Security News for the Week Ending October 2, 2020

False Claims Act Means Big Fines

I had heard about the Department of Justice going after companies for misrepresenting things in federal contracts. I remember that Cisco paid a fine of less than $10 million, so I didn’t think it really meant much. But in a press release, the DoJ says that they recovered over $3 BILLION last year. That includes health care fraud, procurement fraud and other fraud. But 2019 was not an anomaly. In 2018 they recovered $2.8 billion; in 2017 they recovered $3.5 billion and in 2016, it was $4.9 billion. That is a lot of money, so if you are thinking about misrepresenting things in a government contract, you might want to reconsider. Read the details here.

911 Service in Multiple States Goes Down

Issues were reported by police departments in counties across Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania, and Washington. Initially, it was thought that it was related to an outage at Microsoft at the same time. Many of the 911 dispatch centers were able to recover in less than an hour, but that turns out not to be the case; see yesterday’s blog post. Credit: ZDNet

DoJ Wins Case Against Snowden to Seize His Money

This has nothing to do with whether he is guilty of whatever. This is a simple contract dispute. If you go to work for the government and get a security clearance, you agree to let the government clear certain publications and speeches you make to make sure that you are not disclosing classified information. The Supremes have said in the past that the government can seize the proceeds from these illegal speeches and publications. In Snowden’s case, that is about $5 million. It is not clear that Snowden expected to keep the money; he knew the rules. Of course, if the money is in Russia with Edward, well, good luck. Credit: The Register

Still the Best Reason NOT to Buy Huawei Equipment

The White House has claimed that Chinese telecom provider Huawei is a national security risk – a tool of the Chinese government. That may be, I don’t know. But the Brits have been much more honest and open about things. The Brits have been evaluating Huawei’s software and they say that it is as secure against intruders as a screen door. Huawei says that these bugs prove that they are being honest. Not sure about that. Maybe they mean that they are too stupid to design backdoors for the Chinese government. Credit: The Register

Samsung has a Deal for You

Samsung has an interesting deal. They say to their advertisers that they will display an ad to an owner of one of their TVs, every time it is turned on and there is nothing the owner can do about it. They say this is about 400 times a month per TV. They use something called Automatic Content Recognition to understand whether you watch sports or movies (and what kind) or whatever and tune the ads to that. They do not tell you before you buy the TV that you are agreeing to that. Of course, if you have a dumb TV, that is not a problem, but that is not the direction the planet is going in. Perhaps buy a different brand. Credit: The Register

Universal Health Services Hit By Ransomware – 250 Hospitals Affected

UHS, which runs hundreds of hospitals and clinics, including behavioral health and addiction care and which has concentrations of facilities in California, Texas, Nevada and Florida has taken its systems offline. While they have not said what is going on, the scuttlebutt is that is the Ryuk strain of ransomware. Just what a hospital needs right now. They have shifted to paper based processes, although they say their electronic medical record system was not affected (it may just be offline right now but not encrypted). Utter chaos is probably rampant. Lawsuits to follow if people die. Credit: Security Week

by