North Korea’s Rising Ambition Seen in Bid to Breach Global Banks; New York Times, March 25, 2017

Paul Mozur and Choe Sang-Hun, New York Times; North Korea’s Rising Ambition Seen in Bid to Breach Global Banks

"The security firm Symantec said it believed that the hackers behind the Poland attack were also behind two other major breaches: the theft of $81 million from the central bank of Bangladesh and a 2014 attack on Sony Pictures, which rocked the film industry.

“We found multiple links, which gave us reasonable confidence that it’s the same group behind Bangladesh as the Polish attacks,” said Eric Chien, a researcher at Symantec, which studied both attacks."

Treasury Secretary Mnuchin Highlights Concerns Regarding Cybersecurity; National Law Review, March 24, 2017

Covington & Burling LLP, National Law Review; Treasury Secretary Mnuchin Highlights Concerns Regarding Cybersecurity

"On March 24, 2017, Treasury Secretary Steven Mnuchin gave a speech in which he identified cybersecurity as his primary concern regarding the financial sector."

Director of CMU's CERT cybersecurity team departs; Pittsburgh Post-Gazette, March 17, 2017

Bill Schackner, Pittsburgh Post-Gazette; 

Director of CMU's CERT cybersecurity team departs

"Six weeks after being named director, Edward (Ned) Deets III has left the CERT Cybersecurity Division of Carnegie Melon University's Software Engineering Institute. No reason for the departure was given."

Justice Department Announces Charges Against Yahoo Hacking Suspects; Huffington Post, March 15, 2017

Ryan Grenoble, Ryan J. Reilly, Huffington Post; 

Justice Department Announces Charges Against Yahoo Hacking Suspects

"The suspects face a number of charges, according to the DOJ: conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identity theft. The most serious of those charges, conspiring to commit wire fraud, carries a maximum sentence of 20 years."

Russian Espionage Piggybacks on a Cybercriminal’s Hacking; New York Times, March 12, 2017

Michael Schwirtz and Joseph Goldstein, New York Times; 

Russian Espionage Piggybacks on a Cybercriminal’s Hacking

"In the summer of 2014, the F.B.I., together with law enforcement agencies in over half a dozen countries, carried out Operation Tovar, a coordinated attack on Mr. Bogachev’s criminal infrastructure that shut down his network and liberated computers infected with GameOver ZeuS."

Under pressure from tech companies, ‘Fair Repair’ bill stalls in Nebraska; Guardian, March 11, 2017

Olivia Solon, Guardian; 

Under pressure from tech companies, ‘Fair Repair’ bill stalls in Nebraska

"“This has the potential to weaken security features in a host of electronic devices. It’s not about dead screen or battery,” said CompTIA’s Alexi Madon, adding that the bill applied to medical equipment and government servers. “Manufacturers are also required to give up sensitive intellectual property.”

Tony Baker, a Nebraska politician who previously provided information solutions to the US military, countered the suggestion that repair rights would infringe on the intellectual property rights and the security of software. He explained how his organization created software running on classified networks that granted different levels of access to different groups of people, depending on their level of authorisation or security clearance. He argued that manufacturers could do the same with their products."

Olivia Solon, Guardian; 

With the latest WikiLeaks revelations about the CIA – is privacy really dead?

"In the week that WikiLeaks revealed the CIA and MI5 have an armoury of surveillance tools that can spy on people through their smart TVs, cars and cellphones, the FBI director, James Comey, has said that Americans should not have expectations of “absolute privacy”.

“There is no such thing as absolute privacy in America: there is no place outside of judicial reach,” Comey said at a Boston College conference on cybersecurity. The remark came as he was discussing the rise of encryption since Edward Snowden’s 2013 revelations of the NSA’s mass surveillance tools, used on citizens around the world...

So, where does this leave us? Is privacy really dead, as Silicon Valley luminaries such as Mark Zuckerberg have previously declared?

Not according to the Electronic Frontier Foundation’s executive director, Cindy Cohn.

“The freedom to have a private conversation – free from the worry that a hostile government, a rogue government agent or a competitor or a criminal are listening – is central to a free society,” she said."

FBI's James Comey: 'There is no such thing as absolute privacy in America'; Guardian, March 8, 2017

Julian Borger, Guardian; 

FBI's James Comey: 'There is no such thing as absolute privacy in America'

[Kip Currier, March 10, 2017: I've copied below a post I made to my Ethics and Information Blog a couple of days ago.]

---------------------------------------------------------------------------------

[Kip Currier: 2,000th post since starting this Ethics Blog in 2010. Very thought-provoking privacy (are we now in a "post-privacy world"?) quote by FBI Director Comey--great fodder for Information Ethics class discussions, as well as around "the dinner table" and workplace water cooler/caffeine dispenser!]

"“There is no such thing as absolute privacy in America,” the FBI director, James Comey, has declared after the disclosure of a range of hacking tools used by the CIA.

Comey was delivering prepared remarks at a cybersecurity conference in Boston, but his assessment has deepened privacy concerns already raised by the details of CIA tools to hack consumer electronics for espionage published by WikiLeaks on Tuesday.

“All of us have a reasonable expectation of privacy in our homes, in our cars, and in our devices. But it also means with good reason, in court, government, through law enforcement, can invade our private spaces,” Comey said at the conference on Wednesday. “Even our memories aren’t private. Any of us can be compelled to say what we saw … In appropriate circumstances, a judge can compel any of us to testify in court on those private communications.”"

With WikiLeaks Claims of C.I.A. Hacking, How Vulnerable Is Your Smartphone?; New York Times, March 7, 2017

Steve Lohr and Katie Benner, New York Times; 

With WikiLeaks Claims of C.I.A. Hacking, How Vulnerable Is Your Smartphone?

"If the documents are accurate, did the C.I.A. violate commitments made by President Barack Obama?

In 2010, the Obama administration promised to disclose newly discovered vulnerabilities to companies like Apple, Google and Microsoft. But the WikiLeaks documents indicate that the agency found security flaws, kept them secret and then used them for surveillance and intelligence gathering.

Why is it so hard to keep these cyberweapons under wraps?

Unlike nuclear weapons, which can be guarded and protected, cyberweapons are “just computer programs which can be pirated like any other,” WikiLeaks notes. “Since they are entirely comprised of information they can be copied quickly with no marginal cost.”

There is a growing black market dedicated to trading these weapons, and government agencies from around the world will pay well for their discovery."

WikiLeaks Releases What It Calls CIA Trove Of Cyber-Espionage Documents; NPR, March 7, 2017

Camila Domonoske, NPR; 

WikiLeaks Releases What It Calls CIA Trove Of Cyber-Espionage Documents

"WikiLeaks has released thousands of files that it identifies as CIA documents related to the agency's cyber-espionage tools and programs.

The documents published on Tuesday include instruction manuals, support documents, notes and conversations about, among other things, efforts to exploit vulnerabilities in smartphones and turn smart TVs into listening devices. The tools appear to be designed for use against individual targets, as part of the CIA's mandate to gather foreign intelligence."

No One Should Give In to Cyber Extortion Unless It's a Life or Death Situation; Slate, March 7, 2017

Josephine Wolff, Slate; 

No One Should Give In to Cyber Extortion Unless It's a Life or Death Situation

"Paying ransoms and caving to extortion demands just encourages more of the same activity, directed at both previous victims and new ones. The only way to effectively discourage this kind of crime is to make it so fruitless, so unprofitable, so profoundly ineffective that the perpetrators find a new outlet for their energies. And the only way to do that is to stop relying on individual victims and organizations to make these choices themselves and implement policies that explicitly penalize the payment of online ransoms in most circumstances."

Top Cybersecurity Innovations of 2017; Inside Scoop, March 8, 2017

Amanda Ciccatelli, Inside Scoop; 

Top Cybersecurity Innovations of 2017

"So far this year, there have been three key cybersecurity developments including blockchain, cloud security, and machine learning/artificial intelligence (AI). Michael Whitener, VLP Partner, sat down with Inside Counsel to discuss the new cybersecurity developments of 2017 and how they will affect the future of the industry."

Cyber order coming soon, says exec briefed by White House; FedScoop, March 6, 2017

Shaun Waterman, FedScoop; Cyber order coming soon, says exec briefed by White House

Ethics And Hacking: What You Need To Know; Forbes, March 6, 2017

Forbes Technology Council, Forbes; 

Ethics And Hacking: What You Need To Know

"The term hacking gets bandied about a great deal in both the industry and in the media. Some stories carry the image of bored tweens, building skills while bragging about tearing up someone else’s hard work. Other stories talk more about offshore groups using server farms to mass phish for information.

The kinds of damage that hackers can cause is as varied as functions of a computer or device: Lost finances, trade secrets, and files swapped or erased are only the tip of what could be done to a person or company. Sometimes, just being one of the few people aware that different companies are talking to each other about business can mean opportunities for the unethical.

So the question gets raised: Can the arts of hacking be used to improve lives on a broader scale, or is it a purely destructive activity? Below, Forbes Technology Council members weigh in on ethics and hacking."

China’s theft of U.S. trade secrets under scrutiny; Science, February 28, 2017

Mara Hvistendahl, Science; 

China’s theft of U.S. trade secrets under scrutiny

"When it comes to intellectual property (IP) theft, there’s the rest of the world, and then there’s China, a new report says. In 2015, mainland China and Hong Kong accounted for 87% of counterfeit goods seized by the U.S. Customs and Border Patrol. China’s share of trade secrets theft, though harder to track, is not far behind, claims the Commission on the Theft of American Intellectual Property in Washington, D.C., a bipartisan nongovernmental group co-chaired by former Utah Governor Jon Huntsman Jr., who served as U.S. ambassador to China from 2009 to 2011.

Stolen trade secrets, pirated software, and counterfeiting cost the United States between $225 billion and $600 billion per year, the commission estimates...

Scholars often take issue with efforts to put a price tag on IP theft... 

Also up for debate is how best to address IP theft. The Obama administration pursued a strategy heavy on prosecutions of Chinese-born U.S. scientists (see here, here, and here), along with symbolic moves against overseas offenders, such as the 2014 indictment of five members of a People’s Liberation Army hacking unit. Policy tools improved under Obama went “largely unused,” the report said. For instance, a 2015 law enabling the president to sanction foreign countries, companies, and individuals for IP theft has not yet been invoked."

The EU Is Fighting A Lopsided Battle Against Russian Disinformation; Huffington Post, March 3, 2017

Nick Robins-Early, Huffington Post; 

The EU Is Fighting A Lopsided Battle Against Russian Disinformation

"The Lisa case is an extreme example of what analysts say is a sprawling campaign of Russian disinformation that seeks to influence European Union politics and sow discord among voters. It’s a problem that European governments are increasingly concerned about, but one they are struggling to produce an effective way to counter...

The EU vowed this year to expand its efforts to defend against false reports, as upcoming elections in France, Germany and the Netherlands raise the stakes on misinformation influencing voters. In November, the European Parliament passed a motion that called on the EU and member states to do more to counter Russian “disinformation and propaganda warfare.” Russian President Vladimir Putin accused the bloc of trying to silence dissenting opinions.

But the European Union views the threat of disinformation as a serious challenge. In January, EU politicians pledged to give more funding for an 11-person task force set up in 2015 called East Stratcom, which aims to address Russian disinformation and highlight its distortions. The task force issues weekly newsletters on disinformation campaigns, makes viral-style explainer videos on how false reports spread and fact checks suspect news stories." 

Lawmakers troubled by cyber-enabled information warfare; FedScoop, March 1, 2017

Chris Bing, FedScoop; Lawmakers troubled by cyber-enabled information warfare

Russia Heats Up Its Infowar With the West; Daily Beast, March 3, 2017

Ilan Berman, Daily Beast; Russia Heats Up Its Infowar With the West

"[Russia's information operations] objective is clear and unequivocal: to obscure objective facts through a veritable “firehose of falsehood,” thereby creating doubt in Western governments, undermining trust in democratic institutions, and garnering greater sympathy for the Russian government (or, at least, greater freedom of action) for its actions abroad.

Last month, in a presentation before the Duma, Russia’s lower house of parliament, Defense Minister Sergei Shoigu formally unveiled the establishment of a new military unit designed to conduct “information operations” against the country’s adversaries. The goal of the new initiative, according to Vladimir Shamanov, head of the Duma’s defense committee, is to “protect the national defense interests and engage in information warfare.”"

"Homework Hacked"; Frank and Ernest via GoComics.com, March 3, 2017

Thaves, Frank and Ernest via GoComics.com; "Homework Hacked"

Are You Ready for the New China Cybersecurity Law?; Inside Counsel, February 28, 2017

Zach Warren, Inside Counsel; 

Are You Ready for the New China Cybersecurity Law?

"In December 2016, China passed a comprehensive Cybersecurity Law, expanding the country’s data localization requirement once it goes into effect this June and sparking heated debate among Chinese lawmakers. Some experts say even more legislation could be on the way...

The possible criminal penalties, though, should bring pause; Whitaker noted “public surveillance, imprisonment, and the death penalty are all listed as possibilities for violating the state secrets provision of the Cybersecurity Law.” In the past, “documents as innocuous as a list of customers, a pricing spreadsheet, or even a weather report have been deemed state secrets.”"

New student group tackles ethical issues in computer science; Stanford Daily, February 28, 2017

Josh Wagner, Stanford Daily; 

New student group tackles ethical issues in computer science

"Political science Professor Rob Reich, who serves as faculty director of the Stanford Center for Ethics and Society, said he was heartened by groups like EthiCS that seek to grapple with the human aspect of technology.

“If it’s anything like CS + Social Good, it’s just a welcome sign about how Stanford can combine a liberal arts education with a skill-based education,” said Reich.

Conversations like these are not restricted to the Stanford community. In early February, prominent artificial intelligence pioneers such as Elon Musk and Stephen Hawking endorsed a list of 23 principles, priorities and precautions that should guide the safe development of ethical artificial intelligence technologies."