The #DataInsecurity Digest | Issue 95

/by

Federal contractors look to weaken Android cybersecurity as Trump Administration makes plans to beef up offensive cyber operations

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note:

The U.S. is ramping up its offensive cyber operations abroad. However, cyber anxieties steadily grow at home as Baltimore city government continues to grapple with the aftermath of their devastating ransomware attack.

Good news on the cyber front was in short supply this week. Senate Majority Leader Mitch McConnell (R-KY) is reportedly telling colleagues that he plans on blocking all election security legislation regardless of party sponsorship–despite Russia’s continued efforts to hack election systems. Senator Merkley (D-OR), for one, isn’t sitting still. He’s pressing U.S. auto manufacturers for information on their data collection and data security practices.

And now, on to the clips!

—————–

Bolton: U.S. to expand offensive cyber operations. Previously, the United States “had been primarily focused on stopping election interference.” Now, White House national security adviser John Bolton, “intends to expand offensive operations in cyberspace to counter digital economic espionage and other commercial hacks…” (Source: Wall Street Journal)

Federal contractor known for breaking into iPhones turns attention toward Android. A startup that reached fame for helping agencies like U.S. Immigration and Customs Enforcement (ICE) break into iPhones, Grayshift, will now also work to thwart the cybersecurity of Android phones. Grayshift CEO David Miles recently revealed that, “the most logical next step would be [to hack] some of the more modern Android devices, from Samsung and Google…” (Source: Forbes)

Mitch McConnell blocks election security legislation. In the wake of Russia’s interference in the 2016 presidential election, many Republicans and Democrats have worked together to beef up election security. However, Senate Majority Leader Mitch McConnell (R-KY) has reportedly told his colleagues that “he will not allow the Senate to vote on election security legislation this session.” (Source: Sludge)

Breach Du Jour: Evite. The social planning and e-invitation website has suffered a breach that compromised around 10 million users’ accounts. A hacker on the dark web is now “selling ten million Evite user records that include full names, email addresses, IP addresses, and cleartext passwords.” (Source: ZDNet)

One-third of data breaches could have been easily prevented with DNS firewalls. @GlobalCyberAlln found that the installation of domain name system (DNS) firewalls that “prevent users from visiting malicious sites,” could have stopped “between $150-200 billion in cybercrime losses annually.” (Source: Global Cyber Alliance)

Quick hit: More than one in five Americans has considered canceling their plans to attend an event due to cyber or physical security concerns. (Source: Unisys Security Index)

Baltimore update: City of Baltimore still unable to send out water bills. Residents will again not receive water bills this month as the city struggles to return to normal operations in the wake of a ransomware attack on May 7, 2019. In total, the attack is now estimated to have “cost the city more than $18 million.” (Source: The Baltimore Sun)

Senator Merkley investigates car manufacturer’s data collection practices. After a study discovered that cars can collect 25 GB of data per hour, Senator Merkley (D-OR) wrote a letter to leading car manufacturers to discover “whether or not their cars collect personal data from drivers, what data they collect, who owns that data, and whether data collected is securely stored to protect consumers’ privacy.” (Source: Office of Senator Jeff Merkley)

Upcoming Events

June 27, 2019: Federal Trade Commission’s PrivacyCon – Washington, DC
Each year, the Federal Trade Commission (FTC) convenes a group of privacy experts, academics, policymakers, and regulators to discuss the latest research surrounding consumer privacy and data security. (Source: Federal Trade Commission)

National Consumers League
Published June 20, 2019