Risk News

Google now offers special security program for high-risk users
"Today, Google rolled out a new program called Advanced Protection for personal Google accounts, intended to provide much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers, and others seeking their personal data."
Annie's take:

Hoping that Google has been test driving this program before rolling it out!
JP Morgan security chief warns that cyber defences ‘will fail’
"Major financial institutions have been told to focus less on the prevention of cyber attacks and more on dealing with the inevitable breaches by a panel of security experts."
Annie's take:

Nice to see the "assumption of breach" framework espoused elsewhere.
Banks, Cryptocurrency Exchanges and Critical Infrastructure are Forecast to be the Most Likely Targets for Hacking in the Near Future - According to Group-IB Hi-Tech Crime Trends Report
"In the next year, the main point of losses for banks from cyber-attacks will be not theft of money, but destruction of their IT infrastructure during the final stages of a targeted hacking attack."
Annie's take:

A grim forecast indeed.
North Korean Hack of U.S. War Plans Shows Off Cyber Skills
"The techno soldiers of Kim Jong Un are growing more aggressive in defending North Korea’s supreme leader against threats from Donald Trump and South Korea."
Annie's take:

We Asked Facebook 12 Questions About the Election, and Got 5 Answers
"Nearly a year after Election Day, Facebook’s role in our modern political infrastructure is finally coming into focus."
Annie's take:

This is the part of Silicon Valley culture that is obtuse. Read on.
Secret Service nixes personal mobile devices in West Wing after Kelly hack
"After it came to light that the smartphone of White House Chief of Staff Gen. John Kelly was hacked by potentially by foreign operatives, the Secret Service reportedly has put the kibosh on personal devices in the West Wing."
Annie's take:

I am surprised there was not already such a policy in place in the White House.
Yahoo breach underscores importance of heeding risk factors, renews interest in legislation
"That the 2013 Yahoo breach tripled – to three billion - the number of affected accounts previously reported demonstrates the far-reaching and ongoing impact of an undetected hack, underscores the cost of unexamined risk, points to the dangers of neglecting vulnerabilities and will likely renew calls for federal data breach notification legislation, information security professionals said in the aftermath of the revelation by Verizon Communications, which acquired Yahoo earlier this year."
Annie's take:

The cost of unexamined risk well described in this article.
America as a Killing Field
"In the past month, our screens have been overwhelmed with stories of images of misery, injury and death – first from three devastating hurricanes from which it will take years to recover and to rebuild both homes and infrastructure; and more recently, from indelible images of the largest mass shooting in modern U.S. history."
Annie's take:

Is it possible to create a federal registry of guns by registering them? If we can track terrorists with sophisticated registries and tools, why not apply those tools to this terrible problem in our society?
The End of Privacy
"We learned on Tuesday that three billion Yahoo email accounts were compromised in 2013. In early September, it was Equifax’s 143 million credit reports. Just a few months before that, we learned 198 million United States voter records were leaked online in June."
Annie's take:

"In practice, this means that we can no longer expect a meaningful difference between observability and identifiability — if we can be observed, we can be identified." Interesting recommendation going forward.
Is It Lights Out For Kaspersky After Latest NSA Disaster?
"How long can Kaspersky survive the assault on its business in America?"
Annie's take:

A little more context.
Russian Hackers Stole NSA Data on U.S. Cyber Defense
"Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter."
Annie's take:

If there was any doubt earlier about Kapersky antivirus, it should be resolved now. This is a staggering breach that happened in 2015, not discovered until last year. How much else has been compromised?
Facebook Estimates 10 Million Users Saw Russian-Backed Ads
"Facebook Inc. on Monday said it estimates 10 million people saw ads it has discovered on its platform paid for by Russian entities, but warned that it may not have uncovered all malicious activity that attempted to interfere in the American political process."
Annie's take:

Is this statistically significant?
The Equifax Hack Has the Hallmarks of State-Sponsored Pros
"In the corridors and break rooms of Equifax Inc.'s giant Atlanta headquarters, employees used to joke that their enormously successful credit reporting company was just one hack away from bankruptcy."
Annie's take:

Despite being warned by the feds, the patch did not get made. And now millions will pay the price.
People Are Worried About DHS Plans To Gather Social Media Info
"Federal officials are planning to collect social media information on all immigrants, including permanent residents and naturalized citizens, a move that has alarmed lawyers and privacy groups worried about how the information will be used."
Annie's take:

We should probably not be surprised by this move. It is consistent with the views and values of the administration. The question is whether or not it is constitutional.