Russian Company Whose Employee Was Charged With Election Meddling Sues Facebook to Have Account Restored

A Russian company known as Federal Agency of News, LLC (FAN), whose accountant was indicted by federal prosecutors for her alleged role in “Project Lakhta” – a Russian interference operation in political and electoral systems targeting populations in, among other places, the United States – has sued Facebook alleging it is a legitimate news outlet whose Facebook account must be restored. On November 20, 2018, FAN and its sole shareholder, Evgeniy Zubarev, commenced suit against Facebook in the United States District Court, Northern District of Continue Reading

Pennsylvania Federal Court Dismisses Law Firm’s Case Against Bank in Social Engineering Cyber Attack

The unfortunately reality of cyber theft is that it’s much like any other type of theft – even if the criminal is caught, it’s unlikely that the ill-gotten gains will ever be fully recovered. There are simply too many ways to hide their destination or make them disappear. This often means the victim will seek other avenues for recouping losses, including filing a civil action against entities or individuals who allegedly could have helped prevent the theft. In the case of O’Neill, Bragg & Staffin, Continue Reading

The Glacial Movement of Global Cybersecurity

In the pastoral setting of Le Manoir Richelieu in Charlevoix, Quebec, G7 Summit partners met to discuss a broad spectrum of topics, including the shared values of freedom, democracy, the rule of law, a mutual respect for human rights and common commitment to promote a rules-based international order. Amidst the discussions of freedom, democracy and, yes, tariffs, world leaders issued a “Charlevoix G7 Summit Communique,” which advised: “We will work together to enforce existing international rules and develop new rules where needed, to foster a… Continue Reading

The Yahoo Class Action: Plaintiff’s Bar Finds a New Cottage Industry

The only “surprise” in the Yahoo class action complaint, filed Friday, September 23, 2016, is that Yahoo issued a press release announcing the breach a mere one day earlier.  The class action complaint, undersigned by three law firms in San Francisco, Boca Raton, and New York, seeks certification for: “All persons within the United States whose personal information was accessed following the data breach that Yahoo announced in a press release on September 22, 2016.”  Indeed, the complaint makes a number of allegations relating directly… Continue Reading

Judge Rules No Standing to Pursue Fear Of “Hacker Harm”

Last week a judge in the Southern District of Illinois trimmed several claims from a class action complaint made against Chrysler and Harman International Industries stemming from a 2015 WIRED magazine article. The July 21, 2015 WIRED article described the author’s experience of being a “digital crash-test dummy, a willing subject on whom [two hackers] could test the car-hacking research they’d been doing over the past year.” Less than two weeks after the article was published, on August 4, 2015, the plaintiffs filed their class… Continue Reading

CISA Passes as Part of Omnibus Spending Bill

Congress recently passed the Cybersecurity Information Sharing Act of 2015 (CISA) as part of Division N of H.R. 2029, Public Law 114-113 the Consolidated Appropriations Act, 2016, (CAA). As previously reported, on October 27, 2015 the United States Senate passed a different version of CISA, S.754, which without requiring such information sharing, would create a system for federal, state and local agencies to receive threat information from private companies in real time and for the private sector to receive such information in addition and as… Continue Reading

Iranians Use Cellular Modem to Hack Suburban NYC Dam

Any machine, if it’s connected to the internet, can be hacked; including the automated equipment controlling dams, steel mills and nuclear power facilities. As we previously reported here, criminals were able to take control of a German steel mill’s computerized production system, forcing an unscheduled shut-down causing “massive damage” in 2014. Likewise, in 2010, a cyberattack was able to disable Iran’s uranium enrichment centrifuges by targeting the software installed in the electronic equipment. This week, the Wall Street Journal reported that in 2013, Iranian… Continue Reading

PwC Issues 2015 Cybercrime Survey Results

“It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with… Continue Reading

Two GAO Reports Detail Deficiencies and Improvements in Thwarting Cyber Crimes

The Government Accountability Office (GAO) recently issued two reports on battling cyber threats that are useful for both private and public entities. The first report, issued July 2, 2015, was entitled Cybersecurity: Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information. In that report, the GAO noted that while, “[d]epository institutions obtain cyber threat information from multiple sources, including federal entities such as the Department of the Treasury (Treasury)[,] [r]epresentatives from more than 50 financial institutions… Continue Reading

Can A SAFETY Act Designated Product Provide Cyber-Attack Liability Protection?

“So if you use FireEye’s product you basically are prevented from being sued in the criminal justice system of America, which can save a lot of money.” According to CEO Dave DeWalt’s recent comments, it sounds like the U.S. Government stamped FireEye with a seal of approval — a ringing endorsement that’s worth a closer look.  FireEye, Inc. was issued “Certification” under the SAFETY Act for its Multi-Vector Execution (MVX) Engine and Cloud Platform.  It isn’t the only SAFETY Act approved technology; DHS’s website… Continue Reading