Category Archives: LAWS

Australia likely to get its own GDPR

Everyone in the Australian cybersecurity ecosystem has a role to play to ensure the security of the nation, according to Nationals Senator Bridget McKenzie.

The mandatory data breach notifications laws coming into effect in Australia next year will be followed by other laws to ensure everyone in the digital ecosystem — including government divisions, large corporates, small to medium-size enterprises (SMEs), and consumers — are playing their role in keeping Australia “cyber secure”, according to Senator Bridget McKenzie.

McKenzie, who is the chair of the Foreign Affairs, Defence, and Trade Legislation Committee, likened cyber breaches to the “system of disease in the pre-industrial revolution that just swept through”.

“Cyber breaches have the capacity to wipe out industries, wipe out systems, wipe out communities, if every member of that community or that cyber ecosystem isn’t following best practice when it comes to keeping their information secure,” McKenzie told ZDNet at the Australian Computer Society’s Reimagination Thought Leaders’ Summit.

“It’s not just defence’s job or ASIO’s or DSTO’s or the government’s indeed, but every SME and private homeowner needs to have an eye for cybersecurity, making sure their data’s safe.”

McKenzie said mandatory data breach notifications laws, set to come into effect next year, is a step towards keeping organisations alert and accountable, with other laws expected to be introduced in Australia in the upcoming years, possibly similar to those coming into effect next year in the European Union.

The European Union’s (EU) General Data Protection Regulation (GDPR) will require organisations around the world that hold data belonging to individuals from within the EU to provide a high level of protection and explicitly know where every piece of data is stored.

Organisations that fail to comply with the regulation requirements could be fined up to €20 million, or, in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year — whichever is higher.

“No longer can you say, ‘Oh I’ll leave it to someone else because the flow-on effects, the interconnectedness, the Internet of Things, is such that if one member of that web, if you like, has a security breach, it has flow-on effects for everybody involved,” McKenzie said.

Additionally, Australians need to have the confidence that they can share private information such as their health details and not have it end up in the public sphere, otherwise the nation will not be able to experience the full benefits of technology, McKenzie said.

Shadow Minister for the Digital Economy Ed Husic said, however, that the government has a long way to go in building that confidence, given 50,000 Australians have been affected by a government data breach that occurred in October. He noted that the breach was not a technological error, but a human error.

“How do we build consumer or citizen confidence about protection of privacy?” Husic said. “50,000 people were affected by a data breach across government, releasing details of passwords and credit cards. It’s not all tech related … people often blame tech for this. It’s people and the way that they use data and it’ll be interesting to see the details that come out on this in the next few days.”

“This data breach occurred back in October, no public explanation of it, no detail about what was known, what was being done to fix it. If we want people to be confident that data is being used well by government, then the government’s got a long way to go to build that confidence.”

Husic added that the government needs to lead by example; it should be notifying the public about data breaches if it wants businesses to do the same.

“[The government’s] got to do some things itself. And you can’t lecture business about getting focused on cybersecurity if you’re losing your own moral authority … because you’re not looking after data within your own batch,” he said.

McKenzie believes in Australia’s growing status as a cybersecurity hub, saying that the nation is equipped with the right expertise in this area. She added that Australia is in the process of creating a strong cybersecurity industry capable of exporting.

“Our law enforcement and intelligence agencies are world-class. We’re also part of Five Eyes, which means we have a lot of access to information and technology and collaboration opportunities,” she said. “We lead the world in quantum computing … and it [has the] potential to contribute further to security of data and security of communications particularly in the intelligence and defence spheres.

“We’ve really got some technical expertise, but also I think a richness around governance frameworks and excellence in regulatory frameworks that can also assist other governments and other organisations worldwide to understand best practices in the area.”

In September, Ambassador for Cyber Affairs Dr Tobias Feakin communicated a similar sentiment, saying Australia has an international standing in cybersecurity, and brings “key qualities” to the table.

Australia has also played a role in the creation of international peacetime norms for cyberspace, including chairing the first United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) in 2013, and helping develop the 11 international norms agreed to in subsequent UN GGE meetings.

“We have regional knowledge beyond most. We have a trusted diplomatic brand, and that’s something that we intend to capitalise on. We have strategic and economic interests in the region. And we have long-standing development partnerships across the region already,” Feakin said at the second annual SINET61 conference in Sydney.

“We need to capitalise on those, make the most of them. Not just for us as a government, [and] for regional partners as well, but also for our private sector … We see this issue as central to our economic future,” he said.

“It’s only this year that it’s just reached the point, of tipping over, to 50 percent of all internet users living in the Asia-Pacific. But really, still, there’s huge economic growth to unravel there, because still 60 percent of all households don’t have internet coverage.”

Last month, launching the International Cyber Engagement Strategy, Foreign Minister Julie Bishop said that for the purpose of national security, cyberspace cannot be an ungoverned space.

“Just as we have international rules that guide how states behave, and how states should behave towards each other, the international rules-based order that’s been in place for about 70 years, so too must states acknowledge that activities in cyberspace are governed by the same set of rules as military and security activities in traditional domains,” Bishop said in October.

“The 2016 US presidential election focused the world’s attention on the potential for cyber operations to interfere with democratic processes. This cannot be allowed to continue. It strikes at the very heart of the sovereignty of nations.”

According to the International Cyber Engagement Strategy, Australia will develop an international “architecture for cooperation” including mechanisms to respond to unacceptable behaviour in cyberspace in a timely manner.

“Australia’s responses to malicious cyber activity could comprise law enforcement or diplomatic, economic, or military measures as appropriate for the circumstances. This could include, but is not restricted to, offensive cyber capabilities that disrupt, deny, or degrade the computers or computer networks of adversaries,” the strategy states.

The strategy also implies that the nation has the capability to identify the source of cyber attacks.

“Depending on the seriousness and nature of an incident, Australia has the capability to attribute malicious cyber activity in a timely manner to several levels of granularity — ranging from the broad category of adversary through to specific states and individuals,” the strategy states.

In September, the federal government pledged AU$50 million over seven years for the cybersecurity cooperative research centre (CRC), with over AU$89 million in further funding to come from 25 industry, research, and government partners.

The cybersecurity CRC will deliver solutions to increase the security of critical infrastructure, the government said at the time, which includes “frameworks, products, and approaches that will service existing and future ICT enterprises across a broad range of platforms and operating systems”.

Assistant Minister for Industry, Innovation and Science Craig Laundy said the activities of the cybersecurity CRC will contribute to the objectives laid out in Australia’s AU$240 million Cyber Security Strategy, which is aimed at defending the nation’s cyber networks from organised criminals and state-sponsored attackers.

Related Coverage

Just one day after its release, iOS 11.1 hacked by security researchers

The bugs were found in Apple’s Safari web browser.

With a physical key, Google says it can protect you from nation-state hackers

When two-factor doesn’t cut it against the most sophisticated adversary, Google thinks it has an answer.

IoT security: Keeping users on their toes means staying on yours

IoT has introduced new vulnerabilities that can put your network at risk. Providing users with ongoing security training — and examples that relate to their work — will help keep your data safe.

Hacking group targets banks with stealthy trojan malware campaign

Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.

This destructive wiper ransomware was used to hide a stealthy hacking campaign

“ONI” ransomware deployed on hundreds of machines in an effort by attackers to cover tracks of “Night of the Devil” campaign — which exploited leaked-NSA exploits.

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

New USA Federal Requirements On Cellphone Surveillance

WASHINGTON (AP) — Federal law enforcement officials will be routinely required to get a search warrant before using secretive and intrusive cellphone-tracking technology under a new Justice Department policy announced Thursday.

The policy represents the first effort to create a uniform legal standard for federal authorities using equipment known as cell-site simulators, which tracks cellphones used by suspects.

It comes amid concerns from privacy groups and lawmakers that the technology, which is now widely used by local police departments, is infringing on privacy rights and is being used without proper accountability.

“The policy is really designed to address our practices, and to really try to promote transparency and consistency and accountability — all while being mindful of the public’s privacy interest,” Deputy Attorney General Sally Yates told reporters in announcing the policy change.

The policy applies only to federal agencies within the Justice Department and not, as some privacy advocates had hoped, to state and local law enforcement whose use of the equipment has stirred particular concern and scrutiny from local judges.

The technology — also known as a Stingray, a suitcase-sized device — can sweep up basic cellphone data from a neighborhood by tricking phones in the area to believe that it’s a cell tower, allowing it to identify unique subscriber numbers. The data is then transmitted to the police, helping them determine the location of a phone without the user even making a call or sending a text message.

The equipment used by the Justice Department does not collect the content of communications.

Even as federal law enforcement officials tout the technology as a vital tool to catch fugitives and kidnapping suspects, privacy groups have raised alarms about the secrecy surrounding its use and the collection of cellphone information of innocent bystanders who happen to be in a particular neighborhood or location.

In creating the new policy the Justice Department was mindful of those concerns and also sought to address inconsistent practices among different federal agencies and offices, Yates said.

“We understand that people have a concern about their private information, and particularly folks who are not the subjects or targets of investigations,” Yates said.

The new policy requires a warrant in most cases, except for emergencies like an immediate national security threat, as well as unspecified “exceptional circumstances.” The warrant applications are to set out how the technology will be used.

In addition, authorities will be required to delete data that’s been collected once they have the information they need, and are expected to provide training to employees.

The policy could act as a blueprint for state and local law enforcement agencies in developing their own regulations. But it’s unclear how broad an impact Thursday’s announcement will have, since it does not directly affect local police agencies unless they’re working alongside federal authorities on a case or relying on their assistance.

Use of the technology has spread widely among local police departments, who have been largely mum about their use of the technology and hesitant to disclose details — often withholding materials or heavily censoring documents that they do provide.

Local departments have faced scrutiny from judges about how they deploy the equipment, though agencies have often insisted that non-disclosure agreements with the FBI limit what they can say.

The FBI has said that while specific capabilities of the equipment are considered sensitive, it did not intend for the agreements to prevent the police from disclosing to a court that the equipment was used in a particular case. Yates said she expected the FBI to revise any such agreements to be more transparent.

The American Civil Liberties Union called the policy a good first step, but expressed disappointment that it did not cover federal agencies outside the Justice Department or local police who use federal funds to purchase the surveillance equipment. It called on the Justice Department to close remaining loopholes, such as the one allowing for warrantless surveillance under undefined “exceptional circumstances.”

“After decades of secrecy in which the government hid this surveillance technology from courts, defense lawyers, and the American public, we are happy to see that the Justice Department is now willing to openly discuss its policies,” ACLU lawyer Nathan Freed Wessler said in a statement.

Nate Cardozo, a staff attorney with the Electronic Frontier Foundation, a privacy group, praised the policy as an important step, though he said he suspected Justice Department attorneys saw “the writing on the wall” and recognized that judges would increasingly begin requiring warrants.

Though the policy does not require local police to follow the lead of federal agencies, “this is going to let the air out of state law enforcement’s argument that a warrant shouldn’t be required.”

“We think that given the power of cell-site simulators and the sort of information that they can collect — not just from the target but from every innocent cellphone user in the area — a warrant based on probable cause is required by the Fourth Amendment,” Cardozo said.

Henry Sapiecha

Twitter abandons ‘Do Not Track’ privacy protection

Is this the end for ‘Do Not Track’, the web-tracking privacy service?

The most shocking internet privacy laws.

Twitter was one of the first companies to support Do Not Track (DNT), the website privacy policy. Now, Twitter is abandoning DNT and its mission to protect people from being tracked as they wander over the web

DNT seemed like a good idea. By setting DNT on in your web browser, websites that supported DNT could neither place nor read advertising cookies on your device. Well, that was the idea anyway.

Any web browser or application that supported DNT added a small snippet of code to its request for a web page: DNT=1. This meant websites and services that observed DNT shouldn’t track you on the internet.

This would protect your online privacy. You might think that meant “Don’t collect and store any information about me without my explicit permission.”

Wrong.

From day one in 2012, that isn’t how it worked. According to Sarah Downey, an attorney and privacy advocate, the Interactive Advertising Bureau and the Digital Advertising Alliance (DAA), which represent most online advertisers, have their own interpretation of Do Not Track: “They have said they will stop serving targeted ads but will still collect and store and monetize data.”

However, Twitter played fair by the spirit of DNT rather than the law. Unfortunately, they were one of the few companies that did. DAA, for example, publicly abandoned DNT in 2013. With the advertisers and privacy advocates unable to agree on basic principles, DNT increasingly offered users no privacy protection worth the name.

Twitter finally had enough of fighting an already lost battle. In a note to its revised privacy policy, the company stated: “Twitter has discontinued support of the Do Not Track browser preference. While we had hoped that our support for Do Not Track would spur industry adoption, an industry-standard approach to Do Not Track did not materialize. We now offer more granular privacy controls.”

Under its new privacy rules, Twitter is extending how long its tracking cookies are active, from 10 days to 30 days as of June 18. You can also switch off Twitter ad personalization. From the same page, you can also disable geolocation and data sharing with third parties.

It’s a pity DNT has come to this. As Jason Kint, CEO of Digital Content Next, pointed out in an email interview: “Do Not Track still remains an elegant and simple consumer signal to not be tracked across the broader web.”

Kint remains hopeful about DNT: “Twitter dropping its support is disappointing as they were a leader here, but the standard is written regardless of what Twitter says and will continue to move forward. In the desire to regain consumer trust and reduce ad blocking, the ad tech world would be wise to embrace Do Not Track rather than ignoring it. Ultimately consumers win. No business has ever succeeded long-term without meeting consumer demands.”

I’m not at all optimistic. DNT has been spinning its wheels for years now with little progress. Online privacy remains an issue that upsets people, but at day’s end, neither companies nor the Trump administration have any real interest in protecting privacy.

Henry Sapiecha

Lawyers and insurers set for data breach payday

Soon, in Australia, Europe, and the UK, organisations that suffer a data breach must be able to show that they’d taken reasonable steps to prevent it. Time is running out.

Australia’s mandatory data breach notification laws come into force in February 2018. Europe’s General Data Protection Regulation (GDPR), which also requires breach notification, becomes law in May 2018. Brexit or not, the UK will also have to comply.

“[GSPR] will continue to apply to all businesses exporting goods or services into the European Single Market, regardless of any future legal and regulatory settlement reached by the UK with the EU,” wrote Peter Wright, managing director of DigitalLawUK, and chair of the UK Law Society’s Technology and Law Reference Group.

So where are we all up to here?

My reading is that we only have hints as to what’s required, and that we won’t really know until the lawyers get to work.

Wright has some security advice for UK law firms that really should be standard practice everywhere.

“Make sure that whatever medium you are using to either store or transmit personal data — in particular, data relating to your clients — is secure and encrypted,” he wrote.

Wright warns against “free cloud-based systems like Dropbox or Google Drive to communicate with clients or receive confidential data” because they’re not encrypted, but that’s no longer the case. Both Dropbox and Google Drive now encrypt customer data at rest, as does Apple’s iCloud.

But Wright’s general point about using unencrypted file sharing services stands. “You are effectively in legal and regulatory breach by using them for client-related activity as their servers are based in the cloud and most likely in the United States,” he wrote. And of course encrypted file storage is irrelevant if a user’s credentials are compromised through a phish.

Wright’s final observation is, to my mind, the most frightening.

“If firms have already not begun work on achieving compliance with the GPDR, they will find it impossible to achieve full compliance by May 2018. At this point, it’s a matter of working out how uncompliant you wish to be. You will have to cherry pick what you can and cannot afford to comply with, and put the rest in place as quickly as possible,” he wrote.

UK and European organisations still have an entire year to get compliant with their new laws. Australian organisations, somewhat less, although it could be argued that compliance with Australia’s laws would be easier. But is that really the case?

Australia’s Privacy Act says that the steps taken to protect personal information must be “reasonable in the circumstances”, but there haven’t been enough real-world cases to understand what that might mean.

Well how about the standard set by the Australian Signals Directorate (ASD) with its Essential Eight Strategies to Mitigate Cyber Security Incidents, released in February?

“The eight mitigation strategies with an ‘essential’ effectiveness rating are so effective at mitigating targeted cyber intrusions and ransomware, that ASD considers them to be the cyber security baseline for all organisations,” the ASD wrote.

The Essential Eight includes measures that we know many organisations don’t implement: application whitelisting; getting rid of Adobe Flash; installing ad blockers; disabling untrusted Microsoft Office macros; multi-factor authentication; or even securely-stored daily backups.

If experts like the ASD consider all these to be “baseline”, wouldn’t a lawyer argue that failing to implement the Essential Eight is failing to take “reasonable steps”? I guess it depends on “the circumstances”, right?

I’ve previously written that once we seen the first data breaches being disclosed, the lawyers will follow. What I didn’t consider was the insurance industry.

Cyber insurance is already the fastest-growing sector of the insurance market, according to Nick Abrahams, a partner with law firm Norton Rose Fulbright, and their APAC technology practice leader. Counter-intuitively, better insurance cover means that the lawyers are far more likely to swoop in for the kill.

“We know that the class-action law firms are looking at cyber as their next big opportunity,” Abrahams told the the InnovationAus.com conference Cyber Security — the Leadership Imperative 2017 in Sydney last week.

“If there’s 100,000 people impacted [by a data breach], or a million people, and they can all be awarded $1000 or $2000, that’s a class action,” he said.”

“The US has a massive amount of class actions in relation to privacy breaches, and the reason those class actions occur is because people know that there is insurance there to back it up,” Abrahams said. He expects a “steep rise” in litigation.

While it’s fast-growing, the cyber insurance industry is “quite immature”, especially in Australia, and “all the policies are completely different”, according to Andrew Bycroft, chief executive officer of The Security Artist.

“It’s not even like comparing apples and oranges, it’s like comparing apples and dogs,” Bycroft told the same conference.

“A lot of the insurers are actually taking on a lot of unnecessary risk. For example, they wouldn’t provide home and contents insurance for people who have houses with no doors, but what I’ve seen them doing is actually offering policies to organisations which are pretty poor in terms of their resilience capabilities.”

Bycroft says that insurers might want to work with potential customers to improve their security posture before selling them insurance.

Craig Davies, chief executive officer of the new Australian Cyber Security Growth Network (ACSGN), wasn’t exactly thrilled with that suggestion.

“A marketplace driven by insurers can only be fantastic,” Davies told the conference, to nervous audience laughter. “If I had no ethics I’d certainly invest in buying insurance and selling insurance for cyber right now. You could make a fortune.”

Yes, there’s plenty of money to be made, by insurers, by lawyers, and by the cybersecurity industry that cleans up the mess. Or, ideally, fixes things before there’s a mess to clean up.

Somewhere in there, we might even manage to better protect people’s personal information.

Henry Sapiecha

Police illegally accessed journalist’s phone files under new metadata retention regime

The Australian Federal Police illegally obtained a journalist’s phone records under the Turnbull government’s new metadata retention regime, the agency announced on Friday.

The breach took place as part of an investigation into a leak of confidential police material – and the incident will now be investigated by the Commonwealth Ombudsman.

AFP commissioner Andrew Colvin said the police officers investigating the leak did not realise they were required to obtain a warrant to access the journalist’s metadata.

“This was human error. It should not have occurred. The AFP takes it very seriously and we take full responsibility for breaching the Act,” Mr Colvin said.

“There was no ill will or malice or bad intent by the officers involved who breached the Act. But simply it was a mistake.”

The journalist in question had not been informed their data had been accessed, Mr Colvin said, due to sensitivities around the ongoing investigation into the leak.

The breach occurred “earlier this year” and was reported to the Ombudsman on Wednesday.

Under the revised data retention regime, police are required to obtain a warrant from a judge to seek metadata from a journalist.

“The vulnerability is the investigator needs to understand that that’s their requirement,” Mr Colvin said on Friday. “On this occasion, the investigator didn’t.”

The phone records in question were relevant to the investigation, Mr Colvin said, but “what was improper was that the right steps weren’t taken to gain access to it”.

The breach is the first such incident that has come to light under the government’s new metadata retention regime, which requires service providers to store their customers’ data for two years.

Acknowledging the policy was “controversial”, Mr Colvin said Australians should nonetheless have “full confidence” in both the police and the policy.

He conceded the AFP’s internal procedures had not anticipated and prevented the error and therefore those practices would be subject to “significant changes”.

Access to metadata would now be restricted to more senior officers, he said, and the number of officers who can approve access to metadata will be reduced. Training will also be bolstered.

Asked if the unlawfully-obtained phone records would still be relied on to inform the actions of investigators, he acknowledged that once seen it could not be unseen.

“Clearly they can’t unsee it. They’ll need to consider … what weight they put on what they saw,” Mr Colvin said. “But that material was accessed illegally, so it can have no bearing on the conduct of the investigation.”

He stressed the content of the journalist’s phone calls were not accessed, just the call records. But Paul Murphy, chief executive of the Media, Entertainment and Arts Alliance, said that was not a mitigating factor.

“It’s another demonstration that the AFP do not understand the sensitivities here, the vital importance of protecting journalists’ confidential sources,” he said. “It’s an absolute disgrace.”

South Australian senator Nick Xenophon, who lobbied for extra safeguards for journalists when the laws were formulated, said he was “furious” about the revelation and would seek further amendments to the law.

“This is outrageous. There’s been a flagrant breach of the law here,” he said. “The safeguards have been completely trashed. This should chill the spine of every journalist in this country.”

www.policesearch.net

www.ispysite.com

www.scamsfakes.com

Henry Sapiecha

This Algorithm & Robots Decides Crime Cases Almost As Well As A Judge

A Robotic computer program could help relieve the massive backlogs facing the world’s highest courts

justice-scales-gif image www.crimefiles.net

A computer algorithm took on the work of real human judges and did a pretty good job, predicting the decisions of one of Europe’s highest courts with 79 percent accuracy. The finding suggests artificial intelligence could help the world’s busiest courts work through their massive backlog of cases, even if an algorithm isn’t about to take up a digital gown and gavel and start actually deciding cases.

The AI analyzed cases tried before the European Court of Human Rights, which hears cases from people and groups who claim their civil or political rights have been violated in their home countries. An international team of computer scientists worked with a legal scholar to determine just how well AI could predict the court’s ultimate judgement based on how the written decision described the factual background of the case and the arguments of the parties involved. They found it agreed with the judges’ decision four of five times — and that the underlying facts of the case were by far the best predictor of the outcome of a case, rather than any of the more abstract legal arguments.

“The fact that we can get this accuracy, it means that there are some consistent patterns of violations that lead to overturning the [previous court’s] decision,” University of Pennsylvania computer scientist Daniel Preoţiuc-Pietro told Vocativ.

That suggests the court is typically less concerned with parsing philosophical questions of whether a specific instance is a human rights violation than it is determining how that situation fits into their already defined categories of violations. Preoţiuc-Pietro pointed to the example of people who allege mistreatment in prison as a situation that typically led to decisions in those people’s favor. “That’s definitely more likely for the court to actually accept that the state made a mistake and the people involved were actually justified,” he said.

More U.S. Military Wants Robots That Can Explain Themselves

The AI used what’s known as natural language processing to analyze the cases. This particular method involved looking at the text of a decision as a big bag of words, not worrying about any particular word order or grammar. Instead, the AI looked at what individual words and combinations of two, three, or four words appeared most frequently in the text, regardless of order. The AI then looked at all these combinations, known as N-grams, and clustered them into different overall topics.

The court’s decisions include lengthy sections recapping not only the factual background of the cases but also the original arguments made by the parties in the case. This gave the AI a broad sense of what each text was talking about and gave it the context necessary to predict the outcome of the case, which it did correctly in nearly four out of every five cases.

But that doesn’t mean the researchers are hoping to see AI judges anytime soon.

“We’re not advocating for automating any decisions,” said Preoţiuc-Pietro. “Decisions should still be made by the judges.” Where the AI can make a difference is in helping determining which cases make it to the judges in the first place.

More Artificial Intelligence Writes Extremely Bad Harry Potter Fan Fic

In 2015, the researchers found that nearly 85,000 petitions were submitted to the court, of which just 891 were actually decided upon. All the rest were thrown out as inadmissible, meaning the court couldn’t take them on and the previous decision by a lower court would have to stand. The European Court of Human Rights relies both on individual judges and committees to work through all these cases and figure out which are worth bringing to the actual court’s attention. Last year, that meant the entire court apparatus had to process more than 230 cases every single day, making it a huge challenge just to give each petition the human attention it deserves.

Artificial intelligence, by contrast, could zip through 85,000 petitions and decide which were most likely to be worth the court’s time, based on how similar each petition is to the court’s previous cases. Preoţiuc-Pietro suggested the algorithm could separate the cases into three groups based on the court’s prior history: those the court would likely rule on, those it likely would rule inadmissible, and those in a gray area. Committees could then devote more time to examining the cases already identified as being of uncertain status, rather than having them take valuable time doing all their own categorization.

“These committees are time-limited and beyond that very costly, so they can actually look at just the flagged cases which are more likely to be disputed and analyze them more thoroughly,” said Preoţiuc-Pietro, “while the others they can be sent for just individuals and they don’t need to be scrutinized by more people.”

The goal then wouldn’t be to take the human element out of the law, but instead the complete opposite: The European Court of Human Rights and other bodies like it would have more time to focus more time on its most difficult cases, while the AI would separate out the cases that would likely just get thrown out anyway.

www.crimefiles.net

Russian_Girl_1_728_90

hs-sig-red-on-white

Henry Sapiecha

 

Fault Lines – Cyber-war video report

Cyberwar. A conflict without footsoldiers, guns, or missiles.

Instead the attacks are launched by computer hackers. Digital spy rings. Information thieves. Cyberarmies of kids, criminals, terrorists – some backed by nation states.

In the US there Is a growing fear that they pose a massive threat to national security, and a conviction that the world’s military superpower must prepare for the fight ahead.

At stake: Crucial national infrastructure, high value commercial secrets, tens of billions of dollars in defence contracts, as well as values like privacy and freedom of expression.

In this episode of Fault Lines, Josh Rushing enters the domain of “cyber” and speaks to a former US national security official turned cybersecurity consultant, a Silicon Valley CEO, a hacker, and those who warn of a growing arms race in cyberspace.

He asks: Is the US contributing to the militarisation of cyberspace? Are the reports of cyber threats being distorted by a burgeoning security industry? And are the battles being waged in cyberspace interfering with the Internet as we know it?

People featured in this film include: Josh Rushing, John Fraize, Darrel Covell, Rsignia, Keith Alexander, Redbeard, John Verdi, Jay Rockefeller, Olympia Snowe, Jim Lewis, Enrique Salam, Michael Chertoff.

DDG

Henry Sapiecha

US appeals court: Anti-hacking law applies to password sharing case

The 9th Circuit Court of Appeals ruling expands the scope of the already-broad Computer Fraud and Abuse Act.

cybersecurity_image www.intelagencies.com

A US appeals court on Tuesday ruled that the Computer Fraud and Abuse Act, a broad anti-hacking law passed in 2005, applies to a case in which a former executive gained access to his former employer’s confidential client data through a password that was voluntarily shared with him.

In a two-to-one ruling, a three-judge panel on the 9th Circuit Court of Appeals upheld the conviction of David Nosal, who used the information from his former employer — Korn/Ferry International — to start a new firm. He gained access to the data after his former secretary shared her password with him.

The ruling expands the already-sweeping scope of the CFAA, which imposes criminal penalties on anyone who “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and bymeans of such conduct furthers the intended fraud and obtains anything of value.”

The Nosal case focused specifically on the question of whether he acted “without authorization”. The panel concluded that “‘without authorization’ is an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission”.

The court panel also upheld Nosal’s conviction for trade secret theft under the Economic Espionage Act.

In his dissent, the court summary of the ruling notes, Judge Stephen Reinhardt “wrote that this case is about password sharing, and that in his view, the CFAA does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals”.

The practice of sharing passwords isn’t uncommon, according to a SailPoint survey released earlier this year. It polled 1,000 office workers across six nations and found nearly one in three are willing to share passwords with their co-workers.

The CFAA — opposed by the Electronic Frontier Foundation for its scope — was also used to convict former Reuters editor Matthew Keys of helping Anonymous to deface the LA Times in 2010. Keys, who denied the charges against him, was sentenced to two years in prison.

UPDATE: This article was corrected to note that Keys was sentenced to two years in prison; he is not serving two years in prison.

www.crimefiles.net

www.scamsfakes.com

7fr57i

Henry Sapiecha

 

HACKER GETS 5MILLION IP ADDRESSES FROM ONLINE GAMING SERVER

Shane Stephen Duffy at the Brisbane Supreme Court image www.intelagencies.com

FROM the comfort of his bedroom, computer whiz Shane Stephen Duffy made more than $32,000 from computer gamers who paid him to access other people’s gaming accounts.

The 23-year-old hacker also attacked the computers of his online opponents, using knowledge of their IP addresses to slow their internet connections, allowing him to advance in the online game.

The IP address is the computer’s address on the internet and identifies that computer for that session or permanently.

At Brisbane District Court on Thursday, Duffy was sentenced for his crimes, including fraud, computer hacking and unauthorised impairment of electronic communication that occurred while he was living at Poona – near Hervey Bay – and Kingaroy.

Duffy, who now lives in Brisbane, pleaded guilty to the offences that occurred between May 2013 and March 2014 and was sentenced to jail with immediate parole.

League of Legends is an online computer game where players create an account and join a team that bands together to destroy an opposing team’s base.

In 2011, someone hacked into the database of the game’s LA-based publisher Riot Games and got hold of more than five million usernames and passwords for League of Legends.

It was not suggested Duffy was responsible for this hacking, but the court heard a copy of this database was found on his computer in 2013 and was also available on the internet.

The court heard Duffy made $32,000 from selling the usernames and passwords of online gaming accounts to other gamers.

In July 2013, Duffy and an associate he met online hacked into Riot Games and removed data from the server.

Judge Tony Moynihan said Riot Games spent hundreds of thousands of dollars to secure their systems.

Duffy also set up a website where players could launch attacks on their opponents’ computers using their IP address information.

Duffy’s defence barrister Patrick Wilson said doctors reports showed his client had a lack of understanding of how his actions impacted others.

He also said the offending happened at a low point in Duffy’s life, where he was restricted to his bedroom for a number of years and was traumatised by the death of his father.

Duffy was now socialising more and living a healthier life, the court heard.

Judge Moynihan said Duffy had no criminal history and he had taken constructive steps towards rehabilitation and reducing his risk of re-offending.

Duffy was sentenced to two and a half years in jail and was granted immediate parole.

He must also be of good behaviour for two and a half years. – ARM NEWSDESK

home finance generic banners (36)

Henry Sapiecha

10 things you should know about the Dark Web [Internet’s underbelly] but probably don’t

A basic overview guide to the Internet’s underbelly — the Dark Web

1…Deep or Dark?

black web keyboard operator image www.intelagencies.com

There’s a difference between the “Deep Web” and “Dark Web.” While the “Clear Web” is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can’t crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.

skull crossbones line

2…How do you access the Dark Web?

2

You can’t use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.

skull crossbones line

3…Wait, Onion domains?

3

An .onion address is the result of Onion networking — low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.

skull crossbones line

4…It’s not just drugs

1

Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a “prank” is also possible.

skull crossbones line

5…It’s also something of an eBay for peculiar items.

5

A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular — there is a wealth of devices available — both counterfeit and apparently legitimate — if you know where to look.

skull crossbones line

6…The Dark Web is used for more than buying and selling.

6

So-called “ethical” hacking and political forums, archives of forbidden books, tips on how to care for your cat — there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.

skull crossbones line

7…Trading is hardly safe or risk-free

7

Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.

Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn’t stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant — especially as there is no way to follow up with failed sales down the legal route.

skull crossbones line

8…Buying and selling through the Dark Web

4

How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes “tumbling,” a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user’s tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy — although value fluctuations linked to Bitcoin use makes this move risky.

skull crossbones line

9…Avoiding spying eyes

10

Aside from using the Tor browser and VPNs, a number of buyers and sellers use “Tails,” free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.

To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.

skull crossbones line

10…Reddit is used as a communication platform for Dark Web transactions

8

Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to “clean house,” create safe “drop” zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

skull crossbones line
 BBB
Henry Sapiecha