This Week In Security - 05/18/2020
Privacy Advocates Fail to Block Invasive Patriot Act
An amendment to the controversial Patriot Act failed last week, giving the FBI free rein to access any American’s “internet browsing and search history data” without a warrant.
The amendment put forward by Sens. Ron Wyden and Steve Daines would have “expressly forbidden” law enforcement agencies from collecting data from citizens’ internet browsing and search history.
Senator Wyden argued that collecting data of this nature was “as close to reading minds as surveillance can get”, saying “If you know that a person is visiting the website of a mental health professional, or a substance abuse support group… you know a tremendous amount of private and personal information about that individual.”
For Wyden, the failure to adjust the Patriot Act couldn’t have come at a worse time, saying “Is it right, when millions of law-abiding Americans are at home, for their government to be able to spy on their internet searches and their web browsing without a warrant?”
The changes to the Patriot Act needed 60 votes to be passed but only secured the support of 59 senators. Four senators failed to vote, including Democrat Patty Murray who has said she would have voted in favor of the amendment.
Australian Charged For Nation-First Cybercrime
An Australian woman was arrested yesterday for illegally exchanging cash for Bitcoin. The 52-year-old was arrested in Sydney last week, earning herself the dubious notoriety of becoming the first Australian charged under the 2018 Cryptocurrency Exchange Regulations.
The arrest came at the end of a lengthy investigation dating back to November 2018 “when detectives from the State Crime Command’s Cybercrime Squad established Strike Force Kerriwah to investigate an online money-laundering syndicate operating across NSW [New South Wales]”.
Australia’s Cybercrime Squad Commander, Detective Superintendent Matthew Craft, said, “This particular investigation is believed to be an Australian first where unregistered cryptocurrency exchanges who operate have been identified”.
The woman has been charged on three counts of “knowingly dealing with proceeds of crime, and breaching a requirement regarding digital currency exchange services”.
The police seized 60,000 Australian dollars in cash (the equivalent of around $38,750) and 3.8 Bitcoin ($36,800) during the arrest in what Detective Craft referred to as “the first of many arrests I believe we will make over the coming years”.
He concluded with a warning to other illegal cryptocurrency traders, saying: “you’re being put on notice”.
Chinese Cybercriminals Need Harsher Response from the US
The US should “deploy its most powerful weapon” against Chinese cybercriminals targeting coronavirus research, says a draft notice from the FBI, and the Department of Homeland Security.
According to the report, “The greatest disparity in Washington’s use of sanctions and indictments against different adversaries is the infrequency with which the United States employs sanctions to combat Chinese hackers”.
Although he didn’t confirm the report, Assistant Attorney General for National Security, John C. Demers, told CNBC “The goal here has to be to provide economic pain for economic pain”.
According to Demers, “We have to use different tools across the government to really make sure we are denying the thief the benefit of his theft”.
The report was released just days before President Donald Trump threatened to “cut off the whole relationship” with China. Despite his fighting words, 36 of the 38 “Chinese individuals entities [accused] of conducting cyber-enabled economic and political espionage against the U.S. government and private companies… have escaped financial sanctions”.
The draft report noted that this may reflect a reluctance on the part of the US “to issue sanctions against malicious Chinese actors due to the fear of escalation or economic retaliation against American companies”.
Ohio Passes New Cybersecurity Legislation
On Wednesday last week, The Ohio House passed new legislation that will see the introduction of more stringent “state-level penalties for illegal hacking and other cybercrimes”.
Despite ranking third in the“U.S. states with the largest losses through reported cybercrime in 2019”, Ohio previously criminalized successful computer hacks only and not ineffectual attempts.
The new legislation adds several new “felony-level offenses” to the state books, “including electronic data tampering and electronic data manipulation, electronic computer service interference, computer trespass, electronic data theft, and unauthorized data disclosure”.
The bill will now head to the Senate for approval. If passed, the new laws would also mean cybercrime victims would be able “to file a civil lawsuit seeking compensation” from those convicted.
Currently, Ohio law assesses the severity of cybercrime according to “the damages suffered by the victim”. Those supporting the amendments say this is an “outdated way to measure the harm done by a cyberattack or an attempted computer breach”.
The new legislation is also designed to protect ethical hackers “even if they mistakenly go beyond the scope of what they were hired to do”.