Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season | A couple of factors this year are making the 2019 holiday shopping season a circus for cybercriminals when it comes to cyberattacks against retail org

Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season

Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season

Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season

Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season

Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season

Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season
Retail Cyberattacks Set to Soar 20% in 2019 Holiday Season
  • By:
  • Views 1
Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

A radical overhaul of Australia’s analogue era censorship and classification laws alongside reforms to the Privacy Act to “capture technical data and other online identifiers” under the umbrella of “personal information” have emerged as key themes from the government’s highly anticipated response to the ACCC’s Digital Platforms Inquiry.

In dual policy drops on Wednesday and Thursday, Communications Minister Paul Fletcher confirmed Australia’s arcane system of reviewers sitting in a dark room stamping classification labels onto content before it can be pulled offline are numbered.

Instead, a heavily boosted eSafety Commissioner will be handed much of the job for faster response times, and a decent sized stick to whack recidivists with.

The moves are a significant loss for the US social media lobby and, if enforced, could see them regularly fronting court.

Censorship is the new black

The head and shoulders of the new regime, according to the government is “developing a uniform classification framework across all media platforms” that would replace the inconsistent mishmash of official ratings (eg Refused Classification, X, R, MA15 etc) and various voluntary and self-regulatory codes.

At the moment, pay and subscription television, terrestrial TV, Netflix and other on demand services ranging from Apple to Google all have different ways of grading content, with the government having essentially opted for a self-regulatory approach due to lack of resources.

And while there’s no major immediate rub for the tech industry in shifting to “a platform-neutral regulatory framework covering both online and offline delivery”, what is moving very quickly is the regime for take-downs, complaints and pulling the plug on digital nasties.

It takes a little unpacking, especially as there are overlapping areas, especially after the fast introduction of the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 in the wake of the Christchurch Mosque attacks and Facebook’s feeble response.

ISP’s firmly roped-in “among others”.

The targets of the new codes, the government says are “social media services (such as Facebook, Instagram and Twitter), instant messaging services (such as Facebook Messenger, WhatsApp and Viber), interactive online games, websites, and apps, and Internet Service Providers, among others.”

The “amongst others” is a biggy in the new code, especially after the early 2019 introduction of the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019, which compelled ISPs, “content service providers” and “hosting service providers” to block such content if called upon to do so by the Australian Federal Police.

iTnews understands that the big three cloud operators – Microsoft, Google and Amazon Web Services – felt that they were covered by the term “hosting services providers”, and attempted to have the Amendment recognise that it is not reasonable to have them held responsible for customers’ use of their servers.

The big three were also concerned that the broad wording of the Amendment would also impact smaller Australian cloud operators and hosting companies.

Those arguments fell on deaf ears and industry has criticised the Amendment’s unusually-brief path through Parliament, as it consumed fewer than 24 hours from its introduction to passage.

Whether the new codes make things better or worse remains to be seen.

So what’s moving?          

While the Digital Platforms Inquiry response confirms the big censorship overhaul, the real regulatory real teeth will now essentially vest with the eSafety Commissioner and a swag of new powers to swat nasties that will flow from the Classification Board taking a step back.

Put simply, for “harmful online content” – and it’s a broad definition – the eSafety Commissioner takes over as both the umpire and enforcer with a range of boosted powers we’ll get to shortly.

“The current online content scheme is not suited to the contemporary online environment and the technologies and services used by Australians every day.

“It is limited in its ability to deal with harmful content hosted overseas, the services to which it applies are out-dated, and the reliance on the assessment and classification of online content by the Classification Board imposes unreasonable delays in dealing with harmful online content,” the government said in fact sheet issued with its eSafety policy drop on Wednesday.

Blurry lines

A key problem to date has been people haven’t been sure who they can complain to and who enforces action, especially under the existing system, where bad stuff had to be stamped with a classification.

The line between industrial grade nasties – think ISIS promos, child exploitation and hidden cameras and user generated material – explicit revenge videos, non-consenting activity, bullying and bashings – can be blurry.

So the government has gone for the effect of the content rather than its origin, in terms of take downs and delisting.

“Seriously harmful content will be able to be reported directly the eSafety Commissioner. The Commissioner will investigate the content and will be able to issue a takedown notice for seriously harmful content, regardless of where it is hosted, and refer it to law enforcement and international networks if it is sufficiently serious,” the government’s fact sheet says.

“Where takedown notices are not effective, the ancillary service provider notice scheme will be able to be used request the delisting or de-ranking of material or services.”

Two tracks

The government will now put content into two categories, Class 1 and Class 2.

Their definitions are:

  • Class 1 or seriously harmful content will include content that is illegal under the Commonwealth Criminal Code, such as child sexual abuse material, abhorrent violent material, and content that promotes, incites or instructs in serious crime.

  • Class 2 content will be defined as content that would otherwise be classified as RC, X18+, R18+ and MA15+ under the National Classification Code. This includes high impact material like sexually explicit, high impact, realistically stimulated violent content, through to content that is unlikely to disturb most adults but is still not suitable for children, like coarse language, or less explicit violence. The most appropriate response to this kind of content will depend on its nature.

In broad terms, the worst material will sit with the eSafety Commissioner who will also get powers to have content taken down or de-listed by search engines sped up. This essentially moves from a 48 hour period to 24 hours.

“If the industry member does not comply, the Commissioner would have a range of enforcement powers at their disposal, including civil penalties for non-compliance,” the government fact sheet says.

“For harmful material that is sufficiently serious, the eSafety Commissioner would refer matters to the Australian Federal Police and state and territory law enforcement, or international networks like INTERPOL and INHOPE, as appropriate.”

Just plain offensive

For all the other stuff – that runs the non-criminal gamut from Passolini’s Salo to Rodney Rude’s displeasure with Santa Claus – which can also be covered by other codes, eSafety also gets to stick its nose in.

“eSafety would have graduated sanctions available to address breaches of industry codes under the online content scheme, including warnings, notices, undertakings, remedial directions and civil penalties,” the government fact sheet says.

Also in the mix are penalties and a takedown regime for cyber bullying directed at Australian adults, with the Office of the eSafety Commissioner saying it gets more than 40 queries per month “from adults experiencing cyber abuse”.

Reports of abuse could also trigger 24hr takedown notices, and would presumably extend to trolling, with the worst cases also referred to police.

It should be a very interesting 2020 Budget.

North Korean hackers are working with Eastern European cybercriminals: report

North Korean hackers are working with Eastern European cybercriminals: report

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals, a report said on Wednesday, a finding that suggests digital gangsters and state-backed spies are finding common ground online.

Mountain View, California-based SentinelOne says that the Lazarus Group - which American prosecutors accuse of organizing the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh - is getting access to some of its victims through a cybercrime gang dubbed "TrickBot."

"For me it's the biggest crimeware story since I don't-know-when," said Vitali Kremez of SentinelOne. "The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape."

Hints that Lazarus and TrickBot operators are cooperating had surfaced previously. In April, a BAE researcher said she and others were weighing the theory that the cybercriminals were selling access to compromised organizations to Lazarus, a bit like a fence selling stolen doorkeys to a burglar.

In July, the cybersecurity arm of Japanese telecommunications company NTT speculated that North Korea might be collaborating with Lazarus and TrickBot's operators.

Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean interbank network earlier this year, he said. American officials have also blamed the multimillion dollar heist on North Korea.

"That's the strongest possible evidence linking to a celebrated case of Lazarus intrusion," said Kremez.

Kremez said that the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis.

The judgment was seconded by Assaf Dahan of Boston-based Cybereason, which is publishing its own, separate report on Trickbot's operations Wednesday. He reviewed SentinelOne's research and said its conclusions were credible, adding that he was certain that the cybercriminals knew that they were dealing with the North Korean government.

"Whether they care or not is a different thing," he said.

Iran says it foiled "very big" foreign cyber attack

Iran says it foiled "very big" foreign cyber attack

Iran has foiled a major cyber attack on its infrastructure that was launched by a foreign government, the Iranian telecoms minister said on Wednesday, two months after reports of a US cyber operation against the country.

US officials told Reuters in October that the United States had carried out a secret cyber strike on Iran after the Sept. 14 attacks on Saudi oil facilities, which Washington and Riyadh blamed on Tehran. Iran denied involvement in the attacks, which were claimed by Yemen's Iran-aligned Houthi movement.

"We recently faced a highly organised and state-sponsored attack on our e-government infrastructure which was...repelled by the country's security shield," Mohammad Javad Azari-Jahromi, Iran's minister for communications and information technology, was quoted by the semi-official Mehr news agency as saying.

"It was a very big attack," Azari-Jahromi said, adding that details would be revealed later.

It was not clear whether Azari-Jahromi was referring to the US cyber attack, which US officials said took place in late September and targeted Tehran’s ability to spread "propaganda".

Asked about Reuters' October report of a cyber attack, Azari-Jahromi said then: "They must have dreamt it."

In late September, Iran reviewed security measures at its key Gulf oil and gas facilities, including preparedness for cyber attacks, following media reports of Washington weighing possible cyber attacks on Tehran.

The reported US cyber strike highlighted how President Donald Trump’s administration has been trying to counter what it sees as Iranian aggression while avoiding an outright military conflict.

Iran has long been on alert over the threat of cyber attacks from abroad. The United States and Israel covertly sabotaged Iran’s disputed nuclear programme in 2009 and 2010 with the Stuxnet computer virus, which destroyed a number of Iranian centrifuges that were enriching uranium.

Tensions in the Gulf have escalated sharply since Trump last year withdrew from Iran's 2015 nuclear deal with world powers and reimposed trade and financial sanctions on Tehran.


Easy Branches Global Network allows You to share Your post within our Network in any Continent or Country on the Global

Your Post