Articles Posted in Technology

Published on:

If you have been online, it is possible that a person has attempted to “catfish” you. However, you may not have been able to adequately understand it because you were not looking for the telltale signs. It is a type of an online scam, like phishing, meant to take advantage of the insecurities and loneliness of the targets. So, what is catfishing exactly? Furthermore, if you do fall to a catfishing scheme, how can you recover? Better yet, how can one protect against catfishing attempts?

What is Catfishing?

Catfishing is typically done through email or online dating websites. However, they are not exclusive methods. It can also happen on Facebook, Twitter, or other forums that allow people to interact. It involves a person promising companionship or intimate relations, and later on makes demands.  It may involve requesting photographs, confidential information, credit card information, or money. This is akin to the old “Nigerian Prince” scheme where an individual would ask for a certain amount of funds to secure funds that would later be sent to the victim. Ultimately, presuming that the culprit succeeds, then he/she takes and uses personal information to conduct financial crimes.

Published on:

Now, aside from Bitcoin and other digital currencies spawning from video games and consumer-oriented companies, it’s important to be aware that there are other types of digital currencies or so-called “cryptocurrencies.” These operate more similarly to Bitcoin in how they generally lack a centralized system that assigns value (compared to other digital currencies like virtual item trading where the items are managed by a company) and has a similar mining protocol allowing individuals to mine the currency.  Indeed, even Bitcoin had a “split” changing from one cryptocurrency to two. Why are there even alternatives? What features does one cryptocurrency have on the other? How should one evaluate the choice to enter a cryptocurrency market?

Bitcoin’s Split

In order to make Bitcoin more accessible, the system administrators for Bitcoin and other individuals prominent in the community underwent a “split” of the currency, as well as other changes to increase the speed of transaction verification. Due to the limits put in place to make Bitcoins scarce and limit the supply, the effective limit had placed a curb on growth. In response, some users chose to take a split after starting in August of this year to create a new cryptocurrency working mainly on the same system as Bitcoin, but with the ability to convert it to “bitcoin cash” and a faster mining and verification process. This would mean that Bitcoin cash would have a lower face value than Bitcoins, as they would be more plentiful. However, this would also make it potentially less secure as the blocks would grow in maximum size, and it would have a shorter history compared to Bitcoin.

Published on:

The legality of certain virtual currencies can be murky.  While some currencies, like Bitcoin, can be readily traded for goods and services, however, other virtual currencies remain where regulation is more questionable. To that point, the curators of digital economies have hired economists to better model the value of these digital commodities, creating a sort of virtual currency by accident.  However, the ecosystem behind these virtual currencies has exploded and led to new questions regarding their use and potentially illicit activities. So, what are these virtual commodities? How did they gain value? What is being done to curtail the murkier aspects?

What are these virtual currencies?

A good example of these virtual currencies comes courtesy of Valve, a company that both creates and distributes video games. For the purpose of creating more income for some of their “free-to-play” games, random prizes are given out, and can be earned in-game, and later resold via its platform. These items generally have no in-game function, and merely provide an aesthetic value. For a select few Valve games, these items can then be exchanged between players, or for currency in Valve’s store. In essence, the items can function much like tickets in an arcade, or more concerning, poker chips in a casino. Other games have similarly created digital currencies that can be shifted easily from a “real” currency to something that can be used (though not necessarily benefit) the person in game.

Published on:

Bitcoin is a cryptocurrency that has been in the news and in conversations recently for various reasons. While not all retailers will take Bitcoin, and there are fairly good reasons not to, but the cryptocurrency has really taken off.  However, despite how much the word “Bitcoin” is used, the nature of the virtual currency provokes a sort of air of mystery. Unless one researches how to find or buy it, it remains a type of investment that is more exotic than what is commonly available to consumers. Why is Bitcoin so expensive? How does one find and buy a Bitcoin?

Why is Bitcoin expensive?

To properly explain Bitcoin, it’s important to restate one of the fundamentals of economics. The value of a commodity is determined by supply and demand. When it comes to currency specifically, this translates to “the more common and easily- obtainable the currency is in the market, the price will become less in the market.” This is what’s referred to as “inflation.” The purchasing power of a currency goes down because there is more of that currency.

Published on:

In March 2017, the WannaCry ransomware attack occurred which was believed to be one of the largest ransomware attacks in history. Discussions of this past attack and who should take the blame has been previously discussed in our blog and newsletter. Now, just a few months later there has been another major cyberattack. At the end of June 2017, another large ransomware attack occurred, which has been called Petya. This ransomware attack is similar to WannaCry in that it locks up the computer files using encryption and demands a ransom in order to unlock the files. This ransomware also takes advantage of the vulnerability within the Microsoft Windows computers that have not yet updated to the latest software.

This attack began in Europe and spread to the United States. The North American Treaty Organization (NATO) says that a “state actor” was behind the Petya ransomware attack. NATO also stated that there is a possibility that the attack was not done by a state actor, but that it would have been done by a non-state actor who had the approval and support from another state. They believe this because Petya was very complex and expensive to run.  According to NATO, if it is found that Petya was done by a state actor, then it would mean that this cyberattack could potentially be viewed as an act of war.

The Petya attack has hit over 12,000 different devices in 65 countries. More than 30% of the institutions that were affected by this attack were financial organizations.  Industrial organizations, such as, utilities, oil and gas, transportation, and other companies were also targeted and it is believed that they made up half of the targets.

Published on:

The United States Supreme Court has accepted a new case that implicates cell-phone location privacy. The case of Carpenter v. United States was decided by the Sixth Circuit and now the Supreme Court will issue a decision in the future as to whether the lower court’s decision was correct. The main issue in this case is that the court will be deciding whether or not the warrantless search and seizure of historical cell phone records revealing the location and movements of a cell phone user over the course of a 127-day period is permitted by the Fourth Amendment.  In general, the Fourth Amendment protects against unreasonable searches and seizures. It also implicates the laws regarding search warrants, wiretaps, other forms of surveillance and is central to privacy laws.

What are the case facts?

In 2011, four men were arrested because they were suspected of committing a string of armed robberies at T-Mobile and Radio Shack in the Detroit area. One of the four men confessed to the crimes and told the police that a shifting group of 15 other men served as getaway drivers and lookouts. The one man who confessed gave his phone number along with the phone numbers of some of the other participants to the FBI. The FBI then reviewed the call records of the man who confessed and were able to identify the phone numbers of others that he had called around the time of the robberies.

Published on:

Identity theft is an epidemic impacting people across America. During 2016, an estimated 15.4 million consumers experienced some kind of identity theft. This is an increase from 13.1 million in 2015. Another staggering statistic is that 1 in every 16 adults in the United States is a victim of identity theft.

This increase in identity theft notwithstanding the fact that 2016 was the first year that retailers were forced to accept EMV chip cards. The belief was that by switching to these EMV chip cards it would almost entirely eliminate card cloning, which is a major type of identity theft.  Instead of lessening the amount of credit card fraud this switch has made criminals move away from card cloning and into different types of fraud. More criminals are starting to make online purchases where swiping or inserting a physical card is no longer necessary.

Over the past few years, we have seen numerous data breaches. Data breaches have been hitting financial, health, commercial, government, and education institutions. These breaches have ranged from password management services like LastPass, the OneLogin security breach, and Target security breach.  All of these different breaches compromise our data and our identity. The above companies are just a few that have been hit by a security breach.

Published on:

OneLogin recently suffered from a major security breach. This breach has compromised private and confidential information, which is managed by its datacenter. OneLogin provides a service that is used by organizations to secure their data. It is basically a password manager for corporations. It allows employees, customers, and partners to gain secure access to the company’s cloud and applications on any device.  It allows its customers to integrate other websites and services like Microsoft Office 365, Slack, Amazon Web Services, Cisco, Webex, LinkedIn, and Google Analytics. The OneLogin website says that it currently has over 2,000 enterprise customers across 44 different countries. This includes well-known companies like Indeed, Pinterest, Midas, and Yelp.

How did this breach occur?

The breach occurred because the intruders were able gain unauthorized access to the OneLogin datacenter. Alvaro Hoyos, who leads the company’s risk management, security, and compliance efforts posted a blog about the risks. He wrote that a threat actor used one of our AWS keys to gain access to the AWS platform via API from an intermediate host with another, smaller service provider in the United States.  He said his company’s staff was able to detect and stop the intrusion very quickly.

Published on:

After this month’s discussion on the statutes that prohibit the unauthorized access of email accounts and digital assets, one might wonder how these statutes may apply in a case. However, in the lengthy saga of Facebook v. Power Ventures, the Ninth Circuit issued a determination giving a bright line example of what would not be permissible under the law. So, how did Power Ventures violate these unlawful access laws? How did they attempt to move around the laws? What was Facebook’s argument, that has thus-far prevailed in the courts?

Case History

This case focuses on Power’s use of Facebook through the actions of other users.  Power, a type of social media aggregator, would allow users to “link” Facebook, Twitter, and other social media accounts to permit control from a single website.  From there, Power would “scrape” data under the permission of the Facebook users.  However, this was against Facebook’s terms and conditions.  Power would also invite users to invite others in spam-like messages, as well as deploying bots.  This ultimately resulted in an IP-based ban against Power. Yet, Power evaded those bans and defied a cease and desist letter, prompting Facebook to sue based on CAN-SPAM, Penal Code 502, and CFAA.

Published on:

What happens to a person’s digital assets when he or she passes away? They still have email, social media, and bank accounts.  This could be an uncomfortable topic.  However, any unauthorized access to a person’s online account that is password protected will constitute a violation of state or federal law.  For example, checking on a deceased relative’s emails or wrapping up any lingering business is forbidden as it can violate Section 2511 (unlawful interception) or Section 2701 (unlawful access).  Yet, California, in hopes to give an acceptable bit of leeway to the federal law has passed a new statute.  So, what is this statute? How might it allow you to take care of the lingering communications of decedents? What can a person do?

Revised Uniform Fiduciary Access To Digital Assets Act

The Act allows an individual to use either an online tool to give access to online data or digital assets, including, but not limited to, electronic communications. In the absence of a tool, a trustee, personal representative, or other fiduciary, could be named via a will or other instrument.  While this doesn’t impair the terms-of-use, it does allow a custodian (a/k/a “service provider”) to grant the fiduciary either full access to an account, sufficient access to complete the necessary task, or access to physical copies of digital assets.  Naturally, a service provider can charge for this task and does not need to disclose deleted assets.