Categories
Biz & IT breach congress Policy scif Security sensitive compartmented information facility

Republicans storm ultra-secure “SCIF,” some with cell phones blazing [Update]

The US House of Representatives.

Enlarge / The US House of Representatives. (credit: Wally Gobetz / Flickr)

On Wednesday, Republican lawmakers committed a major breach of security guidelines when they carried cell phones as they tried to force their way into a secure room where a closed-door impeachment hearing with a Defense Department official was taking place.

At least one House member, Rep. Matt Gaetz of Florida, got inside the Sensitive Compartmented Information Facility (SCIF) in the basement of the House of Representatives. Despite strict rules barring all electronics inside such closed-off areas, Gaetz openly tweeted: “BREAKING: I led over 30 of my colleagues into the SCIF where Adam Schiff is holding secret impeachment depositions. Still inside—more details to come.”

After the tweet came under criticism, Gaetz later tweeted “sent by staff.” It remained unclear how the representative was able to communicate with his members of his staff.

Read 11 remaining paragraphs | Comments

Categories
DNS DNS over HTTPS DOH google NCTA Policy privacy Security

Why big ISPs aren’t happy about Google’s plans for encrypted DNS

Why big ISPs aren’t happy about Google’s plans for encrypted DNS

Enlarge (credit: Thomas Trutschel/Photothek via Getty Images)

When you visit a new website, your computer probably submits a request to the domain name system (DNS) to translate the domain name (like arstechnica.com) to an IP address. Currently, most DNS queries are unencrypted, which raises privacy and security concerns. Google and Mozilla are trying to address these concerns by adding support in their browsers for sending DNS queries over the encrypted HTTPS protocol.

But major Internet service providers have cried foul. In a September 19 letter to Congress, Big Cable and other telecom industry groups warned that Google’s support for DNS over HTTPS (DoH) “could interfere on a mass scale with critical Internet functions, as well as raise data-competition issues.”

On Sunday, The Wall Street Journal reported that the House Judiciary Committee is taking these concerns seriously. In a September 13 letter, the Judiciary Committee asked Google for details about its DoH plans—including whether Google plans to use data collected via the new protocol for commercial purposes.

Read 18 remaining paragraphs | Comments

Categories
AT&T blockchain cryptocurrency Policy Security

Judge allows suit against AT&T after $24 million cryptocurrency theft

An AT&T store in New Jersey.

Enlarge / An AT&T store in New Jersey. (credit: Michael Brochstein/SOPA Images/LightRocket via Getty Images)

When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number.

The stakes were high because Terpin is a wealthy and prominent cryptocurrency investor. Terpin says the hackers gained control of his Skype account and tricked a client into sending a cryptocurrency payment to the hackers instead of to Terpin.

After the attack, Terpin asked AT&T to escalate the security protections on his phone number. According to Terpin, AT&T agreed to set up a six-digit passcode that must be entered before anyone could transfer Terpin’s phone number.

Read 10 remaining paragraphs | Comments

Categories
attorney general backdoors encryption Policy Security

Tech firms “can and must” put backdoors in encryption, AG Barr says

Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California.

Enlarge / Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. (credit: Elijah Nouvelage | Getty Images)

US Attorney General William Barr today launched a new front in the feds’ ongoing fight against consumer encryption, railing against the common security practice and lamenting the “victims” in its wake.

“The deployment of warrant-proof encryption is already imposing huge costs on society,” Barr claimed in remarks at a cybersecurity conference held at Fordham University Tuesday morning. Barr added that encryption “seriously degrades” law enforcement’s ability to “detect and prevent a crime before it occurs,” as well as making eventual investigation and prosecution of crime more difficult.

The existence of encryption means “converting the Internet and communications into a law-free zone” that criminals will happily take advantage of to do more crimes, Barr added, likening it to a neighborhood that local cops have abandoned.

Read 14 remaining paragraphs | Comments