UNM4SK3D: FBI, Equifax, and Net Neutrality

Profile image for olynch
October 6, 2017 | Views: 4759

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

#iphone

Judge Tanya Chutkan for the United States District Court for the District of Columbia ruled that the FBI does not have to release the details about how much it paid and who was hired to unlock the San Bernadino terrorist’s iPhone 5C in 2016.

You may recall the tragic San Bernadino incident occurred on December 2, 2015, in which 14 people were killed and 22 others were seriously injured. This attack consisted of a mass shooting and  attempted bombing at the Inland Regional Center in San Bernardino, California. The perpetrators, a married couple Syed Rizwan Farook and Tashfeen Malik, targeted a San Bernardino County Department of Public Health training event and Christmas party of about 80 employees in a rented banquet room. This event sparked a privacy debate as the FBI pressured Apple to unlock Farook’s iPhone, which the ‘Big A’ declined. Eventually, the FBI was able to unlock the phone and the latest judgment sided with their reasoning that the need for national security outweighed the public’s right to know how the phone was cracked.

Prior to the ruling, a few media outlets including The Associated Press, Vice Media, and Gannett filed a Freedom of Information Act (FOIA) requested to compel the agency to reveal how and how much taxpayers paid to have the phone cracked. The lawsuit claimed there was no legal basis to keep that information secret as the FBI received government funds and is supposed to act in the public’s interest. “While the Justice Department argued information on the device was valuable, Apple said having a way to unlock its customers’ encrypted devices to give access to such data would be tantamount to a backdoor.” Even before Chutkan’s ruling, the FBI refused to go on record and disclose the amount paid. Estimates were placed around $1.3 million in light of comments from former FBI Director James Comey in which he hinted the undisclosed third party made more than he would make in seven years at his job.

It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber-attack. The FBI’s conclusion that releasing the name of the vendor to the general public could put the vendor’s systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one. -Judge Chutkan

For an overview of the original debate, read ‘Apple’s Battle Privacy.’

#wtf

On October 2nd, Equifax’s interim CEO announced that 2.5 million additional Americans were impacted by the security breach which occurred over the summer, bringing the grand total to 145.5 million affected individuals. 

As a refresher, this breach affected US and Canadian consumer data including the names, social security numbers, dates of birth, addresses, and in some cases, drivers license numbers. It was made possible by the use of an Apache Struts vulnerability exploited in the wild, apparently discovered by financial services firm Baird. According to Equifax, investigators didn’t find any additional vulnerabilities. The extra 2.5 million Americans figure came “during Mandiant’s completion of the remaining investigative tasks and quality assurance procedures built into the investigative process.” Richard Smith, Equifax’s former CEO, blamed the breach on a combination of “human error and technology failures.” In the wake of these ‘failures,’ there were many incidents which made matters worse, perhaps most notably that Equifax’s consumer-facing website for the breach was put hosted on a separate domain from the main Equifax website and the multiple times Equifax tweeted the wrong URL directing consumers to the wrong website to check if they were part of a breach.

Despite this horrific security blunder by Equifax, it appears the company has received a $7.25 million contract from the Internal Revenue Service (IRS) to verify the identities of taxpayers and provide fraud prevention services, says a Politico report. Equifax was awarded this deal under a no-bid contract on Sept. 30, the end of the fiscal year for the federal government. Many politicians including the Senate Finance chairman have openly expressed their disapproval on this contract. A review of Smith’s hearing before the U.S. House Committee on Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection indicates how ill-prepared the organization appears in regards to security and incident response.

In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed. -Orrin Hatch, (R-Utah) and Senate Finance chairman

To read the full report, check out this previous edition of ‘UNM4SK3D.’

#bots

It appears bots are working to tip the scales on the net neutrality debate in favor of doing away with the Federal Communications Commission’s (FCC) 2015 Open Internet Order. 

The Open Internet Order forbids internet service providers (ISPs) from discriminating against rival services or charging consumers and businesses more to use an internet ‘fast lane.’ The purpose is to provide equal use of the internet to all individuals. According to a poll from Freedman Consulting, 73% of Republicans, 80% of Democrats, and 76% of Independents support net neutrality and want to keep the Open Internet Order. Thanks to bots, whose purpose is to obscure the opinion of humans, public thought on net neutrality have been made less clear as about 18% (3,863,929) of the comments submitted to the FCC website and through its API were ‘unique’ out of over 21.8 million.

It appears many of those comments were from automated astroturfing bots and favored doing away with net neutrality, despite the Freedman poll’s findings. Bot-generated comments such as the one below appeared more than 1.2 million times and many complained about the fake comments. The net neutrality debate is still being waged, and it appears the internet noise has had little impact on the way the decision will sway, at least for now.

The unprecedented regulatory power the Obama Administration imposed on the internet is smothering innovation, damaging the American economy and obstructing job creation.

I urge the Federal Communications Commission to end the bureaucratic regulatory overreach of the internet known as Title II and restore the bipartisan light-touch regulatory consensus that enabled the internet to flourish for more than 20 years.\n\nThe plan currently under consideration at the FCC to repeal Obama’s Title II power grab is a positive step forward and will help to promote a truly free and open internet for everyone.

Take a look back at an early edition of ‘UNM4SK3D’ where changes to net neutrality were first introduced.

#factbyte

According to the 2017 Cybersecurity Survey by Clutch, 94% of large businesses in the U.S. have a cybersecurity policy and 70% plan to invest more in cybersecurity. 

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share and Earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Save
+1
7
0
Use Cybytes and
Tip the Author!
Join
Share and Earn
Cybytes
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Be the Best at Whatever You Do.
We Have the Tools to Get You There.
Visit the NEW Marketplace of Over 500 Skill Enhancement Tools.
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

UNM4SK3D: WPA2, ATMs, and RSA Keys
Views: 438 / October 20, 2017
New Attack Against WPA2 “KRACK”
Views: 760 / October 20, 2017
How To Be Security Conscious
Views: 1119 / October 19, 2017
External IP Address Search Using Python Source Code
Views: 2428 / October 18, 2017
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel