Trey Herr, Senior Research Associate, sat down with NBC News this week to discuss the latest coordinated cyber attacks on US infrastructure.
Watch here
|
|
Follow us on Twitter:
@gwCSPRI
Follow CSPRI co-Director, Lance Hoffman:
@lancehoffman1
Follow CSPRI co-Director, Costis Toregas:
@DrCostisToregas
|
|
|
|
EVENT RECAP:
Cybersecurity, Encryption, "Going Dark",
and the Broader Issues
|
 |
|
|
Andrew Sondern,
The New York Times |
Last Thursday, we hosted experts in law, policy and academia to discuss the implications of the ongoing Apple v. FBI battle over iPhone encryption. Speakers weighed the risks of creating national security blind-spots, infringing upon constitutional rights, and paving a way for hackers to access
and control citizens' devices. Here is the recording:
S
peakers also argued about ways to safeguard data privacy concerns. The next day, the
Christian Science Monitor Passcode
reported that the FBI claimed to be working with an anonymous "third party" to gain access to the San Bernardino shooter's iPhone. Sources identified Cellebrite, a major player in the growing mobile forensics market, as the FBI's key to unlocking Apple devices. Does Cellebrite really have the answers the FBI has been looking for? Will this new development cool off a growing debate between the tech community and the US government? See Cellebrite's user-friendly data extraction demo here:
For more technical detail on how the forensic analysis might be done (and effectively bypass Apple's 10-strikes-and-you're-out safeguard) click
here.
|
|
Cyber Security and Privacy News
|
- The Justice Department said last week that it might no longer need Apple's assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year, The New York Times reported. "The disclosure led a judge to postpone a court hearing over the issue and temporarily sidesteps what has become a bitter clash with the world's most valuable publicly traded company," Katie Benner and Matt Apuzzo wrote. "In a new court filing, the government said an outside party had demonstrated a way for the F.B.I. to possibly unlock the phone used by the gunman, Syed Rizwan Farook. The hearing in the contentious case - Apple has loudly opposed opening the iPhone, citing privacy concerns and igniting a heated debate."
- The Justice Department has unsealed indictments against seven Iranians - allegedly working on behalf of the Iranian government, including the Iranian Revolutionary Guard Corps, a branch of Iran's armed forces - who are suspected of conducting distributed denial-of-service attacks against dozens of American banks as well as attempting to seize control of Bowman Dam outside New York City, reports GovInfoSecurity.
The DoJ also brought
criminal charges against three alleged members of the Syrian Electronic Army - a hacking group that supports embattled Syrian President Bashar al-Assad - for a years-long campaign of digital attacks, The Washington Post
reports. "The charges against 22-year-old Ahmad Umar Agha, also known as 'The Pro' online; 27-year-old Firas Dardar, whose online name is 'The Shadow'; and 36-year-old Peter Romar, known by the alias Pierre Romar, were unsealed Tuesday," wrote Ellen Nakashima and Andrea Peterson. "Agha and Dardar were charged with a criminal conspiracy in relation to a string of attacks targeting media companies, as well as various government agencies.
- The Federal Trade Commission has issued warnings to 12 Android app developers that use audio beacons to track consumers across their devices and monitor TV viewing habits, according to the Electronic Privacy Information Center (EPIC). "The smartphone apps contain Silverpush software that constantly listens for inaudible signals emitted by TV commercials and secretly collects and transmits viewing data," EPIC notes. The organization says the announcement appears to be a response to two earlier complaints filed by EPIC with the Commission. EPIC previously urged the FTC to limit cross-device tracking technology that links consumers' smartphone activity with what they see on their laptop or television.
- Verizon's latest Data Breach Digest includes an interesting anecdote about an unnamed water utility that experienced a cyber attack that reportedly altered the chemical settings on a water treatment plant. Softpedia reports that the water utility "noticed that, for a couple of weeks, its water treatment center was behaving erratically, with chemical values being modified out of the blue." Read more here. The Verizon Breach Digest is downloadable here.
Ironically, while the Verizon unit that published that breach digest is responsible for helping organizations respond to and clean up the mess from cybersecurity breaches, Verizon was forced to acknowledge its own breach last week. Investigative reporter Brian Krebs contacted Verizon Enterprise after reportedly encountering someone on a cybercrime forum selling the entire customer contact database for 1.5 million Verizon Enterprise customers. Verizon confirmed that intruders had used a vulnerability in the Verizon Enterprise portal to steal the customer data. Read Krebs's full story
here.
The Cyber Security and Privacy Research Institute (CSPRI) is a center for GW and the Washington area to promote technical research and policy analysis of problems that have a significant computer security and information assurance component. More information is available at our website, http://www.cspri.seas.gwu.edu.
|
 |
|
|
Upcoming
Cyber Security & Privacy Events
|
Click
here for detailed descriptions
- Mar. 29, 8:00 a.m. - 4:30 p.m.
,
Insider Threat Development Training
-
Mar. 29, 1:00 p.m. - 4:00 p.m.
,
Meeting of the Privacy Multi-stakeholder Process on Facial Recognition
Technology
-
Mar. 30, 8:30 a.m. - 11:15 p.m.
,
Public Policy Briefing on Privacy Regulation After Net Neutrality
-
Mar. 31, 9:00 a.m. -
10:30 p.m.
,
Decoding the Encryption Dilemma: A Conversation on Backdoors, Going Dark, and Cybersecurity
-
Mar. 31, 4:00 p.m. - 5
:30p.m
,
Cyber Risk Thursday: Smart Designs for Smart Homes
-
Apr. 1, 10:00 a.m. - 12 noon
,
The Emerging Law of 21st Century War
-
A
pr. 5,
Billington Cybersecurity International Summit
|
|
|
