Mark Rasch

Cyber Law Editor

Security Current


What If It Wasn’t North Korea?

Posted on: 22 Dec 2014

We all know the headlines.  The Democratic People’s Republic of Korea, under the personal direction of Supreme Leader (Dear Leader) Kim Jung-Un, launched a sophisticated and devastating attack on Sony Pictures Entertainment (SPE), designed to prevent the release of its motion picture “The Interview” which depicted the assassination of the North Korean leader. This attack was…

Force Majeure – Why Sony Doesn’t Want War

Posted on: 19 Dec 2014

So the FBI now concludes that the North Korean government is responsible for attacks on Sony Pictures Entertainment. This conclusion is based on the Bureau’s analysis of the malware (similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks used before by North Korea); overlap in hardcoded IP addresses in the malware…

Is North Korea Responsible for the Sony Attack and What Does it All Mean?

Posted on: 18 Dec 2014

Now that Sony Pictures Entertainment has cancelled the release of the movie “The Interview”  (to the chagrin of the Hollywood cognoscenti) the conventional wisdom is that Sony was eye to eye with the enemy, and Sony blinked. Assuming that the attacks on Sony’s infrastructure came from the Democratic People’s Republic of Korea (an assumption I am not quite…

Are Fines for HIPAA Breaches Effective?

Posted on: 16 Dec 2014

Anchorage Community Mental Health Services (ACMHS) operates a small chain of  5 mental health clinics in and around the Anchorage, Alaska area.  Like other medical facilities, they use computers for the collection, storage and dissemination of information – including patient information. Typical. Like other facilities of its size it probably had an IT department but may or…

Sony Threatens New York Times and Other Media Outlets on Publishing Stolen Data

Posted on: 15 Dec 2014

My name is Bond.  James Bond. We know that those words will appear in the upcoming Sony movie SPECTRE.  We actually know a lot more about the upcoming movie with Christoph Waltz thanks to the mysterious Sony hackers.  According to published reports, the script for the upcoming movie has been leaked online. Sony has responded…

Cell Phones Not Safe From Police North of the Border

Posted on: 12 Dec 2014

If you are on the south side of the Peace Bridge in Buffalo, New York and are arrested by the Buffalo Police Department, the cops can’t search the contents of your cell phone unless they get a warrant. Their attempt to rely on an exception to the warrant requirements called “search incident to a lawful…

Sony, Interrupted

Posted on: 11 Dec 2014

It hasn’t been a good few weeks for Sony Pictures Entertainment (SPE).  Their networks were taken down, employees threatened, e-mails exposed, salary and personal information disseminated.  Its stars and executives have been portrayed as overpaid petulant jerks. And at least some of its movies have been leaked online – including movies currently in theaters, and some…

Posner’s Privacy Prognostications – Perpetually Peeved

Posted on: 11 Dec 2014

At a recent computer security and privacy conference here in Washington, Judge Richard Posner made headlines when he announced that privacy was “overrated” and existed mainly for the purposes of protecting criminals. According to published sources, Posner stated: “Much of what passes for the name of privacy is really just trying to conceal the disreputable parts…

From Here to Xfinity – Comcast Takes Over Your Home Router and Sells Your Internet Service

Posted on: 09 Dec 2014

Imagine if someone hacked your home wireless router.  Imagine if they then changed the settings to open up a separate channel on your router – a channel that allowed them to access both the router and the Internet without your knowledge or consent. Imagine then if they charged people in the neighborhood money to be…

Computer Crime and Punishment

Posted on: 08 Dec 2014

Two recent cases, one in the United States and the other in Germany, point out the problem of how we determine the appropriate punishment for computer hackers.  To a great extent, we both over-punish and under-punish these crimes; sometimes both in the same case. Most crimes are fairly discrete events.  You rob a bank, you commit an assault, and…