Pete Recommends – Weekly highlights on cyber security issues December 14, 2019

Subject: China Bans Foreign Computers
Source: The Guardian via Newser

(Newser) – Within three years, there won’t be a Dell or a Microsoft to be found inside China’s government offices. Beijing has ordered all foreign computer equipment and software be eliminated from government offices and public institutions by 2022, reports the Guardian, which notes the move will likely be “a blow to US multinational companies.” The directive comes after the Trump administration recently banned US companies from doing business with Chinese telecoms company Huawei; the Guardian calls this latest move in the US-China trade war a “tech cold war.” As many as 30 million pieces of hardware will need to be replaced, and the Financial Times notes that will be a challenge.

Replacing all the devices and software in this timeframe will be challenging, given that many products were developed for US operating systems such as Windows. Chinese government offices tend to use desktop computers from the Chinese-owned company Lenovo, but components of the computers, including processor chips and hard drives, are made by American companies.

Subject: Pensacola cyber attack: Officials not sure if personal data was exposed
Source: Pensacola News Journal

Cyberattacks have become increasingly complex

Eman El-Sheikh, director of the University of West Florida Center for Cybersecurity, said the center reached out to the city to offer any assistance.

“We’ve seen increase in the complexity and number of cyberattacks across, not just cities and municipalities, but organizations in general, and attackers will often take advantage of ways to infiltrate the system,” El-Sheikh said.

The most common type of attacks including phishing and ransomware attacks. In phishing attacks, members of the organization will receive what appear to be legitimate links that when clicked, give an attacker access to the system. Ransomware attacks involve the attack encrypting valuable data, preventing access until a ransom is paid.

El-Sheikh said at least seven municipalities have been attacked with ransomware or phishing attacks in the last year, including larger cities like Baltimore and Atlanta.

Two Florida cities paid out large ransoms earlier this year in response to cyberattacks. Lake City paid out $426,000 worth of bitcoin, and Riviera Beach paid out $600,000 to hackers.

Subject: Ring’s Hidden Data Let Us Map Amazon’s Sprawling Home Surveillance Network
Source: Gizmodo via beSpacific

Gizmodo has acquired data over the past month connected to nearly 65,800 individual posts shared by users of the Neighbors app. The posts, which reach back 500 days from the point of collection, offer extraordinary insight into the proliferation of Ring video surveillance across American neighborhoods and raise important questions about the privacy trade-offs of a consumer-driven network of surveillance cameras controlled by one of the world’s most powerful corporations. And not just for those whose faces have been recorded. Examining the network traffic of the Neighbors app produced unexpected data, including hidden geographic coordinates that are connected to each post—latitude and longitude with up to six decimal points of precision, accurate enough to pinpoint roughly a square inch of ground….

beSpacific Subjects: E-Commerce, Legal Research, Social Media
Gizmodo filed in

Subject: Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed
Source: U.S. GAO

Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. OMB requires agencies to use the Federal Risk and Authorization Management Program to authorize their use of cloud services.

Although agencies increased their program use—authorizations were up 137% from 2017 to 2019—15 of the 24 agencies we surveyed reported that they didn’t always use the program. Our 4 case study agencies didn’t fully implement key elements of the authorization process. Also, OMB didn’t monitor use of the program.

We made 24 recommendations to 4 agencies, plus one to OMB to improve oversight.

Additional Materials:

Subject: Boards Through The Lens of Cybersecurity
Source: Nasdaq

The constantly changing nature of cybersecurity risk, as well as the high and ever-growing financial, operational, and reputational costs when breaches occur is driving important conversations across global markets about how organizations can better protect themselves.

Companies face rising demands and expectations from a wide range of stakeholders to strengthen operational resilience and improve consumer data security. Board governance effectiveness is also in the spotlight when it comes to overseeing cybersecurity risks and whether board composition, board structure, director skillsets, and board processes are sufficiently attuned to navigate the challenging cybersecurity landscape.

How boards address their complex and increasingly important cybersecurity oversight responsibilities is a crucial part of this story. From board structure and operations to committee organization and composition, organizations in the U.S. are handling their approach to cybersecurity in very different ways.

Subject: 988 will be the new 911 for suicide prevention—by sometime in 2021
Source: Ars Technica

The Federal Communications Commission plans to designate 988 as the short dialing code for the United States’ suicide-prevention hotline. Much like 911 for general emergencies, 988 could be dialed by anyone undergoing a mental health crisis and/or considering suicide.

The National Suicide Prevention Lifeline can already be reached at 1-800-273-8255 (or 1-800-273-TALK), but the FCC today gave preliminary approval to a plan that would make 988 redirect to that hotline. The commission’s unanimous vote approved a Notice of Proposed Rulemaking (NPRM) that seeks public comment on the plan.

Once the NPRM is published in the Federal Register, there will be a 60-day period for taking public comments, and the FCC would finalize the plan after considering the public input. It could take another 18 months after that to implement 988 nationwide, depending on what requirements the FCC imposes on phone providers.

The FCC’s NPRM explained:

We believe this time frame would provide sufficient time for providers to make any necessary changes to equipment and software and to institute new dialing requirements, if necessary. To begin with, we understand that modern IP switches can already accommodate 988 today or do so with minor software updates. In this regard, we observe that most providers are already actively upgrading their equipment to IP technology given the technological advances in the marketplace and the advanced services that consumers are demanding. Moreover, we believe that 18 months is sufficient time to upgrade the approximately 12 percent of legacy switches that will need such upgrades and we anticipate that the majority of technical upgrades necessary to switches and systems can be done in parallel with other work to implement 988.

[Ed. comment: good luck with the programming of all of those various telecom switches — I would not be surprised, like Y2K, shortcuts were programmed so that if someone pressed “9” on a keypad, it went to “9-1-1′]

RSS site feed:

Subject: Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search
Source: Forbes

Two dead dogs and more than $50,000 in damaged property were just some of the casualties of arsons carried out across Milwaukee, Wisconsin, throughout 2018 and 2019.

To find the perpetrators, officers from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) demanded Google supply records of user devices in the respective locations at the times the arsons took place, Forbes has learned. Though federal agents had used the technique before, they’d never received such a data haul back from Google.

The requests, outlined in two search warrants obtained by Forbes, demanded to know which specific Google customers were located in areas covering 29,387 square meters (or 3 hectares) during a total of nine hours for the four separate incidents. Unbeknownst to many Google users, if they have “location history” turned on, their whereabouts are stored by the tech giant in a database called SensorVault.

Privacy concerns

But it’s also the kind of search that’s been making pro-privacy folk anxious over the last year. Such data grabs, also referred to as “reverse location searches,” see the police give Google a timeframe and an area on Google Maps within which to find every Google user within. Google then looks through its SensorVault database of user locations, taken from devices running the tech giant’s services like Google Maps or anything that requires the “location history” feature be turned on. The police then look through the list, decide which devices are of interest to the investigation and ask for subscriber information that includes more detailed data such as name, email address, when they signed up to Google services and which ones they used.

filed under

Subject: Ransomware: Cybercriminals are adding a new twist to their demands
Source: ZDNet

Pay the ransom or we’ll leak your data is the latest trend, warns cybersecurity company.

Ransomware could be getting even nastier: a security firm is warning over a new trend among some ransomware attackers to not just encrypt data, but steal some of it and use it as leverage to ensure a target pays up.

In several recent cases it has been reported that the ransomware gang have not just encrypted data but also threatened to leak the data, too. Emsisoft says these attacks elevate the ransomware threat “to crisis level” and called on government organizations to immediately improve their security.

“If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked,” the cybersecurity company said.

filedd under

Subject: Verizon kills email accounts of archivists trying to save Yahoo Groups history
Source: ZDNet

Verizon says the archivists it has blocked breached its terms of service.

Verizon, which bought Yahoo In 2017, has suspended email addresses of archivists who are trying to preserve 20 years of content that will be deleted permanently in a few weeks.

As Verizon announced in October, the company intends to wipe all content from Yahoo Groups. As of December 14, all previously posted content on the site will be permanently removed.

The mass deletion includes files, polls, links, photos, folders, database, calendar, attachments, conversations, email updates, message digests, and message histories that was uploaded to Yahoo servers since pre-Google 1990s.Verizon planned to allow users to download their own data from the site’s privacy dashboard, but apparently it has a problem with the work of The Archive Team who wants to save content to upload it to the non-profit Internet Archive, which runs the popular Wayback Machine site.

Posted in: Big Data, Cybercrime, Cybersecurity, Gadgets/Gizmos, Health, Legal Research, Privacy, Social Media