Re-Thinking the U.S. Government’s Approach to Cybersecurity

Are the “cybersecurity” tools used by the CIA and NSA causing harm to U.S. businesses and citizens? An analysis of the WikiLeaks materials, and recent hacker activity, suggests the answer may be yes. This month, it was revealed that at least 40 cyber attacks on organizations in 16 countries were conducted with top-secret hacking tools, according to security researcher Symantic Corporation. While not formally blaming the CIA, Symmantic said it connected these attacks to the CIA hacking tools obtained by WikiLeaks, and that the targets… Continue Reading

Judge Rules No Standing to Pursue Fear Of “Hacker Harm”

Last week a judge in the Southern District of Illinois trimmed several claims from a class action complaint made against Chrysler and Harman International Industries stemming from a 2015 WIRED magazine article. The July 21, 2015 WIRED article described the author’s experience of being a “digital crash-test dummy, a willing subject on whom [two hackers] could test the car-hacking research they’d been doing over the past year.” Less than two weeks after the article was published, on August 4, 2015, the plaintiffs filed their class… Continue Reading

Millions Exposed in Multiple Heath Data Breaches

This summer, millions of medical patients have learned that their personal information, including names, addresses, birthdates, Social Security numbers, Medicare or health plan ID numbers, and some medical information (conditions, medications, procedures and test results) may have been exposed as a result of two separate security breaches. California’s UCLA Health announced on July 21, 2015 that their information system has been attacked, possibly beginning in November 2014, and that the unencrypted medical information of over 4.5 million patients may have been accessed.  This latest breach… Continue Reading

Senator Seeks Answers from President on White House Cyber Attack

Chairman of the Senate Committee on Commerce, Science and Transportation, John Thune, has sent an open letter to President Obama to address the cyber attack on the White House’s unclassified computer system in late-2014. The breach, allegedly by Russian hackers, was according to Senator Thune “more extensive than previously known,” and accessed “a great deal of sensitive information, such as schedules, policy discussions, and e-mails sent and received by” Mr. Obama, “including exchanges with ambassadors.” Following increased attacks across Executive Branch departments and agencies, Mr.… Continue Reading

Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs.  Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10… Continue Reading

Hackers Charged with Stealing 1 Billion E-mail Addresses

The U.S. Department of Justice has unsealed indictments against three hackers for having broken into eight email service providers (ESPs), stealing 1 billion email addresses and names, and receiving $2,000,000 for the sale of products to those email addresses through a “spam” sales scheme. According to the indictments filed with the U.S. District Court for the Northern District of Georgia, Canadian David-Manuel Santos Da Silva and Viet Quoc Nguyen and Giang Hoang Vu from Vietnam used an email phishing scheme beginning in 2009 to gain… Continue Reading

Digital Cloning: Hacking Your Fingerprints

While your biometrics may be as unique as a snowflake, they can still be digitally captured, copied and used to gain access to your “secure” computer network and data storage facilities.  Using standard photos taken during a press event in October and commercially available software, a 31-year-old member of Europe’s largest association of hackers successfully re-created a digital fingerprint of German defense minister Ursula von der Leyen.  The digital print could then be used not only to fool security software, but with the increasing sophistication… Continue Reading

Hacker Gains Control of German Steel Mill Operations

The  German Federal Office for Information Security (BSI) has issued a report revealing that a sophisticated hacker was able to take control of a steel mill’s computerized production system, forcing an unscheduled shut-down that caused “massive damage” to the physical plant. By using targeted emails, known as “spear phishing,” employees were tricked into opening messages that extracted login names and passwords and transmitted that information to the hacker without detection. The hacker, in turn, used the data to gain limited control of the… Continue Reading

Cy-“Burned” – The New Importance of Cyber Insurance

Data breaches that result in the unwanted dissemination of personal information are prevalent in the news of late, particularly given the rapid growth of electronically stored information and online commerce. A data breach can be very, very expensive even for the smallest of companies. This post was originally published on Professional Liability Matters. Please click here to read the rest of the article written by Seth L. Laver, Jessica L. Wuebker, and Matthew D. Cabral.… Continue Reading

Don’t Let Love Lead to a Loss

“Better to have loved and lost than never to have loved at all.”  Alfred Lord Tennyson probably did not have computer operating systems in mind when he wrote this famous line. Come April 2014, however, those who aren’t willing to end their love affair with Windows XP may lose big. Windows XP was long the favorite operating system for companies.  However, it was also well-known for its vulnerabilities and that Microsoft actively serviced XP providing patches for these vulnerabilities.  On April 8, 2014, Microsoft… Continue Reading