Pete Recommends – Weekly highlights on cyber security issues, October 3, 2020

Subject: What to do when someone steals your identity | FTC Consumer Information
Source: FTC Consumer Blog

Did someone use your personal information to open up a new mobile account or credit card? Or maybe buy stuff with one of your existing accounts? Or did they file for unemployment or taxes in your name? That’s identity theft.

If any of this happened to you, the FTC wants to help you stop the damage and start recovering. Learn more by watching this video:

Subject: Hacker publishes students’ grades, private info after demanding ransom
Source: Business Insider

  • A hacker published grades and personal information of thousands of Las Vegas students after school district officials refused to pay a ransom in exchange for the information.
  • The leaked information included students’ names, social security numbers, addresses, and some financial information, and were published on an online hacker forum this week, a cybersecurity analyst told Business Insider.
  • Las Vegas’ Clark County School District announced earlier this month that some of its files were compromised by a hacker using ransomware and that law enforcement was investigating.

Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told Business Insider that he discovered leaked documents published to an online hacking forum that purported to include records from Nevada’s Clark County School District, including students’ names, social security numbers, addresses, and some financial information. Callow’s findings were first reported by The Wall Street Journal on Monday.

A Clark County School District spokesperson did not immediately respond to a request for comment. The district previously disclosed that it suffered a ransomware attack during its first week of online classes and said law enforcement was investigating.

Subject: Foreign Hacker Sentenced in $1M Scam Targeting Federal Employees and Contractors
Source: DOJ via Nextgov

A foreign national charged with setting up fake government websites, hacking federal employees’ emails and defrauding agency contractors of almost $1 million has been sentenced to a year and a half in prison.According to federal investigators, Olumide Ogunremi, 43, a citizen of Nigeria who also goes by the name Tony Williams, was part of a criminal “ring” that using phishing emails and counterfeit websites to trick federal employees into giving up their digital credentials, which were then used to buy goods to sell on the black market.

In the latter half of 2013, Ogunremi and his co-conspirators sent phishing emails to employees at several federal agencies directing them to fake websites, “including the U.S. Environmental Protection Agency,” according to a Justice Department release.

Subject: Cyberattack could trigger Article 5 response, NATO’s Mircea Geoana warns

Sept. 28 (UPI) — NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. “We agreed that a cyberattack could trigger Article 5 of our founding treaty, where an attack against one ally is treated as an attack against all,” Geoana told a virtual conference of CYBERSEC, an annual public policy conference sponsored by the Kosciusko Institute of Krakow, Poland.


Subject: Have you gotten a collection call about a debt you don’t recognize?
Source: FTC Consumer Blog

Today, in partnership with federal and state law enforcement partners, the FTC announces Operation Corrupt Collector, a federal-state law enforcement sweep against fake and abusive debt collectors. The operation includes five FTC actions, with two new cases announced today.

In each of the new FTC cases announced today, the companies claimed to be collecting on debt that they can’t legally collect, or that people don’t actually owe. In these cases, the companies made robocalls to people, telling them that they’ve been sued, or soon will be, if they don’t pay up.

Subject: Collection and Use of Biometrics by U.S. Citizenship and Immigration Services
Source: EFF via beSpacific

EFF – “On September 11, 2020, the Department of Homeland Security (DHS) announced its intention to significantly expand both the number of people required to submit biometrics during routine immigration applications and the types of biometrics that individuals must surrender. This new rule will apply to immigrants and U.S. citizens alike, and to people of all ages, including, for the first time, children under the age of 14. It would nearly double the number of people from whom DHS would collect biometrics each year, to more than six million. The biometrics DHS plans to collect include palm prints, voice prints, iris scans, facial imaging, and even DNA—which are far more invasive than DHS’s current biometric collection of fingerprints, photographs, and signatures.  (For an incisive summary of the proposed changes, click here.)…”

Subject: CISA Releases Telework Essentials Toolkit

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role:

  • Actions for executive leaders that drive cybersecurity strategy, investment and culture
  • Actions for IT professionals that develop security awareness and vigilance
  • Actions for teleworkers to develop their home network security awareness and vigilance

CISA encourages users and administrators to review the Telework Essentials Toolkit and the CISA Telework page for more information.

Various RSS feeds:


Posted in: AI, Big Data, Civil Liberties, Computer Security, Cybercrime, Cybersecurity, Financial System, Government Resources, KM, Legal Research, Privacy, Technology Trends, Telecommuting