Month: October 2020

Daily Digest (10/30)

Ransomware Attacks Threaten US Hospital Systems, FBI Warns

Federal agencies have released an alert warning that cybercriminals have unleashed a wave of data-scrambling extortion attempts on the U.S. health care system, affecting hospital-information systems.

The Wednesday report said malicious hacking groups were targeting hospitals and health care providers, which could hurt patient care, particularly in the wake of the COVID-19 pandemic, The Associated Press reports.

“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, chief technical officer of the Mandiant cybersecurity firm.

Officials said the attacks used ransomware to scramble data to lock systems until targets paid ransoms.

This week alone the ransomware attacks have disrupted five U.S. hospitals, security officials told AP.

In the last 18 months, cities from Baltimore to Atlanta have experienced ransomware hits to local governments, schools and, now, health care systems.

Sources (all links external):

Wikipedia Locks Presidential Page a Week Before US Election

Wikipedia locked down its U.S. presidential election page Tuesday in order to combat election disinformation a week before Nov. 3.

The free online encyclopedia relies heavily on unpaid volunteers and the Google and Amazon tech platforms to provide information, Reuters reports.

“We’re not worried about vandals who want to just mess up an article in order to cause a little trouble,” Ryan Merkley, chief of staff at the Wikimedia Foundation, told Reuters.

“We’re really worried about coordinated actors … trying to find a way to disseminate information.”

Wikipedia has given access to certain editors to update the presidential information. Otherwise, it will be locked down until the election is over, Reuters reports.


$2.3M Allegedly Stolen by Hackers, WISGOP Says

The Wisconsin Republican Party said Thursday that hackers stole $2.3 million from the party’s account that was used to help reelect President Donald Trump.

State Party Chairman Andrew Hitt told The Associated Press that officials noticed suspicious activity last Thursday and told the FBI the next day.

“The FBI is not permitted to confirm or deny an investigation,” an FBI spokesman told AP.

The alleged hack was discovered less than two weeks before Nov. 3, as President Trump and Democratic rival Joe Biden made their final pushes to win Wisconsin and its 10 electoral votes, according to AP.

Hitt also warned other state parties to watch for election-related cyberattacks, but said he was unaware if other state GOP was targeted.


Report: UK Agency Not Holding Companies Accountable for Breaking Rules

The U.K. Information Commissioner’s Office (ICO) continues to struggle in collecting monetary fines from companies that have breached information-rights laws, according to Freedom of Information (FOI) data.

Data from last year revealed that ICO had yet to collect payments from 2015, totaling more than $9 million in unpaid fines, Infosecurity reports.

In more recent findings, FOI data showed that only nine of the 21 fines leveled between January 2019 and August of this year have been paid.

Henry Cazalet, director of the SMS Works texting service, told Infosecurity that the agency had the resources to collect the payments.

“The ICO does, after all, employ over 500 staff in four offices across the U.K., so it’s not short of manpower,” Cazalet said. 

Cazalet alleged that companies still could break privacy rules easily, arguing that ICO should levy smaller fines for a better chance of receiving the payments, Infosecurity reports.


— By DPN Staff

UK’s Privacy Law Overhaul Could Damage Post-Brexit Economy

By Robert Bateman

The U.K. government is planning a significant overhaul of its privacy laws in a move that experts told Digital Privacy News risked damaging the country’s economy and relations with the European Union.

The government’s national data strategy, published last month, says that the U.K. “will control its own data protection laws and regulations in line with its interests” after the country’s transition out of the EU.

Continue reading “UK’s Privacy Law Overhaul Could Damage Post-Brexit Economy”

Daily Digest (10/29)

US Charges 8 in Alleged Chinese Surveillance Effort 

The U.S. Justice Department charged eight people with working on behalf of the Chinese government to coerce a New Jersey man wanted by Beijing to return to China to face charges, officials said Wednesday. 

Five were arrested Wednesday and were accused of participating in a covert operation that officials said was built on intimidation, bullying and “very disturbing” tactics to pressure targets sought by Beijing, The Associated Press reports.

In a case filed in U.S. District Court in Brooklyn, the eight men were charged with conspiring to act as illegal agents for China.

The defendants were accused of participating in a Chinese government operation known as “Fox Hunt,” created to help Beijing locate fugitives abroad for legitimate purposes, according to AP.

But U.S. officials say the practice has been used to go after dissidents and political opponents. 

The campaign included surveillance and online harassment of the man’s adult daughter, as a well as a note left on his front door threatening his family. 

“Without coordination with our government, China’s repatriation squads enter the United States, surveil and locate the alleged fugitives and deploy intimidation and other tactics to force them back into China, where they would face certain imprisonment or worse following illegitimate trials,” Assistant Attorney General John Demers said in announcing the charges.

The Chinese Embassy in Washington did not return a request for comment, AP reports. 

Sources (all external links):

Issues Laid Bare as Facebook, Twitter, Google CEOs Are Grilled by GOP Senators

U.S Lawmakers were split at a U.S Senate hearing Wednesday on how to hold Big Tech accountable under Section 230 of the Communications Decency Act, which protects companies from liability over content posted by users. 

The CEOs of Twitter, Facebook and Google argued that the law was crucial to free internet expression, saying Section 230 gave them the tools to balance between preserving free speech and moderating content, Reuters reports.

But they appeared open to suggestions that the law needed moderate changes.

In a claim that angered some Republicans, the CEOs also agreed that the companies should be held liable if the platforms act as a publisher, though they denied claims that the platforms were referees over political speech. 

Sen. Ted Cruz, R-Texas, went after Twitter CEO Jack Dorsey, who claimed that his company had no influence over the elections.

“Who the hell elected you and put you in charge of what the media are allowed to report and what the American people are allowed to hear?” Cruz asked, referencing the decision to block stories earlier this month from The New York Post about the son of Democratic presidential candidate Joe Biden. 

But Hawaii Democratic Sen. Brian Schatz said he had no questions, calling the hearing “nonsense,” Reuters reports. 


Microsoft: Iranian Hackers Posed as Conference Organizers

Iranian hackers have been posing as conference organizers in Germany and Saudi Arabia to break into the email accounts of “high-profile” people, Microsoft claimed Wednesday. 

The company said it had detected attempts by the hacking group it calls “Phosphorus” to trick former government officials, policy experts and academics, The Associated Press reports. 

The targets, according to Microsoft, included more than 100 prominent individuals who were invited by the hackers to the Munich Security Conference — attended by world leaders each February — and the upcoming Think 20 Summit, in Saudi Arabia.

“We believe Phosphorus is engaging in these attacks for intelligence-collection purposes,” Tom Burt, Microsoft’s security chief, told AP.

“The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries,” he said.

Microsoft did not identify the nationalities of the people targeted, but said the activity was not related to next week’s U.S. election. 


NSA Avoids Questions on ‘Backdoors’ in Tech Products 

The U.S. National Security Agency has rebuffed efforts by a leading congressional critic to determine whether it has been placing software backdoors into commercial technology products.

The so-called backdoors enable the NSA and other agencies to scan large amounts of traffic without warrants, Reuters reports.

Three former intelligence officials told Reuters that the agency had developed new rules for such practices after the Edward Snowden leaks in 2013.

But aides to Oregon Sen. Ron Wyden, a leading Democrat on the Senate Intelligence Committee, said the NSA had stonewalled the efforts to understand the new guidelines.

“Secret encryption backdoors are a threat to national security and the safety of our families,” Wyden told Reuters. “It’s only a matter of time before foreign hackers or criminals exploit them in ways that undermine American national security.

“The government shouldn’t have any role in planting secret backdoors in encryption technology used by Americans.”

Agency officials declined to say how it had updated its policies on obtaining special access to commercial products. 

“At NSA, it’s common practice to constantly assess processes to identify and determine best practices,” Anne Neuberger, head of NSA’s Cybersecurity Directorate, told Reuters. 

“We don’t share specific processes and procedures.”


By DPN Staff

Experts Split on Calif.’s Prop 24

By Patrick W. Dunne

California residents will vote Tuesday on a divisive privacy initiative: Prop 24, also known as the California Privacy Rights and Enforcement Act.

Alastair Mactaggart, the San Francisco developer, wrote and financed Prop 24 to enhance or adjust provisions of his previous initiative, the California Consumer Privacy Act of 2018 (CCPA).

Prop 24 would require businesses to provide customers with an opt-out regarding the collection of their private data and would limit how that information is used and stored.

“Prop 24 aims to give California privacy-first protection like Europe has under the General Data Protection Regulation since 2016,” Mactaggart told Digital Privacy News.

Continue reading “Experts Split on Calif.’s Prop 24”

CEOs Queried Again Amid Rift in Bipartisan Moves to Control Big Tech

By Jackson Chen

Big Tech CEOs again are testifying before Congress — this time on Wednesday — about how they run their companies, but now they are in front of a Republican-led panel of the U.S. Senate.

CEOs from Twitter, Google and Facebook will be questioned by the Senate Committee on Commerce, Science and Transportation on the liability shield that companies operate under, as well as its content-moderation practices and effect on consumer privacy.

Specifically, the session will discuss how Section 230 of the Communications Decency Act offers online platforms immunity from the content that’s published by its users and if it has allowed tech giants to enable unintended behavior. 

Continue reading “CEOs Queried Again Amid Rift in Bipartisan Moves to Control Big Tech”

Where the 2020 Presidential Candidates Stand on Privacy

By Rachel Looker

The 2020 presidential election is a week away — and with it comes the chance for each candidate to determine the direction of data-privacy issues for the next four years.

From regulating social media platforms to enacting stronger privacy legislation, either Republican President Donald Trump or former Democratic Vice President Joe Biden may get the chance to shape the future of digital privacy if re-elected or elected to office.

“When we’re sitting here in January 2021, we will continue to see both the new Congress and the next administration discuss data privacy in some way,” Jennifer Huddleston, director of technology and innovation policy at the American Action Forum (AAF), told Digital Privacy News. 

Continue reading “Where the 2020 Presidential Candidates Stand on Privacy”

Q&A: Sen. Roger Wicker, R-Miss.

Americans Deserve ‘Full Accounting’ From Big Tech CEOs on Their Practices

By Jeff Benson

Nearly two weeks ago, The New York Post published what it deemed a bombshell story allegedly linking Hunter Biden to a Ukrainian-influence campaign on his father, then-Vice President Joe Biden.

Many social media users didn’t hear about it until later.

Twitter blocked the article for purportedly breaching its privacy policies, while Facebook slowed down dissemination so the report could be fact-checked.

The incident put further strain on Section 230 of the Communications Decency Act, which gives online publishers broad discretion to moderate content submitted by users.

Continue reading “Q&A: Sen. Roger Wicker, R-Miss.”
Filed under: