Cyber Attack Forces Airline to Cancel Flights in Alaska

Cyber Attack Forces Airline to Cancel Flights in Alaska

RavnAir canceled at least a half-dozen flights in Alaska on Saturday — at the peak of holiday travel — following what the company described as “a malicious cyber attack” on its computer network.

The cancellations affected around 260 passengers, according to company spokeswoman Debbie Reinwand.

The regional carrier canceled all flights involving its Dash 8 aircraft until noon “because the cyber attack forced us to disconnect our Dash 8 maintenance system and its back-up,” the company said in a written statement.

The airline serves more than 100 communities in Alaska, many of which are not accessible by road.

The company is working with the FBI, other authorities and a cyber security company to restore systems.

RavnAir Alaska later announced that it will operate a normal afternoon schedule on its Dash-8 flights.

“We will be trying to add flights where we can over the next two days,” the company said in a statement released at 1 p.m. “We have, where possible, re-booked passengers on other flights.”

PenAir flights and RavnAir Connect flights were still operating normally on back-up systems, Reinwand said.

view counter

Source: Cyber Attack Forces Airline to Cancel Flights in Alaska

To address child trafficking, prevent instead of punish

To address child trafficking, prevent instead of punish

Anti-child trafficking policy and programs have relied heavily on the criminal justice system, but a new book advocates for using public health methodologies to forge a more comprehensive response to the problem.

Child trafficking is pervasive. Although people may perceive the issue to exist only in other countries, it is a significant issue in the United States.

Jonathan Todres, a law professor at Georgia State University, and Angela Diaz, director of the Mount Sinai Adolescent Health Center, say they wrote Preventing Child Trafficking: A Public Health Approach (Johns Hopkins University Press, 2019) with four aims:

Help bring public health methodologies into mainstream discourse.
Highlight the role that the health care system can play in responding to child trafficking.
Spur the development of best practices for addressing child trafficking and other forms of child exploitation.
Offer a starting point for other sectors to think about how they can prevent trafficking.

Here, Todres explains why prevention, not punishment, is the best way to protect children around the world:

The post To address child trafficking, prevent instead of punish appeared first on Futurity.

Source: To address child trafficking, prevent instead of punish

Massive Errors Found in Facial Recognition Tech: US Study

Massive Errors Found in Facial Recognition Tech: US Study

Facial recognition systems can produce wildly inaccurate results, especially for non-whites, according to a US government study released Thursday that is likely to raise fresh doubts on deployment of the artificial intelligence technology.

The study of dozens of facial recognition algorithms showed “false positives” rates for Asian and African American as much as 100 times higher than for whites.

The researchers from the National Institute of Standards and Technology (NIST), a government research center, also found two algorithms assigned the wrong gender to black females almost 35 percent of the time.

The study comes amid widespread deployment of facial recognition for law enforcement, airports, border security, banking, retailing, schools and for personal technology such as unlocking smartphones.

Some activists and researchers have claimed the potential for errors is too great and that mistakes could result in the jailing of innocent people, and that the technology could be used to create databases that may be hacked or inappropriately used.

The NIST study found both “false positives,” in which an individual is mistakenly identified, and “false negatives,” where the algorithm fails to accurately match a face to a specific person in a database.

“A false negative might be merely an inconvenience — you can’t get into your phone, but the issue can usually be remediated by a second attempt,” said lead researcher Patrick Grother.

“But a false positive in a one-to-many search puts an incorrect match on a list of candidates that warrant further scrutiny.”

The study found US-developed face recognition systems had higher error rates for Asians, African Americans and Native American groups, with the American Indian demographic showing the highest rates of false positives.

However, some algorithms developed in Asian countries produced similar accuracy rates for matching between Asian and Caucasian faces — which the researchers said suggests these disparities can be corrected.

“These results are an encouraging sign that more diverse training data may produce more equitable outcomes,” Grother said.

Nonetheless, Jay Stanley of the American Civil Liberties Union, which has criticized the deployment of face recognition, said the new study shows the technology is not ready for wide deployment.

“Even government scientists are now confirming that this surveillance technology is flawed and biased,” Stanley said in a statement.

“One false match can lead to missed flights, lengthy interrogations, watchlist placements, tense police encounters, false arrests or worse. But the technology’s flaws are only one concern. Face recognition technology — accurate or not — can enable undetectable, persistent, and suspicionless surveillance on an unprecedented scale.”

Related: San Francisco Bans Facial Recognition Use by Police

Related: Dismantling the Myths Surrounding Facial Recognition

view counter

© AFP 2019


Source: Massive Errors Found in Facial Recognition Tech: US Study

F5 to Acquire Shape Security for $1 Billion in Cash

F5 to Acquire Shape Security for $1 Billion in Cash

F5 Networks announced on Thursday that it has agreed to acquire privately held Shape Security for approximately $1 billion in cash.

In September 2019, Shape raised a $51 million in Series F growth funding, valuing the company at $1 billion. Santa Clara, Calif.-based Shape has raised a total of $183 million in funding.

According to F5, Shape’s anti-fraud technology will help F5 provide customers with protection from automated attacks, botnets and targeted fraud.

Shape was founded in 2011 by Derek Smith (CEO), Justin Call (VP, R&D), and Sumit Agarwal (COO) and emerged from stealth in 2014.

Shape uses its AI-powered systems for fraud detection to distinguish between human and automated traffic. It already protects some of the world’s largest organizations against cyber fraud, including more than half of all online banking in the U.S.

In May 2019, Shape announced a new product designed to protect small and medium business (SMB) websites from advanced bot-based credential stuffing. The same basic technology that can differentiate between genuine and automated fraud can differentiate between genuine and automated logon attempts.

In March 2019, F5 announced its acquisition of NGINX, a company best known for its open source web server, for approximately $670 million.

“Bringing together F5 and NGINX’s application expertise across multi-cloud environments with Shape’s anti-fraud capabilities for web, mobile and APIs reinforces our ‘code to customer’ promise with a comprehensive, end-to-end application security offer,” François Locoh-Donou, CEO at F5 Networks, wrote in a letter to employees. “This has the potential to save customers billions of dollars lost to fraud, reputational damage and costly disruptions to digital transformations.”

F5 believes the acquisition of Shape will more than double F5’s addressable market in security.

“With Shape, we will deliver end-to-end application protection, which means revenue generating, brand-anchoring applications are protected from the point at which they are created through to the point where consumers interact with them—from code to customer,” Locoh-Donou said in a statment. “Beyond opening a fast-growing $4 billion adjacent market, Shape’s machine learning and AI-powered capabilities will scale and extend F5’s broad portfolio of application services and expand our ability to optimize and protect customers’ applications in an increasingly complex multi-cloud world.”

Related: Credential Stuffing – a Successful and Growing Attack Methodology

view counter

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.


Source: F5 to Acquire Shape Security for $1 Billion in Cash

Alleged Member of ‘Dark Overlord’ Hacker Group Extradited From UK to US

Alleged Member of ‘Dark Overlord’ Hacker Group Extradited From UK to US

A UK national suspected of being a member of the notorious hacker group called The Dark Overlord has been extradited to the United States, the U.S. Department of Justice announced on Wednesday.

Nathan Wyatt, 39, has been charged by U.S. authorities on six counts of aggravated identity theft, threatening to damage a protected computer, and conspiracy.

The Dark Overlord hacked into the systems of many companies in the United Kingdom and the United States. The cybercriminals stole information from the targeted organizations and used that information to convince them to pay a ransom.

According to the indictment made public by the Justice Department, Wyatt used phone and email accounts to send threatening messages to The Dark Overlord victims in an effort to get them to pay up.

Victims included companies in the film, healthcare, finance, legal and various other industries. U.S. prosecutors have focused on the attacks targeting one accounting and four healthcare companies.

The indictment references Wyatt’s alleged activities from February 2016 until June 2017. Wyatt has been in jail in the United Kingdom since 2017 after pleading guilty to separate charges related to blackmail, possession of a fake passport, and using stolen payment card data.

“Today’s extradition shows that the hackers hiding behind The Dark Overlord moniker will be held accountable for their alleged extortion of American companies,” said Brian A. Benczkowski, assistant attorney general for the Criminal Division of the Department of Justice. “We are thankful for the close cooperation of our partners in the United Kingdom in ensuring that the defendant will face justice in U.S. court.”

In May 2018, police in Serbia claimed to have arrested another alleged member of The Dark Overlord, but Motherboard reported at the time that the group had continued to operate.

Related: First Cypriot to Be Extradited to US, on Hacking Charges

Related: Nigerian Extradited to U.S. Over Role in Major Cybercrime Scheme

Related: Russian Accused of $20M Credit Card Fraud Extradited to US

Related: Lithuanian Extradited to U.S. Over Hacking, Fraud Charges

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Source: Alleged Member of ‘Dark Overlord’ Hacker Group Extradited From UK to US