Cybersecurity News for the week ending 1 December 2017
Supreme Court Considers Telephone Metadata Case
On 29 November, the U.S. Supreme Court heard oral arguments in the case Carpenter v United States that concerns use of telephone metadata as evidence in a criminal prosecution. Timothy Carpenter was arrested for his role in a series of bank robberies in Michigan and Ohio in 2011. The FBI’s main evidence against Carpenter was cell tower data collected over 127 days that placed his mobile phone close to the scenes of the crime. Carpenter’s ACLU lawyer argued that the government should require a warrant after 24 hours of telephone metadata collected from cell towers. Surprisingly, six of the nine justices, including Chief Justice Roberts and Justice Gorsuch, appeared to agree with the ACLU. A ruling on the case is expected by next June. (The Economist, 2 December 2017)
Amazon S3 Bucket Compromised
Amazon’s S3 web service offers cloud storage through web interfaces tailored to customer requirements. There have been several compromises of S3 “buckets,” or customer-specific storage areas, in recent weeks including two compromises of DoD buckets. This week, an unsecured S3 bucket was discovered belonging to the National Credit Foundation. More than 100 GB of data, including sensitive credit records, was in the bucket, which apparently was misconfigured to allow public access. UpGuard, a California cyber resilience company, discovered the flaw but concluded that no data had been stolen. (The Cyber Wire, 1 December 2017)
Healthcare Company’s Business Suffers from Ransomware
Healthcare company Nuance was hit with a “NotPetya” ransomware attack in June. The attack cost the company $68 million over its fiscal year, most of which occurred in the fourth quarter. Nuance expects costs related to the attack to continue to climb in 2018 as the company continues to recover from losses to its medical transcription business and reputational damage among its customer base. (FierceHealthcare, 29 Nov 2017)
Android Applications May Be Watching You
A study by Yale University recently concluded that about 75% of Android apps include tools that track a user’s activity. In a related story, Google Play continues to be a target for spyware included in apps submitted to the site. (The CyberWire, 28 November 2017)
Anti-ISIS Hacktivists Turn to Fake News
“Daeshgram” is a group of anti-ISIS Muslim hacktivists. The group inserted fake news into the ISIS news agency Amaq as part of an effort to discredit ISIS with its followers. Daeshgram is succeeding; ISIS recently warned its followers not to trust links found in Amaq. (The CyberWire, 27 November 201
