Scholars Have Data on Millions of Facebook Users. Who's Guarding It?
- In July 2014, a team of four Swedish and Polish researchers began using an automated program to better understand what people posted on Facebook.
- The program, known as a "scraper," let the researchers log every comment and interaction from 160 public Facebook pages for nearly two years.
- It is one of the largest known sets of user data ever assembled from Facebook.
- Entropy detailing how their methods of trawling social media sites could be replicated.
- They have compiled hundreds of Facebook data sets that captured the behaviour of a few thousand to hundreds of millions of individuals, according to interviews with more than a dozen scholars.
- The information was then sometimes left unsecured and stored on open servers that offered access to anyone.
- Even if almost everyone in the academic community is careful and protects the data, you still can end up in a situation where someone is careless or acts in bad faith and sells access
*Source: NY Times, May 07, 2018
European regulators: We're not ready for new privacy law
- Europe's General Data Protection Regulation (GDPR) has been billed as the biggest shake-up of data privacy laws since the birth of the web.
- It won't be overseen by a single authority but instead by a patchwork of national and regional watchdogs across the 28-nation bloc.
- Seventeen of 24 authorities who responded to a Reuter's survey said they did not yet have the necessary funding, or would initially lack the powers, to fulfil their GDPR duties.
- Their responses suggest the GDPR enforcement regime will be weaker than the bloc's anti-trust authority run directly by the European Commission, the EU executive, which hit Google here with a 2.4-billion-euro ($2.9 billion) fine last year.
- The launch of GDPR comes as data privacy is making headlines, with Facebook facing intense scrutiny over the leak of 87 million users' personal data to Cambridge Analytica, a political consultancy that advised U.S. President Donald Trump's election campaign.
- Eighteen national authorities replied, plus data protection officers in six of the 16 German federal states who are responsible for enforcement. The new law calls for national watchdogs to assume the lead role in overseeing companies headquartered within their borders.
*Source: Reuters, May 09, 2018
IAG creates 'novel' model to predict cost of cyber attack
- Insurer IAG has modelled the financial cost that a data breach or ransomware attack would have on its business, in part to understand how much proposed infosec investments might offset its losses.
- "Value-at-risk modelling" project called upon the company's actuarial expertise to put numbers on different types and levels of security threats.
- If we have a major data breach or a major ransomware attack, we've done some really great work in the past 12 months to model the net cost of losses to our organisation in terms of the loss of productivity, the cost of advertising to address the concerns of our customers, the legal costs, and the costs of regulatory oversight.
- Last year, organisations impacted by the Petya malware reported lost sales and hundreds of millions of dollars in losses caused by a single infection.
- I think it really just means having workshops with key people across your business to run through the scenarios, get their opinion on what the minimum or maximum costs are, and add that together and then understand what that might look like if you had better security.
- The modelling is not just helpful in understanding the impact of different threats and investments, but in providing a footing for security risk discussions with the business.
*Source: IT News, May 08, 2018
Alexa and Siri Can Hear This Hidden Command. You Can't.
- Researchers can now send secret audio instructions undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.
- Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.
- In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.
- These deceptions illustrate how artificial intelligence — even as it is making great strides — can still be tricked and manipulated.
- With audio attacks, the researchers are exploiting the gap between human and machine speech recognition.
- Smartphones and smart speakers that use digital assistants like Amazon's Alexa or Apple's Siri are set to outnumber people by 2021, according to the research firm Ovum.
*Source: NY Times, May 10, 2018
Greek, Turkish hackers trade retaliatory cyberattacks amid worsened relations
- Brazen cyberattacks are straining relations between Greece and Turkey, two nations with considerable shared past – and a history of tense ties.
- Cyberattacks are being neutralized immediately by the responsible authorities.
- The Athens journalists' union ESIEA strongly condemned the cyberattack and also declared its solidarity with Turkish journalists fighting for press freedom in the neighbouring country.
- The officers had fled their country in the wake of Turkish President Recep Tayyip Erdogan's crackdowns on numerous sectors of society and government following an attempted coup.
- We are working against forces that threaten our national unity. The attacks will continue as long as Greece maintains its current position.
- This issue is a priority both in the EU and in the US, if only because of Russia's increasing online activities.
*Source: DW, May 09, 2018
Chinese government is behind a decade of hacks on software companies
- Researchers said Chinese intelligence officers are behind almost a decade's worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia and elsewhere.
- The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts.
- Attacks associated with Winnti Umbrella have been active since at least 2009 and possibly date back to 2007.
- The attackers used their unauthorized access to obtain digital certificates that were later exploited to sign malware used in campaigns targeting other industries and political activists.
- One campaign involved the high-profile network breaches that hit Google and 34 other companies in 2010.
- These operations and the groups that perform them are all linked to the Winnti Umbrella and operate under the Chinese state intelligence apparatus.
*Source: Arstechnica, May 10, 2018