Pete Recommends – Weekly highlights on cyber security issues August 4, 2019

Subject: Medicare fraud, identity theft: Genetic testing scams target seniors
Source: Kaiser Health News via USA Today

The 86-year-old woman in rural Utah doesn’t usually answer solicitations from strangers, she said, but the young couple who knocked on her front door seemed so nice. Before long, she had handed over her Medicare and Social Security numbers — and allowed them to swab her cheek to collect her DNA.

She is among scores of older Americans who have been targeted in a scam that uses DNA tests to defraud Medicare or steal personal information. Fraudsters find their victims across the country through cold calls, door knocking, email, Facebook ads and Craigslist. They also troll low-income housing complexes, senior centers, health fairs and antique shops. Sometimes they offer ice cream, pizza or $100 gift cards. Some callers claim to work for Medicare, according to a fraud alert issued Friday by the Federal Trade Commission.

The scammers bill Medicare for the tests. The patients, who might never receive any results, typically pay nothing. But they risk compromising personal information and family medical history. And taxpayers foot the bill for tests that may be unnecessary or inappropriate.

Scammers can really cash in: Medicare pays an average of $6,000 to $9,000 for these tests, and sometimes as much as $25,000, according to the Office of Inspector General at the Department of Health and Human Services.

Subject: Why Facebook’s new ‘privacy cop’ is doomed to fail
Source: The Conversation

The Federal Trade Commission issued its largest-ever fine, of US$5 billion, to Facebook for violating a 2011 privacy settlement in late July. But the amount is only about a month’s worth of the company’s revenue, suggesting that the fine, while seeming large, is, in fact, rather modest.

More significantly, Facebook is required to have an “outside assessor” – a sort of privacy cop – to monitor the company’s handling of user data, along with following a few other corporate procedural requirements. That assessor could address the fundamental problems with the way Facebook operates – but as a scholar of technology companies’ business practices, I’m worried that this potentially all-important role is set up for failure.

In my opinion, in order to be effective, there are three main privacy-related concerns the FTC’s newly designated cop would need to look out for: the potential for genuine violations of users’ privacy; the targeted spread of harmful content, especially resulting in election manipulation and ethnic violence; and instances of collecting and harvesting far more data than is warranted to provide services to users.


Filed under

Subject: Digital Privacy: “You Can Probably Be Identified From Your Anonymized Data”
Source: Naked Security via LJ infoDOCKET

If you thought that removing identifying information from a database of sensitive personal records was enough to retain privacy, it’s time to think again. A study published this week asserts that it’s even easier to re-identify information than we first thought.

The study, released in Nature Communications, calls all that into question. Its authors at the Université catholique de Louvain (Belgium) and at Imperial College London (UK) say that it’s easy to re-identify a high percentage of people in de-identified data sets.

What this latest research proves is that it’s even easier than we thought to reconstruct people’s identities, even when only a tiny subset of the data is released. When it comes to de-identification, it suggests that it might be time to go back to the drawing board.

The researchers have created an online tool that lets you check to see how identifiable you might be given your own characteristics.

Direct to Research Article: Estimating The Success Of Re-Identifications In Incomplete Datasets Using Generative Models (via Nature Communications)

RSS for Naked Security:

Subject: Capital One data breach: Is it among the biggest ever?
Source: USA Today

The Capital One breach is among several in recent years leaving consumer data vulnerable to hackers. Here’s a look at some of the biggest confirmed breaches…Note – please see updates and privacy guidance on related issue via beSpacific – The Equifax settlement has already spawned deceptive websites

Subject: Senate bill calls for new U.S.-Israeli cybersecurity center
Source: UPI

July 31 (UPI) — A pair of U.S. senators have introduced legislation aimed at creating a joint cybersecurity apparatus with Israel, which would join multiple information sectors to safeguard key infrastructure of both nations.

Sens. Jacky Rosen of Nevada and Mike Rounds of South Dakota introduced the US-Israel Cybersecurity Center of Excellence Act on Tuesday.

Subject: CIS Releases Newsletter on Cleaning Up Data and Devices
Source: DHS via CISA

The Center for Internet Security (CIS) July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be exploited by cyber criminals. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities.

CISA encourages users and administrators to review the CIS Newsletter on Cleaning Out Your Old Data and Devices and the CISA Tip on Proper Disposal of Electronic Devices for more information.

NB see also:

US-CERT Guide on Destroying Devices/Data

Download PDF   [actually .DOCX]

Subject: A new tool uses AI to spot text written by AI
Source: MIT Technology Review via beSpacific

MIT Technology Review – AI algorithms can generate text convincing enough to fool the average human—potentially providing a way to mass-produce fake news, bogus reviews, and phony social accounts. Thankfully, AI can now be used to identify fake text, too.

beSpacific Subjects: AI, Knowledge Management
sample RSS feed:

Filed in MIT TR:

Subject: New tool could reduce security analysts’ workloads by automating data triage
Source: Penn State University News

UNIVERSITY PARK, Pa. – During a cyberattack, security analysts focus on answering four key questions: what happened to the network, what was the impact, why did it happen, and what should be done? And while analysts utilize advancements in software and hardware tools in their response, the tools are unable to answer these questions as well as humans can.

Now, researchers at Penn State and the U.S. Army Research Office have developed a technique that could significantly improve the performance of security analysts. Their tool, a finite state machine — a computational model that can be used to simulate sequential logic — was constructed to conduct automatic data triage of repetitive tasks that analysts regularly handle.

“Substantial amounts of analysis work are repeatedly done by human analysts,” said Peng Liu, Raymond G. Tronzo, M.D. Professor of Cybersecurity in Penn State’s College of Information Sciences and Technology and investigator on the project. “If an intelligent agent can help do the repeated work, then the analysts can spend more time dealing with previously unseen cyberattack situations.”

Subject: NIST Publishes Multifactor Authentication Practice Guide
Source: DNS via CISA

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce. The guide provides e-commerce organizations multifactor authentication (MFA) protection methods they can implement to reduce fraudulent purchases.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages e-commerce organizations to download the guide to learn how to prevent e-commerce fraud using MFA solutions.

NB PDF is 248 pages

ToC starts on physical page 12.

Subject: Digital Privacy: “Pearson Data Breach: Details of Hundreds of Thousands of U.S. Students Hacked”
Source: The WSJ via Fast Company via LJ infoDOCKET

Read the article full-text [no paywall] via Fast Company:

Pearson, one of the largest publishers of print and digital textbooks, has revealed it has suffered a major data breach, reports the Wall Street Journal.

The breach affected more than 13,000 school and university accounts with some accounts containing information on hundreds of thousands of students at those institutions. First and last names, email addresses, and dates of birth were obtained in the hack. Luckily no social security numbers or financial information were accessed by the hackers. Exactly who carried out the attack is still unknown.


Posted in: AI, Business Research, Cybercrime, Cybersecurity, Elder Law, Email Security, Government Resources, Healthcare, Legal Research, Privacy, Social Media