There is a new trend apparently emerging to defend against data loss and data damage as a result of external hacking. Some organizations have been removing their sensitive data from the Internet or isolating such data on “private” networks. This trend reminds me of Willie Sutton’s answer when he was asked, “Why do you rob banks?” His answer was, “Because that’s where the money is.” If this trend is real and if it spreads further, expect the hackers to simply move from external hacking to insider hacking. If you ask a hacker, “Why do you rob computer systems?”, he or she would likely answer, “Because that’s where the data is.” I doubt hackers care whether it requires an external hack or an insider hack. As you will see later, removing or isolating sensitive data from the Internet has apparently not stopped the CIA from being either the hack-er or the hack-ee. Continue reading Insider Attacks Are A Bigger and Harder Threat?
Editor’s intro: The Internet of Things (IoT) has become a hot topic because of unprecedented cybersecurity problems that have caused massive outages of key Internet services. IoT devices can help improve the lives of individuals, but lack of market incentives has led to huge cybersecurity vulnerabilities that threaten to undermine national infrastructure and public trust. Prof. Kevin Fu was invited to a U.S. House Hearing by Chairman Greg Walden of the Subcommittee of Communication and Technology and Chairman Michael Burgess of the Subcommittee on Commerce, Manufacturing, and Trade to discuss IoT vulnerabilities and what might be done about them. We are pleased to present a copy of his testimony. Continue reading Dealing with Infrastructure Disruption: IoT Security
By now almost everything that can be said about the Apple-FBI riff has been said. The FBI wants to open the San Bernardino terrorist’s iPhone and Apple’s CEO Tim Cook wants to secure iPhones everywhere. It is a defining struggle that we knew would eventually take place as the U.S. government (USG) deploys every counter-terrorism technique they can think of, and Apple deploys every privacy and security technique they can think of. Continue reading Tim Cook at the Pearly Gates
When authorities realized the Paris terrorists used strong encryption to send messages to one another they went off the encryption deep end. Now, many nations are considering legislation to ban strong encryption. If strong encryption is banned, only terrorists will have it. Moreover, restricting strongly encrypted speech over the Internet would be a victory for the terrorists. After all, one aim of terrorism is to scare us into giving up our freedoms. Once we give up our freedom to communicate privately we are sliding down the slippery slope of despotism—and the terrorists win. Continue reading The Backdoor is a Victory for Terrorists