Government Archives

Government

Retailers Demanding Federal Action on Data Breach

November 10, 2014 Paul Roberts

Add retailers to the chorus of voices calling for federal legislation on cyber security and data protection. In an unusual move, retail groups from across the U.S. sent a letter to Congressional leaders that urged them to pass federal data protection legislation that sets clear rules for businesses serving consumers. The letter, dated November 6, was addressed to the majority and minority party leaders of the U.S. Senate and the House of Representatives and signed by 44 state and national organizations representing retailers, including the National Retail Federation, the National Grocers Association, the National Restaurant Association and the National Association of Chain Drug Stores, among others. “The recent spate of news stories about data security incidents raises concerns for all American consumers and for the businesses with which they frequently interact,” the letter reads. “A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all […]

FBI Seizes Dozens of Online ‘Dark Markets’

November 7, 2014 Paul Roberts

The news yesterday was that the FBI arrested a 26 year-old San Francisco man responsible for operating Silk Road 2.0 – an anonymous, online marketplace for illicit goods. The news on Friday is that Silk Road was just the tip of the iceberg. On Friday, the FBI and announced that it has seized dozens of other so-called “dark market” websites offering a range of illegal goods and services for sale on the “Tor” network. The coordinated take downs are the “largest law enforcement action to date against criminal websites operating on the ‘Tor’ network,” the FBI said in a statement. “We shut down the original Silk Road website and now we have shut down its replacement, as well as multiple other ‘dark market’ sites allegedly offering all manner of illicit goods and services, from firearms to computer hacking,” said Manhattan U.S. Attorney Preet Bharara The take-downs were part of a coordinated law enforcement action […]

Metadata Matters: EFF To Argue Collection Violates Constitution

November 4, 2014 Paul Roberts

Lawyers from The Electronic Frontier Foundation will argue on Tuesday that the U.S. government’s bulk collection of phone records and other “metadata” is a violation of the Constitution’s protection against unlawful searches. In a blog post on Monday, EFF said that it plans to make oral arguments before the D.C. Circuit Court of Appeals on Tuesday and will argue that the call records collected by the government constitute “intimate portraits of the lives of millions of Americans” that are protected under the Constitution’s Fourth Amendment. The EFF is presenting in the Klayman vs. Obama, a 2013 case filed by Larry Klayman, conservative activist, in the immediate aftermath of the publication of data leaked by former NSA contractor Edward Snowden. EFF and the ACLU filed an amicus brief in that case in August. The government’s argument is that the bulk collection of phone records is legal under a precedent called “third party doctrine,” which […]

Malware Campaign Against Industrial Systems Almost 3 Years Old

October 30, 2014 Paul Roberts

The U.S. Government’s Industrial Control System CERT (ICS-CERT) said on Thursday that a campaign targeting industrial control system (ICS) software began in January, 2012 and targeted industrial systems that were directly connected to the public Internet. ICS-CERT said in an alert published on Wednesday that “HMI” (or Human-Machine Interfaces) products from vendors including GE, Advantech/Broadwin and Siemens may have been infected with variants of the BlackEnergy malware since January, 2012. Infected firms were running versions of the GE’s Cimplicity, Advantech/Broadwin’s WebAccess or Siemens’ WinCC with what ICS-CERT called a “direct Internet connection.” In some cases, as with the GE Cimplicity attacks, hackers exploited a known vulnerability in the Cimplicity software to gain access. In others (as with WebAccess and WinCC) the method by which the software was compromised isn’t known, ICS-CERT said. CERT said it hasn’t documented any cases of control processes being modified by the malware. However, BlackEnergy is typically used […]

Uncle Sam Taking a Back Seat in Cyber Defense | Bloomberg

October 29, 2014 Paul Roberts

Bloomberg has a story on the collaborative, private sector effort to thwart an industrial hacking campaign linked to Chinese intelligence. The effort, which involved firms like FireEye and iSight Partners “demonstrates for the first time a private-sector model that they believe can move faster than investigations by law enforcement agencies,” the report said. From the article: The take-down largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members — which include Microsoft Corp., Cisco Inc. and Symantec Corp. — say they can act faster than governments because they operate global Internet systems and have business relationships with tens of thousands of companies. Read more via China-Linked Hacking Foiled by Private-Sector Sleuthing – Businessweek.