Pete Recommends – Weekly highlights on cyber security issues August 11, 2019

Subject: How to Find Spyware Your Employer Installed on Your Computer and What to Do About It
Source: Gizmodo

Whether or not you think this is fair, under US law it’s certainly legal for employers to monitor employees on company hardware, even down to the keystroke, if necessary. While it’s certainly polite for employees to be notified of the monitoring that goes on, this is only required in some states—so it might be happening without your knowledge.

Presumably, if you’ve been told that you’re being watched, you don’t need this guide. You might even be able to see the monitoring software running in the corner of the screen.

Filed under Field Guide:

Subject: Delta look-a-like website, fake travel sites try to scam consumers
Source: USA Today

“Unfortunately, doing a Google search is not always going to get you a good result,” said Troy Baker, manager of communications for the Better Business Bureau Serving Western Michigan.

“You have to be very careful when clicking online advertisements. It’s very easy for a scammer to impersonate a legitimate business. Instead of clicking the link, go to the business directly to purchase tickets,” said Laura Blankenship, director of marketing for the Better Business Bureau serving Eastern Michigan.

“Fraud is rapidly increasing in the travel industry and the chance you may land on a fake airline or travel agent website is unfortunately real,” according to the International Air Transport Association.

“Any time you deal with a third party website claiming to represent Delta Air Lines, you risk compromising your personal information, as scammers are more frequently attempting to abuse the trust you place in us by impersonating Delta using illegitimate websites and outlets before defrauding you,” Delta said in online alert.

Subject: How to make a VPN in under 30 minutes
Source: Android Police

VPNs, or Virtual Private Networks, are a popular way to stay safe online. When you connect to a VPN, all outgoing network traffic is funneled through an external server. Your internet service provider can’t tell what sites you visit (only that you’re using a VPN) or inject content into webpages. They’re also commonly used to bypass blocked websites and to stay safe on public Wi-Fi networks.

Unfortunately, using certain VPN providers can be just as dangerous as going without a VPN in the first place. Many popular providers will log connection details of users, which can then be sold to third parties. Some insecure services also leak connection information, leaving you just as unprotected as you would be without a VPN.

Even though there are a few excellent VPN choices available on the market, hosting your own VPN server is another option. It takes a little bit of work to set up, and it’s not the best option for everyone, but it has several benefits. For this guide, we’ll be setting up an OpenVPN server on a Linode VPS, which costs $5/month. While you can absolutely run a PC at home with Ubuntu Server instead, you’ll get the highest-possible speeds and almost no downtime from a remotely-hosted VPS. You also won’t have to worry about hardware failures, and you have multiple region options.

filed under:


Sample tag RSS:

Subject: We Have a New Cyberattacker: UN Report
Source: Newser

(Newser) – North Korea has funneled $2 billion into its weapons of mass destruction programs by using cyberattacks to pilfer from banks and cryptocurrency exchanges, according to a confidential UN report seen by Reuters and CBS News. The “widespread and increasingly sophisticated” attacks carried out by actors under the direction of a top North Korean military intelligence agency served to “raise money for its WMD programmes, with total proceeds to date estimated at up to two billion US dollars,” experts write in the report delivered to the UN Security Council North Korea sanctions committee. The experts said they were investigating “at least 35 reported instances of DPRK actors attacking financial institutions, cryptocurrency exchanges, and mining activity designed to earn foreign currency” in 17 countries.

The U.N. experts said North Korea’s attacks against cryptocurrency exchanges allowed it “to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.”

Subject: 11 creepy technologies that exist today and will keep you up at night
Source: Reuters via Business Insider

The 21st century is a great time to be alive. We drive electric cars, we’re curing diseases with CRISPR, and we’ll soon be returning to the moon in rockets more reusable than the Space Shuttle ever was.But it’s not all silicon and sunshine — our future has a healthy dose of “Black Mirror,” thanks to a slew of technologies that are downright creepy. Some of these technologies seem promising but can be easily perverted in frightening ways. Others seem to serve no purpose other than to creep us out.

Here are the 11 technologies that are so creepy they’re keeping tech experts and futurists awake at night.

Subject: ‘Destructive’ malware attacks have surged 200% in past year, experts say
Source: UPI

Aug. 7 (UPI) — As several U.S. cities grapple with recent ransomware cyberattacks, a new report says malware events featuring destructive elements that can wipe away or hijack data have doubled in the past year.

IBM’s X-Force Incident Response and Intelligence Services team released the report Monday, which outlines a 200 percent increase in the number of destructive attacks it’s responded to since the second half of 2018.

IRIS said it primarily observed nation-state actors employing destructive “wiper” malware, which can delete data from a target’s computers to cause harm or “send a message” to geopolitical opponents. The team also noted an increase in cybercriminals employing such methods in their attacks on commercial entities.


Subject: People forged judges’ signatures to trick Google into changing results
Source: Ars Technica

It’s not easy to convince Google to remove unflattering information about you from its search results. One of the few reasons Google will remove search listings if it gets a court order to do so. But getting a court order isn’t easy, either. Courts have held that the First Amendment gives publications broad discretion to decide what kind of information to publish—especially if it’s accurate.

As a result, some unscrupulous parties have taken an unethical—and likely criminal—shortcut: they sent Google fake court orders, complete with forged signatures from a judge. An investigation by CBS News uncovered more than 60 cases where someone used this tactic.

“CBS News sorted through thousands of these court orders and spotted small businesses from all across America trying to clean up their reputations,” two CBS reporters write. “But we also spotted a problem: Dozens of the court documents were fakes.”

Subject: How China Weaponized the Global Supply Chain
Source: National Review

Ports, containers, and the Internet are now means for Beijing to project power Before 9/11, no one thought of commercial airliners as weapons. But the attack on the Twin Towers transformed the air-travel system into a battlespace. And although no one thinks of container ships as weapons today, China is weaponizing the global supply chain. The vessels of China’s state-owned shipping companies no longer merely carry merchandise. Sailing to a global network of ports under Chinese control, they’re carrying Chinese power.

China’s dominance of global manufacturing rests on a triad of commercial capabilities that emerged as byproducts of the country’s industrialization. China developed expertise in port construction and operation, container shipping and logistics, and electronic networks. In combination, these enabled the country to offer foreign companies the convenience of one-stop shopping — low-cost production and reliable global distribution from China’s coastal manufacturing sites. China’s port and logistics network also enables its cyber-surveillance efforts, increases Chinese financial leverage over Western countries, and provides China with a round-the-clock presence in the global maritime domain that threatens to limit U.S. naval access to the growing roster of commercial ports under Chinese control.

Lucky timing helped China put this all in place. The country’s entry into the World Trade Organization in 2001 sparked rapid growth in manufacturing. And even as China set about exploiting Western companies — by requiring “technology transfer” as a condition of doing business in China, and even through outright intellectual-property theft — Western intelligence establishments overlooked the security implications of the nascent commercial triad, instead focusing almost entirely on preventing further terrorist attacks.

Thinking of something as seemingly routine as a container ship or cargo dock as a weapon might seem far-fetched. After all, ports are just dots on a map. But how did we miss 9/11? No one connected the dots.

— This article is based on “Asia Rising: Ships of State,” Mr. O’Dea’s study of the role of infrastructure investment in national power published by the Naval War College Review.

Subject: When Robots Make Legal Mistakes
Source: SSRN via beSpacific

Morse, Susan C., When Robots Make Legal Mistakes (July 22, 2019). Oklahoma Law Review, Vol. 72, 2019. Available at SSRN:

“The questions presented by robots’ legal mistakes are examples of the legal process inquiry that asks when the law will accept decisions as final, even if they are mistaken. Legal decision-making robots include market robots and government robots. In either category, they can make mistakes of undercompliance or overcompliance. A market robot’s overcompliance mistake or a government robot’s undercompliance mistake is unlikely to be challenged. On the other hand, government enforcement can challenge a market robot’s undercompliance mistake, and an aggrieved regulated party can object to a government robot’s overcompliance mistake. Especially if robots cannot defend their legal decisions due to a lack of explainability, they will have an incentive to make decisions that will avoid the prospect of challenge. This incentive could encourage counterintuitive results. For instance, it could encourage market robots to overcomply and government robots to undercomply with the law. “

beSpacific Subjects: AI, Knowledge Management, Legal Research

sample RSS feed:

Subject: Users can sue Facebook over facial recognition software, court rules
Source: WHYY

The 9th Circuit U.S. Court of Appeals issued its ruling on Thursday. According to the American Civil Liberties Union, it’s the first decision by a U.S. appellate court to directly address privacy concerns posed by facial recognition technology.

“This decision is a strong recognition of the dangers of unfettered use of face surveillance technology,” Nathan Freed Wessler, an attorney with the ACLU Speech, Privacy and Technology Project, said in a statement. “The capability to instantaneously identify and track people based on their faces raises chilling potential for privacy violations at an unprecedented scale.”

The case concerns Facebook users in Illinois who accused the social media giant of violating the state’s Biometric Information Privacy Act.

In 2011, Facebook launched a feature called “tag suggestions.” It allowed technology to analyze the details of people’s faces in uploaded photos — the distance between their eyes, their nose and other features. Users could choose to opt out of the feature. Facebook said it only builds face templates of Facebook users who have the feature turned on.

filed under

sample RSS feed:

Posted in: AI, Civil Liberties, Cybercrime, Cybersecurity, KM, Privacy, Social Media, Spyware