Tag Archive for: rethink

Is It Time to Rethink the Computer Fraud and Abuse Act?

/in


Kentucky resident Deric Lostutter is fighting to regain the right to vote.

Lostutter is now a paralegal but previously was a member of hacktivist group Anonymous and served out a prison sentence after violating a federal anti-hacking law.

His particular state and the nature of his conviction are proving to be sticking points as he seeks re-enfranchisement: Kentucky indefinitely revokes voting permissions for residents with certain kinds of felonies on their records. That includes offenses that, like Lostutter’s, were tried in federal court; as such, he’d need a governor’s pardon to be re-enfranchised.


Lostutter lost voting rights after being convicted in 2017 of violating the Computer Fraud and Abuse Act (CFAA) and lying to the FBI about his actions, and he served two years. He and a co-collaborator had conducted a hack in an effort to put pressure and public attention on two Steubenville, Ohio, high school football players’ rape of an unconscious 16-year-old, as well as on school employees believed to have enabled or hidden the assault.

“I went after a coverup of a rape case,” Lostutter told Government Technology. “Did I commit a crime? Yes: I accessed a website without permission — a football fan website, where I posted allegations and evidence of the coverup to protect the football team. Do I admit that was wrong? Yes. Did I serve my time? Yes. Was it violent? No.”

That lack of permission is where the CFAA comes in. The federal law criminalizes accessing information on an Internet-connected device either without “authorization” or by exceeding the authorization one already has.

The CFAA is a controversial law. While it appears intended to prevent malicious hacking, it’s also come under fire over the years for its vague wording that some say risks scooping up more innocuous individuals alongside genuinely dangerous actors.

The Department of Justice (DOJ) appeared to acknowledge this concern last May when it issued a policy revision clarifying the law’s scope. The DOJ explained that the CFAA should not, for example, be used to charge security researchers or people who exaggerate in their…

Source…

The Russia-Ukraine war is causing some to rethink the role of offensive cyber operations in armed conflict

/in


The impact of Russia’s offensive cyber operations against Ukraine appears to be muted. (Image credit: Juanmonino via Getty)

For some, the horror of the Russian invasion of Ukraine was also meant to mark the dawn of a new era in modern warfare: one in which degrading your enemy’s capabilities through cyberspace would play an important — perhaps even decisive — role in determining success on the real-world battlefield.

As militaries and societies grew ever more connected to and reliant on the internet to run, so too would the cyberspace domain grow in importance in combat, and nowhere was that supposed to be demonstrated more clearly than in Russia’s war, where their elite and well-resourced military hacking units could cut off Ukraine’s access to power, water and other essential resources, disrupt their communications, wipe out large swaths of private and public sector systems and data, and smooth the way for ground troops to dominate their Ukrainian counterparts.

In reality, the impact of offensive cyber operations appears to have been far more muted.

While the initial invasion did, in fact, come with a flurry of hacking campaigns against many of these targets as Russian troops crossed the border, the cadence of those campaigns have dropped markedly in the months following and have seemingly failed to provide Moscow with any meaningful advantage on the ground.

The experience has some U.S. observers advising that we collectively pump the breaks on the idea — formally endorsed by the U.S. military and others governments — that cyberspace is now a fully fledged domain of war, comparable to land, air, sea and space. That’s one of the chief conclusions reached by Jon Bateman, a former cyber specialist at the Pentagon who has served as an advisor to the chairman of the Joint Chiefs of Staff and the secretary of defense on military and cyber strategy, in a paper released shortly before the new year.

“I think it’s fair for U.S. military and NATO and others to define cyber as an operational domain. That can be a helpful doctrinal concept. I think where it becomes misleading is when military and civilian leaders then assume that cyberspace is as consequential or major as…

Source…

Regulatory system needs a rethink after data breaches at Juspay and MobiKwik, say experts

/in


The fintech and startup ecosystem that has emerged in recent years has a major governance issue: data breaches and leaks are not taken seriously. Unfortunately, the regulatory system has not woken up to the fact that the recent data breaches at Juspay and MobiKwik can significantly cause harm to idle users in the future.

The Indian government is yet to introduce a Personal Data Protection Law (PDP Law) in Parliament at a time when incidents of data breaches and personal information being sold on the darkweb are increasing year-on-year. The lack of a Data Protection Authority and a Personal Data Protection Law means that there is regulatory ambiguity in terms of who should respond to breaches and investigate them. Industry experts told MediaNama that the entire regulatory system needs to be strengthened, business models need a rethink and that companies need to be made more accountable, whether through the courts or through internal governance practices.

1) CERT-IN is the primary agency for data breaches

According to legal experts, it is the Computer Emergency Response Team (CERT-In) — the nodal agency under MEITY for computer security incidents — that is the primary agency responsible to investigate data breaches and not the Reserve Bank of India (RBI)

According to Mathew Chacko, Partner at the law firm Spice Route Legal, any server compromise or breach needs to be disclosed to CERT-In (under the IT Act) regardless of the sensitivity of the data leak. “There are no two ways about reporting the incident to CERT-in,” Chacko said.

After reporting to CERT-in, it’s the company’s decision to report the incident to its customers and the public, he added. “Not all data breaches are significant enough to be reported to the public, but in some cases, companies take it for granted that the public need not know,” he said.

Advertisement. Scroll to continue reading.

The RBI only steps in when it comes to financial data, but data breaches fall within CERT-In’s ambit, NS Nappinai, a Supreme Court advocate and founder of Cyber Saathi said.

“Non-reporting of such data breaches carries heavy penalties for such incidents. But the issue is that organisations tend to be lax in…

Source…

Tech Firms Rethink, Retool, Rise to the Challenge

/in


ORLANDO, Fla. — At 43, Danielle Stiles finally stepped through a door of opportunity.

A bartender and server for more than 20 years, she decided to pursue a life-long dream to learn about computers and go back to school to obtain a job in infomation technology.

“I’m going to learn how to build a computer from the ground up, how to take a computer apart, how to troubleshoot it,” Stiles said. “I’ve been wanting to do this for a long time, but I never had the gumption.”

After all, her decades of work in the restaurant business — from sports bars to International Drive-area mainstays — were often fruitful. When things were busy, with a constant flow of customers, business was good, Stiles said. 

Yet, it was wrought with uncertainty — “feast or famine,” she said. And during this pandemic, things slowed down considerably.

“My pocket took a deep hurting. I lost my job as a result of COVID,” she said. “This actually pushed me to follow my dreams, find a career I can retire from.”

But, the Ocoee resident returned to school for reasons greater than herself: Stiles has a 24-year-old daughter and a 5-year-old son.

“I’m in here and I’m like, ‘This is easier than I thought.’ I didn’t give myself enough credit,” she exclaimed. “This will be stable. This is what I need for me and my son.”

Some Fields Gaining Jobs Amid Downturn

Between the months of November and December, the U.S. economy lost about 140,000 jobs, many in leisure and hospitality, according to the Orlando Economic Partnership. It marked the first net job loss since June and July.

But, the economy — including in Central Florida — also gained more than 20,000 jobs in fields such as technology.

That’s no surprise to Orlando small business owner Salmagundi “Sal” Rehmetullah, who works in tech and is on the forefront of solutions.

“Our focus was, ‘How do we enable the community to accelerate through a difficult time?,’ ” he said of his company, Fattmerchant.

Started in 2014, Fattmerchant helps small and enterprise businesses in receiving payments, both in person and online. The company experienced expansive growth, but like many others, suffered as a result of the…

Source…