Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

FBI recommends two-factor authentication & training to thwart Spearphising!

Posted in Cyber, eCommerce, Uncategorized

Among a number of recommendations to avoid Spearphishing (aka Business Email Compromise – BEC) the FBI recommends that “employees to use two-factor authentication to access corporate e-mail accounts.” The November 14, 2017 FBI News Report entitled “FBI Tech Tuesday—Digital Defense Against Business E-mail Compromises” included this advice about training employees to:

  • watch for suspicious requests, such as a change in a vendor’s payment location
  • avoid clicking on links or attachments from unknown senders. Doing so could download malware onto your company’s computers, making you vulnerable to a hack.

All good advice, but Spearphishing/BEC continues to cause substantial losses…so people really need to follow this advice!

100% of businesses affected by mobile malware (think BYOD)!

Posted in Cyber, eCommerce

Darkreading reported that every “business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware.”  The November 17, 2017 report entitled “Mobile Malware Incidents Hit 100% of Businesses” included these comments:

…BYOD devices are usually more susceptible to attack than corporate devices because they are not managed by such security measures as an enterprise mobility management platform or mobile threat management platform.

These platforms can restrict some of the more liberal permissions and user settings on BYOD devices…

Is this a wake-up call, or just old news!

Whoa! Did you know that Equifax claims to own your data?

Posted in Cyber, eCommerce, Internet Privacy

In testimony before the US Senate we hear that “Equifax, and not consumers, that owns all the granular data collected about them, and that consumers cannot request to exit the company’s files.”  The Washington Post’s report on November 8, 2017 entitled “Equifax says it owns all its data about you” started with the comment that “personal information it harvests for profit” for Equifax which comes as no surprise.  During the Senate hearing Paulino do Rego Barros (Equifax the interim CEO) explained “ why consumers do not have a say in opting in or out of the company’s data collection”:

This is part of the way the economy works,

I think it’s not my perspective to say it’s right or wrong.

This pretty alarming and most consumers do not it see that way, so it will be interesting to see how the massive Equifax litigation uses this information.

Think twice before relying on search engine results since they may have MALWARE links!

Posted in Cyber, eCommerce

Darkreading reported that criminals are “using Search Engine Optimization (SEO) to populate search results with malicious links and distribute the Zeus Panda Banking Trojan through a compromised Word document.”  The November 3, 2017 article entitled “Hackers Poison Google Search Results to Deliver Zeus Panda” included these comments:

SEO enables hackers to make their links more dominant in search results.

In this case, attackers are “poisoning” the results for specific keywords related to banking and finance, effectively narrowing their victim pool to a specific group so they can steal financial information.

The article included these comments from Earl Carter (threat researcher for Cisco Talos and one of the authors who detailed this discovery):

SEO poisoning by itself isn’t really new,…People have always been trying to manipulate search results. What was unique is they’re using it in the distribution of malware.

We all need to rely on common sense with search engines!

Watch out!! “Mobile Messaging Apps” are the new home for the Dark Web!

Posted in Cyber

Darkreading reported that “mobile messaging apps are rising in favor as the newest Dark Web alternatives that crooks have landed upon to do business with one another.”   The October 26, 2017 report entitled “Dark Web Marketplaces’ New Home: Mobile Messaging Apps”  has the subtitle “Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar” and includes these comments:

With all this turmoil, the dark net community is clearly now looking for different platforms to continue promoting their business,…

With the promise of end to end encryption and secrecy, the instant messaging platform is flourishing with illegal trade,…

Regional and international groups across the world are using the application to spread their merchandise with P2P sales.

Users can find illegal drugs that can be delivered within hours all the way to stolen credit card information for sale.

Actually no one should be surprised, but all the more reason to be vigilant.

Over 1 billion views of RT (Russian News channel) on YouTube since 2013!

Posted in Cyber

The New York Times report is about “723 Internet Years Old” (think 4 human years) that a YouTube VP joined a state-backed Russian news channel “RT anchor in a studio, where he praised RT for bonding with viewers by providing “authentic” content instead of “agendas or propaganda.””  The October 23, 2017 report entitled “Russia’s Favored Outlet Is an Online News Giant. YouTube Helped” included these comments:

…now, as investigators in Washington examine the scope and reach of Russian interference in United States politics, the once-cozy relationship between RT and YouTube is drawing closer scrutiny.

YouTube — the world’s most-visited video site, owned by one of the most powerful and influential corporations in America — played a crucial role in helping build and expand RT, an organization that the American intelligence community has described as the Kremlin’s “principal international propaganda outlet” and a key player in Russia’s information warfare operations around the world.

Also Senator Mark Warner, Democrat of Virginia and vice chairman of the Senate Intelligence Committee, which is investigating Russia’s exploitation of social media platforms based in the United States made these statements:

More than half of American adults say they watch YouTube, and younger viewers are moving to YouTube at staggering numbers,”

YouTube is a target-rich environment for any disinformation campaign — Russian or otherwise — that represents a long-term, next-generation challenge.

This is hardly startling given YouTube’s role in Internet!

New law may require Google and Facebook to disclose political advertising

Posted in Anonymous Internet Activity, eCommerce

The New York Times reported about a new “bill would require internet companies to provide information to the election commission about who is paying for online ads.” The October 19, 2017 report entitled “Senators Demand Online Ad Disclosures as Tech Lobby Mobilizes” included these comments:

Senator John McCain and two Democratic senators moved on Thursday to force Facebook, Google and other internet companies to disclose who is purchasing online political advertising, after revelations that Russian-linked operatives bought deceptive ads in the run-up to the 2016 election with no disclosure required.

After initially resisting requests to turn over Russian-linked ads, Facebook has provided them to a congressional committee investigating Russian meddling in the 2016 election. But Google has yet to do so, and neither company has made the ads public.

This new law may place an interesting pall on social media!

Supreme Court will consider a 1986 law about phone records and how it applies to emails in 2017 outside the US

Posted in eCommerce, Internet Access, Internet Privacy

The New York Times reported that the US Supreme Court will consider a case against Microsoft to “decide whether federal prosecutors can force technology companies to turn over data stored outside the United States.”  In 1986 Congress passed the Stored Communications Act (SCA) to control telephone records long before the Internet we know today, but the SCA is the main law that Internet companies rely to protect users’ content and in 1986 in passing the SCA “Congress focused on providing basic safeguards for the privacy of domestic users.”

The New York Times October 16, 2017 article entitled “Justices to Decide on Forcing Technology Firms to Provide Data Held Abroad” included this background on the case:

The case, United States v. Microsoft, No. 17-2, arose from a federal drug investigation. Prosecutors sought the emails of a suspect that were stored in a Microsoft data center in Dublin. They said they were entitled to the emails because Microsoft is based in the United States.

A federal magistrate judge in New York in 2013 granted the government’s request to issue a warrant for the data under a 1986 federal law, the Stored Communications Act. Microsoft challenged the warrant in 2014, arguing that prosecutors could not force it to hand over its customer’s emails stored abroad.

A three-judge panel of the United States Court of Appeals for the Second Circuit, in Manhattan, ruled that the warrant in the case could not be used to obtain evidence beyond the nation’s borders because the 1986 law did not apply extraterritorially. In a concurring opinion, Judge Gerard E. Lynch said the question was a close one, and he urged Congress to revise the 1986 law, which he said was badly outdated.

The result of this case may change how Internet jurisdiction, privacy, or lead to congressional changes to the SCA.

Did Facebook delete Russian bought ads because of a bug?

Posted in Cyber

The Washington Post wrote that Facebook “it has merely corrected a “bug” that allowed [Jonathan] Albright, who is research director of the Tow Center for Digital Journalism at Columbia University, to access information he never should have been able to find in the first place.”  The October 12, 2017 article entitled “Facebook takes down data and thousands of posts, obscuring reach of Russian disinformation” included these comments:

Social media analyst Jonathan Albright got a call from Facebook the day after he published research last week showing that the reach of the Russian disinformation campaign was almost certainly larger than the company had disclosed.

While the company had said 10 million people read Russian-bought ads, Albright had data suggesting that the audience was at least double that — and maybe much more — if ordinary free Facebook posts were measured as well.

But the deletion of the posts and the related data struck Albright as a major loss for the world’s understanding of the Russian campaign

Was it really a bug?

Google confesses that Russia bought Google Search and YouTube ads to influence the 2016 election!

Posted in Cyber

The Washington Post reported that Google admitted that it “found that tens of thousands of dollars were spent on ads by Russian agents who aimed to spread disinformation across Google’s many products, which include YouTube, as well as advertising associated with Google search, Gmail, and the company’s DoubleClick ad network.” The October 9, 2017 report entitled “Google uncovers Russian-bought ads on YouTube, Gmail and other platforms” included reason for the investigation:

Google launched an investigation into the matter, as Congress pressed technology companies to determine how Russian operatives used social media, online advertising, and other digital tools to influence the 2016 presidential contest and foment discord in U.S. society.

And also Google admitted that:

Some of the ads, which cost a total of about $100,000, touted Donald Trump, Bernie Sanders and the Green party candidate Jill Stein during the campaign, people familiar with those ads said. Other ads appear to have been aimed at fostering division in United States by promoting anti-immigrant sentiment and racial animosity.

Hardly a surprise given Google’s Internet dominance, but alarming nevertheless!