Pete Recommends Weekly highlights on cyber security issues May 10, 2020

Subject: Police: Watch Out for These Women Dressed as Nurses
Source: CNN via Newser

(Newser) – Police say women are dressing as nurses and stealing packages from residents’ doorsteps in Washington state, CNN reports. Surveillance-video images of two suspects show them wearing scrubs, gloves, a lanyard, and an ID badge—but Kennewick police don’t think for a second that either are really nurses. “The nurses we are fortunate to know only give their time, lives, and take the vitals of their patients (not their property),” they write on Facebook. One package was apparently taken Wednesday from outside the home of a law enforcement officer and a real nurse….

[seems like they are stalking the carrier trucks … I wonder if those trucks have surveillance? /pmw]

Subject: Employment-Related Identity Fraud: Improved Collaboration and Other Actions Would Help IRS and SSA Address Risks
Source: U.S. GAO

Employment-related identity fraud occurs when people use a name or Social Security number (SSN) other than their own to get a job. This fraud makes it harder for IRS to collect taxes and harder for the Social Security Administration to manage benefits.Though the true scope of this fraud is unknown, we identified 1.3 million SSNs from 2016 that were associated with both signs of potential fraud (e.g., wages reported for the SSNs of children or the elderly), and under reported wages to IRS by the taxpayer. Our recommendations include improving how both agencies share wage data to better detect this type of fraud.Additional Materials:

Subject: Amazon, Pfizer join ICE to combat COVID-19-related crime

May 5 (UPI) — Six private companies including Amazon have partnered with U.S. Immigration and Customs Enforcement to combat illegal activity attempting to exploit the coronavirus pandemic, the federal agency said Tuesday.Pfizer, 3M, Citi, Alibaba and Merck along with the online retail juggernaut have joined Homeland Security Investigations’ National Intellectual Property Rights Coordination Center to fight fraud targeting the public’s fears and anxieties over COVID-19, ICE said in a statement.

“HSI has made it a top priority to investigate anyone attempting to use the COVID-19 pandemic to defraud other people,” said HSI Acting Executive Associate Director Alysa D. Erichs. “A robust partnership with the private sector is an absolute requirement to effectively disrupt and dismantle COVID-19 criminal networks and strengthen global supply-chain security.”

The announcement comes weeks after ICE launched Operation Stolen Promise on April 15 with the aim of cracking down on COVID-19-related fraud and crime amid an increase in the sale of counterfeit pharmaceuticals and medical equipment and trade importation violations of products purporting to treat the virus.

Subject: How My Boss Monitors Me While I Work From Home
Source: NYT via beSpacific

The New York Times – As we shelter in place in the pandemic, more employers are using software to track our work — and us: “…With millions of us working from home in the coronavirus pandemic, companies are hunting for ways to ensure that we are doing what we are supposed to. Demand has surged for software that can monitor employees, with programs tracking the words we type, snapping pictures with our computer cameras and giving our managers rankings of who is spending too much time on Facebook and not enough on Excel. The technology raises thorny privacy questions about where employers draw the line between maintaining productivity from a homebound work force and creepy surveillance…”beSpacific Subjects: Civil Liberties, Economy, Internet, Knowledge Management, Legal Research, Privacy

NYT Covid-19 articles:


Subject: Report: “We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus“
Source: The Citizen Lab – UoT via LJ infoDOCKET

From the The Citizen Lab, University of Toronto:Key Findings

  • We present results from technical experiments which reveal that WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.
  • Documents and images transmitted entirely among non-China-registered accounts undergo content surveillance wherein these files are analyzed for content that is politically sensitive in China.
  • Upon analysis, files deemed politically sensitive are used to invisibly train and build up WeChat’s Chinese political censorship system.

By engaging in analysis of WeChat privacy agreements and policy documents, we find that the company provides no clear reference or explanation of the content surveillance features and therefore absent performing their own technical experiments, users cannot determine if, and why, content surveillance was being applied. Consequently, non-China-based users who send sensitive content over WeChat may be unwittingly contributing to political censorship in China.

Citizen Lab category:


Subject: Contact-Tracing Apps in the United States
Source: LawFare via beSpacific
LawFare: “…In the United States, efforts to develop digital contact-tracing systems have largely fallen to states and tech companies—though privacy advocates have voiced concerns about the invasiveness of such apps. Apple and Google recently agreed to partner in developing a contact-tracing technology that will be interoperable between iOS and Android phones and will provide public health officials and others with the ability to develop contact-tracing apps. The system uses Bluetooth beacons to log devices that phones have been near and anonymizes the data. The technology relies on a decentralized system—meaning that an individual’s data is stored locally on their phone rather than in a central database accessible to app developers or government officials. The companies have already released draft documentation and sample code for the API—the set of bare-bones protocols that will make contact-tracing schemes work on their respective platforms—and it should be available for developers to include in contact-tracing apps in mid-May. Later this year, users will no longer need to install an app to opt in to the contact-tracing effort: Apple and Google say proximity tracking will be built directly into phones’ operating systems in the coming months “to help ensure broad adoption.”…
Posted in: Communications, Cybercrime, Cybersecurity, Government Resources, Health, Healthcare, Legal Research, Privacy, Technology Trends