Tag Archive for: supreme

New report describes numerous security breaches at the Supreme Court

/in


Supreme Court building.

Supreme Court building. Stock Photo via Getty Images

Supreme Court justices have often used their personal email accounts in lieu of secure servers to transmit sensitive data about cases, according to a report from CNN published Saturday. The revelation is one of many breaches of security protocol at the court described by CNN.

According to the report, unnamed Supreme Court justices would send sensitive emails about ongoing cases on their personal accounts, despite the fact that the court had set up private servers for this very purpose. The report claims many justices pushed back on using these secure servers “because some justices were slow to adopt to the technology and some court employees were nervous about confronting them to urge them to take precautions.”

“This has been going on for years,” one former employee told CNN.

Beyond issues with emails, CNN described numerous other lapses in security. This includes “burn bags” — pouches meant to hold sensitive documents that will eventually be destroyed — reportedly being left unattended in the hallway. This is in part because there is no uniform rule for handling burn bags, CNN reported, and “the justices each have their own protocols.”

Another issue was the reported fact that employees with remote access could, in theory, use any printer they wanted to print sensitive documents. “Employees who had VPN access could print documents from any computer, making it difficult to track copies,” CNN reported.

These alleged security lapses come following scrutiny of the high court over a leaked draft of the opinion overturning Roe v. Wade last year. The court investigated the leak and published a report on their findings this past January, but CNN noted that none of these security issues were documented in the report.

You may also like

Republicans vote to oust Rep. Ilhan Omar from House committee

Japanese restaurants fight back against viral ‘sushi terrorism’ trend

China has cloned 3 ‘super cows’ that produce more milk than average

Source…

Ohio Supreme Court Upholds Denial of Coverage for Ransomware Attack Losses

/in


The Ohio Supreme Court recently reversed the decision of an appellate court and reinstated the trial court’s grant of summary judgment in favor of an insurer and against an insured company on the company’s claim for breach of contract and bad faith denial of insurance coverage relating to damages arising from a ransomware attack.

In so ruling, the Ohio Supreme Court held that because a ransomware attack caused no “direct physical loss of or damage to” the company’s software — a requirement for coverage under the policy at issue — the insurer was not responsible for covering the resulting loss.

A copy of the opinion in EMOI Servs., L.L.C. v. Owners Ins. Co. is available at: Link to Opinion.

As background, the insured company became the target of a ransomware attack when a hacker illegally gained access to the company’s computer systems and encrypted files needed for using its software and database systems. After looking into the timing and financial feasibility of recovering the files through the assistance of a third-party company, the insured company decided to pay the ransom.

At the time of the ransomware attack, the company was insured under a businessowners insurance policy issued by the defendant insurer. Thus, the insured company’s general manager contacted the insurer to file an insurance claim within a day of the attack. However, the insurer denied coverage because, among other reasons, there was no “direct physical loss of or damage to ‘media’,” as defined in the electronic-equipment endorsement in the policy.

The policy’s electronic-equipment endorsement provided:

When a limit of insurance is shown in the Declarations under ELECTRONIC EQUIPMENT, MEDIA, we will pay for direct physical loss of or damage to “media” which you own, which is leased or rented to you or which is in your care, custody or control while located at the premises described in the Declarations. We will pay for your costs to research, replace or restore information on “media” which has incurred direct physical loss or damage by a Covered Cause of Loss. Direct physical loss of or damage to Covered Property must be caused by a Covered Cause of Loss.

Furthermore, the…

Source…

Leak probe highlights U.S. Supreme Court’s problems protecting information

/in


WASHINGTON, Jan 20 (Reuters) – The investigation into the leak of a draft of last year’s Supreme Court ruling overturning the national right to abortion laid bare a persistent problem at the top U.S. judicial body and the broader federal judiciary – creaky tech systems and lax security protocols for handling sensitive documents.

The inquiry, detailed in a 20-page report released on Thursday, failed to uncover who leaked the draft authored by Justice Samuel Alito to the news outlet Politico last May, a month before the ruling was formally issued – in part due to information technology record-keeping deficiencies.

The investigation, ordered by Chief Justice John Roberts and headed by the court’s chief security official Gail Curley, found that “technical limitations” made it “impossible” to rule out whether any employees emailed the draft to anyone else and said the court lacked the ability to identify those who printed it out.

Investigators could not search and analyze many event logs maintained by the court’s operating system because, the report said, “at the time the system lacked substantial logging and search functions.”

The report said 34 court employees – out of the 97 interviewed – acknowledged printing out the draft. The investigators found few confirmed print jobs because several printers at the court had little ability to log print jobs and many were not part of its centralized network.

Cybersecurity expert Mark Lanterman, who has conducted training at the Supreme Court, said it appeared the court could stand to bolster controls to guard against leaks but noted that even highly secure networks can remain vulnerable to bad actors.

“People – we’re the weakest link,” said Lanterman, chief technology officer at the firm Computer Forensic Services. “They could invest millions of dollars in the federal judiciary’s cybersecurity, but all it takes is one person with a motive to leak.”

Carrie Severino, a former clerk to Justice Clarence Thomas who now heads the conservative Judicial Crisis Network, said Roberts bears much of the responsibility for creating an environment where “security measures were so inadequate.”

“It’s never going be possible to perfectly protect against leaking,”…

Source…

French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

/in


France’s Supreme Court has referred a criminal case that relies on evidence from the hacked EncroChat encrypted phone network back to the court of appeal after finding that prosecutors failed to disclose sufficient information about the hacking operation.

The Cour de Cassation in Paris found that French investigators and prosecutors had failed to supply a certificate to authenticate intercepted phone data and messages obtained from EncroChat phones as required by French law. There was also an absence of technical data about the hacking operation, the court found.

French police and prosecutors refused to disclose how a joint Dutch and French operation to hack EncroChat, which led to thousands of arrests of suspected organised criminals around the world, was undertaken – citing defence secrecy.

Defence lawyer Robin Binsard, co-founder of law firm Binsard Martine, which took the case to the Supreme Court, said last night that the case would be re-heard by the court of appeal to determine whether adequate legal guarantees were in place.

“The Supreme Court stated that, in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat,” he wrote on Twitter.

“The Supreme Court stated that in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat”

Robin Binsard, Binsard Martine

The hearing follows an operation by French cyber experts to harvest 120 million messages from EncroChat phone users in multiple countries, in a novel interception operation that provided a rich source of intelligence and evidence on the activities of criminal groups in 2020.

In the UK, the National Crime Agency (NCA), working with regional organised crime units, the Metropolitan Police and other law enforcement agencies, made more than 2,600 EncroChat-related arrests using the French data by…

Source…