Mark Zuckerberg to testify before Congress
On Wednesday April 11, Zuck himself will appear on live television and face what many expect to be a “grilling” from members of Congress, upset with the way his company has handled consumer’s private data over the years. As the day approaches, more and more information continues to surface that exposes deep mishandling and collecting of data. Zuckerberg has been on the defense, seeking to explain in safe terms the business model of Facebook, and how he plans to fix the problem, possibly with the help of federal regulation. He’ll also face questions about the platform’s influence on society, and how they plan to halt the spread of misinformation and “fake news”. Zuck is no stranger to Capitol Hill, but in light of the recent Cambridge Analytica scandal, we can expect the mood to be a little different on this visit.
Ransomware strain from 2015 hits city of Atlanta.
If you watch the news, you’re probably well aware of the recent Ransomware attack that, “brought Atlanta to its knees”, according to The Hill. A month has yet to pass since the SamSam Ransomware, first observed in 2015, successfully shut down Atlanta’s online services and held city data ransom for $51,000. Information continues to emerge that indicates the intrusion was far more extensive than initially thought. Certain services in the city were completely shut down for days after the attack, leaving residents unable to pay utility bills, and police to write out all reports by hand.
The SamSam strain of Ransomware is unique in the sense that it doesn’t disguise itself in phishing scams, which is a common tactic for many of the recent variants that have targeted the healthcare and education industries. Instead, SamSam relies on system vulnerabilities, particularly weak passwords. Once the malware gains access to a network, it covertly spreads laterally before beginning to encrypt any data. In Atlanta’s case, their systems were unable to detect the malware intrusion before it had a chance to spread throughout the network and stage the infection.
Many taxpayers were infuriated and pointed out that the city had failed to pay any heed to multiple security warnings that were sent months before the infection. It has become clear to them that the government is not taking network and data security seriously, as illustrated by the fact that they could have eliminated this threat back in 2016. Couple that with the fact that when compared to other industries, government ranked 16 of 18 in terms of cybersecurity. It is nearly every day that you wake up to a new headline that exposes the latest security breach at a well-known company. Attacks like this one really call into question the strategies and level of attention that the government gives to cybersecurity and whether it’s sufficient.
9 Iranians charged in $3.4 billion cyber theft.
As part of an extensive state-sponsored cyber theft campaign, nine Iranians have been charged by the Justice Department with breaching the computer systems of the US Department of Labor, the FERC, the UN, and the states of Indiana and Hawaii. The campaign targeted universities, government entities and companies in the US and abroad, resulting in over 31 terabytes of stolen information. This information is valued at a whopping $3.4 billion, and includes academic research in technology, medicine and other sciences. Deputy Attorney General Rod Rosenstein pointed out that these individuals acted in accordance with the Iranian government: "For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps," he said. The nine suspects remain in Iran, but Rosenstein has assured us that publicly identifying these cybercriminals “helps deter state-sponsored computer intrusions by stripping them of anonymity and imposing consequences.”
Tom X. McShane
317 251 7920