Computer Security Theater

 Article:   “US imposes sanctions on Russia over cyber-attacks,” Yahoo! News . [Online]. Available: https://news.yahoo.com/us-poised-sanction-russia-cyber-041015589.html. [Accessed: 18-Apr-2021]. On April 18, 2021, the United States announced sanctions against Russia for its efforts to interfere in the 2020 election and for carrying out the Solar Winds hack.  In the announcement, the USA specifically blamed the Russian intelligence agency SVR for the hack. The sanctions target 32 Russian officials for trying to influence the 2020 election.  Additionally, 10 ambassadors were expelled and barred US financial institutions from doing business with Russian entities. This announcement harkens back to two previous entries of this blog on the Solar Winds Hack and Hacking as Statecraft .

 Article:   P. H. O'Neill, “Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy,” MIT Technology Review , 26-Mar-2021. [Online]. Available: https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/. [Accessed: 29-Mar-2021]. This article details the fallout and debates the ethics of Google's Project Zero Team and Threat Analysis Group circumventing and announcing the circumvention of a hacking ring operated by an ally of the United States.  According to the article, these two teams already devote a lot of resources to the circumvention of hackings by state sponsors actors associated with North Korea, Russia, and China, but that there is some concern within the company about whether they should interfere with the efforts of governments friendly to the USA. Some people in the industry believe that it's important to publicize information about the exploits so others ...

Article:  A presentation I did on the subject located at:  https://www.youtube.com/watch?v=bMvcYxKnvm0 For my Computer Security class individual project, I used the famous Equifax hack as a way to examine data breach notification laws.  I used this specific event due to the size of the hack and the amount of media coverage.  I chose this subject because my information has been subject to many different data breaches and I wasn't notified in many of them.  I wanted to know why. I first looked at the notification requirements in the United States and found that there is no one requirement for notification.  It varies by state and sometimes by economic sector.  Additionally, it can vary based on what type of information was involved.  I found that Minnesota, where I live, has one of the least restrictive notification statutes and doesn't actually have a time limit.  Louisiana, with a 60 day time limit, is middle of the road.  Colorado,...

Article: Greenberg, Joshua C, Mahmoud R Altawil, and Gurjit Singh. “Letter to the Editor—Lifesaving Therapy Inhibition by Phones Containing Magnets.” Hearth Rhythm Journal, January 7, 2021. https://www.heartrhythmjournal.com/article/S1547-5271(20)31227-3/fulltext On February 25, 2021, Apple released a service bulletin stating that there was a risk of the Mag Safe adapter on the iPhone 12 interfering with the magnetic fields of implanted pacemakers and defibrillators.(1)   The bulletin came after medical professionals at various medical organizations tested whether the Magsafe Adapter on the phone interfered with pacemakers and defibrillators.  Much to the concern of the medical professionals, it did.   Greenberg, Altawil, and Singh described the test thusly: The first author (JG) raised concerns regarding possible device–device interaction due to the presence of a strong magnetic array in the iPhone and MagSafe compatible cases. We thus tested this interact...

Article:   Johnson, Kevin. “'Criminal Syndicate with a Flag': North Korean Intel Operatives Charged in Hacking Campaign.” USA Today. Gannett Satellite Information Network, February 17, 2021. https://www.usatoday.com/story/news/politics/2021/02/17/us-charges-north-korean-intel-operatives-global-hacking-campaign/6781478002/. On February 17, 2021, the U.S. government charged three intelligence officials from the government of North Korea for participating in a global hacking campaign to steal $1.2 billion in crypto and regular currency.  According to the article, the investigation started after the 2014 Sony Pictures hack that led to the leaking of the movie The Interview but widened as investigators discovered what was described in the article as "a criminal syndicate with a flag representing the North Korean government."  The investigation also led to charges against a private citizen who was charged with organizing gangs of people using cloned ATM cards to steal mill...

 Article: Evans, Jack. “Someone Tried to Poison Oldsmar's Water Supply during Hack, Sheriff Says.” Tampa Bay Times. Tampa Bay Times, February 10, 2021. https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/.  Businesses like Equifax aren’t the only entities vulnerable to hackers.  Water treatment plants can be too.  Case in point:  the hacking of the Oldsmar, FL water treatment plant.   On February 6, 2021, employees at the Oldsmar city water treatment plant noticed something strange:  the sodium hydroxide (lye) level had been changed in the computer managing the treatment plant into add 100 times more of the chemical to the water.  Lye is added to the water to control acidity but it is poisonous in higher levels.  Fortunately, the employees were able to change the lye level back to normal levels immediately before any damage was done.  Even if the employee hadn’t noticed...