Pete Recommends – Weekly highlights on cyber security issues, March 26, 2022

Subject: Financial regulator says use of crypto helps—not hurts—ransomware investigations
Source: GCN

While cryptocurrency is preferred by ransomware perpetrators because of its perceived anonymity, it has significant visibility and investigative benefits over opaque banking, a FinCEN official told a Senate committee. Another key U.S. law enforcement official is challenging the notion that greater regulation of the cryptocurrency industry is needed to deter ransomware perpetrators, arguing blockchain technology has, moreover, assisted officials working to track the malicious activity.“Yes, cryptocurrency has become the recent payment of choice because of the speed and its perceived anonymity,” reads testimony Michael Mosier, deputy director and digital innovation officer for the Financial Crimes Enforcement Network—FinCEN—submitted to the Senate Banking Committee Thursday. “However, payments made in cryptocurrency offer law enforcement significant visibility and investigative benefits over opaque banking, as we saw with the recovery of $2.3 million in cryptocurrency from the Colonial Pipeline attackers.” …Filed:

Subject: Week in review: The secret to app security, new issue of (IN)SECURE Magazine
Source: Help Net Security

References 30 articles: Here’s an overview of some of last week’s most interesting news, articles and interviews…

Subject: How to secure your home and office network: The best DNS blockers and firewalls Source: ZDNet via beSpacific

ZDNet: “How secure is your home or office network? I’ll assume you already have an antimalware/antivirus solution in place, such as Windows Security, which is built into Windows 10 and Windows 11 (and which I believe works particularly well). But antivirus isn’t enough. Escalating international tensions — coupled with an ever-increasing number of professionals working remotely — are driving the need for small-scale solutions and best practices to secure home- and small-business networks and mobile devices from malware, malvertising, and other threats. What follows is a brief guide — with product recommendations and best practices…

Subject: Bank’s Machine Learning Systems Are Ripe for Sabotage
Source: Gizmodo

Experts worry machine learning’s reliance on large data sets to train make them particularly vulnerable to data manipulation attacks.Banks and other financial institutions utilizing artificial intelligence may be uniquely susceptible to retaliatory Russian cyberattacks as taxing international sanctions worsen, experts warn. … However, experts fear these same institutions’ rapid reliance on machine learning-learning models to automate more and more of their systems in the name of efficiency could come back to bite them in the ass. Andrew Burt, a former policy adviser to the head of the cyber division at the FBI, described AI vulnerabilities as “significant and very widely overlooked” at many financial institutions that have come to rely on them. “It’s a huge unaccounted-for risk,” Burt said. So why exactly are machine learning algorithms more susceptible to attacks? Well, in general, most of the problems stem from machine learning’s need to utilize large amounts of data to improve calculations. That reality makes them particularly susceptible to data manipulation attacks. In the past, researchers have shown it’s possible for an attacker to deliberately “poison” an algorithm’s training data to corrupt or influence any results it may spit out. … These algorithms can also be duped in real-time without large sets of data. Researchers from Tencent’s Keen Security Lab, for example, demonstrated several relatively simple techniques used to fool Tesla’s machine learning capabilities back in 2019, first tricking the windshield wipers to engage when they weren’t supposed to and then using a bright sticker on a road to convince a Tesla engaged in Autopilot to drift into an opposing lane.

Subject: State upgrades mass alert system
Source: GCN

Emergency managers in Iowa can now automatically push out safety alerts through emails, text messages, phone calls, RSS feeds and social media — and in multiple languages.Before, when a tornado warning was issued, emergency managers would “have to go to their Facebook page and go to their Twitter page and type that information in, and now this is automatic,” said Allison Bright, program planner at Iowa’s Department of Homeland Security and Emergency Management, which manages the system. Now, as soon as a warning is “issued by the National Weather Service, it automatically gets issued to their social media pages.” It also works seamlessly with the Smart911 app, which residents can subscribe to with their physical address to receive geo-targeted alerts. “What the emergency manager [in a county or at the state level] can do is geofence a location and say, ‘This issue is going on inside this geofenced location area,’” Bright said, adding that the state has reached more than 2,700 users that way since the new system went live July 1, 2021.

So far 87 of the state’s 99 counties are onboard with it, and since it went live, the system has sent almost 4,800 alerts, with 432 posts to Twitter and 689 to Facebook, sent almost 425,000 emails and 850,000 texts and made 350,000 phone calls. Each county can set the system up differently, based on their residents’ preferences. For instance, some lump together tornado watches and warnings, while others separate them out. Other counties have more language options than others, depending on their population.

… Filed:

Subject: Scrubbing the bias from machine learning systems

Monitoring, testing and evaluating impacts will help limit the systemic, statistical and human biases that affect artificial intelligence systems, according to a new NIST report.Federal agencies and officials utilizing artificial intelligence systems need to vigilantly monitor and control for systemic and racial biases included in machine learning technology, according to a new report from the National Institute of Standards and Technology. This recommendation comes from an extensive report on how organizations and enterprises, both private and public, can cultivate better trust in artificial intelligence. “Bias is neither new nor unique to AI and it is not possible to achieve zero risk of bias in an AI system,” the report begins. The document then categorizes biases in artificial intelligence in three groups: systemic, statistical and human. It then discusses mitigating each of these through testing, evaluation methods and other human factors.

Subject: Blockchain: Emerging Technology Offers Benefits for Some Applications but Faces Challenges
Source: U.S. GAO

Blockchain combines several technologies to provide a tamper-resistant record of transactions between parties without a central authority, such as a bank.Although cryptocurrency is the best known use, blockchain has potential non-financial uses. For example, it could be used to manage supply chains, create less hierarchical organizations, and document real estate title transfers. This report also highlights potential benefits and challenges of blockchain. Data privacy, energy consumption, and regulatory uncertainty are key concerns. We present policy options for oversight, standard-setting, and more. There are potential applications for blockchain in supply chains, financial services, digital IDs, and more … Policy Options That Could Help Enhance Benefits or Mitigate Challenges of Blockchain Technologies …

Subject: FBI: Americans lost $7B in 2021 to Internet crime

March 23 (UPI) — Americans reported losses surpassing $6.9 billion to Internet crime last year, according to a new report from the FBI.Released on Tuesday, the annual Internet Crime Report states Americans filed 847,376 complaints concerning a wide array of Internet scams, representing a 7% increase from the year previous. “In 2021, America experienced an unprecedented increase in cyber attacks and malicious cyber activity,” Paul Abbate, deputy director of the FBI, said in the report. “These cyber attacks compromised businesses in an extensive array of business sectors as well as the American public.” Among the 2021 complaints received, ransomware, business e-mail compromise schemes and the criminal use of cryptocurrency were among those most reported, it said.

In response to the attacks, U.S. President Joe Biden announced a slew of measures to protect the nation from cybercriminals and even held a July summit with Russian President Vladimir Putin on the topic as several of the incidents are believed to be been connected to Kremlin-linked groups. Abbate added in the report that as cyberthreats evolve they are becoming “increasingly intertwined” with traditional intelligence threats.


Subject: DHS seeks to automate video surveillance on ‘soft targets’ like transit systems, schools
Source: FedScoop

The Department of Homeland Security wants industry to develop video analytics that can detect threats caught on cameras at schools and transit systems in real time, which runs the risk of blanket surveillance, according to an American Civil Liberties Union expert.The DHS Science & Technology Directorate issued a solicitation that gives companies two years to create products capable of automatically flagging anomalies — like unattended bags or people being where they shouldn’t — to monitor vulnerable, populated places deemed “soft targets.” DHS S&T’s Silicon Valley Innovation Program funds companies’ development of new technologies in four phases, but its latest solicitation comes at a time when artificial intelligence used to monitor people is rapidly advancing. “Right now we have a lot of cameras on us, but we basically don’t worry about them most of the time because there’s an implicit understanding nobody’s really watching those cameras,” Jay Stanley, senior policy analyst with the ACLU Speech, Privacy and Technology Project, told FedScoop. “No one is going to pay a million security guards to watch every camera feed, but with AI you can do that.” While various DHS arms have explored using AI to detect anomalies and “suspicious individuals,” DHS S&T’s “broad” solicitation would impose video surveillance in a variety of everyday situations, Stanley said. …

-In this Story-
American Civil Liberties Union, artificial intelligence (AI), data, Department of Homeland Security Science and Technology Directorate, Jay Stanley, personally identifiable information, privacy, Silicon Valley Innovation Program (SVIP), video surveillance

Subject: Blockchain: Financial and Non-Financial Uses and Challenges
: U.S. GAO

Markets—for example the housing market or those for commercial goods—currently rely on institutions like banks or other intermediaries to facilitate transactions. But blockchain technology could reduce the need for these steps, while providing a trusted, tamper-resistant record of transactions.While this emerging technology could help level the playing field for businesses of all sizes or enable greater financial inclusion, it also faces some challenges and poses some risks to the consumers and businesses that hope to use it. In today’s WatchBlog post, we look at blockchain technology, including the benefits, challenges, and risks surrounding its use. … Want to learn more about blockchain technology? Check out our new technology assessment on blockchain here.


Subject: Arizona Launches First State ID in Apple Wallet
Source: Phone Scoop

After years of testing across multiple states, Arizona is now the first US state to officially offer a digital driver’s license / state ID stored digitally in a phone. Arizona residents can now add their ID to Apple Wallet by scanning their face and physical ID card using the phone’s camera, pending state agency approval. The digital ID is currently accepted at “select” TSA airport checkpoints, including in Phoenix Sky Harbor International Airport. Apple also announced that Colorado, Hawaii, Mississippi, Ohio, and the territory of Puerto Rico plan to support the technology soon, in addition to the previously-announced Georgia, Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah. The capability was introduced in iOS 15.4 for iPhones, and is also supported in Apple Watch Series 4 or later running watchOS 8.4 or later. The technology provides enhances security and privacy by only sharing information specifically requested, in an encrypted format, and the user can review which information will be shared before granting permission to share it.

Posted in: AI, Big Data, Blockchain, Cybercrime, Cybersecurity, Economy, Privacy, Technology Trends