In the decision, Grimm criticized Creative Pipe for failing to take the necessary steps to ensure the privacy of its data, and for underestimating the complexity of using keyword search techniques in a legal dispute.
“The Defendants are regrettably vague in their description of the seventy keywords used for the text-searchable ESI privilege review, how they were developed, how the search was conducted, and what quality controls were employed to assess their reliability and accuracy,” wrote Grimm in his opinion.
Grimm said that Victor Stanley can use information that was mistakenly disclosed by Creative Pipe as evidence in its lawsuit. “Defendants’ protests that they did their best and that their conduct was reasonable rings particularly hollow,” he noted.
I wonder how accidental disclosure was handled in the past. This is an excellent example of how technology has fundamentally changed privacy, and an even better example of how lawyers alone (e.g. litigation) will be able to control privacy. Obviously the use of “complex” search terms coupled with technology has fundamentally altered the practice of disclosure. Who will be found at fault here? Could it be the forensics expert(s) who setup and created the search? Perhaps it will be the lawyers that failed to catch privileged documents before they were accidentally disclosed? Will it be the management team that abandoned “clawback” rights in exchange for time to “prepare” documents? Or all of the above….?
Computerworld tells of a new debate over a Trojan horse that uses encryption to demand ransom from its victims:
“Your files are encrypted with RSA-1024 algorithm,” it begins. “To recovery [sic] your files you need to buy our decryptor. To buy decrypting tool contact us at: xxxxx@yahoo.com.”
Last Thursday, a Kaspersky analyst identified as “VitalyK” said that although the company had analyzed samples of Gpcode, it wasn’t able to decrypt the files the malware encoded. “We can’t currently decrypt files encrypted by Gpcode.ak,” said VitalyK in an entry to the company’s research blog. “The RSA encryption implemented in the malware uses a very strong, 1024-bit key.”
A backup of files, of course, would render this attack useless. The bigger question, perhaps, is whether an attempt by an unknown application to use the Microsoft Enhanced Cryptographic Provider could be blocked or prompt the user for confirmation. After all, since encryption is so rare, one would think any crypto activity on a system should show up as suspicious behavior. Ah, and that’s assuming you did not catch the download and installation of the Trojan horse.
Incidentally, I am really happy to see more and more people use the term “Trojan horse” instead of just “Trojan” to describe this kind of malware. I remember this was not common some time ago and it always used to grate on me that people were using the reference completely backwards. Those who forget history…
A massive retail crime ring in San Jose, California has been unravelled:
The Le and Vo organizations are accused of buying truckloads of stolen merchandise from crews of freelance shoplifters, repackaging the products and then reselling them throughout the United States at an enormous profit . . . until this week.
[…]
The hordes of “booster” thieves are not directly related to the crime organizations. They are independent bandits who hit store after store on a routine basis, stealing a variety of products from Safeway, Target, Walgreen’s, Longs Drugs and Savemart. They might stealthily stuff handfuls of Claritin into their clothes or boldly make off with shopping carts full of items without paying.
They would contact the Vo and Le organizations to “fence” the merchandise, receiving 25 cents on the dollar. The families were not cooperating but acted as “friendly competitors,” according to officers John Barg and Doug Gerbrandt, the lead case agents.
Nearly $6 million in stolen property was recovered following arrests along with over $100,000 in cash and luxury goods. Interesting to see that the investigation found human elements to trace and ultimately use to pull the criminals down. In short, they managed to infiltrate the crime organization by impersonating one of the booster thieves. Although there are several comments of how “sophisticated” the operations were, no technology at all (ID tags, camera surveillance, etc) is mentioned. I guess that means they were sophisticated in the sense of a regular retailer’s operational sophistication, which sadly is not usually saying a lot about security. I mean to say, the criminals were probably infiltrated by police investigators as easily as retailers were infiltrated by criminals.
The Mercury News reports on a surprising new attack vector based on mobile phones:
Four males allegedly affiliated with the “500 Block,” a South San Francisco Norteño street gang, allegedly assaulted and robbed the first victim in San Bruno over the weekend. They then used the phone to send a text message to lure the first victim’s friend to a meeting place to rob him of his Apple i-Phone, valued at $400, according to police.
At about 2 a.m. Saturday, a San Bruno resident received a text message from a friend’s cell phone to meet in a South San Francisco business in the 200 block of El Camino Real, according to police. He was immediately assaulted and robbed, police report.
Do you trust your friends to lock their phones from intruders? Or, perhaps more importantly, can you identify your friends when they text you from their phones, given the limited format? Perhaps a voice call would be a good way to verify meetings in shady places.
a blog about the poetry of information security, since 1995