Archive for USA

US Government Introduces Legislation To Take On Big Tech

Posted in Commentary with tags on June 11, 2021 by itnerd

US House representatives have unveiled the Ending Platform Monopolies Act today with Rep. David Cicilline (D-RI) sharing a statement that I found in The Verge that aims to take big tech down a peg or two:

“Right now, unregulated tech monopolies have too much power over our economy. They are in a unique position to pick winners and losers, destroy small businesses, raise prices on consumers, and put folks out of work,” Rep. David Cicilline (D-RI) said in a statement Friday. “Our agenda will level the playing field and ensure the wealthiest, most powerful tech monopolies play by the same rules as the rest of us.”

If eventually passed in the House and Senate, that could usher in the regulation of Apple, Amazon, Facebook, and Google to ensure that they don’t have too much power. I am not sure that this is a great thing to do. But I guess we will see how this plays out.

America To Give Ransomware Attacks Similar Priority As Terrorism

Posted in Commentary with tags , on June 4, 2021 by itnerd

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters:

Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington. “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, acting deputy attorney general at the Justice Department.

Last month, a cyber criminal group that the U.S. authorities said operates from Russia, penetrated a pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom. The hack caused a shutdown lasting several days, led to a spike in gas prices, panic buying and localized fuel shortages in the southeast. Colonial Pipeline decided to pay the hackers who invaded their systems nearly $5 million to regain access, the company said.

The problem is that this won’t help as a lot of these threat actors are based in countries where the US can’t get them and toss them into jail. Here’s what will actually help:

  1. Business systems should be running ONLY applications needed to do the job, and no others.
  2. Business systems networks should be isolated from operations networks. Air Gapped as needed.
  3. Systems that need access in or out should be properly firewalled, including blocking entire countries or regions as needed.

The fact is that good IT is expensive. Bad IT is costly. We are in a place where bad IT is the norm. On top of that, it is perceived that it is much easier to have bad IT and pay the BITCOIN when they get pwned. But it isn’t cheaper. And that needs to change. When it does, this problem will get mitigated.

Bill To Strip Section 230 Protections From Internet Companies Introduced…. Is Trump Getting What He Wants?

Posted in Commentary with tags on December 10, 2020 by itnerd

I’ve talked about the fact that President Trump has been whining and complaining about nuking Section 230 which would strip the protections from nearly every internet venue with user interaction. That would include Facebook and Twitter among others. The Break Up Big Tech Act of 2020, introduced yesterday by Rep. Tulsi Gabbard (D-HI) and Rep. Paul Gosar (R-AZ), seeks to strip companies of those protections if they take supposed actions like “acting as publishers and censoring certain users.”

The legislation if passed would remove Section 230 protections from online companies that perform the following activities.

  • Selling and displaying targeted ads without a user’s consent
  • Collecting data for “commercial purposes other than the direct sale of the interactive computer service.”
  • Acting as a marketplace by “facilitate the placement of items into the stream of commerce.”
  • Employing digital products intended to “engage and addict users” to the service.
  • Acting as a publisher by using algorithms to moderate or censor content without opt-in from users

So this would effectively give Trump and conservatives who have been claiming that the Internet censors their voices what they want. Assuming that this passes. We’ll see if that actually happens or if this bill dies quietly after January 20th 2021.

Report: Trump Gave The CIA More Power To Launch Cyberattacks

Posted in Commentary with tags on July 15, 2020 by itnerd

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, Yahoo News reported, citing former U.S. officials with direct knowledge of the matter:

The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations. The finding allows the CIA to more easily authorize its own covert cyber operations, rather than requiring the agency to get approval from the White House. Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.

The “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a handful of adversarial countries,” said a former U.S. government official. These countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well, according to another former official. “The White House wanted a vehicle to strike back,” said the second former official. “And this was the way to do it.” The CIA’s new powers are not about hacking to collect intelligence. Instead, they open the way for the agency to launch offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program.

Assuming that this is accurate, I am not sure that this was a good idea. Having checks and balances to ensure that this is an option that is only used if it is truly required would likely mean that these are targeted operations by the US with a limited scope and a low chance that the target will retaliate. But now that this is out there, countries with the ability to launch these sorts of cyberattacks will likely feel that they have the green light to retaliate. Or launch larger scale cyberattacks of their own with potentially devastating effects. That has the potential to create all sorts of chaos. And it may come back to haunt the US at some point.

Tata Consultancy CEO Warns The USA On H1B Visa Freeze

Posted in Commentary with tags on July 10, 2020 by itnerd

The chief executive officer of Tata Consultancy Services which is Asia’s largest IT services firm warned that a U.S. freeze on thousands of employment visas by President Donald Trump will only raise costs for American corporations like Wall Street banks, auto manufacturers and drugmakers.

Tata Consultancy Services (TCS) CEO Rajesh Gopinathan told Bloomberg News the move has put massive stress on a huge swath of Indian-born engineers that have lived in the U.S. for years and helped support American clients, who will ultimately be the ones hurt most. His remarks were among the strongest public rebukes from India’s $181 billion IT industry since U.S. President Donald Trump’s June decree to halt approvals for a range of visas until the end of the year — including those for intra-company transfers. 

TCS and peers like Infosys have relied for years on the ability to send talent to work alongside their customers overseas, which include some of the largest electronics manufacturers and global retailers. Investors worry that the inability to do so will hurt their competitiveness in the largest international market. “The ignorance around this ruling should be addressed,” Gopinathan said via video conference on Friday. “Playing with the status of people who’ve moved away from families and committed to spending five-six years in a foreign country without immigrant status to deliver value to customers, is a short-term gimmick,” the executive said.

Now there is a bit of self interest at work here. Tata and Infosys are used by US companies because they are cheaper, not because they are better. The IT industry has been replacing competent local staff with less competent and cheaper Indian staff for years now. Every IT type like me has seen this happen. Many of us have seen the disasters these cheaper staff create and are quite happy to see curbs on H1B visas.

Here’s the flip side. This could send tech workers of all sorts running to other countries like Canada. As it stands, Canada was becoming a tech hub thanks to Trump administration policies. Now I have seen an acceleration of this because of the latest move by Trump. That cannot end well for the US.

It will be interesting to see how this plays out. My guess is that this is far from over.

DOJ Opening “Broad Antitrust Review” Of Major Tech Companies

Posted in Commentary with tags on July 24, 2019 by itnerd

If you’re Apple, Google, or Facebook, this may be a problem. As detailed by the Wall Street Journal [Likely Paywalled], the DOJ review targets practices of online platforms:

Justice Department officials said those agreements weren’t meant to be open-ended or all-encompassing. But in any case the department isn’t trying to pre-empt the FTC’s work, they said, and suggested the two agencies might explore different tech practices by the same company, as well as different legal theories for possible cases.

While companies like Facebook and Google perhaps have some “questionable” business practices, Apple perhaps doesn’t belong on this list. Though the The Wall Street Journal suggests otherwise when it comes to the App Store [Likely Paywalled]. In short, I wonder how much of this is about politics and how much of this is because there are actual problems with tech companies. I guess we’re about to find out.

Visitors To The US Will Need To Hand Over Their Social Media Info If They Need A Visa

Posted in Commentary with tags , on June 2, 2017 by itnerd

I’ve been following this story for a while now, and it’s finally become reality. The US Government has rolled out a new questionnaire for U.S. visa applicants worldwide that asks for social media handles for the last five years and biographical information going back 15 years. From the report:

The new questions, part of an effort to tighten vetting of would-be visitors to the United States, was approved on May 23 by the Office of Management and Budget despite criticism from a range of education officials and academic groups during a public comment period. Critics argued that the new questions would be overly burdensome, lead to long delays in processing and discourage international students and scientists from coming to the United States. Under the new procedures, consular officials can request all prior passport numbers, five years’ worth of social media handles, email addresses and phone numbers and 15 years of biographical information including addresses, employment and travel history.

Welcome to the world of extreme vetting. And the problem with this is that:

  1. It’s not going to work because nobody who is up to no good is going to serve up any social media information that highlights the fact that they’re up to no good. Nor are they going to make it easy enough to find. Thus I seriously doubt that a single “bad dude” is going to get caught via any sort of extreme vetting.
  2. The unintended side effect of this sort of thing is that nobody is going go to the US. That’s going to have a negative effect on the $1.6 trillion in economic output in 2015 that tourism to the US generates. And according to The IndependentThe Washington Post and even FourSquare, tourism to the US has dropped since President Trump took power in the US. And my wife and I are examples of this as we cancelled a vacation to the US and instead will be road tripping across Canada simply because we do not feel that the US is a good place to go on vacation right now. I also have really cut back on any business trips to the US since Trump became president unless I have no other choice for a similar reason. Thus in the process, depriving the US of additional revenue from the flight, hotel, car rental, restaurants, etc. that my business trips would generate.

I suspect that once jobs start disappearing and the lawsuits start getting filed regarding how overly broad this appears to be, then they may be a rethink of this. We will have to watch and see.

UPDATE: I should have mentioned that disclosing your social media is “voluntary” as per this from the Reuters story:

While the new questions are voluntary, the form says failure to provide the information may delay or prevent the processing of an individual visa application.

So, to me it sounds like you pretty much have to hand this info over if you want your visa application processed in a timely manner.

 

“Extreme Vetting” Proposal Would Require Some Visitors To US To Share Contacts & Social Media Passwords

Posted in Commentary with tags , on April 5, 2017 by itnerd

This proposal has popped up in the past, and it has been suggested long before Donald Trump became President of the USA, but it now looks like that it may actually happen. The Guardian is quoting a Wall Street Journal story that visitors from 38 countries that participate in the US Visa Waiver Program would be required to hand over mobile phone contacts, social media passwords and financial data as part of the “Extreme Vetting” proposals that are being floated by the Trump Administration. The idea is that this will be used to figure out if a visitor is up to no good.

Here’s why this is not going to work in my opinion. Nobody who is up to no good is going to serve up that information. Nor are they going to make it easy enough to find. Think fake social media handles, burner phones and the like. Not to mention that they’ll leave electronic devices at home. Thus leaving border guards with nothing to search. Plus how does a border agent quickly figure out if you’re a threat when US airports have lineups of people coming into their country if they now have troll your Facebook, Twitter, and Instagram accounts? True, there are some details missing here, but It seems incredibly cumbersome, fraught with judicial over-reach, and more to the point, I am not sure what will actually get accomplished by this. As in, will a single “bad dude” get caught by this policy?

One other point. Tourism is a huge economic driver for the US. According to my favorite search engine, it accounted for $1.6 trillion in economic output in 2015. Proposals like this will likely have the effect of driving those dollars away from the US. I’m not sure that is what the folks behind this plan had in mind when they came up with it. But it’s not going to help them get tourists. Previous tweaks to US border rules have resulted in Canadians deciding to avoid travel to the US because of stories of Canadian citizens being denied entry to the US and questioned about their faith. That’s led to school boards and even the Girl Guides of Canada banning trips to the US for fear that all those on such a trip will not be treated equally. This latest move is likely to add to this and the number of people who plan to avoid the USA is about to skyrocket as this idea seems way over the top.

What are your thoughts? Is America doing the right thing or not? Are you going to avoid travel to the US because of this? Please leave a comment below and share your thoughts?

US Government Hack Now MUCH MUCH Worse Than Originally Thought [UPDATED]

Posted in Commentary with tags , on July 10, 2015 by itnerd

You might recall that the Office Of Personnel Management was hacked recently and the info on 4 million people got nicked. But that figure was revised upward as it was proven it was not a one time event. Well, we now know the scope of the problem. It appears that the personal info on 22 million Americans is out in the wild:

That number is more than five times larger than what the Office of Personnel Management announced a month ago when first acknowledging a major breach had occurred. At the time, OPM only disclosed that the personnel records of 4.2 million current and former federal employees had been compromised.

Here’s what’s really bad. Not all of these people are government employees:

Investigators ultimately determined that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen and 1.8 million relatives and other associates also had information taken, according to OPM. That includes 3.6 million of the current and former government employees for a total of 22.1 million.

“If an individual underwent a background investigation through OPM in 2000 or afterwards … it is highly likely that the individual is impacted by this cyber breach,” OPM’s statement said today.

If this isn’t a wake up call for organizations of all shapes and sizes to get their collective acts together when it comes to cyber security, I don’t know will wake them up. This is a massive data breach where those who were responsible for protecting this info need to be hauled in front of congress to answer some tough questions on this because having this much info out there to be used in any way that some evil doer sees fit is not acceptable.

UPDATE: I guess heads are rolling as Katherine Archuleta who heads the Office Of Personnel Management has just resigned:

Ms. Archuleta went to the White House on Friday morning to personally inform Mr. Obama of her decision, saying that she felt new leadership was needed at the federal personnel agency to enable it to “move beyond the current challenges,” the official said. The president accepted her resignation.

US Government Pwned Again By Hackers…. Personal Info Stolen

Posted in Commentary with tags , on June 15, 2015 by itnerd

It turns out that this hack that resulted in the personal info of US Government employees being stolen wasn’t a one time event. The US Government acknowledged Friday that in a separate attack hackers stole highly sensitive forms used in vetting federal employees for security clearances. Here’s what AP had to say:

Deeply personal information submitted by U.S. intelligence and military personnel for security clearances – mental illnesses, drug and alcohol use, past arrests, bankruptcies and more – is in the hands of hackers linked to China, officials say.

In describing a cyberbreach of federal records dramatically worse than first acknowledged, authorities point to Standard Form 86, which applicants are required to complete. Applicants also must list contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant are required.

Lovely. Just think of what some evil doer can do with that sort of information. I can think of lots of things that hackers can do and none of it is good. If I was one of those people, I’d be very, very worried right now. This is a clear indication that the US is falling behind in terms of IT security and they seriously need to step up their game. Otherwise, they will just keep getting pwned by hackers again and again.