Monday, November 11, 2024

IoT 101.1 for Leos - Obtaining Video Near Crime Scenes

How to Collect Video/Audio from Cameras at or near a Crime Scene

Step-by-Step Process

  1. Identify Relevant Cameras 
    The first responder should look for homes or businesses near the crime scene that may have surveillance cameras with potentially useful footage. Look for doorbell cameras, cameras mounted on walls, roofs and poles and cameras mounted inside windows that are facing outdoors. Nearby vehicles with cameras may have captured video.
  1. Approach the Property Owner
    The officer should approach the property or vehicle owner or resident and explain the situation, emphasizing the importance of the footage for the investigation[1][4].
  1. Request Voluntary Cooperation
    Ask the property owner if they would voluntarily consent to share the relevant footage. Many people are willing to cooperate with law enforcement in these situations[4][6].
  1. Explain the Process
    If the owner agrees, the officer should explain how they'd like to obtain the footage. This could involve:
  • Viewing the footage on-site
  • Requesting a digital copy (e.g., via email, flash drive, or SD card)[1]
  • Accompanying the owner to access and download the footage[1]
  1. Document Consent
    If the owner agrees to share the footage, the officer should document this consent, preferably in writing.
  1. Handle Refusal Professionally
    If the owner refuses, the officer should respect this decision and not attempt to coerce them. Refusal is not considered obstruction of justice[1][4].
  1. Seek a Warrant if Necessary
    If the footage is crucial to the investigation and the owner refuses to share it voluntarily, the officer should:
  • Inform their supervisor or investigative unit
  • Prepare information for a search warrant application
  • Have a judge review and approve the warrant[1][3]
  1. Execute the Warrant
    If a warrant is obtained, the officer can return to seize the footage or equipment as specified in the warrant[3].
  1. Verify Functionality
    If the owner claims the cameras weren't working, the officer may need to verify this claim, potentially through a warrant to inspect the equipment[1].
  1. Handle the Evidence Properly
    Once obtained, the footage shall be treated as evidence, properly logged and stored to maintain its integrity for potential use in court.

Additional Considerations

  • Emergency Situations: In life-threatening emergencies, some companies may provide footage without a warrant, citing applicable law[2][4]. In those exigent circumstances a follow-up court order or warrant is typically required.
  • Cloud Storage: If footage is stored in the cloud, police may need to contact the service provider directly[2].
  • Audio Recording: Officers should be aware that audio recording may have different legal implications than video in some jurisdictions[2].
  • Federal Agencies: While generally bound by the same rules, federal agencies may have additional powers in certain circumstances, such as under the Foreign Intelligence Surveillance Act[5].

Laws and policies vary by jurisdiction, so investigators should be familiar with local laws and department procedures. The goal is to balance effective law enforcement with respect for privacy rights and legal protections.

Citations:

[1] https://www.reddit.com/r/AskLEO/comments/awxn01/whats_the_process_for_police_obtaining_security/
[2] https://www.security.org/security-cameras/legality/
[3] https://www.ifrahlaw.com/ftc-beat/ding-dong-the-police-want-access-to-your-doorbell-footage-can-they-get-it/
[4] https://www.newschannel5.com/news/can-law-enforcement-access-your-home-security-cameras-consumer-reports-finds-out
[5] https://www.cnet.com/home/security/rules-for-when-police-can-seize-your-home-security-videos/
[6] https://blog.zositech.com/police-request-security-camera-footage/

Sunday, November 10, 2024

A Progressive Discipline Process

Here is a process for supervisors to consider when responding to a situation where an employee fails to follow policies, including a step-by-step training and progressive disciplinary approach:

Recommended Process for Policy Violations

  • Ensure clear policies are in place and communicated to all employees
  • Review any associated labor agreements, federal, state and local administrative and civil service rules regulations and laws that may apply to the situation.
  • Provide thorough and documented training on policies and procedures
  • Document any policy violations thoroughly
  • Follow a progressive discipline process for violations

Step-by-Step Training and Progressive Discipline Process:

  1. Initial Training

  • Provide comprehensive on-boarding and policy training for all new hires
  • Conduct regular refresher training on key policies for all employees
  • Document employee completion of policy training
  1. Verbal Warning

  • Meet privately with employee to discuss policy violation
  • Explain which policy was violated and why it's important
  • Allow employee to explain their perspective
  • Clarify expectations going forward
  • Document the conversation and warning
  1. Written Warning

  • Meet with employee to review continued or repeated violation
  • Provide the written warning detailing the infraction
  • Include consequences of further violations
  • Have employee sign to acknowledge receipt
  • Place the documentation in the employee's file
  1. Performance Improvement Plan

  • Develop a formal plan with specific goals and timeline
  • Meet to review the plan and expectations with employee
  • Schedule regular check-ins to assess progress
  • Document all meetings and progress
  1. Final Written Warning

  • Issue final written warning for ongoing issues
  • Clearly state that termination is next step
  • Have employee sign to acknowledge
  • Place in employee's file
  1. Suspension

  • Consider unpaid suspension for serious violations
  • Typically 1-5 days depending on severity
  • Provide written notice of suspension terms
  • Use time to determine if termination is warranted
  1. Termination

  • Meet with employee to terminate employment
  • Provide written notice of termination
  • Explain reasons for termination
  • Follow proper offboarding procedures

Key Principles:

  • Be consistent in applying discipline
  • Document all steps thoroughly
  • Provide opportunities for improvement
  • Consult HR and legal counsel as needed throughout the process

References:

AIHR. (2023). HR compliance: A practical guide for 2025. https://www.aihr.com/blog/hr-compliance/

Nolo. (n.d.). What is progressive discipline for employees? https://www.nolo.com/legal-encyclopedia/employee-progressive-discipline-basics-30242.html

Paychex. (2023). Progressive discipline policy & why it's important. https://www.paychex.com/articles/human-resources/what-is-progressive-discipline-policy

Sunday, November 03, 2024

The Internet of Things Revolution: Challenges, Opportunities & the NIST IoTAB Report

The Internet of Things (IoT) has emerged as a transformative force in our interconnected world, promising to revolutionize industries and enhance our daily lives. However, with great potential comes great responsibility, and the adoption of IoT technologies presents numerous challenges. To address these challenges and provide recommendations for accelerating IoT growth in the United States, the National Institute of Standards and Technology (NIST) established the IoT Advisory Board (IoTAB).

Key Findings from the IoTAB 2024 Report

Privacy Concerns

Privacy issues remain a significant barrier to widespread IoT adoption. The IoTAB report highlights several areas of concern and made over 100 recommendations.

  1. Children's Privacy: As IoT devices become more embedded in children's daily lives through smart toys and educational tools, protecting their privacy is crucial.
  1. Extended Reality (XR) and IoT: The merger of XR technologies with IoT raises significant privacy concerns due to the vast amounts of personal data collected.

Cybersecurity Risks

IoT cybersecurity concerns pose a major obstacle to widespread adoption. The report emphasizes the need for continuous monitoring and adaptation of security measures to stay ahead of evolving cyber threats targeting IoT devices.

National Security and Economic Risks

The dominance of Chinese companies in the IoT module market poses serious national security and economic risks. With Chinese companies accounting for 64% of the global market and projected to dominate the $67 billion IoT module market by 2030, there are concerns about the limited presence of U.S. companies in this crucial sector.

Smart Communities and Healthcare

The development of smart communities in the U.S. is progressing slowly and unevenly. Meanwhile, IoT is poised to revolutionize healthcare but faces significant challenges, particularly in terms of security and privacy concerns related to sensitive health data.

Recommendations and Implementation Prospects

The IoTAB report offers over 100 recommendations to address these challenges. Some key recommendations include:

  1. Creating internationally compatible data minimization guidance for IoT devices.
  2. Strengthening cybersecurity measures across IoT supply chain networks.
  3. Passing comprehensive federal privacy legislation that includes IoT-specific provisions.
  4. Promoting "Privacy by Design" in IoT device development and implementation.
  5. Establishing clear policies for third-party data sharing and IoT device data use.

Likelihood of Implementation

What will become of the report and the recommendations? The implementation of these recommendations depends on the political will of the Executive Branch and Congress. Here's an unscientific analysis of the potential outcomes:

Executive Branch Actions:

  • Likely to create data minimization guidance and strengthen cybersecurity measures.
  • Probable promotion of "Privacy by Design" principles.
  • Moderate likelihood of developing privacy transparency mechanisms.

Congressional Actions:

  • Passing comprehensive federal privacy legislation remains uncertain.
  • Moderate likelihood of including IoT-specific provisions in privacy legislation.
  • Possible implementation of privacy disclosures on device labels, though challenges may arise.

Joint Executive and Congressional Actions:

  • Moderate likelihood of encouraging plain language in IoT privacy policies.
  • Less likely to endorse universal opt-out signals for IoT devices in the short term.

Conclusion

The IoT Advisory Board's October 2024 report serves as a wise roadmap for navigating the complex landscape of IoT adoption in the United States. By addressing key challenges such as privacy concerns, cybersecurity risks, and economic implications, the report provides an overview of the obstacles that must be overcome to realize the full potential of IoT technologies.

As we continue to embrace the IoT revolution, policymakers, industry leaders, and stakeholders should heed these recommendations to ensure a secure, privacy-conscious, and economically beneficial implementation of IoT technologies across various sectors. Only by addressing these challenges can we unlock the full potential of IoT and pave the way for a more connected and innovative future.

Reference

Internet Of Things Advisory Board. (October 2024). Report of the Internet of Things (IoT) Advisory Board (IoTAB). https://www.documentcloud.org/documents/25248153-the-iot-of-things-oct-2024-508-final_1



Monday, October 21, 2024

Mobile Phone Hacking: Warning Signs and Prevention



Our smartphones are an integral part of our lives, storing vast amounts of information. Unfortunately, this makes them prime targets for hackers. Recognizing the signs of a hacked phone and taking preventive measures is important for protecting your privacy and security.

Signs Your Phone May Be Hacked

Unusual Battery Drain

If your phone's battery is depleting much faster than usual, it could be a sign that malicious software is running in the background, consuming extra power[1].

Unexpected Data Usage Spikes

A sudden increase in data usage without changes in your online habits might indicate that a hacker is using your phone to transfer data or run background processes[1][5].

Strange Pop-ups and Ads

An abundance of pop-up ads, especially when you're not using your browser, could be a sign of adware infection[1][3].

Unfamiliar Apps

The appearance of apps you don't remember downloading is a red flag. Hackers can use these to gain access to your device or steal information[3][5].

Unusual Account Activity

If you notice unauthorized changes to your online accounts or unexpected password reset emails, your phone may have been compromised[3].

Performance Issues

Slow performance, frequent crashes, or your phone heating up for no apparent reason could indicate malware running in the background[1].

Mysterious Calls or Messages

If you see outgoing calls or messages in your logs that you didn't make, it's possible someone has gained control of your phone[7].

Preventing Phone Hacks

To protect your mobile device from hackers, consider implementing these preventive measures:

Keep Your Phone Updated

Regularly update your phone's operating system and apps. These updates often include critical security patches[4][5].

Use Strong Authentication

Enable two-factor authentication (2FA) for your accounts and use complex, unique passwords. Consider using a password manager to help manage them[5][7].

Be Cautious with App Downloads

Only download apps from official app stores and check reviews and permissions before installing[5][6].

Avoid Public Wi-Fi

Use a VPN when connecting to public Wi-Fi networks to encrypt your data and protect your privacy[5][6].

Enable Remote Wiping

Set up features that allow you to remotely lock or erase your phone if it's lost or stolen[5].

Install Security Software

Use reputable mobile security software to protect against malware and other threats[5][6].

Be Wary of Phishing Attempts

Don't click on suspicious links in emails or text messages, as these could lead to malware installation or credential theft[6].

Regularly Back Up Your Data

Maintain regular backups of your phone's data. This can help you recover your information if your device is compromised[4].

By staying vigilant and following these preventive measures, you can significantly reduce the risk of your phone being hacked. Remember, your mobile security is in your hands – stay informed and proactive to keep your digital life safe.

Citations:
[1] https://www.avast.com/c-phone-hacking-signs
[2] https://us.norton.com/blog/how-to/how-to-remove-a-hacker-from-my-phone
[3] https://www.mcafee.com/blogs/mobile-security/help-i-think-my-phones-been-hacked/
[4] https://consumer.ftc.gov/articles/how-protect-your-phone-hackers
[5] https://www.mcafee.com/blogs/family-safety/how-do-hackers-hack-phones-and-how-can-i-prevent-it/
[6] https://www.mcafee.com/blogs/mobile-security/7-tips-to-protect-your-smartphone-from-getting-hacked/
[7] https://www.kaspersky.com/resource-center/threats/how-to-stop-phone-hacking
[8] https://us.norton.com/blog/malware/is-my-phone-hacked

Sunday, October 20, 2024

Emotional Welfare & Cyber-Career Survival

Some references & resources to assist in identifying and understanding various sources of stress and practicing relaxation techniques.

Reducing workplace stress
University of Illinois - Reducing workplace stress.
http://www.urbanext.uiuc.edu/familyworks/stress-04.html


How to help a suicidal person
From Psych Central.

http://www.metanoia.org/suicide/whattodo.htm

Post traumatic stress
National Center for PTSD - post traumatic stress.
http://www.ptsd.va.gov/public/pages/help-for-veterans-with-ptsd.asp


Mental Health Matters
Links to subjects including: disorder, treatments and medications.
http://www.mental-health-matters.com/

Various Natural Health Solutions
Health World, Relaxation techniques.
http://www.healthy.net/

Screening tests
Anxiety Disorders Association of America, Screening tests.
http://www.adaa.org/living-with-anxiety/ask-and-learn/faqs#n327

Suicides among sex offenders

Pritchard, C. and King E., (2005). Differential suicide rates in typologies of child sex offenders in a 6-year consecutive cohort of male suicides. International Academy for Suicide Research. Vol.9.No.1. 

Health Insite
A non-commercial, Australian government-funded health information service, aimed to improve well being by providing access to health information and services.
http://www.healthinsite.gov.au/topics/Mental_Illnesses

 
Supporting heroes in mental health foundation
S.H.I.F.T. Supporting heroes in mental health foundation training. (2012).
www.shiftwellness.org

Work exposure to child pornography

Wolak, J. and Mitchell K.J. (November 2009). Work exposure to child pornography in ICAC Task Forces and affiliates. Crimes Against Children Research Center. https://www.unh.edu/ccrc/sites/default/files/media/2022-03/work-exposure-to-child-pornography-in-icac-task-forces-and-affiliates.pdf

Police suicide statistics
Kulbarsh,P. (September 8, 2010). Officer.com. 2009 Police suicide statistics.
http://www.officer.com/article/10232405/2009-police-suicide-statistics

Saturday, October 05, 2024

Citing Sources in the Era of Artificial Intelligence

In the era of Artificial Intelligence, proper citation practices have become increasingly vital for maintaining academic integrity and distinguishing human-authored content from AI-generated text. 

As reported by the American Psychological Association, in-text citations and full APA style references play a crucial role in avoiding plagiarism, verifying information, and facilitating further research in an academic landscape transformed by AI technologies.
Learn more here: https://www.perplexity.ai/page/citing-sources-in-the-era-of-a-9WJsmq3JR5iyx1tfdxBKdw

Reference

Kardasz, F. (Editor). (2024). Citing Sources in the Era of Artificial Intelligence. https://www.perplexity.ai/page/citing-sources-in-the-era-of-a-9WJsmq3JR5iyx1tfdxBKdw

Sunday, September 29, 2024

The Matter Standard, IoT Devices & Law Enforcement

By Dr. Frank Kardasz, September 29, 2024

Editor: Ava Gozo

Here is an overview of the Matter Standard and its implications for law enforcement, first responders, investigators, and prosecutors.

The Matter Standard

Matter is a relatively new open-source smart home standard designed to simplify the IoT ecosystem and improve interoperability between devices from different manufacturers[3][4]. Developed by the Connectivity Standards Alliance (CSA), Matter aims to create a unified protocol for smart home devices to communicate seamlessly, regardless of brand or platform[3].

Key Features of Matter

  • Interoperability: Devices from different brands can work together natively[6].
  • Simplicity: Easy to purchase and use for consumers[6].
  • Security: Utilizes end-to-end encryption to protect communications between devices[3].
  • Offline functionality: Devices can work without constant internet connection[5].
  • Multi-admin capability: Allows multiple users to control devices[3].

Implications for Law Enforcement, First Responders, Investigators, and Prosecutors

The adoption of the Matter Standard in smart home devices has several important implications for professionals in law enforcement and legal fields:

1. Enhanced Data Collection and Evidence Gathering

  • Broader device compatibility: Matter-enabled devices from various manufacturers can potentially provide a more comprehensive view of a crime scene or incident.
  • Offline data: The ability of Matter devices to function offline may allow for data collection even when internet connectivity is disrupted[5].

2. Improved Emergency Response

  • Seamless integration: First responders may have easier access to critical information from various smart home devices during emergencies.
  • Real-time data: Matter's low-latency communication could provide more up-to-date information to emergency services[5].

3. Cybersecurity Considerations

  • Standardized security: Matter's focus on security may lead to more consistent protection across devices, potentially reducing vulnerabilities[3].
  • New attack vectors: As with any new technology, Matter may introduce new cybersecurity challenges that investigators need to be aware of.

4. Legal and Privacy Implications

  • Data ownership: The multi-admin feature of Matter raises questions about data ownership and access rights in investigations[3].
  • Cross-platform evidence: Prosecutors may need to consider how evidence from Matter-enabled devices across different platforms is collected and presented in court.

5. Forensic Analysis

  • Standardized protocols: Matter's unified approach may simplify forensic analysis of smart home devices.
  • Offline data recovery: The ability to work offline could provide new opportunities for data recovery in investigations[5].

Conclusion

The Matter Standard represents a significant shift in the smart home ecosystem, with potential far-reaching implications for law enforcement, first responders, investigators, and prosecutors. As this technology becomes more widespread, professionals in these fields will need to adapt their practices to effectively leverage the benefits and address the challenges presented by Matter-enabled devices.

It is important for these professionals to stay informed about the development and implementation of the Matter Standard, as it will likely influence future investigations, emergency responses, and legal proceedings involving smart home technologies.

Citations:
[1] https://www.americanbar.org/groups/criminal_justice/standards/ProsecutionFunctionFourthEdition/
[2] https://www.americanbar.org/groups/criminal_justice/publications/criminal_justice_section_archive/crimjust_standards_pinvestigate/
[3] https://lembergsolutions.com/blog/matter-protocol-smart-home-industry
[4] https://www.pcmag.com/explainers/matter-explained
[5] https://www.androidpolice.com/matter-smart-home-standard-explained/
[6] https://csa-iot.org/all-solutions/matter/

Sunday, August 18, 2024

Fake Reviews & the FTC Response: Hope for the Consumer

Dr. Frank Kardasz (Ed.D.) Editor Ava Gozo

The prevalence of fake reviews in online marketplaces is a significant issue, affecting consumers and businesses. Fabricated reviews distort consumer perceptions, leading to poor purchasing decisions and undermining trust in online platforms. Research indicates that around 30% of online reviews are fake, with platforms like Amazon experiencing even higher rates, where about 43% of reviews on top products are fabricated. The financial impact is substantial, with fake reviews estimated to cost U.S. businesses nearly $152 billion annually. Fake reviews are a form of fraud. In response, the Federal Trade Commission (FTC) introduced rules to combat fake reviews and deceptive marketing practices, aiming to protect consumers and ensure fair competition.

The Problem of Fake Reviews

Fake reviews are not isolated incidents but rather a sophisticated attempt to manipulate consumer behavior and market competition. They can lead consumers to choose lower-quality products, as demonstrated in studies where fake positive reviews influenced consumer choices towards inferior products. The trust in online reviews is crucial for consumer decision-making, with 93% of consumers stating that online reviews impact their purchasing decisions. The manipulation of reviews, whether through creating fake positive reviews or suppressing negative ones, undermines the credibility of online review systems and can damage the reputation of honest businesses.

FTC's Response to Fake Reviews

In light of the problem, the FTC introduced a rule aimed at eliminating these deceptive practices. The rule focuses on several key areas:

  • Prohibition of Fake Reviews and Testimonials: The rule bans the creation, sale, and purchase of fake consumer reviews and testimonials, including those generated by AI or other deceptive means.
  • Incentivized Reviews: Businesses are forbidden from offering compensation or incentives for reviews that express a specific sentiment, whether positive or negative. This includes both explicit and implicit offers of incentives.
  • Insider Reviews: The rule prohibits company insiders, such as employees or managers, from writing reviews without clear disclosure of their connection to the business. It also restricts businesses from disseminating such reviews if they knew or should have known about the insider connection.
  • Misleading Review Websites: Companies are barred from misrepresenting that a website they control provides independent reviews, ensuring transparency and honesty in how reviews are presented to consumers.
  • Review Suppression: The rule outlaws the use of legal threats or intimidation to suppress negative reviews. Businesses cannot misrepresent the completeness of reviews displayed on their platforms.
  • Social Media Influence Manipulation: The FTC prohibits the sale or purchase of fake social media indicators, such as followers or likes, when these are used to misrepresent influence for commercial purposes.

Penalties for Non-Compliance

The FTC has established penalties for businesses that fail to comply with the new rule:

  • Monetary Fines: The FTC can seek civil penalties of up to $52,000 per violation for businesses found in violation of the rule. This penalty applies to each instance of a prohibited action, such as creating, selling, or buying fake reviews and testimonials.
  • Scope of Violations: The penalties apply to various deceptive practices, including the use of AI-generated fake reviews, insider reviews without proper disclosure, and the buying or selling of fake social media indicators like followers or likes.
  • Court Discretion: While the maximum penalty is set at $52,000 per violation, courts have the discretion to impose lower penalties depending on the circumstances of each case.

Conclusion

The FTC's rule against fake reviews represents an effort to clean up the digital marketplace. The rule aims to foster an improved environment for businesses and an attempt to protect consumers. This regulation is set to take effect 60 days after its publication in the Federal Register, marking an enhancement in the FTC's enforcement capabilities. As fake reviews continue to be a significant problem across various platforms, the need for continued vigilance and stricter enforcement measures remains critical. It remains to be seen whether or not the new rules can be effectively enforced to slow the proliferation of fake reviews.

References

Akesson, J. (November, 2023). National Bureau of Economic Research. (n.d.). https://www.nber.org/papers/w31836

Entrepreneur. (July, 2023). FTC proposes rule to protect consumers from fake reviews. Retrieved from https://www.entrepreneur.com/business-news/ftc-proposes-rule-to-protect-consumers-from-fake-reviews/455215

Exploding Topics. (December, 2023). Online review stats. https://explodingtopics.com/blog/online-review-stats

Federal Trade Commission. (2024, August). Federal Trade Commission announces final rule banning fake reviews and testimonials. FTC. https://www.ftc.gov/news-events/news/press-releases/2024/08/federal-trade-commission-announces-final-rule-banning-fake-reviews-testimonials 

InvespCRO. (May, 2023). Fake reviews statistics. https://www.invespcro.com/blog/fake-reviews-statistics/

Sahut, J. (March, 2024). ScienceDirect. https://www.sciencedirect.com/science/article/abs/pii/S0148296324000766

Song, Y. (September, 2023). ScienceDirect. https://www.sciencedirect.com/science/article/abs/pii/S0148296323003296

WiserNotify. (n.d). Fake review stats. https://wisernotify.com/blog/fake-review-stats/

Saturday, August 17, 2024

QUIZ: Test Your IoT Knowledge

 


Click the links to test your knowledge about (IoT)

 

Quiz 1 - Basics:   https://forms.gle/rgJbxyWcnXVk8r1p7
 

Quiz 2 - Architecture:   https://forms.gle/QcWXzjF7QqZTVAar5
 

Quiz 3 - Security:   https://forms.gle/jzYcsYWZWLRGmd3c9
 

Quiz 4 - Applications:   https://forms.gle/3wvLr1CQDavfNk437
 

Quiz 5 - Technologies:   https://forms.gle/LLLCydSd3o8fG7rh7
 

Quiz 6 - Standards & Protocols:   https://forms.gle/K4Hkuu52TqGbNBew8

 

Editor: Ava Gozo.

 


Thursday, August 15, 2024

Smart Fabric that Creates Electricity

Dr. Frank Kardasz, (Ed.D.) Editor: Ava Gozo.

August 15, 2024

Researchers at the University of Waterloo developed a smart fabric that can convert body heat and solar energy into electricity, paving the way for a new era in wearable technology[1][2]. This material offers multifunctional sensing capabilities and self-powering potential, eliminating the need for external power sources or frequent recharging[1][3].

Key Features and Applications

Energy Harvesting: The fabric can generate electricity from both body heat and sunlight, making it a versatile power source for various applications[1]. When embedded in a mask, it can convert body heat into electricity using the temperature difference between the body and the environment[1].

Health Monitoring: The smart fabric can be integrated with sensors to monitor heart rate, temperature, and even detect chemicals in breath[1]. This capability opens up possibilities for early detection of viruses, lung cancer, and other diseases[1].

Performance Tracking: Athletes could use this fabric to track their performance without the need for bulky wearables[1].

Joint Health Assessment: The fabric's exceptional strain sensing capabilities allow for monitoring body joint conditions through its deformation[1].

Technical Innovations

The researchers combined materials like MXene and conductive polymers with cutting-edge textile production methods to create this smart fabric[1]. A sticky polydopamine (PDA) layer is applied to nylon fabric, creating a surface that attracts MXene particles through hydrogen bonds[1]. This structure results in a stretchy thermoelectric fabric that is more stable, durable, and cost-effective than existing market alternatives[1][3].

Advantages Over Current Wearable Technology

  1. Self-powering: Eliminates the need for batteries or external power sources[1][3].
  2. Durability: The fabric's functionality remains stable for extended periods, even after washing, crumpling, or folding[4].
  3. Comfort: Being stretchable, waterproof, and breathable, the material can be comfortably integrated into wearables[4].
  4. Versatility: Can be used for various applications, from health monitoring to energy harvesting[1][2].

Future Developments

The research team plans to enhance the fabric's performance and integrate it with electronic components[1]. They aim to develop a smartphone application that would collect and transmit health data directly to healthcare providers, enabling continuous, non-invasive health monitoring[1].

Potential Impact

This smart fabric technology could revolutionize various sectors:

  1. Healthcare: Enabling continuous, non-invasive health monitoring and early disease detection[1].
  2. Sports and Fitness: Providing athletes with seamless performance tracking capabilities[1].
  3. Environmental Monitoring: Facilitating data collection for AI-driven analysis in various fields[1].
  4. Energy Conservation: Harnessing renewable energy sources for powering wearable devices[1][2].

Challenges and Considerations

While the smart fabric shows great promise, there are potential challenges to consider:

  1. Cost: The production cost and scalability of the technology are not yet clear[4].
  2. Privacy Concerns: Continuous health monitoring may raise data privacy issues that need to be addressed.
  3. Regulatory Approval: Medical applications of the technology would require rigorous testing and approval processes.

For Bad or for Good

This innovative smart fabric technology, while promising for various beneficial applications, could potentially be exploited by both criminals and law enforcement in ways that raise ethical concerns. Criminals might use the fabric's sensing capabilities to create undetectable surveillance devices, monitoring victims' vital signs or movements without their knowledge. They could also exploit the energy-harvesting feature to power covert listening devices or tracking systems for extended periods without needing to replace batteries.

On the law enforcement side, the technology could be used to develop "smart uniforms" that continuously monitor officers' stress levels and physical conditions during high-risk situations. However, this same capability could be misused for unauthorized surveillance of citizens, potentially infringing on privacy rights. The fabric's ability to detect chemicals in breath could be employed in covert drug testing operations, bypassing normal legal procedures.

Additionally, the technology might be integrated into prison uniforms to track inmates' locations and vital signs, which, while potentially enhancing security, could be seen as a violation of prisoners' rights if implemented without proper oversight. As with many technological advancements, the ethical use of this smart fabric will largely depend on the regulations and safeguards put in place to govern its application in both public and private sectors.

Conclusion

The development of this smart fabric represents a leap forward in wearable technology. By combining energy harvesting capabilities with multifunctional sensing, it addresses many of the limitations of current wearable devices. As research continues and the technology is refined, we can expect to see a range of applications emerge, from healthcare and fitness to environmental monitoring and beyond. Proponents believe that this innovation has the potential to transform how we interact with technology in our daily lives, making it more seamless, efficient, and integrated.

Citations:
[1] https://interestingengineering.com/innovation/fabric-generates-electricity-from-body-heat
[2] https://scienceblog.com/546859/solar-powered-smart-fabric-heralds-new-era-in-wearable-tech/
[3] https://www.theengineer.co.uk/content/news/thermoelectric-fabric-shows-multifunctional-sensing-capabilities
[4] https://www.freethink.com/hard-tech/smart-fabric
[5] https://magazine.mindplex.ai/mp_news/smart-fabric-for-sensing-and-energy-harvesting/

Privacy Nightmare: National Public Data Hacked

 

Editor: Ava Gozo. August 15, 2024.

A massive data breach allegedly occurred at National Public Data, a company that provides background checks and public records data. Here are the key details:

The Breach

National Public Data reportedly suffered a data breach that exposed the personal information of approximately 2.9 billion people[1][2]. The breach is believed to have occurred in late December 2023, with potential data leaks in April 2024 and summer 2024[2].

Stolen Information

The compromised data allegedly includes:

  • Full names
  • Email addresses
  • Phone numbers
  • Social Security numbers
  • Mailing addresses[2]

Hacking Group Involvement

A hacking group known as USDoD claimed responsibility for the breach. They allegedly offered the stolen database, which is about 4 terabytes in size, for sale on the dark web for $3.5 million[3][4].

Timeline & Discovery

  • April 2024: The hackers reportedly posted the database on a dark web forum for sale[4].
  • July 2024: Some individuals learned their data was compromised through identity theft protection services[3].
  • August 2024: The breach gained widespread media attention, and a class-action lawsuit was filed in Florida[3][4].

National Public Data's Response

National Public Data acknowledged the incident on its website, stating they are cooperating with law enforcement and governmental investigators. They have implemented additional security measures to prevent future breaches[2].

Uncertainty Surrounding the Breach

As of mid-August 2024, there was still some uncertainty about the full extent and details of the breach. Some experts expressed caution about the reported scale of the incident, citing technical difficulties in exfiltrating such a massive amount of data undetected[4].

Recommended Actions

If you believe your data may have been compromised:

  1. Monitor your financial accounts closely.
  2. Contact the three major U.S. credit reporting agencies for free credit reports.
  3. Consider freezing your credit.
  4. Stay vigilant for potential phishing attempts.
  5. Change passwords for sensitive accounts.
  6. Consider signing up for identity theft protection services[2][3].

As the situation continues to develop, it's advisable to stay informed about any updates or official communications from National Public Data regarding the breach.

References

USA Today. (2024, August 15). 2.9 billion records stolen in Social Security data hack, USDoD claims. https://www.usatoday.com/story/tech/2024/08/15/social-security-hack-national-public-data-breach/74807903007/ Pocono Record. (2024, August 14). What to do if your data was leaked in the 

National Public Data leak. https://www.poconorecord.com/story/news/2024/08/14/what-to-do-if-your-data-was-leaked-in-the-national-public-data-leak/74796229007/  

News4Jax. (2024, August 15). Billions of people possibly compromised after National Public Data breach. https://www.news4jax.com/news/local/2024/08/15/billions-of-people-possibly-compromised-after-national-public-data-breach/  

SecurityWeek. (n.d.). Unconfirmed hack of 2.9 billion records at National Public Data sparks media frenzy amid lawsuits. https://www.securityweek.com/unconfirmed-hack-of-2-9-billion-records-at-national-public-data-sparks-media-frenzy-amid-lawsuits/  

YouTube. (n.d.). [Video]. https://www.youtube.com/watch?v=C6-qEt3KOFs 

Citations 

[1] https://www.usatoday.com/story/tech/2024/08/15/social-security-hack-national-public-data-breach/74807903007/
[2] https://www.poconorecord.com/story/news/2024/08/14/what-to-do-if-your-data-was-leaked-in-the-national-public-data-leak/74796229007/
[3] https://www.news4jax.com/news/local/2024/08/15/billions-of-people-possibly-compromised-after-national-public-data-breach/
[4] https://www.securityweek.com/unconfirmed-hack-of-2-9-billion-records-at-national-public-data-sparks-media-frenzy-amid-lawsuits/
[5] https://www.youtube.com/watch?v=C6-qEt3KOFs

Monday, August 05, 2024

Lessons from the CrowdStrike Blue-Screen-of-Death Crisis

Editor: Ava Gozo

Introduction 

In July 2024, a significant global technology disruption occurred due to a problematic software update released by CrowdStrike, a leading cybersecurity firm. This incident led to widespread computer outages and the notorious "Blue Screen of Death" (BSOD) on Windows systems across various industries worldwide. The event had profound implications, affecting airlines, banks, healthcare providers, and other critical sectors. This report review the details of the incident, its impact, and the subsequent responses from CrowdStrike and affected parties.

The Incident

What Happened?

On July 19, 2024, CrowdStrike released a content configuration update for its Falcon sensor, a software designed to protect against cyber threats. This update, intended to gather telemetry on potential novel threat techniques, inadvertently caused Windows systems to crash, displaying the BSOD. The issue affected Windows hosts running sensor version 7.11 and above that were online during the update window[2][3].

Immediate Impact 

The faulty update led to a global outage, impacting numerous organizations, including airlines, banks, healthcare providers, and government agencies. The BSOD, a familiar error screen for Windows users, indicated that the operating systems had crashed and were unable to function properly. This caused significant disruptions, including flight cancellations, halted banking services, and interrupted healthcare operations[4][6][8].

Key Affected Sectors

Airlines

Delta Air Lines was one of the most severely impacted companies. The outage rendered Delta's essential crew tracking system inoperable for nearly a week, leading to the cancellation of approximately 30% of its flights over five days and affecting an estimated half a million travelers. Delta's CEO, Ed Bastian, estimated the financial impact at $500 million[1][6].

Banking and Financial Services

Banks and financial institutions worldwide experienced disruptions in their operations. The inability to access critical systems led to delays in transactions and other financial services, causing frustration among customers and potential financial losses for the institutions involved[5][8].

Healthcare

Healthcare providers faced significant challenges due to the outage. The inability to access patient records and other critical systems disrupted medical services, potentially putting patient health at risk. The incident underscored the vulnerability of healthcare systems to technological failures[6].

Other Sectors

Other sectors, including telecommunications, retail, and even public services like emergency response systems, were affected. The widespread nature of the outage highlighted the interconnectedness of modern technology and the cascading effects of a single point of failure[3][6][8].

Responses and Remediation

CrowdStrike's Response

CrowdStrike quickly identified the issue and deployed a fix within hours of the incident. The company reverted the faulty update and provided a workaround for affected users to restore their systems. CrowdStrike's CEO, George Kurtz, issued a public apology and emphasized the company's commitment to transparency and customer support during the recovery process[2][3][8].

Delta Air Lines' Reaction

Delta Air Lines publicly criticized CrowdStrike for the outage and announced its intention to seek compensation for the financial losses incurred. Delta's CEO claimed that CrowdStrike had not provided adequate support during the crisis, a claim that CrowdStrike disputed, stating that Delta had declined offers of assistance[1][6][7].

Global Impact and Recovery

The global scale of the outage meant that recovery efforts varied across different regions and sectors. While some organizations were able to restore their systems relatively quickly, others, like Delta, faced prolonged disruptions. CrowdStrike reported that over 97% of affected Windows sensors were back online within a week, but full recovery took longer for some entities[8].

Lessons Learned and Future Prevention

Importance of Rigorous Testing

The incident highlighted the critical need for rigorous testing of software updates, especially those that impact essential systems. Ensuring that updates are thoroughly vetted before deployment can prevent similar issues in the future.

Enhanced Resilience and Redundancy

Organizations must invest in enhancing the resilience and redundancy of their IT infrastructure. This includes having backup systems and contingency plans in place to mitigate the impact of unexpected outages.

Improved Communication and Support

Effective communication and support are crucial during a crisis. CrowdStrike's swift identification and remediation of the issue were commendable, but the incident also underscored the importance of clear communication between service providers and their clients.

Cybersecurity Vigilance

While the incident was not a cyberattack, it served as a reminder of the importance of cybersecurity vigilance. Organizations must remain alert to potential vulnerabilities and ensure that they are engaging with official support channels to receive accurate information and assistance.

Conclusion

The CrowdStrike incident in July 2024 serves as a stark reminder of the potential for widespread disruption caused by a single software update. The global impact, affecting critical sectors like airlines, banking, and healthcare, underscored the interconnectedness of modern technology and the importance of robust IT management practices. Moving forward, organizations must prioritize rigorous testing, enhanced resilience, and effective communication to mitigate the risks of similar incidents. The lessons learned from this event will be crucial in shaping future strategies for managing and preventing technology disruptions.

References

  • Maruf, R. (2024, August 5). CrowdStrike fires back at Delta, claiming the airline ignored offers of assistance. CNN.
  • CrowdStrike. (2024). Falcon Content Update Remediation and Guidance Hub.
  • ISC2 Community. (2024, July 21). ALL THINGS CrowdStrike - July 2024 Incident.
  • CBS News. (2024, July 19). What is Microsoft's "blue screen of death?" Here's what it means and how to fix it.
  • Mchardy, M. (2024, July 19). 'Blue Screen of Death' For Global Microsoft Users. Newsweek.
  • Genovese, D. (2024, August 5). CrowdStrike says Delta refused its offers help after global tech outage. Fox Business.
  • Reuters. (2024, August 5). CrowdStrike rejects Delta Air Lines claims over flight woes.
  • CyberGuy. (2024, July 19). Windows users worldwide face Blue Screen of Death due to CrowdStrike issue.


Citations:
[1] https://www.cnn.com/2024/08/05/business/crowdstrike-fires-back-at-delta/index.html
[2] https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
[3] https://community.isc2.org/t5/Industry-News/ALL-THINGS-CrowdStrike-July-2024-Incident/td-p/72327
[4] https://www.cbsnews.com/news/microsoft-crowdstrike-outage-blue-screen-of-death-how-to-fix/
[5] https://www.newsweek.com/blue-screen-death-microsoft-outage-latest-update-1927510
[6] https://www.foxbusiness.com/lifestyle/crowdstrike-says-delta-refused-its-offers-help-after-global-tech-outage
[7] https://www.reuters.com/technology/cybersecurity/crowdstrike-says-it-should-not-be-blamed-delta-airlines-cyber-outage-2024-08-05/
[8] https://cyberguy.com/news/windows-users-worldwide-face-blue-screen-of-death-due-to-crowdstrike-issue/