Pete Recommends – Weekly highlights on cyber security issues September 1 2018

Subject: Woman Sues Border Agents to Make Them Return Data They Seized From Her Phone
Source: Ars Technica and BBC viaGizmodo
https://gizmodo.com/woman-sues-border-agents-to-make-them-return-data-they-1828579038

A lawsuit filed against officials from the Department of Homeland Security and Customs and Border Protection (CBP) this week signals the increasingly invasive practices of border agents—as well as the pressing need for protections of our data.

Using what’s known as the “border search exception,” federal agents regularly conduct searches and seizures without a warrant or probable cause at the U.S. border. The Supreme Court has previously affirmed these searches as constitutional, but Lazoja’s lawyers argue that taking an electronic device to second location to mine it for its wealth of data is a fundamentally different act—one that violates the Fourth Amendment.

Cahn characterized this case as “on the cutting edge,” but said he believed that “the courts are recognizing that the Fourth Amendment doesn’t disappear simply because you’re at the border.” He hopes that Lazoja’s case will signal to customs officials that they can’t just target travelers without a warrant and without reasonable suspicion.


Subject: Just say no: Wi-Fi-enabled appliance botnet could bring power grid to its knees
Source: Ars Technica

https://arstechnica.com/information-technology/2018/08/just-say-no-wi-fi-enabled-appliance-botnet-could-bring-power-grid-to-its-knees/

BALTIMORE—At USENIX Security Symposium here on Wednesday, Saleh Soltan from Princeton University’s Department of Electrical Engineering presented research that showed that if Wi-Fi-based high-wattage appliances become common, they could conceivably be used to manipulate electrical demand over a wide area—potentially causing local blackouts and even cascading failures of regional electrical grids. The research by Soltan, Prateek Mittal, and H. Vincent Poor used models of real-world power grids to simulate the effects of a “MaDIoT” (Manipulation of Demand Internet of Things) attack. It found that even swings in power usage that would be within the normal range of appliances such as air conditioners, ovens, and electric heating systems connected to “smart home” systems would be enough to cause fluctuations in demand that could trigger grid failures.


Subject: Prepare Electronic Devices for a Natural Disaster
Source: Consumer Reports
https://www.consumerreports.org/emergency-preparedness/how-to-prepare-your-electronic-devices-for-a-natural-disaster/

These digital tips can provide peace of mind during an emergency

While the first priority in storm prep remains securing the safety of people, pets, and property, packing the right electronics, keeping them powered, and using them wisely can make a big difference in staying informed, connected, and safe.

Here are 12 tips from officials, disaster experts and Consumer Reports’ electronics testers for using your devices before, during, and after a major storm.


Subject: FTC Promotes Resources to Prevent Cyberbullying
Source: FTC via US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/08/28/FTC-Promotes-Resources-Prevent-Cyberbullying

The Federal Trade Commission (FTC) has released an announcement on the importance of addressing cyberbullying. As children return to school, FTC encourages parents and educators to monitor kids’ online activity and engage in conversations about preventing cyberbullying.

NCCIC encourages users to review FTC’s article and the following resources for more information:

FTC BLOG entries on CYBERBULLYING
https://www.consumer.ftc.gov/taxonomy/term/939


Subject: How Yahoo Is Mining For Gold in Your Junk Mail
Source: (in)Secure via Digital Trends
https://www.digitaltrends.com/computing/how-yahoo-is-mining-for-gold-in-your-junk-mail/

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Yahoo’s golden era has passed and Yahoo Mail, once considered a serious competitor to Gmail, is now far less popular. It’s unlikely that you use it for your primary email account. So why should you care about its privacy policy?

According to a report from the Wall Street Journal, Yahoo’s parent company, Verizon, knows you don’t use that old AOL or Yahoo inbox. It knows they’re just full of spam. Yet strangely enough, it’s selling data pulled from it without telling you — and staying alive by doing so.

All your mail are belong to us. The beans were spilled by a leaked Yahoo sales pitch. It detailed the tactics Yahoo uses to collect and sell personal data gained from its email accounts. It’s all laid out in explicit description, outlining not only how Yahoo mines email accounts for data, but why.

On paper, Yahoo isn’t doing anything unlike what Google has done in the past. For thirteen years, Google scanned the email of Gmail accounts and sold that data to advertisers on its Google Ads platform. Considering the amount of people that use Gmail, the amount of relevant data that could be mined was mind-boggling.

Editors’ Recommendations

Topic COMPUTING
https://www.digitaltrends.com/computing/

NB

It’s RSS feed:
https://www.digitaltrends.com/computing/feed/

Bonus: (in)Secure RSS feed:
https://www.digitaltrends.com/insecure/feed/

Almost all feeds:
https://www.digitaltrends.com/rss-home/


Subject: Building NYC’s secure cyber future
Source: GCN
https://gcn.com/articles/2018/08/30/nyc-cyber.aspx

New York City experiences so much cybercrime that the Manhattan District Attorney’s Office created its own cyber lab, where staff can conduct investigations and forensics on computers, laptops and smartphones.

The New York Police Department serves five district attorney’s offices as well as other agencies, so the Manhattan office found itself “standing line to get the attention of the NYPD” when it wanted forensic help with electronic devices, Manhattan District Attorney Cyrus Vance said at a recent Route Fifty event.  “We built our own cyber lab using forfeiture dollars, which we brought in from investigations and prosecutions of foreign banks.”

The Manhattan District Attorney’s office also built mobile units so it could investigate devices in the field. In addition to the work being done in New York City, Vance said he also connects with local governments around the world through the Global Cyber Alliance, an organization his office helped found.

When it comes to coordination for future threats, the Global Cyber Alliance is partnering with the city of New York, the NYPD and the Center for Internet Security on a critical infrastructure working group.  The group currently has 17 members from government and industry.

“We are working to create protocols so when a member comes under attack, there is volunteer corps from [member] businesses that will respond to the needs,” Vance said.

NB

RSS feed for site:
https://gcn.com/rss-feeds/all.aspx

Cyber Security articles from GCN:
https://gcn.com/portals/cybersecurity.aspx


Subject: CyberWar Map visualizes global threats
Source: GCN
https://gcn.com/blogs/cybereye/2018/08/cyberwar-map.aspx

Anyone who has ever tried to track a subject by storing articles and reports in file cabinets —yes, I’m that old —is bound to get a rush of serotonin upon launching George Washington University’s new CyberWar Map.  Actually, younger folks who appreciate data visualization will probably get a pretty good kick, too.

The CyberWar Map, a project of GWU’s National Security Archive, offers an initial screen that displays what looks like the missile-tracking screens in the movie War Games.  (OK, I promise to drop the allusions to pre-internet technologies…)

Follow the line from the Iran node outward to see what actor or organization was behind a specific cyber event.  Follow to the next node to learn the name of the event and who its targets were.  At each node, a click will summon a list of available related documents summaries.

Posted in: Civil Liberties, Cybercrime, Cybersecurity, Data Mining, E-Commerce, Email, Government Resources, Privacy