Jun 102019

Lawrence Abrams reports:

A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam.

We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit.

In this new variant, scammers are utilizing a web sites contact’s form to send messages to site owners with a subject of  “Abuse and lifetime blocking of the site – example.com. My requirements”.

Read more on BleepingComputer.

Jun 052019

Lisa Washington reports:

Ellwood City Medical Center officials are investigating whether any patient records were compromised Tuesday after a cyber attack.

The Beaver County Times reports that on Tuesday, officials from Ellwood City Medical Center said the hospital was the victim of a cyber attack.

This isn’t the first time the hospital is under scrutiny.

Read more on CBS Pittsburgh.

May 252019

This was a strange week. It started off great, but then, there I was in a private (DM) conversation on Twitter with Chris Vickery, and alluva sudden, I get a message that my Twitter account was suspended.  I refreshed the screen and got the same message.  I logged out, logged back in, and was still suspended. I checked email to see if there was anything from Twitter to explain why I might be getting a suspension notice, but there was nothing.  I logged into a second account that I use just to archive tweets (it’s a protected account with no followers so only I can see the tweets I make in it), and I found that that account was suspended too.  By now I was pretty confused.  I consulted Twitter’s help page and found a link to appeal the suspension.  But when it came time to explain the basis for my appeal, I had no idea what to write except, “Why am I suspended? This makes no sense.”

So I sent off the appeals and waited.

And waited.

And while I was waiting, I mentioned the suspension to a friend and colleague. He and I have been working together on projects and we are in the process of merging/combining our respective blogs. His @cyber_war_news Twitter account will be used by both of us in the future, so I had logged in there after he had given me the login credentials. To my dismay, I learned that Twitter had also suspended HIS account, too, and had given him no explanation of what his account had supposedly done wrong. It seemed that he was being banned because of something related to me, but what? So he appealed his account’s suspension, also. And then waited. And waited.

Twitter also suspended @cyber_war_news without providing any explanation to him, either.

Neither one of us got anything from Twitter that would explain what Twitter thought we had done wrong that violated their rules. The only thing we received from Twitter were emails asking us to confirm our email addresses for our accounts, which we did.

So people were calling me and emailing me and sending me messages asking what happened, but I had no idea what was going on or why. Had one of my stalkers filed a false complaint about me? Or was I being suspended because I had recently told Speaker Pelosi and Congress to grow a spine and start impeachment against a corrupt and treasonous president?  If so, shouldn’t half of all Twitter users be suspended?

Yesterday, I received an email from Twitter support telling me that not only was I permanently suspended for being a repeat rules violator or multiple rules violator, but that I could not even appeal this any more and they wouldn’t read anything if I tried to reply.

Insert “WTF” in your favorite language about here. To say that I was dumbfounded would be an understatement. I’ve been on Twitter almost 9 years and have never had any suspension or problem. And now I was permanently banned as repeat or multiple rules violator and I couldn’t even appeal it? How could this be? I know that as a private company, they can pretty much do whatever they want on banning users, but still, this made no sense and I felt unfairly smeared by their claims.

Twitter informed me that I’m permanently suspended for supposed violating rules.

Thankfully for me, @bmaz got involved and got @mmasnick involved. The latter was able to get someone in Twitter to actually look into things. And a few hours after Mike started reaching out to Twitter, I received another email from Twitter, saying that I was reinstated. Their email was welcome but inadequate.

After @bmaz and @mmasnick got involved, Twitter changed their decision.

When my account was unsuspended, my second locked account was also unsuspended and @cyber_war_news’s account which I had only logged into once, was also unsuspended. Twitter never sent him any explanation for taking action against his account or restoring it. Maybe they figured it was my account because I logged into it once, but really, that’s quite a leap and an assumption.

But this experience, coming too soon after they have repeatedly failed to protect me from my stalkers, has left me quite concerned about Twitter. So the following is my open letter to Twitter:

Dear Twitter,

Our relationship has lasted longer than the average marriage, but I’m truly concerned that we won’t last much longer if you don’t take some concerns more seriously and take steps to improve things. Specifically:

1. You have repeatedly failed to protect me from a few stalkers/harassers who have lied about me, defamed me, and revealed personal information about me under my real name, even though I have always taken steps to protect my real name from being thrown around the internet like that.

And you can’t say you haven’t been informed, as I told you which accounts the stalkers/harassers use, and I told you that one of them has been arrested and charged criminally and that there’s an order of protection to protect me from her. And yet she continues to post false and defamatory claims under both of those two accounts and she even hashtags my real name at times in her tweets. And you don’t see that because she deletes the tweets before you see them and you don’t allow people to send you screenshots. So she violates your rules but you don’t see it because you refuse to look at screenshots?

The other person — @jshafer817 aka @onsitedentalsys –himself a federally convicted cyberstalker/harasser — not only has “doxxed” me on more than one occasion on Twitter, but is apparently running around the internet posting that I — and he uses my real name — am the criminal blackhat known as thedarkoverlord. He has even suggested on Twitter that I am thedarkoverlord.

I’m not sure whether I should sue him for defamation or if thedarkoverlord should sue him for defamation given my lack of hacking skills.   But how many times does he get to dox me or defame me on your platform before you ban HIM as a repeat violator?

2. Now let’s consider your suspension of my account. You were obviously flat-out wrong. And apologizing for “inconvenience” is not the same as apologizing for falsely accusing me of bad behavior. You screwed up, Twitter, obviously, but how and why? Did one of my stalkers make a false claim about me that you acted upon without adequate investigation? Did you have a failure in some automated system that threw up a false flag on my account?

Don’t you think that when you do something this awful to a loyal user, you at least owe that user an explanation of HOW this error occurred and what steps you are taking to see that it doesn’t happen to that user again?

You didn’t even let me appeal your decision once I knew what the supposed infractions were. You told me I couldn’t appeal it again or any more when I hadn’t even had any chance to appeal it because you had never told me what I had supposedly done.

If Mike Masnick didn’t have a way to contact you to alert you to your mistake, I’d still be permanently banned. And so would my friend who had done nothing wrong at all except share his account with me for 3 minutes one day.

In the future, how about providing for some way for people to appeal or contact you instead of rudely telling us that we can’t appeal your permanent ban at all.

3. I realize you may not be willing to talk with me directly, even though I’m the one who nominated you all for a privacy award years ago. But my lawyers WILL be getting in touch with you — not to threaten to sue you — but to have a little talk with you about things. I hope you will talk with them.

Twitter: I *love* some of the stuff you do. I am still a huge fan of how you don’t just turn over data and let users know so we can fight subpoenas. I will always be grateful to you for the times you have done that for me and others. And I know monitoring content can be hard and that you will make mistakes. But learn from the mistakes and be transparent with us about them — and then show us some good faith effort not to make those mistakes again.

Can this cyber-marriage be saved, Twitter? I hope so.


May 232019

Kade N. Olsen, Michael F. Buchanan and Craig A. Newman of Patterson Belknap write:

Today, New York’s top financial regulator, the Department of Financial Services, announced the formation of a dedicated “Cybersecurity Division.” In a news release issued earlier today, the agency said the new division “will focus on protecting consumers and industries from cyber threats ….”

Linda A. Lacewell, the agency’s acting Superintendent, explained that “[i]ncreasingly today, counterterrorism is about cybersecurity, our biggest threat and biggest challenge …” In addition, she said that “[a]s technology changes the financial services industry, regulation must evolve and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation.”

Read more on Data Security Law Blog.

Apr 192019

Todd Ackerman reports:

MD Anderson Cancer Center is ousting three scientists in connection with concerns China is trying to steal U.S. scientific research, the first such publicly disclosed punishments since federal officials directed some institutions to investigate specific professors in violation of granting agency policies.

MD Anderson took the actions after receiving e-mails last year from the National Institutes of Health, the nation’s largest public funder of biomedical research, describing conflicts of interest or unreported foreign income by five faculty members. The agency, which has been assisted by the FBI, gave the cancer center 30 days to respond.

Read more on The Houston Chronicle.