Under a new bill, investigators would be able to hack into computers, install spyware, read emails and destroy files.
They could also break into servers located abroad, if they were being used to block services.
via BBC News – Dutch police may get right to hack in cyber crime fight.
This is no threat to a properly secured system. AV software is not a panacea for securing a system.
Over the years, legislatures and the courts progressively have treated the unauthorized movement of data bits over someone else’s chattel into a “trespass” of that chattel–an activity I’ll call “online trespass to chattels.” For example, many states have enacted computer crime laws that restrict unauthorized use of Internet and telecommunications equipment.
via The Computer Fraud and Abuse Act Is a Failed Experiment – Forbes.
As a result, these proposed changes will end the adverse consequences from the online trespass to chattels experiment while letting chattel owners prevent socially disadvantageous online usage of their chattels.
CloudFlare CEO Matthew Prince tells a harrowing story of warding off the internet attack after Spamhaus hired him—which is certainly true—but warns us of existential threats to the net still lurking out there, like lost Soviet nukes:
via That Internet War Apocalypse Is a Lie.
This would be so terrifying if it weren’t advertising. Prince, of course, is in the business of selling protection against online attacks. And his company is, as far as I can tell, pretty good at this business. But he’s also clearly in the business of scaring people: in his blog post today, he warns that the Spamhaus attack “may prove to be relatively modest” compared to what comes next. Bigger nukes, I suppose.
Here’s an another excerpt on the latest DDoS kerfuffle that made a lot of news recently.
So what’s the answer? Short of shutting down all 27 million resolvers, the Open DNS Resolver Project and others such as DNS service providers Afilias recommend the implementation of source address validation. An IETF RFC, BCP-38, exists that spells out how to use source address validation and build such an architecture to defeat IP source address spoofing.
via Open DNS Resolvers Center Stage in Massive DDoS Attacks | threatpost.
According to the article one component to implementing this requires cooperation from ISPs who may not see this as a priority.
Bloomberg News reports that within the past two weeks security contractors Lockheed Martin and Raytheon have signed an agreement under the Department of Homeland Security’s Enhanced Cybersecurity Services program providing new revenue streams and, more notably, unparalleled access to personal information classified as “U.S. government data.”
via Defense Companies Cash in on Gov’t Hyped ‘Cyber-Security’ Threat | Common Dreams.
The White House has said that it has taken its concerns about cyber-theft to the highest levels of China’s government. China denied the allegations, saying it was also the victim of cyber attacks.
via BBC News – US hackers attacked military websites, says China’s defence ministry.
Ever since our own government’s WWI propaganda machine portrayed the Germans as evildoers intent on raping and pillaging the USA, Washington has managed to make the public fearful about one sort of impending doom or another. When I was a kid we were all going to be blown to smithereens by a Russian nuke. “DUCK and cover!” Then came the domino theory of communist takeovers. There were riots, crime sprees, gangsters, Russians, Communists, evil Birchers, Iraqis, Hezbollah, all out to doom the country.
Now looms the horrible cyberattack from God knows who.
The US congressional panel launched its investigation over concerns that Beijing could use the fast-growing firms for economic or military espionage, or cyber attacks.
via US congress rules Huawei a ‘security threat’.
From the Chicago Tribune via Reuters:
Employee-owned and unlisted Huawei is the world’s second-biggest maker of routers, switches and telecoms equipment by revenue after Sweden’s Ericsson. ZTE ranks fifth. In the global mobile phone sector, ZTE is fourth and Huawei sixth.
Giant US software manufacturer Lotus has been lowering the profile of information about how they have installed an NSA-only trapdoor into e-mail and conference systems used by many European governments, including the German Ministry of Defence, the French Ministry of Education and Research and the Ministry of Education in Latvia.
Much of the information we have on cyber-crime losses is derived from surveys. We examine some of the difficulties of forming an accurate estimate by survey. First, losses are extremely concentrated, so that representative sampling of the population does not give representative sampling of the losses. Second, losses are based on unverified self-reported numbers. Not only is it possible for a single outlier to distort the result, we find evidence that most surveys are dominated by a minority of responses in the upper tail (i.e., a majority of the estimate is coming from as few as one or two responses). Finally, the fact that losses are confined to a small segment of the population magnifies the difficulties of refusal rate and small sample sizes. Far from being broadly-based estimates of losses across the population, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population. A single individual who claims $50,000 losses, in an N=1000 person survey, is all it takes to generate a $10 billion loss over the population. One unverified claim of $7,500 in phishing losses translates into $1.5 billion.