Cybercrime

DOJ to Host Cybersecurity Roundtable on Data Breaches

Written by

On April 29, 2015, the Department of Justice’s Criminal Division will host a cybersecurity industry roundtable on data breaches. The event, which will include audience question and answer sessions, will focus on a range of recent industry developments. The event will feature a discussion of cybersecurity from the national security perspective by John P. Carlin, Assistant Attorney General in the National Security Division; a conversation on government-industry interaction featuring James C. Trainor, Acting Assistant Director of the Cyber Division at the FBI, and Stuart J. Tryon, Special Agent [...] Read more

FFIEC Issues Warnings on Malware and Cyber Attacks

Written by

The Federal Financial Institutions Examination Council (FFIEC) has issued two joint statements warning of specific cyber risks.  The warnings, which were issued on March 30, 2015, address risks arising from destructive malware, which can destroy sensitive data, and cyber-attacks that compromise user credentials.  In both statements, the FFIEC also provides guidance on how to mitigate these risks. The statement on destructive malware warns financial institutions about the increasing use of malware that successfully compromises databases and destroys the information or renders the system hosting [...] Read more

President Obama Signs Executive Order Authorizing Sanctions for Cyber Attacks, Use of Stolen Data

Written by

On April 1, 2015, the White House unveiled Executive Order 13694, which authorizes the Treasury Department to sanction entities outside of the United States that engage in “cyber-enabled activities” that are “reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.” The Executive Order (“EO”), titled “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” contemplates sanctions against entities conducting [...] Read more

President Obama Proposes Strict National Data Breach Notification Law Ahead of State of the Union

Written by

On January 12, 2015, during a speech before the Federal Trade Commission (FTC), President Barack Obama announced that he would propose legislation to create a national, uniform data breach notification law.  The White House later released the full text of the proposed bill.  The President highlighted that a national breach notification law would benefit both consumers and notifying companies by pre-empting and streamlining the current system:  “right now almost every state has a different law on this and it’s confusing for consumers and it’s confusing for companies – and it’s costly [...] Read more

Kim Peretti Addresses Cyber Risk with the National Retail Federation

Written by

The National Retail Federation featured a three-part series, “Talking Tactics,” that examined cybercrime in retail and how the industry is responding. Kim Peretti, co-chair of Alston & Bird’s Security Incident Management & Response Team and a former U.S. Department of Justice senior litigator, says mitigation planning amounts to corporate governance. “There need to be people who have the roles and responsibilities to understand the risks,” said Peretti. “And you have to establish systems and controls that are appropriate to the type of risk that the organization might [...] Read more

Data Protection Commissioners Adopt Resolution on International Cooperation

Written by

On October 14, the International Data Protection and Privacy Commissioners’ (“IDPPC”) conference adopted a resolution calling for increased enforcement cooperation among international data protection authorities. Data protection authorities from around the world participated in the IDPCC conference, including representatives from Europe, Asia, the United States (including the Federal Trade Commission), and South America. In the “Resolution on Enforcement Cooperation,” the IDPCC encourages “efforts to bring about more effective cooperation in cross-border investigation [...] Read more

Inside Counsel Talks Cybersecurity with Kim Peretti Ahead of WIPL Conference

Written by

Kim Peretti, a partner in the firm’s White Collar Crime Group, discussed cybersecurity and the upcoming Women, Influence & Power in Law Conference with Inside Counsel. “From a legal standpoint, the risk exposure for a cyberattack has continued to rapidly increase,” and senior executives and board members play an important role in their company’s cybersecurity, said Peretti. “Senior management should know it’s not just an IT issue, it’s an enterprise risk and needs to be handled as all other enterprise risks. The board and senior executives should [...] Read more

Secret Service Estimates in Follow-Up Advisory that “Backoff” Malware Affected 1,000 U.S. Businesses

Written by

On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting [...] Read more

U.S. Treasury Secretary Lew Emphasizes Cyber-Risks for Financial Institutions

Written by

In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew. To combat cyber attacks, Secretary Lew recommended that financial institutions adopt the NIST Cybersecurity Framework, stating that “every [...] Read more

International Collaboration Disrupts GameOver Zeus and CryptoLocker

Written by

On June 2, 2014, in collaboration with the European Cybercrime Centre at Europol, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) announced a multi-national effort to disrupt the GameOver Zeus botnet, an extremely sophisticated type of malware designed to steal banking and other credentials from infected computers. The DOJ and the FBI also announced that command and control servers central to CryptoLocker, a form of “ransomware” that encrypts and locks the files on victims’ computers and demands a fee in return for unlocking those files, [...] Read more