|
Cyber Daily: Europe's Maritime Industry Lags in Security; IRS Dismantles Child-Porn Marketplace; U.S. Links to Chinese Surveillance
|
|
|
|
|
|
Hello. Ports and shipping companies in Europe are increasingly adopting technologies such as automation or internet-connected devices to analyze data and improve services. But their cybersecurity defenses haven’t caught up, WSJ Pro’s Catherine Stupp reports from Brussels. Port operators often prioritize adopting new tools before considering how to secure them. That means hackers could intercept port communications to monitor activities and gain access to data, potentially using that information to steal cargo.
Ahead of next week’s WSJ Pro Cybersecurity Executive Forum in New York, we are asking for your help in shaping the discussions by completing this short survey. All responses will remain anonymous. If you have additional feedback, please contact WSJ Pro Research Director Rob Sloan at rob.sloan@wsj.com.
Also today: IRS agents learn bitcoin, take down child-porn marketplace; U.S. tech firms prop up Chinese surveillance program; and Google fires four employees for data-security violations.
Please note: Our newsletter won’t be published Thursday or Friday in observance of the Thanksgiving holiday in the U.S. We will be back on Cyber Monday, ready to hear your tales of e-commerce woe.
|
|
|
|
|
A cargo ship at the Port of Rotterdam, Europe's largest. PHOTO: GEERT VANDEN WIJNGAERT/BLOOMBERG NEWS
|
|
|
European maritime companies vulnerable to cybersecurity threats. Ports and shipping firms in Europe sometimes adopt new technologies without considering how to secure them, according to the European Union Agency for Cybersecurity, known as Enisa. Adding to the strain: Maritime companies tend not to share sensitive information with each other, meaning they have fewer chances to stop hackers, security experts said.
Ports in Europe have adopted new technologies, including drones to monitor operations in Rotterdam and Amsterdam and an early-stage data-analysis project to control traffic at the port of Antwerp.
The international shipping industry will soon face tougher cybersecurity rules that aim to help protect ships from hackers, but they are already outdated. New guidelines from the International Maritime Organization, part of the United Nations, are set to take effect in January 2021. The guidelines were drafted in 2016 and don’t refer to newer technologies such as artificial intelligence or cloud computing.
Read the entire story.
|
|
|
|
|
Up to 305,000
|
Number of payment cards potentially affected by a breach over nine months last year at DiBella's Old Fashioned Submarines. The sandwich chain notified customers about the incident Tuesday.
|
|
|
|
|
Inside a Child Pornography Investigation
|
|
|
|
A screenshot released last month by Britain's National Crime Agency showing the seized dark-web ‘Welcome to Video’ website. PHOTO: NATIONAL CRIME AGENCY/AFP/GETTY IMAGES
|
|
|
IRS agents hone bitcoin skills to dismantle child-porn site. After a confidential source tipped off two Internal Revenue Service investigators, the agents with multinational help had traced the financial trail of the largest online marketplace for child pornography they had ever encountered, comprising some 250,000 different videos, the WSJ reports. The story behind the takedown of the website Welcome to Video involved getting a lucky break with the right-click of a mouse, stumbling upon a selfie of someone holding a passport, and following electronic breadcrumbs left by bitcoin transactions.
Indictment: Officials from the Justice Department, the IRS and Homeland Security jointly announced an indictment in the case last month, citing the involvement of Britain’s National Crime Agency and the Korean National Police in the investigation.
Tor encryption defect: While the location of the website’s server was hidden via the open-source Tor anonymization service, which allows users to conceal their identities online, agents discovered a possible defect in the encryption. When they right-clicked on the images of videos on the site, they found they could examine the source code and see that the thumbnail images appeared to be coming from an internet address in South Korea.
Cryptocurrency isn’t 100% secret: The confidential source provided multiple bitcoin addresses, saying they were associated with the website. To confirm, DHS agents created accounts and transferred bitcoin to those addresses. They analyzed the blockchain ledgers of those bitcoin transactions and found the funds had in fact gone to addresses grouped with the ones they had been provided. Investigators subpoenaed the relevant bitcoin exchanges.
|
|
|
|
Hikvision surveillance cameras at a testing station in Hangzhou, China. PHOTO: QILAI SHEN/BLOOMBERG
|
|
|
U.S. tech companies prop up China’s vast surveillance network. U.S. companies, including Western Digital Corp., Intel Corp. and Hewlett Packard Enterprise Co., have provided components, financing and know-how to China’s surveillance industry, the WSJ reports. Several have been involved since the industry’s infancy. The firms could face reputational damage if they are seen as enabling a human-rights crisis described by Secretary of State Mike Pompeo as “the stain of the century.” They also risk losing significant business if the Trump administration decides to take stronger steps to sanction China’s surveillance program.
What the companies say: Representatives say their products can be used in any number of ways, and that convoluted supply chains limit their understanding and control over how their goods are put to use.
Billions: China’s video surveillance market reached $10.6 billion in 2018, with the government accounting for about half of those purchases, according to industry analyst IDC.
Google faces backlash after employee firing. Alphabet Inc.’s Google said in an internal memo this week it fired four employees for violating data-protection policies and now is dealing with criticism from some at the company, Bloomberg reports. At least one of the people dismissed was part of ongoing protests against Google’s business with China and other matters. Activity that led to the firing, according to the memo, included some employees collecting information through the electronic calendars of co-workers. “Screenshots of some of their calendars, including their names and details, subsequently made their way outside the company,” the memo said. Google confirmed the memo and declined to comment
further to Bloomberg.
|
|
|
|
|