Written by Justin Hemmings
The FBI recently published its 2017 Internet Crime Report highlighting trends and statistics compiled by the FBI’s Internet Crime Complaint Center (“IC3”) during 2017. The report compiles data from a total of 301,580 complaints which reported losses of over $1.4 billion. In addition to an explanation of the IC3’s history and operations, the report includes five “hot topics” from 2017: business email compromise (“BEC”), ransomware, tech support fraud, extortion, and the Justice Department’s Elder Justice Initiative.
Business Email Compromise: This category of attack targets
[...] Read more
Written by Justin Hemmings
On Tuesday, February 27th, the U.S. Supreme Court heard oral argument in United States v. Microsoft Corp. on whether a warrant issued under the Stored Communications Act (SCA) can compel the production of data stored outside the United States. Where Microsoft argues that the emails stored outside the United States also lie outside the reach of the SCA, the government contends that the SCA focuses on “classically domestic content,” and that Microsoft can be compelled within the U.S. to turn over records it controls regardless of where the data sought is stored.
This case began in December
[...] Read more
Written by Lauren Macon and Cara Peterman
SEC Chairman Jay Clayton issued a public statement on Cybersecurity (the “Clayton Statement”) last week, disclosing a 2016 attack on the SEC’s database of corporate filings. The intrusion exploited a vulnerability in the test filing component of the EDGAR system, a document repository for disclosures from public companies and issuers, through which the intruder was able to gain access to nonpublic (and potentially sensitive) corporate information. Though the intrusion was detected in 2016, Clayton stated that the agency learned only in August 2017 that the incident, “may have provided
[...] Read more
Written by Justin Hemmings
The Court of Appeals for the State of New York recently rejected Facebook’s appeal of its challenge to bulk search warrants issued pursuant to the Stored Communications Act (SCA) and separately challenged the warrants’ nondisclosure component. The Court affirmed the lower court’s ruling that Facebook could not appeal the rejection of its motion to quash the SCA warrant.
In this case, at the request of the Manhattan District Attorney’s Office, the New York Supreme Court issued 381 warrants directing Facebook to “retrieve, enter, examine, copy, analyze, and . . . search” the targeted
[...] Read more
Written by Privacy & Data Security Team
Last week, President Obama issued a new Presidential Policy Directive (PPD) establishing principles to govern the federal government’s response to cyber incidents, “whether involving government or private sector entities.” Titled “PPD-41,” the document also designates the lead federal agencies for so-called significant cyber incidents and creates an “architecture for coordinating the broader Federal Government response” to significant cyber incidents that is further described in an attached Annex.
PPD-41 defines a cyber incident as:
An event occurring on or conducted through
[...] Read more
Written by Privacy & Data Security Team
The Department of Justice has announced the indictment of seven Iranian hackers alleged to work for the Iranian government on charges stemming from a coordinated string of distributed denial of service (“DDoS”) attacks primarily against U.S. financial institutions from 2011 to 2013. One of the hackers is also charged with hacking into the supervisory control and data acquisition (“SCADA”) systems of a dam in Rye, New York, outside of New York City, in 2013. Loretta E. Lynch, the Attorney General of the United States, Preet Bharara, the United States Attorney for the Southern District
[...] Read more
Written by Privacy & Data Security Team
The Department of Homeland Security (“DHS”) has posted four documents on the US Computer Emergency Readiness Team (US-CERT) website to satisfy several requirements set forth in the Cybersecurity Information Sharing Act of 2015 (“CISA”). Details on the four documents are provided below.
By way of background, CISA was passed into law on December 18, 2015 and provides authorization for, among other things, the sharing of cyber threat indicators and defensive measures by and between the federal government, private entities, and state, local, and tribal governments. The law also provides
[...] Read more
Written by Privacy & Data Security Team
On February 9, 2016, President Barack Obama unveiled his new Cybersecurity National Action Plan (CNAP), a comprehensive approach to confront cybersecurity challenges. As articulated in the CNAP Fact Sheet released by the White House, CNAP takes “near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” Below are a few highlights of CNAP.
Commission on Enhancing National Cybersecurity
On
[...] Read more
