Sharing Your Netflix Password Could Now Be Considered A Crime
- Judges from the US court appeals for the ninth circuit ruled that sharing passwords is a criminal act.
- The case didn’t directly involve Netflix, but the ruling could definitely be applied to it, along with Mom and Dad’s coveted HBO Go login.
- The case involved a corporate recruiter who launched a competing company after being denied a promotion; he had his former assistant, who still worked at the old company, share her password and give him access to their database.
- Critics say that the way that this decision was written, companies like Netflix may be able to go after average users who share their passwords.
- The majority opinion said this case wasn’t about password sharing, but was rather about getting trade secrets, but Judge Stephen Reinhardt wrote a dissent, saying their decision could be applied to anyone who shares a password.
- He argued that password sharing in itself isn’t that malicious, and shouldn’t be prosecuted as such.
Source: Popular Mechanics, July 11, 2016
Tech Celebrity Gets Hacked
- OurMine, who recently hacked Google CEO Sundar Pichai’s Quora account, took over the Twitter account of Twitter founder and CEO Jack Dorsey.
- OurMine often takes pot shots at their victims for their weak passwords, with Mark Zuckerberg getting called out for using ‘dadada’ as his Twitter password.
- As with OurMine’s other hacks, it looks as though they didn’t get access to Dorsey’s Twitter account directly; all of the posts on Dorsey’s feed came via Vine.
- To reduce your risk of being hacked always use strong passwords, get a password manager, don’t use the same password everywhere, and change them regularly.
Source: Android Authority, July 9, 2016
Senator Questions Pokémon GO Creator Over Data Collection Policies
- Al Franken, the US senator known for championing internet privacy, sent a letter to Niantic Labs, developer of the wildly popular game, demanding to know what data it's collecting from users and sharing with third parties.
- The augment-reality game, which encourages players to go outside and visit specific locations to progress, has become a global phenomenon since its release late last week.
- The app has been downloaded about 7.5 million times in the US, providing $1.6 million in daily revenue from iOS devices alone.
- It was revealed recently that the game gives Niantic full access to users’ Google account, including email, contacts, photos and documents, if they used it to log into the game from an iOS device.
- The Subcommittee on Privacy, Technology, and the Law, wants Niantic to explain how it "collects a broad array of users' personal information," including their account information, location data and cookies.
Source: CNET, July 12, 2016
Privacy Shield Deal U.S. Tech Firms Transfer E.U. Customers
- The Privacy shield is the new commercial data transfer pact between the United States and European Union.
- Governments across the European Union have finally given the green light to a new deal on how consumer data must be transferred with the United States.
- The EU’s top court had struck down the previous data transfer agreement, Safe Harbour, on concerns about intrusive US surveillance – leaving companies, including Google, Facebook and MasterCard, in legal limbo.
- The new framework will underpin over $250bn of transatlantic trade in digital services annually by facilitating cross-border data transfers that are crucial to international business.
- For 15 years Safe Harbour allowed both US and European firms to bypass tough EU data transferral rules by stating they complied with European privacy standards when storing information on US servers.
- Brussels and Washington intensified negotiations to hammer out a replacement for Safe Harbour after the Court of Justice of the European Union declared it invalid because it did not sufficiently protect Europeans’ data from US snooping.
- The United States will create an ombudsman within the state department to field complaints from EU citizens about US spying and has ruled out indiscriminate mass surveillance of Europeans data.
Source: The Guardian, July 8, 2016
Hackers Investing 40% Of Crime Earnings
- Cyber-criminals are investing up to 40 percent of their stolen funds in improving and modernising their techniques and criminal schemas.
- A spokesperson for Russia's Ministery of Communications told SC Magazine that investment of crime proceeds in new attack methods is mainly due to a change of priorities by hackers seen in recent years whereby they are no longer solely interested in attacks on the private bank accounts of individuals, but mainly targeting the breach of correspondent accounts of banks.
- In recent years hackers have become active commissioners of different types of research dedicated to the problems of cyber-safety, usually ordered by them under the guise of legitimate startups or industry analysts.
- The information has helped them conduct massive attacks on the correspondent accounts of banks, as was the case with one of Russia's leading banks, which suffered from such attacks several weeks ago with losses amounting to US$ 20 million.
- It is very important to arrest entire hacker groups, as experience has shown that any gang members that remain free will quickly withdraw the funds and take over the scams of the detained hackers.
- A coordinator of a cyber-attack receives about 40 percent of the amount of stolen, another 30 to 40 percent goes directly to those who withdraw cash from ATMs and send it to the customer.
- Finally, part of the funds are received by people who are finding ways of accessing stolen funds and the malicious software also costs a lot of money, up to US$ 50,000 per program.
Source: SC Magazine, June 30, 2016
From GCHQ To Google: The Battle To Outpace Hackers In The Cyber-Race
- The Metropolitan Police arrived at a house in County Antrim in Northern Ireland to arrest a 15- year-old boy for hacking into the TalkTalk computer network and stealing the personal details of 157,000 customers, including bank account and credit card details.
- The idea that teenagers could overpower a major British corporation inflicting £60 million worth of damage came as a shock to members of the government, businesspeople and the public.
- The UK government announced plans to invest £1.9 billion in cyber security over the next five years, and the EU Commission separately says it will funnel €1.8 billion (£1.5 billion) into the industry by 2020.
- No amount of money will help overcome one of the greatest difficulties in the security industry though: the lack of skilled people. By 2019 there will be a global shortfall of 1.5 million security professionals.
- Heading up the government’s move to train more cyber defenders is spook agency GCHQ, which sponsors academic bursaries, runs summer camps and training days, holds competitions and has created a cyber-excellence accreditation for top universities and masters programmes.
- One of the ways Hypponen, who has been hunting cyber attackers for 25 years, thinks companies can connect with international experts is through bug bounty programmes, which allow ethical hackers who find holes in companies’ computer systems to report them and earn a reward.
- Security experts from the industry, government and national security think artificial intelligence will help develop the defences needed to secure against increasing attacks.
- As attackers take up more sophisticated, automated tools and attack with more frequency, the combination of skilled people and intelligent machines will become even more imperative if breaches such as that against TalkTalk are to be prevented.
Source: Telegraph, July 11, 2016
Why Is Ransomware Becoming So Popular?
- Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key.
- Organized cybercrime is a business just like any other legitimate business; they want to have lowrisk and efficient operations in order to maximize their profits.
- Historically, cyber criminals sought after data types like credit card numbers and personally identifiable information (PII), but the lifecycle of stealing credit card data and other PII is incredibly risky.
- In today’s cybercrime environment, criminals need very small payloads with little to no command and control communication to infect and control their targets.
- The risk of both getting caught in the act of infecting victims with ransomware and getting paid for criminal activities is greatly reduced compared to other cybercriminal activities.
- Additionally, the return on investment for ransomware authors and practitioners is estimated to be over 1,400%.
- Ransomware is an attractive business model for criminals, where consumers have an emotional connection to the data they create, while businesses have a financial connection.
- While the code being exploited and the avenues for infection will change over time, we have to live with the fact that ransomware will be around for a long time.
Source: Tripwire, July 11, 2016