Subscribe: CircleID: News Briefs
Preview: CircleID: News Briefs

CircleID: News Briefs

Latest news postings on CircleID

Updated: 2017-07-23T17:42:00-08:00


'Not the Best Time' for Proposed Russia-U.S. Cyber Unit, Says NSA Chief


NSA chief, Mike Rogers during the annual Aspen Security Forum on Saturday, shunned the proposed Russia-U.S. cyber unit, stating "I would argue now is probably not the best time to be doing this." From a report in Reuters: "National Security Agency Director Mike Rogers on Saturday rebuffed the prospect for a U.S.-Russia cyber unit, a proposal which has been greeted with incredulity by several senior U.S. lawmakers and which President Donald Trump himself appeared to back down from after initially indicating interest. ... Trump said earlier this month that he had discussed the idea of creating such a group with Russian President Vladimir Putin at the Group of 20 summit in Hamburg."

Follow CircleID on Twitter

More under: Cybersecurity, Policy & Regulation

Kansas System Hacked, Social Security Numbers of Millions Accessed Spanning 10 States


Hackers breached a Kansas Department of Commerce data system used across multiple states and gained access to more than 5.5 million Social Security Numbers, according to local news sources. The agency had to pay for credit monitoring services for all victims. From the report:"The number of SSNs exposed across the 10 states whose data was accessed has not been previously reported. The Kansas News Service, a collaboration of KCUR, Kansas Public Radio, KMUW and High Plains Public Radio, obtained the information through an open records request. More than half a million of the SSNs were from Kansas, according to the Department of Commerce. The data is from websites that help connect people to jobs."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime Inc Given New Chance to Secure .AMAZON TLD


An arbitration panel has given Inc. a new shot at securing the .amazon top-level domain which the company has been fighting for since 2014. Alexis Kramer from BNA News reports: "The independent review panel ordered the Internet Corporation for Assigned Names and Numbers board to 'promptly re-evaluate'’s domain application in a July 10 declaration published late July 17 on ICANN’s website. ... The e-commerce giant has been fighting for the .amazon domain since its application was first denied in May 2014 based on consensus advice from government advisors. Representatives from Brazil and Peru, leading opponents of Amazon’s application, argued that the name has strong geographic ties to the Amazon ecological habitat. The panel said the board failed to independently determine that there were public policy reasons for denying the application." In a special report on the story in The Register, Kieren McCarthy writes: "Unfortunately, this is just the latest example of ICANN's notoriously poor accountability and its tendency to do what it thinks is in its own best interests, regardless of any rules, procedures and bylaws. It is also the third time that ICANN has been called out on its propensity for doing whatever the world's governments ask of it."

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

Somalia's Extended Internet Outage Results in Millions of Dollars of Loss per Day, Says Government


Somalia's internet connection was finally restored on Monday after weeks of outage due to a severed undersea cable. The event has cost the nation millions of dollars a day according to the government's assessment. Reuters reports: "Businesses had to close or improvise to remain open during the shutdown and the telecoms minister told state radio it cost the equivalent of about $10 million in daily economic output. Information Minister Abdirahman Omar Osman apologized to citizens on Tuesday for the outage, which hit all landline and mobile users apart from those with access to private satellite connections, and called for them to have back-up plans."

Follow CircleID on Twitter

More under: Access Providers, Telecom

Rightside, Donuts Merger Gets the Green Light from ICANN


New top-level domain registry operators, Rightside Group, Ltd. (NASDAQ:NAME) and Donuts Inc. have received ICANN's express consent on their merger plans announced last month. As part of the announced agreement, Donuts will acquire Rightside for $10.60 per share in an all-cash tender offer, for an aggregate purchase price of approximately $213MM. The Merger Agreement was unanimously approved by Rightside's Board of Directors following a comprehensive review of strategic and financial alternatives that Rightside announced in the first quarter of 2017. Analyzing the acquisition, Andrew Allemann from Domain Name Wire writes: "Rightside had to sell. There was no question that Rightside was going to be acquired or go private in some way. After selling eNom to Tucows for $83.5 million earlier this year, the company was just too small to remain public. It also had lots of pressure to perform… It had to sell eNom because it was about to lose its biggest customer."

Follow CircleID on Twitter

More under: Domain Names, ICANN, Registry Services, Top-Level Domains

Over 190 Internet Engineers, Pioneers, Technologists File Comments with FCC on Net Neutrality


A group of over 190 Internet engineers, pioneers, and technologists today filed joint comments with the Federal Communications Commission (FCC) explaining "Technical Flaws in the FCC's Notice of Proposed Rule-making and the Need for the Light-Touch, Bright-Line Rules from the Open Internet Order." From the filed statement: "The undersigned submit the following statement in opposition to the Federal Communications Commission's Notice of Proposed Rulemaking ... which seeks to reclassify Broadband Internet Access Service (BIAS) providers as 'information services,' as opposed to 'telecommunications services.' Based on certain questions the FCC asks in the Notice of Proposed Rulemaking (NPRM), we are concerned that the FCC (or at least Chairman Pai and the authors of the NPRM) appears to lack a fundamental understanding of what the Internet's technology promises to provide, how the Internet actually works, which entities in the Internet ecosystem provide which services, and what the similarities and differences are between the Internet and other telecommunications systems the FCC regulates as telecommunications services. Due to this fundamental misunderstanding of how the technology underlying the Internet works, we believe that if the FCC were to move forward with its NPRM as proposed, the results could be disastrous: the FCC would be making a major regulatory decision based on plainly incorrect assumptions about the underlying technology and Internet ecosystem." More details reported today by Erica Portnoy from EFF.

Follow CircleID on Twitter

More under: Access Providers, Broadband, Censorship, Net Neutrality, Networks, Policy & Regulation, Telecom

U.S. Cyber Command to Split Off from NSA


The Unites States is finalizing plans to revamp the nation’s military command for defensive and offensive cyber operations in hopes of intensifying America’s ability to wage cyberwar against the Islamic State group and other foes, according to U.S. officials. Lolita Baldor reporting today in PBS: "Under the plans, U.S. Cyber Command would eventually be split off from the intelligence-focused National Security Agency. ... The officials weren’t authorized to speak publicly on the matter so requested anonymity. The goal, they said, is to give U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA."

Follow CircleID on Twitter

More under: Cybersecurity

Extreme Cyberattack Could Cost as Much as Superstorm Sandy, Says Insurer Lloyd's of London


A global cyberattack has the potential to cost $120bn in economic losses, roughly the equivalent of a catastrophic natural disaster like 2012’s Superstorm Sandy, a scenario described in new research by Lloyd’s of London and Cyence, a cyber-risk analytics modeling firm. Findings also reveal that despite the increase in cyber-insurance demand, majority of losses are not currently insured, leaving an insurance gap of tens of billions of dollars.

— "For the cloud service disruption scenario in the report, average economic losses range from US$4.6 billion from a large event to $53 billion for an extreme event. This is the average in the scenario, because of the uncertainty around aggregating cyber losses this figure could be as high as $121 billion or as low as $15 billion."

"In the mass software vulnerability scenario, the average losses range from US$9.7 billion for a large event to US$28.7 billion for an extreme event. And the average insured losses range from US$762 million to US$2.1 billion."

Follow CircleID on Twitter

More under: Cyberattack

EFF: Internet Went All Out in Support of Net Neutrality


Yesterday's "Day of Action to Save Net Neutrality," resulted in more than 3.4 million emails to U.S. Congress and more than 1.6 million comments to the Federal Communications Commission. EFF says: "[T]he Internet went all out in support of net neutrality. Hundreds of popular websites featured pop-ups suggesting that those sites had been blocked or throttled by Internet service providers. Some sites got hilariously creative… Together, we painted an alarming picture of what the Internet might look like if the FCC goes forward with its plan to roll back net neutrality protections: ISPs prioritizing their favored content sources and deprioritizing everything else."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation

Apple Setting Up First Data Center in China to Comply with Tougher Cybersecurity Laws


Apple today reported it is constructing its first data center in China, in partnership with a local internet services company, in order to comply with the tougher cybersecurity laws enacted last month. The data center will be located in the southern province of Guizhou in collaboration with data management firm Guizhou-Cloud Big Data Industry Co Ltd (GCBD). According to a Reuters report, the data center is part of a planned $1 billion investment into the province. "Apple is the first foreign firm to announce amendments to its data storage for China following the implementation of a new cyber-security law on June 1 that requires foreign firms to store data within the country. Overseas business groups said the law's strict data surveillance and storage requirements are overly vague, burdening the firms with excessive compliance risks and threatening proprietary data."

Follow CircleID on Twitter

More under: Cloud Computing, Data Center, Internet Governance, Policy & Regulation

Cloud Leak Exposes at least 14 Million Verizon Subscribers, Phone Numbers and Account PINs Included


A Verizon partner is reported to have exposed millions of Verizon customer accounts due to a misconfigured cloud-based file. Security firm UpGuard reported the leak this morning: "[A] misconfigured cloud-based file repository exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded. The cloud server was owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon. ... The data repository, an Amazon Web Services S3 bucket administered by a NICE Systems engineer based at their Ra’anana, Israel headquarters, appears to have been created to log customer call data for unknown purposes; Verizon, the nation’s largest wireless carrier, uses NICE Systems technology in its back-office and call center operations."

Follow CircleID on Twitter

More under: Access Providers, Cloud Computing, Cybersecurity, Telecom

Complete Internet Shutdown Reported in Syria


While Syria's Internet disruptions in the recent past have been linked to Government's efforts to prevent cheating during national high school exams, today's complete Internet shutdown reported by Dyn Research is unknown and does not appear to be exam-related.

If you have any updates on the situation, let us know.

Follow CircleID on Twitter

More under: Access Providers, Networks

Afghanistan Enacts Law Targeting Online Crime and Militancy


Afghanistan's President Ashraf Ghani has signed into law a cybercrime bill this week targeting online crime and militancy by groups such as the Taliban and Islamic State despite concerns it could limit free speech. AFP report via Arab News: "The Cyber Crime Law criminalizes a range of online activities including hacking, spreading ethnic hatred, distribution of online defamatory speech, exposing government secrets, and cyber-terrorism within the provisions of the newly reviewed penal code. The law has 28 articles and it is going to control all cybercrimes. All criminals will be tracked and referred to courts ... [However] the law could have a detrimental effect on access to information in Afghanistan, which was ranked 120th out of 180 countries in the 2017 World Press Freedom Index compiled by Reporters Without Borders."

Follow CircleID on Twitter

More under: Cybercrime, Internet Governance, Law, Policy & Regulation, Privacy

U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey


According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. Published for this year's Black Hat event in Las Vegas, a report titled "Portrait of an Imminent Cyberthreat," portrays a dark picture of tomorrow's cyber defenses. "In essence, the survey is a warning from the industry's most experienced and responsible IT security professionals that successful cyber attacks on essential infrastructure and business could be imminent, but defenders do not have the resources and training they need to efficiently respond." Other findings from the survey include: — 60% of respondents believe that a successful cyber attack on US critical infrastructure will occur in the next two years. Only 26% are confident that U.S. government and defense forces are equipped and trained to respond appropriately. — 69% of IT security professionals believe that state-sponsored hacking from countries such as Russia and China has made US enterprise data less secure. — Only 26% of information security pros believe that the new White House administration will have a positive impact on cybersecurity policy, regulation, and law enforcement over the next four years. — About two-thirds of respondents think it's likely that their own organizations will have to respond to a major security breach in the next 12 months. Sixty-nine percent say they don't have enough staff to meet the threat; 58% believe they don't have adequate budgets. — IT security professionals' greatest concerns are around phishing and social engineering (50%) and sophisticated attacks targeted directly at their own organizations (45%). — The increased use of ransomware remains the most serious new threat faced by cybersecurity professionals, cited by 36% of respondents. Follow CircleID on TwitterMore under: Cyberattack, Cybercrime, Cybersecurity, DDoS, Malware [...]

PayPal Sells Back to Its Previous Owner, Elon Musk


(image) In February 2001, PayPal's founder Elon Musk changes the name of the company from to PayPal. In October 2002, PayPal was acquired by eBay for US $1.5 billion in stock. Source: Wikicommons
PayPal's corporate communications director confirmed that the company has sold the domain back to its previous owner, Elon Musk. Elliot Silver from reports: " is one of the few single letter .com domain names, and I would argue that it is one of the most valuable domain names. ... I recently detected a Whois change involving the domain name. For many years, was registered to PayPal Inc. ... Late yesterday afternoon, Amanda Miller, Director of Corporate Communications at PayPal, confirmed that the company sold the domain name ['back to its previous owner, Elon Musk']. ... Because PayPal is a publicly traded company, and because I presume this domain name is likely worth into the 8 figures, it is possible that there will be a subsequent SEC filing that mentions the sale of this domain name."

Update / July 11: Elon Musk tweets a statement on the domain buy back: "Thanks PayPal for allowing me to buy back ! No plans right now, but it has great sentimental value to me."

Follow CircleID on Twitter

More under: Domain Names

Google, Facebook Latest to Join Net Neutrality Protest on Wednesday


Google and Facebook, two companies that generally stay on the other side of the Net Neutrality debate, have told reporters they will be participating in the July 12th net neutrality protest. Karl Bode reporting in DSL Reports writes: "If you hadn't heard, hundreds of companies and organizations are staging an online and offline protest on Wednesday to combat the Trump administration's attempt to gut popular consumer net neutrality protections. Companies including Amazon, Reddit, Mozilla and countless others will change their front pages to warn of the assault on what's being called a 'Day of Action' [website here]. The hope is to generate the same type of backlash that helped bring down the highly-controversial SOPA/PIPA legislation several years ago… While both companies [Google and Facebook] say they're invested in Wednesday's protest, the extent of their cooperation — and the depth of their actual commitment — remains a major question." — Update / Jul 11: AT&T to join the 'Day of Action' – Bob Quinn, Senior Executive Vice President of External and Legislative Affairs, writes: "Tomorrow, AT&T will join the 'Day of Action' for preserving and advancing an open internet. This may seem like an anomaly to many people who might question why AT&T is joining with those who have differing viewpoints on how to ensure an open and free internet. But that's exactly the point — we all agree that an open internet is critical for ensuring freedom of expression and a free flow of ideas and commerce in the United States and around the world." — Update / Jul 11: What is AT&T really up to? Karl Bode from DSL Reports writes: "Tomorrow's major protest opposing the Trump FCC attack on net neutrality has been joined by a decidedly odd ally: AT&T. Outside of perhaps Verizon and Comcast, there hasn't been a bigger enemy of net neutrality over the years than AT&T, which alongside Verizon and Comcast has spent $572 million to kill net neutrality protections since 2008. Whether talking about AT&T's decision to block Facetime to drive users to more expensive plans, or its use of zero rating to hamstring streaming competitors, AT&T's frontal assault on a healthy, open internet is utterly indisputable. So it's incredible to see a blog post pop up today by AT&T's top policy man Bob Quinn, who proudly announced that the company would be participating in tomorrow's protest. Why?" Follow CircleID on TwitterMore under: Broadband, Net Neutrality, Policy & Regulation [...]

U.S. Nuclear Power and Other Energy Companies Hacked by Russians According to Government Officials


Russian government hackers are reported to be behind latest cyber-intrusions into the business systems of U.S. nuclear power and other energy companies with efforts to assess networks. Ellen Nakashima reporting in the Washington Post: "The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies ... the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks. The malicious activity comes as President Trump and Russian President Vladimir Putin on Friday acknowledged 'the challenges of cyberthreats' and 'agreed to explore creating a framework' to better deal with them, including those that harm critical infrastructure such as nuclear energy."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity

China Clamps Down on VPNs, Carriers Told to Block Access by Feb. 1


State-run telecommunications firms in China are given until February 1 to block people from using VPNs, shuttering key ways both locals and foreigners still manage to access the global, unfiltered web on a daily basis. Bloomberg reports: "In keeping with President Xi Jinping's "cyber sovereignty" campaign, the government now appears to be cracking down on loopholes around the Great Firewall, a system that blocks information sources from Twitter and Facebook to news websites such as the New York Times and others. ... It's unclear how the new directive may affect multinationals operating within the country… In the past, any effort to cut off internal corporate VPNs has been enough to make a company think about closing or reducing operations in China."

Follow CircleID on Twitter

More under: Access Providers, Censorship, Internet Governance, Policy & Regulation

U.S. Lawmakers Wary of Kaspersky Lab, the Russian Cybersecurity Firm


U.S. Congress is growing increasingly suspicious of the popular Russian anti-virus software provider, Kaspersky Lab. Western corporations such as Best Buy, load laptop computers with Kaspersky Lab software before selling them and according to NPR, the Federal Bureau of Prisons uses the company's products as well as many state and local government entities. NPR reports: "[S]hould legislation recently approved by both the House and Senate Armed Services Committees become law, the U.S. military would be barred from owning or using any products made by Kaspersky. But should legislation recently approved by both the House and Senate Armed Services Committees become law, the U.S. military would be barred from owning or using any products made by Kaspersky." According to other news reports, Eugene Kaspersky, company founder, and chief executive has denied any ties to the Kremlin and offered to have company's source code examined by U.S. government officials.

Follow CircleID on Twitter

More under: Cybercrime, Cybersecurity, Law, Policy & Regulation

Over 750 Domain Name Registrars Expected to Shut Down in the Next 12 Months, ICANN Predicts


ICANN estimates over 750 accredited domain name registrars are likely to close within the next 12 months as a result of the over-saturated drop-catching market — the process used to game the system and rapidly register valuable domain names within milliseconds of deletion. Kevin Murphy reporting in Domains Incite writes: "ICANN VP Cyrus Namazi made the estimate while explaining ICANN's fiscal 2018 budget, which is where the projection originated… He said that ICANN ended its fiscal 2017 last week with 2,989 accredited registrars, but that ICANN expects to lose about 250 per quarter starting from October until this time next year."

Follow CircleID on Twitter

More under: Domain Names, ICANN