Cyber Brief - 2/27/12

This Week’s Top Stories

WHITE HOUSE UNVEILS CONSUMER PRIVACY BILL OF RIGHTS

The Obama administration released its "blueprint" for a consumer privacy bill of rights (CPBOR), outlining basic protections consumers should expect from firms handling their personal information. Online privacy has become increasingly important, experts say, as more companies operating in cyberspace are collecting user data for a variety of purposes, especially targeted advertising. The White House called on the business community and relevant stakeholders to develop and adopt codes of conduct around these principles, and proposed Congress enact legislation applying the CPBOR to industries not currently subject to federal data privacy laws. (White House, PDF, NextGov)

The announcement coincided with news that several internet giants including Google, Microsoft, and Yahoo, as well as hundreds of digital advertising companies, agreed to voluntarily introduce a "Do Not Track" button that will allow users to prohibit web advertisers from monitoring them. The FTC has been urging web companies to implement such an option for months. (The Hill)

On February 22, the Attorneys General from thirty-six states sent a letter to Google CEO Larry Page protesting the company's new privacy policy, claiming the changes would require users to provide their information without an ability to opt out. Google has said the new policy is simpler and will enable it to improve services for users of its products. (PC World)

WIKILEAKS PUBLISHES STRATFOR EMAILS

WikiLeaks has begun publishing what they say are five million emails stolen from Stratfor, the political intelligence firm hacked by Anonymous last year. According to WikiLeaks, the documents would make public Stratfor's "web of informers, pay-off structure, payment-laundering techniques and psychological methods". (BBC)

COURTS

Fifth Amendment: The 11th U.S. Circuit Court of Appeals ruled that requiring a criminal suspect to decrypt hard drives so the contents can be used by prosecutors is a violation of the Fifth Amendment right against forced self-incrimination. (Wired)

Fraud: Russian hacker Vladimir Zdorovenin pleaded guilty in Manhattan federal court on February 17 to conspiracy and wire fraud. Prosecutors claim Zdorovenin, his son, and others schemed to access the financial services accounts of U.S. victims. (Bloomberg)

ANONYMOUS

Los Angeles Police: Hackers affiliated with Anonymous are suspected of stealing the personal data of over one hundred members of the Los Angeles County Police Canine Association, and posting the information online. The FBI is investigating. (AFP)

International Prisons: Anon-affiliated hackers claimed responsibility for defacing the website of Florida-based GEO Group Inc., a company which runs dozens of international custodial facilities. Members also targeted an Ohio-based public-private partnership sponsored by the FBI. (AP)

Ontario Police: The website for the Ontario Association of Chiefs of Police was disrupted in a cyber attack by alleged Anon members, apparently in protest of the Canadian government's proposed internet surveillance bill. (CBC)

Greek Ministry: Anon-affiliated hackers targeted Greece's ministry of justice following the arrest of a teenager suspected of previous hacking offenses. Group hackers threatened to continue targeting such sites to protest the government's fiscal austerity and support of anti-piracy laws (AFP)

HACKERS

Citigroup: According to the bank's annual report, hackers were able to gain access to customer account information in unspecified "recent" attacks. In June, the bank announced that over 360,000 credit-card accounts may have been breached by hackers. (Bloomberg)

Philips: Officials for Dutch electronics-maker Philips said the company is working with law enforcement to determine whether its websites had been breached and sensitive customer data stolen. The company shut down one of its servers in mid-February due to a possible cyber attack. (Reuters)

SECURITY

Center for Excellence: Sen. Barbara Mikulski (D-MD) secured $10 million to open the National Cybersecurity Center of Excellence this year, a project aimed at developing strategies to secure e-government and e-commerce services. (NextGov)

FCC: Speaking at Washington-based Bipartisan Policy Center, FCC Chairman Julius Genachowski urged Internet-service providers such as AT&T and Comcast to adopt industry-wide standards to help prevent hackers from infiltrating customers' computers. (BusinessWeek)

Smartphones: Former McAfee cyber security expert Dmitri Alperovitch identified a previously unknown smartphone vulnerability that can be exploited by China-based malware to record calls, find a user's location, and access texts and emails. (LATimes)

EDITORIAL AND MUST READS

L. Gordon Crovitz on cybersecurity legislation: The Cybersecurity Act of 2012 and its regulatory approach is "flawed because types of cyber attack change faster than regulations can anticipate them," writes Crovitz in the Wall Street Journal. A competing piece of legislation, soon-to-be-introduced by Sen. John McCain (R-AZ), will make it easier for companies and government to share threat data and prevent the type of information silos that existed in security spheres prior to 9/11.

Adam Segal on a U.S.-China "cybersecurity détente": Negotiating with Beijing is unlikely to help curb China's persistent theft of intellectual property, writes Segal for Foreign Affairs, so Washington should focus on strengthening its defense rather than diplomacy. "The centerpiece of any comprehensive [cybersecurity] strategy," he says, "should be cooperating with the private sector to defend the country against computer attacks, especially when they target intellectual property."

Gus P. Coldebella on cybersecurity legislation: The Cybersecurity Act of 2012 laudably tries to protect U.S. critical infrastructure and encourage public-private information sharing, writes Coldebella in The Hill, but does not "sufficiently tamp down potential legal liability for private entities, and in some cases increases it." To address this shortcoming, Congress should limit civil claims against infrastructure operators, and eliminate or cap liability for in-compliance critical infrastructure.