jump to navigation

”Active Responses” to CyberAttacks are Losing Propositions May 22, 2014

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , , , , , , ,
1 comment so far

“Everyone has a plan until the’ve been hit” – Joe Lewis

PiratePicGRIHaving spent numerous years providing armed and unarmed physical security in combat zones, hospital emergency rooms, psychiatric wards, and anti-piracy operations off the coast of Somalia has given me a deep respect for force continuum and the dangers of unnecessarily provoking an escalation by a volatile and dangerous adversary.

As cyberattacks continue to plague American companies as well as the payment card industry, there is a growing voice within the cybersecurity industry to allow and empower companies to take offensive action against cyber attackers.  This is frequently referred to as ‘hacking back’ or ‘offensive hacking’.  Several prominent security experts as well as some companies who have fallen victim to cyber-attacks have begun advocating that ‘a good offense is the best defense’.   On May 28th, 2013 there was an online discussion in which an author of the upcoming book:  The Active Response Continuum: Ethical and Legal Issues of Aggressive Computer Network Defense[1] posted the following excerpt:

“There are many challenges facing those who are victimized by computer crimes, who are frustrated with what they perceive to be a lack of effective law enforcement action to protect them, and who want to unilaterally take some aggressive action to directly counter the threats to their information and information systems.”[2] (emphasis added) (more…)

Oil Giants Hacked by Anonymous in “Save the Arctic Phase2” July 16, 2012

Posted by Chris Mark in Data Breach, Industry News.
Tags: , , , , , , , , ,
add a comment

According to CyberWarNews.com Anonymous set its sites on oil giants Shell, BP, Gazprom, and Rosneft in what has been dubbed “Save the Arctic Phase 2”.  This comes on the heels of phase one in which account details including administrator accounts, passwords and other server info was stolen from Exxon and released.

According to the messages posted on pastebin, the account were used to sign the petition on savethearctic.org and, more disturbingly, for phishing attacks.  Hacktivism is a growing concern for all companies.  Whether it be to combat the perceived unfair distribution of wealth of capitalism, support of US defense industry, or environmental issues, hacktivists are increasingly active against corporations.

Social Media as a Privacy Tool? June 14, 2012

Posted by Heather Mark in privacy.
Tags: , , , , ,
add a comment

As one that closely follows the intersection of privacy and technology I read with great interest a paper released by Google entitled “Vanity or Privacy? Social Media as a Facilitator of Privacy and Trust.”  The paper is to be presented at the  2012 ACM Conference on Computer Supported Cooperative Work.  The paper is relatively short and presented as though it was undertaken in the nature of academic research.  I doubt I need to replay for the reader Google’s recent privacy issues and its recent changes to the company’s privacy policy.  With that in mind, it is difficult to read the short paper as anything other than a justification for these recent changes.   Unfortunately for Google, the paper is patently one-sided and the premises themselves are flawed, to put it mildly. It should be noted that the authors of the paper do include the following caveat: “While these examples offer no judgment on whether social media is good for privacy in any absolute sense, they do support our contention that it is possible to design social media systems that are engaging and supportive of privacy and trust.”

Before I delve into the paper itself, it is important to provide some baseline definitions for privacy and trust, particularly with respect to the online environment.  Privacy has traditionally been defined as the right to be let alone.   (more…)

Collective Security & the Payment System June 11, 2012

Posted by Heather Mark in Laws and Leglslation, PCI DSS, Politics.
Tags: , , , , , , , ,
1 comment so far

I recently attended an event focused on payment security and fraud prevention.  It was an outstanding event and the presentations and panels were incredibly valuable – not something that I frequently say about payment security events these days.  However, one term came up a couple of times that got me thinking.  That term was “collective security.”  As many of you know, I have a background in public policy and my dissertation was, in fact, on US foreign policy and our strategic interests abroad, so the mention of collective security set off my poli sci radar.  But I wondered if collective security was really an appropriate phrase for what we’re doing in the payments industry.  To address that question, it is necessary to first define collective security in its traditional sense.

Collective security was first formally introduced by the Peace of Westphalia in 1648, a series of treaties that put an end to a number of wars that had been plaguing Europe.    Very simply put, collective security is an arrangement in which all stakeholders agree that their security depends upon the security of each of the other stakeholders.  (more…)

Combining Blog Content (GlobalRiskInfo / DrHeatherMark) May 31, 2012

Posted by Chris Mark in News, Politics.
Tags: , , , , , , ,
add a comment

In the near term I will begin integrating blog content from Dr. Heather Mark’s privacy and payments blog. This will give new information and insight into privacy, regulatory, and information security issues. We will be combing both blogs into GlobalRiskInfo. Please stay tuned and, in the meantime,take a spin through Heather’ blog!


%d bloggers like this: