There was a lot going on this week, so the Monday Morning JETLawg has been broken down into topics. Monday is cybercrime and cybersecurity; Tuesday is copyright, intellectual property (IP) policy generally, government technology, and government IP; Wednesday is surveillance and censorship; Thursday is sports, entertainment, and the arts; and Friday is e-currency, e-discovery, and the technology industry.

Cybercrime & Cybersecurity:

  • New malware: Prominent security researcher Dragos Ruiu, who organizes CanSecWest and PacSec, and who founded Pwn2Own, has been reporting on a fascinating new strain of malicious software he calls badBIOS. He paints a picture of fantastically advanced malware that has been infecting his machines, hopping air gaps, modifying the boot systems (BIOS and UEFI) of his computers, and even facilitating communications between infected computers using ultrasonic networking: that’s right, hopping from machine to machine using built-in speakers and microphones. While all of these techniques have been demonstrated in the lab, no one has publicly reported seeing them in the wild before — with the possible exceptions of Stuxnet and Flame. But other security researchers have not yet validated his claims, and some have argued against the idea that such extensive functionality could be housed in the space-limited BIOS-infecting malware.
  • VIP data theft: Cyber criminals attack a limousine and town car service, absconding with personal and financial information about prominent CEOs, lawmakers, and celebrities. [H/T Hoyt Kesterson of Terra Verde Services]
  • Tax refund fraud: Identity thieves defrauded the IRS out of $4 billion in tax refunds last year, even after the agency’s internal controls prevented the issuance of $12 billion in fraudulent refunds and resolved 565,000 cases of identity theft. [H/T David Navetta of Info Law Group]
  • Silk Road is back: The Silk Road, an illicit website that sells drugs and illegal services, and is accessible only through the anonymizing Tor network, is back online. Authorities unsealed previously filed charges against the (alleged) owner Ross William Ulbricht last month, and the website was shut down at that time. [H/T SANS]
  • Silk Road attempted murder: Meanwhile, the man (allegedly) targeted for death by Ulbricht after working for a short time as a site administrator for Silk Road broke his silence. Although he was only willing to answer certain questions (because of his ongoing criminal prosecution), he did reveal some of the details surrounding his history with the site, as well as authorities’ efforts to fake his death so that Ulbricht would think the hit had been successfully carried out. [H/T Reddit]
  • Youthful indiscretions: A 12-year old Canadian becomes the youngest person ever to be charged with illegal computer hacking. Members of the shadowy hacking group Anonymous apparently gave him pirated video games in exchange for his service.
  • Fixing software security one bug at a time: Google, Facebook, Microsoft, and several other technology companies join forces to create a new bug bounty program to reward security researchers who identify software vulnerabilities that affect a large number of internet users — including third-party software and even open-source software. The program covers common software across numerous categories: web application languages Ruby, PHP, Perl, and Python; the “sandbox” features of Chrome, Internet Explorer, and Flash; the sandboxes protecting Microsoft Windows, Linux, and OS X; the web servers Apache httpd and Nginx; the widely used encryption library OpenSSL; and a catch-all category for bugs affecting large swathes of the internet. This comes on top of Google’s recent announcement that it would offer bounties for improvements (software patches) submitted to certain open-source software projects at the core of the internet.
  • Regulating information security: Arguments are heard on a motion to dismiss in the ongoing information security regulation case Wyndham v. FTC. Although the FTC has sued several companies over lax data security standards, Wyndham is the only one to decline a consent decree and challenge the FTC’s statutory authority to regulate data security companies apply to consumer information.

–Brad Edmondson

Image Source

Comments are closed.