since at least March 2016… Russian hackers have ‘targeted U.S. government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.’”  The March 16, 2018 report entitled “Why Russian hackers aren’t poised to plunge the United States into darkness” includes this natural question “How serious is this hacking? :

The idea of Russian hackers having access to the control switches of America’s power infrastructure is particularly unnerving, raising the idea of waking up one morning to learn that the United States has simply been switched off.

The article also included these comments from several experts:

…explained that this is not only oversimplistic but also that it is almost certainly impossible.

The effects of infiltration of America’s power grid would be much more geographically limited thanks to the distributed, redundant nature of the system.

This all seems pretty frightening that a foreign government could take control of the power infrastructure in the US!  Something we should keep an eye on!

Yahoo’s ToS limitations of liabilities challenged in Cyberbreach of 3 billion users!

Posted in Cyber, eCommerce

Reuters reported that Judge Lucy Kohl ruled that “the plaintiffs could try to show that liability limits in Yahoo’s terms of service were “unconscionable,” given the allegations that Yahoo knew its security was deficient but did little.” The March 12, 2018 article entitled “Data breach victims can sue Yahoo in the United States” included these comments about Judge Kohl’s (US District Judge, Northern District of California) ruling:

Yahoo was accused of being too slow to disclose three data breaches that occurred from 2013 and 2016, increasing users’ risk of identity theft and requiring them to spend money on credit freeze, monitoring and other protection services.

The breaches were revealed after New York-based Verizon agreed to buy Yahoo’s Internett business, and prompted a cut in the purchase price to about $4.5 billion.

A Verizon spokesman had no immediate comment on Monday. A lawyer for the plaintiffs did not immediately respond to requests for comment.

This will be a important case to follow given the cybercrime and reliance on Terms of Service (ToS), Click Agreements, and Privacy Policies that are never read!

Court orders that Cryptocurrencies should be regulated by the US government!

Posted in eCommerce reported “that virtual currencies can be regulated by the U.S. Commodity Futures Trading Commission [CFTC].” The March 8, 2018 report entitled “Federal Court Just Ruled CFTC Can Regulate Crypto—But Agency Isn’t Alone” included these questions resolved by US District Judge Weinstein (Eastern District of New York) with a resounding “YES”:

Is virtual currency a commodity?

Does the CFTC have jurisdiction over fraud that does not directly involve the sale of futures or derivative contracts?

Here’s the background on the case:

The CFTC sued Patrick McDonnell and his company CabbageTech Corp. in January, alleging fraud and misappropriation connected to cryptocurrency purchases. Pro se litigant McDonnell attempted to have the suit thrown out for lack of jurisdiction, but the judge ruled in favor of the CFTC.

This ruling will likely have significant impact on cryptocurrencies!

Tax phishing attacks leads to theft of millions of passwords at Office365 (think Microsoft)!

Posted in Cyber, Internet Privacy reported a “new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS.” The March 2, 2018 report entitled “Millions of Office 365 Accounts Hit with Password Stealers” included these comments:

Barracuda Networks last month flagged a “critical alert” when it detected attack attempts to steal user passwords. This threat lures victims with Microsoft 365 Office files claiming to be tax forms or other official documents; attackers use urgent language to convince people to open the attachment.

Examples of this tactic include files named “taxletter.doc” and phrases like “We are apprising you upon the arisen tax arrears in the number of 2300CAD.” The use of popular file types like Word and Excel, which are globally known and used, further ensures victims will fall for it.

Given the wide usage of Office365 this very alarming news!

Equifax only had $75M in cybersecurity insurance but expect claims of at least $275M!

Posted in Cyber, eCommerce

Reuters reported that Equifax’s 2017 cyber incident where +147M consumers’ data was stolen included “costs mainly reflect technology and data security upgrades, legal fees, and free identity theft protection and credit monitoring offered to the more than 147 million consumers affected by the cyber security incident.”  The March 2, 2018 report entitled “Equifax expects $200 million in breach-related costs in 2018” reported a number of class action lawsuits:

…as well as investigations by U.S. federal, state, local and foreign governmental officials and agencies.

Seems like their estimate of $275M is on the low side when all is said and done!

German Court Ruling against Facebook portends trouble under GDPR!

Posted in Internet Privacy reported about “a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules. “  The article entitled “Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future” included these comments about how “the German court ruling was a signal that social media and tech companies may be wholly unprepared for the GDPR and may have a long way to go to become compliant with its mandates” and that:

…people are going to be surprised by a lot of the fundamental heavy lifting and changes that they are going to have to do around the way that they design products going forward.

This case may help shape GDPR court interpretations.

What took the SEC so long to adopt Cybersecurity Disclosure requirements?

Posted in Cyber

The Securities and Exchange Commission (SEC) Chairman Jay Clayton announced the SEC’s approval of the “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” under which “the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents.”  Chairman Clayton’s February 21, 2018 public statement entitled “Statement on Cybersecurity Interpretive Guidance” included these statements:

In today’s environment, cybersecurity is critical to the operations of companies and our markets.  Companies increasingly rely on and are exposed to digital technology as they conduct their business operations and engage with their customers, business partners, and other constituencies. 

This reliance on and exposure to our digitally-connected world presents ongoing risks and threats of cybersecurity incidents for all companies, including public companies regulated by the Commission. 

Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion

Better late than never, and it will be interesting to see what is reported!

Cybersecurity threats targeted at State elections?

Posted in Cyber, Internet Privacy

The Washington Post wrote an article that “State officials have been scrambling to address vulnerabilities in their systems, particularly since the fall, when the Department of Homeland Security disclosed the attempts on the 21 states. Though it is not believed there were further attacks, experts say Russian operatives may have been laying the groundwork for a more aggressive effort in 2018.” The February 17, 2018 article entitled “State elections officials fret over cybersecurity threats” included these observations about a meeting of State Election Officials on Saturday following the February 16th Federal indictments against 13 Russians:

The indictments underscored warnings issued by the nation’s top intelligence officials who said earlier in the week that they had already uncovered evidence that Russians and other foreign operators aimed to disrupt the midterms.

State elections officials and cybersecurity experts are pressuring Congress to act, asking lawmakers to appropriate all the federal funds approved in 2002 for election security. They also want lawmakers to pass legislation that would enact sweeping changes to strengthen U.S. election cybersecurity.

It will be interesting to following these Cybersecurity threats to US elections!

New US Attorney has extensive Cybersecurity experience!

Posted in Cyber recently interviewed Erin Nealy Cox (US Attorney for the Northern District of Texas since November 2017) who described her  “…expertise in cybersecurity will help me identify and communicate the threats to the affected communities so they can understand and craft solutions needed to defend themselves; and it will help me ensure that my prosecutors have the tools, training, and resources to prosecute vigorously those responsible for cyber crimes, wherever they may be located.” The February 8, 2018 interview was entitled “Erin Nealy Cox – How Cyber Background Helps as US Attorney “ began with this introduction:

Perhaps unique for a U.S. attorney, she has extensive background in cybersecurity, having worked as a senior adviser at McKinsey & Co. in the cybersecurity and risk practice; as an assistant U.S, attorney in the Northern District of Texas, where she prosecuted cyber crimes, white-collar crimes, and general crimes; and as a member of the executive team at Stroz Friedberg, a cybersecurity and investigations consulting firm.

Since I’ve known Erin for many years, I’m confident she will be a an excellent US Attorney and particularly dealing with cybercrime.

Uber settles claims for $245M that it stole Google’s trade secrets!

Posted in eCommerce

Money.CNN reported that Google’s Waymo (Google’s self-driving car program) sued Uber for theft of trade secrets, but during the middle of trial “accepted a settlement offer from Uber, which agreed to a deal that includes 0.34% of Uber’s equity at a $72 billion valuation, which works out to about $245 million.”  The February 9, 2018 article entitled “Uber and Waymo settle trade secrets lawsuit” settled even though “Waymo had initially asked for maximum damages of $1.8 billion after:

The investigation into potential trade-secret theft began in late 2016 when Waymo accidentally received an email from a supplier containing an attachment that detailed Uber’s LiDAR circuit board. Waymo claimed it looked suspiciously like its own design.

Given the settlement it sure looks like Uber decided to avoid the uncertainty of a jury verdict and appellate conflict for years to come.