WEEKLY DATA SECURITY NEWS ROUND UP Ed. 12 December 3-7, 2012
WEEK IN NUMBERS
Future of Global Internet Policy Discussed at ClosedDoor Conference in Dubai
190+
- Amount of nations in talks to
discuss the future of the internet
$5 million - Average amount taken each year by “ransomware”
The year 1986 - The last time Congress has passed any laws regarding e-mail and electronic communications privacy
Over 190 nations are meeting for nearly two weeks to cover topics including everything from Internet access regulations, cybersecurity and spam. Photo: Cnet
On the surface, it sounds like a meeting of superpowers that could lead to the end of internet freedom. With many speaking up about the closed-door nature of such an important topic, including the VP of Google, there’s no lack of concern of what this could potentially mean for the future of the Internet. Luckily the reality of the World Conference on International Telecommunications, which opened this Monday and will continue until December 14th, shouldn’t be resulting in anything too drastic. The goal of this meeting is to revise the treaty titled International Telecommunication Regulations which is “intended to facilitate global interconnection and interoperability of telecommunications traffic across national borders.” The ITR was originally drafted up and went through in 1988, and hasn’t been updated since. Everyone can agree the game has changed entirely since 1988 which means this meeting is long overdue, but it’s the closed-door aspect that is the most unsettling. Even still, the majority of the proposals have been released and it all seems like fair game for now. Additionally, all nations have to come to an agreement on a particular issue, no majority rules here. It would be great if the governments and the people were a part of this seemingly very important process, but unfortunately that’s not the case. For now, the rest of us will have to put our ear against the metaphorical big wooden doors and hope that on December 14th, these 190+ nations come to DID YOU KNOW? agreements that will help keep what we have with our global internet safe and not K logix’s ‘Feats of Strength’ restricted. Either way, be on the lookout for the results to this World Conference in an upcoming weekly. Quarterly Report Released Next Week Source: Google, Wired, ITR
Will Cover Many Topics Including the Real Costs in Data Security, So Stay Tuned!
From Bad Comes Good; The Petraeus Affair May Mean a More Secure Inbox for the Rest of Us The messy Petraeus scandal turned Washington into a bad episode of a teenage drama, but the questions raised about the privacy of our cloud communications were very legitimate. And it was just the shove that Washington needed to take a look at how we handle our privacy laws in the cloud and make real progress. The question going through everyone’s head in Washington and elsewhere was this: If a decorated four-star general was dismantled at the hands of Gmail on a whim of a search, what did that mean for the rest of us? David Kravets from Wired explained that the law governing our e-mail is very outdated, and if an e-mail has been sitting in your inbox for over 6 months, consider it free game. The last time this law was addressed was in the Electronic Communications Privacy Act (ECPA) passed in...you guessed it, 1986. We haven’t addressed privacy laws for e-mail in over twenty years. Unsettling to say the least. The Petraeus scandal wasn’t the only catalyst in getting this debate in overdrive, it was more like the straw that broke the camel’s back. Privacy advocates have been battling for years, and companies like Netflix and Facebook have been pushing for the “Video Privacy Protection Act” (VPPA) in order to allow “frictionless sharing” between the two sites (to share what else but consumer information). To piggyback off of the progress with the VPPA, the reforms to the ECPA, which includes the feds and police needing to get a warrant before they can access your e-mail, was tacked right on the bill because of the Petraeus events breathing new life into the debate. So, if Congress goes through with this, everybody on your Facebook will know what movies you’re watching from Netflix, but at least you can rest a little easier knowing that what’s in your inbox will be kept a little more private. Source: Forbes, Wired
Japan’s Space Agency Rocket Information Stolen By a Virus
Obama Signs New ‘Secret’ Directive to Have New Methods in Battling Cybercrime
Japan’s space agency has had information on its newest rocket stolen by a computer virus. Experts say it’s likely an attack from China to get intel on the most recent developments of the rocket.
“Presidental Policy Directive 20” sets new standards to guide the operations of federal agencies in dealing with threats in cyberspace according to several U.S. officials. The president signed off on it in mid-October.
The agency detected the virus with software on November 21st and conducted an emergency sweep, showing no other signs of infection. Sources are still unclear on whether or not the virus was an intended cyberattack, but many suspect it to be the case.
Essentially what this directive boils down to is expanding the government’s reach beyond “Network Defense” meaning inside of only our own networks, and expanding out to “Cyber Operations”, things outside of that space. The saying “The best defense is a good offense” comes to mind.
Countries like China have been very persistent in using cyberattacks to gain intel on technology, and this trend will only continue. In a world where IP can be more valuable than anything else, these efforts will only strengthen. Source: NYTimes
James A. Lewis, a cybersecurity expert, welcomed the directive as an asset for the government’s ability to defend against “destructive scenarios.” The Pentagon is “expected to finalize [the] new rules of engagement” that will serve as a guideline for commanders on how to go outside government networks to prevent cyberattacks. To be clear, these are “defensive cyber operations”, meaning actions that the government would take outside of our networks in order to prevent a severe cyberattack. Offensive cyber operations would be any actions outside of our networks that had the intent of destroying or stealing information that didn’t contribute to our network security, and those operations will still require a much higher level of scrutiny.
DID YOU KNOW? K logix provides Network Vunerability Assessments to make sure your Intellectual Property Stays with You
The new policy also makes it clear that government is still the last resort on any cybersecurity matter, with law enforcement and traditional network defense techniques still taking priority. Despite all the ambiguity and ‘secret’ nature of the Directive, cybersecurity experts see the benefits of it, and it may be just one more small step in improving our nation’s security. Source: Washington Post
‘Ransomware’ on the Rise; Victims Continue to Pay Up
Imagine this coming up on your computer screen. It looks like an official government warning, saying that your computer has been locked due to the IP address visiting “child pornography, zoophilia, and child abuse” sites along with video files of child pornography and violence AND also spam-messages with terrorist motives were sent out from the computer... It would take one messed up person to meet ANY of this criteria, let alone all of them. Luckily, most people can cross themselves off the list of “violent terrorist child pornography and zoophilia enthusiast” so they know it’s a scam. However, ‘knowing’ in this case is not half the battle, in fact it’s none of it. The computer is still locked, and the hacker still has control. There’s two ways to tackle the issue, and one is to simply hand the hacker his demanded amount (which can reach upwards of $400). The issue with this besides the obvious ‘letting the bad guy win’ is that there’s no guarantee he restores your computer, and even if he does you should be smart enough to know that he can re-perform the hack at any point unless you eliminate the virus 100%. Despite these facts, the payout rate ranges anywhere from 2.9% all the way to 15%, so people are giving in to the hackers that have their computers held at gunpoint. With these payouts, the scheme is managing to rack up upwards of $5 million a year! With every payout, it only encourages the hackers to perform more of these ‘ransomware’ attacks, so under no circumstance should anyone pay up. So that really leaves the common level-headed user with one solid solution, go to an expert. It’s hard to say with any amount of standard anti-virus software if you would be able to rid yourself completely of the hack, so the foolproof solution is to get the machine wiped cleaned and reinstall the backup files and software afterwards. With such a cumbersome solution, experts anticipate ‘ransomware’ to stick around for quite some time. Symantec’s director of security response Kevin Haley had this to say: “This is the new Nigerian e-mail scam...we’ll be talking about this for the next two years.” Source: NYTimes, Ars Technica