Pete Recommends – Weekly highlights on cyber security issues September 8 2018

Subject: Bank Of America freezing accounts of those who can’t prove citizenship
Source: Miami Herald via Business Insider
https://www.businessinsider.com/bank-account-rules-us-citizenship-identification-trump-2018-8In the Trump era, longstanding bank rules requiring customers to identify their country of origin has some people worried about where that information might end up

  • Banks in the US routinely solicit identification documents from their customers as part of the institutions’ due-diligence efforts, ensuring the banks are complying with federal law.
  • But for people from certain countries, the prospect of revealing their country of origin is risky in an era where the Trump administration is cracking down on immigration offenses
  • Some customers say their bank accounts were frozen after the institutions asked them to prove that they were in the US legally.

Some bank customers in the US say their financial institutions asked them to provide documentation to prove they are in the US legally. In at least one case, a customer said his bank froze his account after the bank rejected the identification he submitted, the Miami Herald reported.

“This bank doesn’t know how the immigration system works, so they didn’t accept my document,” Moshfegh said.


Subject: The Case for a National Cybersecurity Agency
Source: Politico
https://www.politico.com/agenda/story/2018/09/05/cybersecurity-agency-homeland-security-000686

Our grab-bag approach isn’t working. Gen. David Petraeus says it’s time to go big. By DAVID H. PETRAEUS and KIRAN SRIDHAR 09/05/2018.

Recent reports that Russia has been attempting to install malware in our electrical grid and that its hackers have infiltrated utility-control rooms across America should constitute a significant wakeup call. Our most critical infrastructure systems are vulnerable to malicious foreign cyberactivity and, despite considerable effort, the collective response has been inadequate. As Director of National Intelligence Dan Coats ominously warned, “The warning lights are blinking red.”

A successful attack on our critical infrastructure — power grids, water supplies, communications systems, transportation and financial networks — could be devastating. Each of these is vital to our economy, health and security. One recent study found that a single coordinated attack on the East Coast power grid could leave parts of the region without power for months, cause thousands of deaths due to the failure of health and safety systems, and cost the U.S. economy almost $250 billion. Cyberattacks could also undermine our elections, either by altering our voter registration rolls or by tampering with the voting systems or results themselves.

Cyberthreats have changed dramatically in recent years, but our national approach to cyber defense has not.

There are five tasks on which a National Cybersecurity Agency would need to focus.


Subject: YouTube Download Sites Are the Biggest Piracy Threat To Music Industry, Industry Figures Say
Source: The Independent via Slashdot
https://yro.slashdot.org/story/18/09/02/1533202/youtube-download-sites-are-the-biggest-piracy-threat-to-music-industry-industry-figures-say

Websites dedicated to “stream ripping” music from YouTube represent the biggest threat to the global music business, UK news outlet The Independent reported this week, citing industry figures, who added that that these shady sites are also posing business threat to “fantastic range” of legal streaming services such as Spotify and Apple Music. The report describes the nature of the issue:

Sites that allow YouTube videos to be converted into an MP3 file and illegally downloaded to someone’s phone or computer are attracting millions of visitors, with estimates suggesting that a third of 16-24-year-olds in the UK have ripped music from the Google-owned platform. Other platforms affected by the illegal ripping sites include DailyMotion, SoundCloud and Vimeo, however YouTube is by far the most pirated.

The Electronic Frontier Foundation (EFF) said that even referring to the aforementioned questionable websites as “stream ripping” sites is misstating copyright law. …

tagged:

business
crime
music

RSS feed for site:
http://rss.slashdot.org/Slashdot/slashdotMain

NB The Independent’ US site web page:
http://www.independent.co.uk/

Life Style, News, Tech web page:
https://www.independent.co.uk/life-style/gadgets-and-tech/news

RSS feeds:
http://www.independent.co.uk/us/rss
http://www.independent.co.uk/life-style/gadgets-and-tech/news/rss


Subject: Don’t Let Equifax Put Americans At Risk Again
Source: Consumer Reports
https://www.consumerreports.org/data-theft/dont-let-equifax-crisis-go-to-waste-equifax-data-breach/

A year ago today we learned that hackers had broken into the databases of credit reporting agency Equifax, making off with the personal information of nearly 150 million Americans.

The stolen data included names, home addresses, Social Security and credit card numbers, birthdays, phone numbers, email addresses, and driver’s license numbers—in other words, more than enough information for identity thieves to wreak havoc on the financial lives of nearly half the U.S. population.

This massive breach should have been a watershed event. Unfortunately, not much has changed in the 12 months since the theft was made public. Americans remain largely in the dark about the practices of the credit reporting industry—and, more generally, largely unable to control the use of their personal information. Equifax itself has suffered minimal consequences and continues to do business more or less as before. And the legal and regulatory system governing the credit reporting industry and data security more broadly remains inadequate, despite some recent progress.

All of that needs to change—fast.


Subject: How Location Tracking Actually Works on Your Smartphone
Source: Gizmodo
https://gizmodo.com/how-location-tracking-actually-works-on-your-smartphone-1828356441

Location tracking by device

If you don’t want your smartphone to report your position to any app or any tech company, then you need to disable the master location setting. It basically stops your phone from knowing where it is (usually done by pinging GPS satellites, cell towers, and even nearby public wifi networks).

On Android, head to Settings then tap Security & location, then Location, then turn the Use location switch to Off. If you’re using an iPhone, open up Settings, then tap Privacy and Location Services and turn the Location Services switch to Off. Your phone essential goes dark as far as location is concerned.

This is one way of stopping apps logging your location in the way highlighted by the recent AP report: You can see little dots on the map where apps have been fired up on the device and then get a location fix at the same time. Every app is different of course, and will have its own privacy policy on what it does with your location data.

[assuming that you trust the app’s developers/management /pmw1]

[more articles on this and related subjects listed at end of article ]

Gizmodo RSS feed:

https://gizmodo.com/rss


Subject: US accuses China of ‘super aggressive’ spy campaign on LinkedIn
Source: Reuters via CNBC
https://www.cnbc.com/2018/09/01/us-accuses-china-of-super-aggressive-spy-campaign-on-linkedin.html

  • William Evanina, the U.S. counter-intelligence chief, said intelligence and law enforcement officials have told LinkedIn, owned by Microsoft, about China’s “super aggressive” efforts on the site.
  • German and British authorities have previously warned their citizens that Beijing is using LinkedIn to try to recruit them as spies.
  • China’s foreign ministry disputed Evanina’s allegations in a statment: “We do not know what evidence the relevant U.S. officials you cite have to reach this conclusion. What they say is complete nonsense and has ulterior motives.”

The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down. William Evanina, the U.S. counter-intelligence chief, told Reuters in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft, about China’s “super aggressive” efforts on the site. He said the Chinese campaign includes contacting thousands of LinkedIn members at a time, but he declined to say how many fake accounts U.S. intelligence had discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.

NB CNBC Technology articles:
https://www.cnbc.com/technology/

and its RSS feed:
https://www.cnbc.com/id/19854910/device/rss


Subject: Propaganda-spewing Russian trolls act differently online from regular people
Source: The Conversation
https://theconversation.com/propaganda-spewing-russian-trolls-act-differently-online-from-regular-people-100855

As information warfare becomes more common, agents of various governments are manipulating social media – and therefore people’s thinking, political actions and democracy. Regular people need to know a lot more about what information warriors are doing and how they exert their influence. One group, a Russian government-sponsored troll farm called the Internet Research Agency, was the subject of a federal indictment issued in February, stemming from Special Counsel Robert Mueller’s investigation into Russian activities aimed at influencing the 2016 U.S. presidential election. Our recent study of that group’s activities reveals that there are some behaviors that might help identify propaganda-spewing trolls and tell them apart from regular internet users.

Targeted tweeting – We looked at 27,291 tweets posted by 1,024 Twitter accounts controlled by the Internet Research Agency, based on a list released by congressional investigators. We found that these Russian government troll farms were focused on tweeting about specific world events like the Charlottesville protests, specific organizations like ISIS and political topics related to Donald Trump and Hillary Clinton.

tagged:


Subject: Faxploit: How Hackers Turned Old-School Printers into Getaway Cars
Source: Digital Trends
https://www.digitaltrends.com/computing/faxploit-hacking-printers/

The fax function on your old office printer may no longer be used, but if a company or personal fax number is made public on business cards or websites, the entire system is at risk. Using just that number, the researchers gained access to the entire associated network, including all the computers and data connected to it.

The process was shockingly simple. The hacker establishes connection with the printer, implements an exploit script, and sends a malicious fax right to the printer. That gives her full control.

Other vulnerabilities noted by Check Point Research include “tampering with fax content” and “sending a copy of every fax that a customer sends to their bank.” While those fax-specific risks might not sound scary, anytime a hacker gains access to a network and the connected computers, data is up for grabs. Fax is often used for sensitive and important documents, and the ability to alter a fax could certainly appeal to hackers looking to make a buck.

Other vulnerabilities noted by Check Point Research include “tampering with fax content” and “sending a copy of every fax that a customer sends to their bank.” While those fax-specific risks might not sound scary, anytime a hacker gains access to a network and the connected computers, data is up for grabs. Fax is often used for sensitive and important documents, and the ability to alter a fax could certainly appeal to hackers looking to make a buck.

Though some printers have multiple servers and hard drives built into them, they aren’t treated with the same attention as other devices. Desktops and laptops are locked down by IT departments while printers often go unnoticed and become a security liability.

However, LaRoe said the prevalence of internet of things devices in the home gives even more power to an indirect entry point like the printer. The more connected devices are locked up behind a single lock, the more reward there is for a hacker to break it. When it comes to the faxploit itself, it’s still thankfully theoretical. Hackers haven’t been caught using this tactic quite yet, and Check Point Research worked with HP to develop a patch for its exploit.

NB other Digital Trends COMPUTING:
https://www.digitaltrends.com/computing/

RSS:
https://www.digitaltrends.com/computing/feed/


Subject: US elections: Effort to undermine American democracy “has not stopped,” former Facebook security chief says
Source: CNN tech
https://money.cnn.com/2018/09/04/technology/us-elections-disinformation-alex-stamos/index.html

After three years in the trenches of Facebook’s war against disinformation, Alex Stamos brings bad news from the front: US elections are at risk of becoming the “World Cup of information warfare.”

“That campaign to drive wedges into American society has not stopped. If anything, it has intensified,” Stamos told CNN recently.

Stamos is not an alarmist. He has spent the better part of the past two decades in the digital security business, most recently as the head of information security at Facebook. Before that, he spent a few years at Yahoo — where, among other things, he warned US lawmakers about the impact of online advertising on data security and privacy. He has over the years earned a reputation for speaking his mind, and at one point challenged Michael Rogers, head of the National Security Agency at the time, on the finer points of data encryption.

His warning comes as Facebook COO Sheryl Sandberg and other tech leaders are set to appear before the Senate Intelligence Committee. The panel, led by Republican Richard Burr and Democrat Mark Warner, wants to know just what Facebook, Twitter, Google, and others are doing to safeguard November’s midterm elections against the sort of disinformation campaigns that peppered their platforms in 2016.

“Two years after Pearl Harbor, the United States had quadrupled the size of our Navy. We were already on an unstoppable path to the Japanese home islands in the Pacific theater,” he said. “Two years on from the election and people are still arguing whether we were even attacked and I find that amazing.”


Subject: How to Use Google Privacy Settings
Source: Consumer Reports
https://www.consumerreports.org/privacy/how-to-use-google-privacy-settings/

Google is in the privacy hot seat these days, following new revelations about how the company collects consumer data. That makes this a good time for consumers to delve into Google’s privacy settings. The company built its immense business by turning individuals’ web browsing histories into advertising revenue, and until 2017 it scanned the contents of email messages to target ads, as well. But in recent weeks many consumers have learned that Google also collects data in ways they might not have expected. This revelation nudges Google into the company of Facebook, which is being scrutinized for a history of deceitful quiz apps, political meddling by Russian bots, and unchecked data collection. In Google’s case, consumers have learned they have less control over data collection than they might have believed.


Subject: 5 reasons federal agencies are so challenged by identity and access management
Source: FCW
https://fcw.com/articles/2018/09/04/comment-iam.aspx

Today, about 64 percent of U.S. federal government IT leaders view identity management solutions as critical to addressing the increased cybersecurity threats to agencies, according to a recent survey. As identity and access management becomes increasingly important to protect against outsider cyber threats and ensure that the right users have access to the right information, it is clear that effective IAM faces several challenges.

While the problems surrounding IAM are not specific to the public sector, they have a critical impact on government. Proper IAM is necessary for federal employees to access pertinent data, systems, and facilities and ensure that agencies are not compromised by external actors. As traditional identifiers like Social Security numbers become outdated and easily compromised, personal, business and federal data becomes increasingly at risk. Here’s a look at some of the specific IAM challenges in the federal sector:

Posted in: Civil Liberties, Cybersecurity, Economy, Intellectual Property, Privacy, Search Engines, Social Media, Spyware