Pete Recommends Weekly highlights on cyber security issues May 24, 2020

Subject: Foreign Hackers Swipe Millions in Unemployment Benefits
Source: Newser

(Newser) – With the United States furiously shoveling money at millions of recently unemployed Americans, the New York Times reports that very employed foreign hackers sensed an opportunity to to siphon millions of dollars in benefits in “an immense, sophisticated attack.” Using personal data like social security numbers that were likely previously hacked, the Secret Service says the Nigerian fraud ring is filing claims for still-employed people and taking advantage of direct deposit in “a gut punch,” as the Employment Security Department commissioner of Washington state, a primary target, terms it….

Those targeted often receive official confirmation notices in the mail. “I called my boss and said, ‘Am I getting laid off and I just don’t know about it?'” said one Seattle resident who was still very much employed. Read more at the …

Subject: Coronavirus: Armed robbers use face masks to hold up stores
Source: Insider

  • Armed robberies have spiked in Santa Ana, California as criminals take advantage of the acceptance and even requirement of face masks due to the coronavirus.
  • COVID-19 was the “perfect manual” for criminals, a shop owner told CBS Los Angeles. “The mask, the sunshade, and a hoodie. You don’t know who’s coming, who’s walking in,” he said.
  • Police said that the surge in crime could be linked to offenders who had been released from prison due to the coronavirus pandemic.
  • Experts say that wearing masks anonymized people, emboldening them to criminal and deviant behavior.

He added his staff are now terrified to work the late-night shift.

She told WTOP News, based in Washington D.C., that studies have found “people who wear masks feel more enabled and empowered to do things that they normally wouldn’t have done if their face was seen in public.”

“Being anonymized has always been associated with more deviant and criminal behavior,” ranging from bank robberies to the Ku Klux Klan, she said.

Meanwhile, there have been at least three cases of people wearing KKK-style hoods and masks emblazoned with swastikas to go shopping.

Subject: 5G coronavirus conspiracy theory
Source: Washington Post”>

The Department of Homeland Security is preparing to advise the U.S. telecom industry on steps it can take to prevent attacks on 5G cell towers following a rash of incidents in Western Europe fueled by the false claim that the technology spreads the pathogen causing covid-19.

The planned industry alert comes in the wake of dozens of arson attacks on 5G towers in Britain, the Netherlands and Belgium last month apparently spurred by the conspiracy theory.

“During the covid-19 pandemic, Western Europe has seen increasing attacks against equipment and workers, and these attacks are plots to damage 5G towers often linked to unsupported theories alleging a link between 5G and the virus,” said a U.S. official familiar with the alert, who spoke on the condition of anonymity because the advisory has not been finalized.

DHS’s Cybersecurity and Infrastructure Security Agency will issue the alert with advice on ways to reduce the risk of attack, including installing appropriate sensing and barriers, cyberintrusion detection systems, closed-circuit television and monitoring drone activity near towers.

The U.S. government has sought to dispel the 5G-virus link. The Federal Emergency Management Agency states clearly on its coronavirus rumor control page: “5G technology does NOT cause coronavirus.”

more articles

Subject: Facebook released dataset of 10,000 hateful memes
Source: Facebook AI Blog via beSpacific
Facebook AI Blog: “…In order for AI to become a more effective tool for detecting hate speech, it must be able to understand content the way people do: holistically. When viewing a meme, for example, we don’t think about the words and photo independently of each other; we understand the combined meaning together. This is extremely challenging for machines, however, because it means they can’t just analyze the text and the image separately. They must combine these different modalities and understand how the meaning changes when they are presented together. To catalyze research in this area, Facebook AI has created a data set to help build systems that better understand multimodal hate speech. Today, we are releasing this Hateful Memes data set to the broader research community and launching an associated competition, hosted by DrivenData with a $100,000 prize pool. The challenges of harmful content affect the entire tech industry and society at large. As with our work on initiatives like the Deepfake Detection Challenge and the Reproducibility Challenge, Facebook AI believes the best solutions will come from open collaboration by experts across the AI community…”

Subject: COVID-19 data sharing with law enforcement sparks concern
Source: The Republic

Critics wonder why first responders don’t just take precautions with everyone, given that so many people with the virus are asymptomatic or present mild symptoms. Wearing personal protective equipment only in those cases of confirmed illness is unlikely to guarantee their protection, they argue.

[I wonder if the “data” ages so that it is no longer useful? /pmw1]

Subject: Google censored search results after bogus copyright claims
Source: Reclaim the Net via beSpacific
Reclaim the Net – “We recently did a deep-dive for members about how the DMCA and copyright claims are one of the greatest growing threats to free speech online. Now, an investigation has revealed that Google has fallen victim to fake copyright notices and is taking down several legitimate news articles and similar search results. Google, much like any other search engine, is mandated to comply with the DMCA guidelines, according to which copyrighted content cannot be returned in search results. Leveraging this loophole, several unscrupulous individuals or organizations, have filed anywhere near four billion fake copyright complaints to take down links to news pieces that showed a particular political figure or an individual in a negative light. In the recent past, for instance, Google returned the result of an article that covered the movements of two coronavirus-infected Brits who were in Vietnam and thereby warned others to take precautions when coming in contact with tourists who have been to international destinations. But now, the article does not appear in search results anymore. What could be the reason? A copyright claim….”

Subject: An Apple whistleblower has publicly slammed the company, claiming it violated ‘fundamental rights’ after Siri recorded users’ intimate moments without consent
Source: Business Insider

  • Apple contractor has decried the company in a letter to European privacy regulators.
  • Thomas le Bonniec revealed to The Guardian last year that while working for Apple he overheard Siri users’ private moments, including medical discussions, drug deals, and people having sex.
  • Although Apple apologized and suspended the program last year, le Bonniec is calling on privacy regulators to punish the tech giant.

A whistleblower who exposed that Apple was hoovering up people’s Siri recordings has gone public in decrying the company.

Thomas le Bonniec was a contractor for Apple’s Siri “grading” project, taking snippets of people talking to Siri and transcribing them to improve the smart assistant’s accuracy.

Now le Bonniec, who is based in Cork, Ireland, has sent an open letter to European privacy regulators, published in the early hours of Wednesday, calling on them to take action against the tech giant.

Subject: CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems
Source: DHS CISA via US-CERT

The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK’s National Cyber Security Centre (NCSC) have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control systems (ICS). The two-page infographic summarizes common ICS risk considerations, short- and long-term cybersecurity event impacts, best practices to defend ICS processes, and highlights NCSC’s product on Secure Design Principles and Operational Technology.CISA, DOE, and NCSC encourage users to review Cybersecurity Best Practices for Industrial Control Systems. For more in-depth information, visit CISA’s ICS Recommended Practices webpage and DOE’s Cybersecurity Capability Maturity Model (C2M2) Program webpage. For information on CISA Assessments, visit

Subject: ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020
Source: DHS CISA via US-CERT

The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to identify notable adversary TTPs. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review ACSC’s Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks and MITRE’s ATT&CK for Enterprise framework for more information.

Posted in: Competitive Intelligence, Computer Security, Copyright, Criminal Law, Cybercrime, Cyberlaw, Cybersecurity, Financial System, Health, Healthcare, Legal Research, Privacy, Social Media, Technology Trends