Read. Learn. Share


February 6, 2021

Drone Swarms Are Getting Too Fast For Humans To Fight, U.S. General Warns

General John Murray, head of Army Futures Command, told a webinar audience at the Center for Strategic & International Studies that humans may not be able to fight swarms of enemy drones and that the rules governing human control over artificial intelligence might need to be relaxed.

“When you are defending against a drone swarm, a human may be required to make that first decision, but I am just not sure any human can keep up,” said Murray. “How much human involvement do you actually need when you are [making] nonlethal decisions from a human standpoint?”

This indicates a new interpretation of the Pentagon’s rules on the use of autonomous weapons. These require meaningful human control over any lethal system, though that may be in a supervisory role rather than direct control – termed ‘human-on-the-loop’ rather than ‘human-in-the-loop.’ 


Building Your Personal Privacy Risk Tolerance Profile

If you want to improve your online privacy, you’re supposed to “use Signal, use Tor.” The clichéd phrase, now five or so years old, was meant to be a sardonic joke underscoring the need for more nuanced online security and privacy advice. But even as the humor became lost on security practitioners (not to mention the general public), the point remains an important one: There’s a lot more to managing your online data privacy than just using an end-to-end encrypted messaging platform (Signal) and a network based on onion routing (Tor). 

While using Signal and Tor do provide varying degrees of security, anonymity, and privacy depending on how they’re used, there is much more to improving online privacy. In the absence of strong consumer privacy regulations and enforcement, software tools to enhance user privacy have thrived. There are numerous browser add-ons to reduce the personal information that data brokers collect, apps to encrypt and reroute Web traffic, and websites to help figure out who’s tracking you.

Your Personal Privacy Risk Assessment

However, it’s no small feat and not very effective to start using a bunch of apps simply because they’re supposed to be good at protecting privacy, says Lorrie Cranor, professor, and director of the CyLab Security and Privacy Institute at Carnegie Mellon University. There are no cookie-cutter models, she says.


Breach Data Highlights a Pivot to Orgs Over Individuals

Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware.

That’s according to a new report, out Jan. 28 from the Identity Theft Resource Center, which estimates that more than 300 million individuals were affected by data breaches in 2020, a large number but a drop of 66% over the previous year. In addition, the number of reported data breaches fell to 1,108, a decline of 19% over 2019.

Because more than half of workers shifted to remote work during the year, many expected data breaches to increase, but instead, cybercriminals became more focused, says James Lee, chief operating officer of the ITRC.


Facebook “Supreme Court” overrules company in 4 of its first 5 decisions

The Oversight Board, an independent organization, set up to review Facebook’s content moderation decisions, handed down its first batch of rulings on Thursday. The rulings didn’t go well for Facebook’s moderators. Out of five substantive rulings, the board overturned four and upheld one.

Most technology platforms have unfettered discretion to remove content. By contrast, Facebook decided in 2019 to create an independent organization, the Oversight Board, to review Facebook decisions, much as the US Supreme Court reviews decisions by lower courts. The board has an independent funding stream, and its members can’t be fired by Facebook. Facebook has promised to follow the board’s decisions unless doing so would be against the law.


State reps try to ban Comcast data cap and price hikes until pandemic is over

In response to Comcast imposing a data cap on Massachusetts residents, state lawmakers have proposed a ban on data caps, new fees, and price increases on home-Internet services for the duration of the pandemic.

The legislation was filed on Tuesday this week by Democratic state representatives Andy Vargas and Dave Rogers. Vargas called the bill a “response to Comcast Internet data cap plans,” while Rogers said the goal is “to push back at Comcast and any other service providers who try to raise prices or fees during a pandemic.” Verizon FiOS and RCN also provide Internet service in Massachusetts but do not impose data caps.

Vargas and Rogers previously led a group of 71 Massachusetts lawmakers who urged Comcast to halt enforcement of its 1.2TB monthly data cap, arguing that the cap hurts low-income people and is unnecessary because of Comcast’s robust network capacity. While Comcast already enforced the data cap in 27 states for several years, the cable company brought the cap to the rest of its territory—an additional 12 states including Massachusetts and the District of Columbia—this month. Comcast is easing-in enforcement so that the first overage charges for newly capped customers will be assessed for data usage in the April 2021 billing period. (Update: The grace period has reportedly been extended until August.)


Every crazy thing that happened in Apple and Facebook’s privacy feud today

Today, Apple announced plans to finally roll out its previously delayed change in policy on apps’ use of IDFA (ID for Advertisers) to track users for targeted advertising. The feature will be in the next beta release of iOS 14 (the company just rolled out the public release of iOS 14.4 this week) and will reach all iOS devices supported by iOS 14 “in early spring.”

Apple made the announcement with a white paper and Q&A targeted at its users. To illustrate the benefits Apple claims the change will offer to users, the document describes in detail a typical scenario where a father and daughter would have data about them tracked and updated while doing normal, everyday things in the current digital ecosystem.

Apple’s document goes on to explain Apple’s stated philosophy on user data protection and privacy, and it announces the release window for this upcoming change. 

The document explains the change this way:

App Tracking Transparency will require apps to get the user’s permission before tracking their data across apps or websites owned by other companies. Under settings, users will be able to see which apps have requested permission to track so they can make changes as they see fit.

Apple also provided an FAQ about the feature. Among other things, it clarifies that app developers will not be able to require users to allow tracking in order for those users to gain access to the “full capabilities” of the app.

Apple first announced these plans at its developer conference last June, and at that time, it intended to launch the feature alongside iOS 14 and the iPhone 12. But in September, Apple delayed implementation and enforcement of this new tracking policy until 2021 in order to give businesses and apps dependent on advertising more time to manage the transition.


30% of “SolarWinds hack” victims didn’t actually use SolarWinds

When security firm Malwarebytes announced last week that it had been targeted by the same attacker that compromised SolarWinds’ Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used “another intrusion vector” to gain access to a limited subset of company emails.

Brandon Wales, acting director of the US Cybersecurity and Infrastructure Agency (CISA), said nearly a third of the organizations attacked had no direct connection to SolarWinds.

Many of the attacks gained initial footholds by password spraying to compromise individual email accounts at targeted organizations. Once the attackers had that initial foothold, they used a variety of complex privilege escalation and authentication attacks to exploit flaws in Microsoft’s cloud services. Another of the Advanced Persistent Threat (APT)’s targets, security firm CrowdStrike, said the attacker tried unsuccessfully to read its email by leveraging a compromised account of a Microsoft reseller the firm had worked with.


Ransomware Payoffs Surge by 311% to Nearly $350 Million

Ransomware payments using cryptocurrency surged 311% in 2020, nearing a total volume of $350 million, as cybercriminals gravitated to crypto-locking as the easiest way to turn compromised systems into cash, blockchain analysis company Chainalysis stated in an analysis this week.

While ransomware payments through cryptocurrencies are skyrocketing, cybercrime overall is accounting for less volume of digital currency transactions, the company stated. Cybercrime transactions using cryptocoins dropped by more than half to $10 billion, but because overall cryptocurrency transaction volume increased, the share of cybercrime dropped even more precipitously to account for only 0.34% of all cryptocurrency transactions in 2020, down from more than 2% in 2019.

The data demonstrates that, while ransomware has become a greater problem, cryptocurrency continues to expand its markets, says Kim Grauer, head of research at Chainalysis.

“Cryptocurrency has a reputation as being driven by cybercrime, speculation and tax-avoidance strategies,” she says. “But it’s increasingly being used as a store of value both in developed markets where asset managers are entering the space and in emerging markets.”