Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Friday, November 3, 2023

An Apparent Cyberattack Hushes the British Library; The New York Times, November 3, 2023

 Alex Marshall, The New York Times; An Apparent Cyberattack Hushes the British Library

"Tasmina Islam, a lecturer in cybersecurity education at King’s College London said in an email that the motivation for attacking a library could be financial.

“Cybercriminals can access a lot of information from a library, including users’ personal data,” she said. Libraries also “store electronic books, research articles and various intellectual properties, all of which cybercriminals can exploit for illegal distribution,” Islam added.

The British Library incident “served as a warning for other libraries and institutions to assess their own security measures thoroughly,” she said."

Wednesday, May 4, 2022

Chinese hackers took trillions in intellectual property from about 30 multinational companies; CBS News, May 4, 2022

 NICOLE SGANGA, CBS News; Chinese hackers took trillions in intellectual property from about 30 multinational companies

"A yearslong malicious cyber operation spearheaded by the notorious Chinese state actor, APT 41, has siphoned off an estimated trillions in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

A new report by Boston-based cybersecurity firm, Cybereason, has unearthed a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia. 

"We're talking about Blueprint diagrams of fighter jets, helicopters, and missiles," Cybereason CEO Lior Div told CBS News. In pharmaceuticals, "we saw them stealing IP of drugs around diabetes, obesity, depression." The campaign has not yet been stopped.

Cybercriminals were focused on obtaining blueprints for cutting-edge technologies, the majority of which were not yet patented, Div said.

The intrusion also exfiltrated data from the energy industry – including designs of solar panel and edge vacuum system technology. "This is not [technology] that you have at home," Div noted. "It's what you need for large-scale manufacturing plants.""

Friday, July 17, 2020

Russia Is Trying to Steal Virus Vaccine Data, Western Nations Say; The New York Times, July 16, 2020

, The New York Times; Russia Is Trying to Steal Virus Vaccine Data, Western Nations Say

"Chinese government hackers have long focused on stealing intellectual property and technology. Russia has aimed much of its recent cyberespionage, like election interference, at weakening geopolitical rivals and strengthening its hand.

“China is more well known for theft through hacking than Russia, which is of course better now for using hacks for disruption and chaos,” said Laura Rosenberger, a former Obama administration official who now leads the Alliance for Securing Democracy. “But there’s no question that whoever gets to a vaccine first thinks they will have geopolitical advantage, and that’s something I’d expect Russia to want.”"

Wednesday, February 26, 2020

Feds to US Firms: Watch Out for Employees Trying to Steal Trade Secrets for China; PC Mag, February 26, 2020

Michael Kan, PC Mag; Feds to US Firms: Watch Out for Employees Trying to Steal Trade Secrets for China

"“It’s not a spy versus spy game anymore,” said William Evanina, Director of the National Counterintelligence and Security Center, during the panel. “This is the businessman, the engineer, the scientist, the student, the professor.”...

To stop the intellectual property theft, the feds are urging US companies to protect against insider threats, which can be spurred on both by foreign governments and domestic rivals, they noted. But the answer isn’t to profile employees or stop hiring staffers from certain countries, [John] Demers[US Assistant Attorney General for National Security] said. He suggests companies develop internal systems that can track when employees are accessing sensitive company files, which can help pinpoint when a IP theft might be occurring. For example, if a soon-to-be ex-staffer is suddenly accessing a huge trove of a confidential documents, the system should immediately flag the download to company administrators."

Friday, January 31, 2020

Users Lament PAIR Changes During USPTO Forum; IP Watchdog, January 30, 2020

Eileen McDermott, IP Watchdog; Users Lament PAIR Changes During USPTO Forum

"Jamie Holcombe, Chief Information Officer at the U.S. Patent and Trademark Office (USPTO), seemed surprised to learn on Wednesday that both the Public and Private versions of the USPTO’s Patent Application Information Retrieval (PAIR) System have serious issues that are making workflows untenable for users.

Holcombe was participating in a public Forum on the PAIR system, where USPTO staff listened to stakeholders’ experiences since the Office implemented major security changes to the system on November 15, 2019. “The USPTO disabled the ability to look up public cases outside of a customer number using Private PAIR,” explained Shawn Lillemo, Software Product Manager at Harrity LLP, who attended the Forum. “Most patent professionals prior to the change could retrieve all the PAIR information they needed from Private PAIR. That is no longer true.”"

Tuesday, January 14, 2020

Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law; Forbes, January 13, 2020

Thomas Brewster, Forbes; Apple Lawsuit Against Cyber Startup Threatens ‘Dangerous’ Expansion Of Copyright Law

"As Apple and Corellium head towards mediation talks, the iPhone maker has been criticized for “dangerous” claims that the cybersecurity startup has broken copyright laws. Critics say the lawsuit could lead to an expansion of U.S. copyright law and legally endanger software creators and security researchers tinkering with Apple tech.

Corellium “virtualizes” Apple iPhones. In other words, it creates software-only versions of the devices, helping researchers and developers better test hacks or the functionality of apps. For instance, if a developer wanted to see whether their app crashes iOS or breaks a phone entirely, they won’t have to restart or buy a new iPhone if they can just spawn a new software version at speed.

But Apple believes this amounts to illegal replication of its famous phone."

Monday, December 17, 2018

It’s not a trade war with China. It’s a tech war.; The Washington Post, December 14, 2018

Michael Morell David Kris, The Washington Post; It’s not a trade war with China. It’s a tech war.

"Michael Morell, a Post contributing columnist, is a former deputy director and twice acting director of the Central Intelligence Agency. David Kris is a former assistant attorney general for national security and co-founder of Culper Partners consulting firm.

The United States is in an escalating technological cold war with China. It’s not centered on tariffs and trade, which President Trump often cites; instead, it involves both China’s use of technology to steal information and the theft of technology itself."

Tuesday, July 24, 2018

My terrifying deep dive into one of Russia's largest hacking forums; The Guardian, July 24, 2018

Dylan Curran, The Guardian; 

My terrifying deep dive into one of Russia's largest hacking forums


[Kip Currier: I had a similar reaction to the author of this article when I attended a truly eye-opening 4/20/18 American Bar Association (ABA) IP Law Conference presentation, "DarkNet: Enter at Your Own Risk. Inside the Digital Underworld". One of the presenters, Krista Valenzuela with the New Jersey Cybersecurity and Communications Integration Cell in West Trenton, New Jersey, did a live foray into the Dark Web. The scope of illicit activities and goods witnessed in just that brief demo was staggering and evoked a feeling that scenes of "black market" contraband and "bad actors" endemic to dystopian sci-fi fare like Blade Runner 2049 and Netflix's Altered Carbon are already part of the present-day real-world.]

"It’s fascinating to see how this community works together to take down “western” systems and derive chaos and profit from it. Typically, hackers in first-world countries are terrified to work together due to the multiplicative risk of a group being caught. In Russia, however, the authorities don’t seem to care that these hackers are wreaking havoc on the west. They are left to their own devices, and most users on this forum have been regular members for over six years.

A lot of the information on this forum is incredibly worrying, even if a lot of it is harmless 15-year-olds trying to be edgy and hack their friend’s phones. In any case, it’s important to know these communities exist. The dark underbelly of the internet isn’t going anywhere."

Thursday, August 3, 2017

To Protect Voting, Use Open-Source Software; New York Times, August 3, 2017

R. James Woolsey and Brian J. Fox, New York Times; To Protect Voting,Use Open-Source Software

"If the community of proprietary vendors, including Microsoft, would support the use of open-source model for elections, we could expedite progress toward secure voting systems.

With an election on the horizon, it’s urgent that we ensure that those who seek to make our voting systems more secure have easy access to them, and that Mr. Putin does not."

Friday, February 24, 2017

Second Internet of Things National Institute; American Bar Association, Washington, DC, May 10-11, 2017

Second Internet of Things National Institute

"A game-changer has emerged for businesses, policymakers, and lawyers, and it's called the "Internet of Things" (IoT). It's one of the most transformative and fast-paced technology developments in recent years. Billions of vehicles, buildings, process control devices, wearables, medical devices, drones, consumer/business products, mobile phones, tablets, and other "smart" objects are wirelessly connecting to, and communicating with, each other - and raising unprecedented legal and liability issues.

Recognized as a top new law practice area, and with global spending projected to hit $1.7 trillion by 2020, IoT will require businesses, policymakers, and lawyers (M&A, IP, competition, litigation, health law, IT/outsourcing, and privacy/cybersecurity) to identify and address the escalating legal risks of doing business in a connected world. Join us in Washington, D.C., on May 10 - 11, 2017, for our second IoT National Institute, which will feature:
Overviews and demos of the powerful technology driving the legal and liability issues
Practical guidance and the latest insights on the product liability, mass tort, big data, privacy, data security, intellectual property, cloud, and regulatory issues raised by IoT
Dynamic new additions: a mock trial, a tabletop exercise, a corporate counsel roundtable, and niche issue mini-updates.
Two full days of CLE credit (including ethics credit), plus two breakfasts, two lunches (with keynote speakers), and a cocktail reception.
Our distinguished faculty includes prominent legal and technical experts and thought-leaders from companies, government entities, universities, think-tanks, advocacy organizations, and private practice. Organized by the American Bar Association's Section of Science & Technology Law, the IoT National Institute offers an unparalleled learning and networking opportunity. With billions of devices and trillions of dollars in spending, IoT is a rapidly growing market that everyone wants to get in on."

Saturday, February 4, 2017

'This is the new reality': Panelists speak for Pitt cyber security institute; Pittsburgh Post-Gazette, 2/3/17

Chris Potter, Pittsburgh Post-Gazette; 

'This is the new reality': Panelists speak for Pitt cyber security institute:


[Kip Currier: This was a fascinating and informative panel at the University of Pittsburgh on February 2, 2017, discussing cyberhacking, efforts to identify hackers and hacker-sanctioning actors/nation states, and responses to hacking threats and incidents.

Two comments (which I'll paraphrase below, without benefit of a transcript) by panelist and Russian journalist Andrei Soldatov, stood out for me:

1. Vladimir Putin's Russia has deftly understood and exploited the distinction between "cybersecurity" and "information security" (the West, Soldatov contends, has focused more on the former).

2. Under Stalin, technical training in Soviet universities and technical institutes did not include study of ethics and the humanities (largely relegated to those in medical professions).]

"The precise identity and motivations of the hackers who leaked sensitive Democratic emails during last year’s presidential election may never be known. But they left fingerprints that were familiar to Andrei Soldatov, a journalist who has written about Russia’s security state for the past 20 years.

Like much of the propaganda back home, Mr. Soldatov said at a University of Pittsburgh panel discussion Thursday, “It’s not about building the positive narrative, it’s about building the negative narrative. … To say everyone is corrupt and no one can be trusted — people will accept this.”

Mr. Soldatov was one of four panelists convened by Pitt’s fledgling Institute of Cyber Law, Policy, and Security and its new director, former U.S. Attorney David Hickton. The discussion drew a few hundred people to the first public event for the center, which focuses on cybercrime and cybersecurity."

Friday, December 23, 2016

IBM's Astonishing Patent Strategy Shows Where It's Going Next; Nasdaq, 12/23/16

Prableen Bajpai, Nasdaq; IBM's Astonishing Patent Strategy Shows Where It's Going Next:
"IBM (IBM) is set to top the list of patent holders for the 24th year in a row in the U.S. This is no ordinary feat. IBM is the only company to have ever exceeded over 7,000 U.S. patent grants during a single year. During 2016 year-to-date, IBM has already crossed the 7,000-patent mark for the third consecutive year.
Against this backdrop, IBM is fundamentally reorganizing its business, leaving behind the image of ‘hardware, software, services’ company to emerge as a leader in ‘cognitive solutions and cloud computing.’ Here’s a look at how IBM is transforming its business, changing its patent portfolio and re-inventing to be IBM 2.0...
Patents are like the seeds of technological innovations that were planted years ago with a futuristic vision in mind. IBM has been active in doing so and what we see today in practice are the saplings. The real rewards will come with time but IBM is making sure that it keeps planting those seeds for the future."

Sunday, November 20, 2016

Berners-Lee raises spectre of weaponized open data; Naked Security, 11/4/16

Bill Camarda, Naked Security; Berners-Lee raises spectre of weaponized open data:
"Whether data is coming from governments or corporations – and whether it’s formally “open” or simply “widely available” like AP’s Twitter feed – it’s increasingly vulnerable to deliberate falsification.
But, for governments and others who believe in the open data movement, it’s no longer enough to protect privacy when they release data, or even to ensure its quality and consistency – already significant challenges.
From now on, they’ll need to protect it against deliberate sabotage, too."

Tuesday, July 21, 2015

Ashley Madison, a Dating Website, Says Hackers May Have Data on Millions; New York Times, 7/20/15

Dino Grandoni, New York Times; Ashley Madison, a Dating Website, Says Hackers May Have Data on Millions:
"Under American copyright law, Ashley Madison has the power to scrub away private user information leaked in the breach and posted to other websites. On Monday, the company said that it had been doing just that to protect the identities of those who have used Ashley Madison.
But that may be a race that it cannot win. Paul Ferguson, senior adviser for Trend Micro, a security software provider, said that information on Ashley Madison, deleted in one online forum, is beginning to bubble up in others.
“Once something is published on the Internet,” he said, “it’s there forever.”"