Tag: technology

1
A JEDI Uses the Force for Knowledge and Defense: The Pentagon awards US$10billion JEDI cloud deal to Microsoft
2
Riding in cars with hackers
3
Hyp3r-misappropriation of data gets Instagram’s attention, but is enough being done?
4
Technology mightier than the Sword: US Military’s Secret Cyber Strike stifles Iranian Forces
5
The battle against phishing
6
Australian Prudential Regulation Authority (APRA) paper

A JEDI Uses the Force for Knowledge and Defense: The Pentagon awards US$10billion JEDI cloud deal to Microsoft

By Cameron Abbott and Tan Xin Ya

In October, the US Department of Defence (DoD) awarded the Joint Enterprise Defence Infrastructure (JEDI) contract to Microsoft to overhaul its IT infrastructure – a huge show of confidence in infrastructure as a service (IaaS).

The DoD’s award of the 10-year, $10 billion JEDI contract to Microsoft is an endorsement of the secure nature of Azure, Microsoft’s cloud computing service. Under this deal, Microsoft’s task is to create a globally responsive network and monitor ongoing issues such as bugs and breaches. Part of the deal involves moving sensitive data, including classified mission operations, to Microsoft Azure. The system must be fortified with robust cyber security and encryption as Microsoft bears the important responsibility for the defence of the US.

The DoD’s decision to move to the cloud is a clear signal that IaaS has come of age, considering when such a security sensitive operation is able to use the service.

Riding in cars with hackers

By Cameron Abbott, Michelle Aggromito and Alyssia Totham

Ransom-based hacking techniques have primarily been limited to the intangible. We live in a world where unauthorised access to email accounts, bank accounts, and computer systems that may otherwise be private is no longer uncommon.

In some situations, hackers demand a lump sum in return for reinstating control of the accounts and systems to its owners and managers, and otherwise refusing to pay this ransom can likely leave our information and data at the mercy of hackers.

Read More

Hyp3r-misappropriation of data gets Instagram’s attention, but is enough being done?

By Cameron Abbott, Michelle Aggromito and Alyssia Totham

Until recently, a security vulnerability in the social media platform Instagram, allowed Hyp3r to illicitly harvest millions of Instagram users’ data and track their locations.

In a similar manner to the Cambridge Analytica scandal that plagued Facebook following the 2016 US presidential election, this latest example of Hyp3r’s mass data collection was discovered through a journalistic investigation and was not uncovered by the social media platform.

Read More

Technology mightier than the Sword: US Military’s Secret Cyber Strike stifles Iranian Forces

By Cameron Abbott and Max Evans

Everyone knows the saying “the Pen is mightier than the sword”. The famous saying has been used for centuries to describe the ultimate power of words and communication over forms of violence. However, the rapid implementation and use of technology as a “combat” method doubts whether this saying is correct in a modern technological era, and begs the question as to whether technology is in fact mightier than the sword!

This dilemma is highlighted through the recent cyberstrike conducted by the United States. According to a Report by the Washington Post, in June of this year the Cyber Command of the US Military utilised a technology cyberstrike to target a significant Iranian database in the Persian Gulf. The relevant database was alleged to have been used by the IRGC, Iran’s elite paramilitary force, to damage oil takers and shipping traffic in the Persian Gulf. According to the Pentagon, the operation was in the works for weeks after Iran’s alleged attacks on two US tankers in the Gulf of Oman earlier in June, and following an attack by Iranian forces on an unmanned U.S. Surveillance drone hours earlier, the cyber-strike was immediately given the go-ahead.

Read More

The battle against phishing

By Cameron Abbott, Michelle Aggromito and Jacqueline Patishman

All over the world, organisations and individuals battle phishing. Even in systems with a high degree of security, phishing is still a risk and human failures to spot and deal with phishing can cause the best of security policies and procedures to become undone.

To fight phishing at the source, the UK’s National Cyber Security Centre (NCSC) recently achieved some success in this space through its use of email verification technology to fight phishing attacks. This technology, called ‘Synthetic DMARC’, works by assigning a DMARC record for all domains attempting to pass-off as gov.uk domains, by analysing and vetting non-existing subdomains against DNS records and building on authentication systems of the past.

Read More

Australian Prudential Regulation Authority (APRA) paper

by Jim Bulling and Julia Baldi

APRA has released an information paper on outsourcing involving shared computing services, including cloud. The paper discusses risks for outsourcing shared services and ways in which APRA regulated entities may seek to minimise these risks.

See the information paper here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.