Tuesday, September 30, 2014

Philadelphia Opens Innovation Lab for City Employees

The learning space represents an ongoing strategy by Mayor Michael Nutter to institutionalize a new way of problem solving within city government.


Philadelphia may be one of the oldest cities in the country, but it's developing a new way of doing business. On Friday Aug. 1, Mayor Michael Nutter opened an Innovation Lab inside the Municipal Services Building, which overlooks Philadelphia’s iconic city hall. Decorated with an extensive mural that depicts innovation in Philadelphia – past and present – the lab will be a place for city employees to step out of their daily routine to spend time focusing on innovation, ideation and problem-solving.

“The mayor embodies the culture of continuous improvement, which he expects from all of us,” said General Manager Richard Negrin. “The lab meets that embodiment. It’s about doing things in new ways, being innovative.”

The lab is modeled after one developed by Philadelphia University and will provide space that will enable city workers to collaborate with members of the city’s technology community to perform hackathons and other forms of creative problem solving.

“The lab will bring the spirit of startups inside of city government,” said Chief Innovation Officer Adel Ebeid. “The goal is to create a culture of innovation, to sustain it and grow it long term.”

The lab will be integrated with the city’s Innovation Academy, which was launched in January to teach city officials about innovation, problem solving and systems thinking. Graduates of the academy are expected to become innovation evangelists within their city agencies, but also to take part in work at the lab.

The lab will tackle different issues during 90-day increments, said Ebeid. Topics under consideration include geo-spatial analysis, public health, public safety, poverty and economic development. “The plan is rotate the topic every 90 days, so we can engage a different audience and solve different problems,” he said. Subject matter experts from the region's more than 80 colleges and universities are also expected to participate.

Other participants include children from the city schools. “We’re partnering with the Philadelphia school district to give kids exposure to technology that they may not be getting in their classroom,” said Negrin. The goal is to not just further the children’s education, but to also let a little bit of innovative government thinking rub off on them. “We want to get them excited about public service, show them that government is cool and is on the cutting edge of technology.” he said.

The idea for the lab was started when Negrin and Ebeid managed the city’s application for a $1 million grant from the Bloomberg Challenge, which was awarded to the city in 2013. The effort exposed them to a lot of innovative ideas within city government, according to Negrin. “We thought, wouldn’t be great if we could do this on a regular basis, institutionalize problem solving and ideation within city government.”

Now, with the doors of the lab open, Ebeid says the goal is to get enough of the right people together in the lab, give them the freedom to think creatively, clarify the problem they are tackling, and then set the process in motion so that the problem gets solved. “We are looking for solutions that will improve service delivery, civic engagement, innovation and even government transparency,” he said. “These can be done in a variety of ways, most likely with mobile apps.”

One challenge will be to find the funding to sustain the lab, which cost $100,000 to build and equip. But Ebeid is excited about what the lab will be able to do and believes that once solutions start rolling out, the funding will follow. And he expects the lab to become a talent magnet.

“The lab is a way to show that government can solve problems, and it is also a way to attract new talent,” he said. “There are a lot of younger people who are choosing to help solve the problems of city government, rather than be on the outside. The lab and the academy show them that we are not your typical government.”

Thursday, September 25, 2014

Malware starts mugging as thousands of computers are hacked and encoded by ransomers. Are you at risk?

'Your Money or Your Files' as Threat of Online Stickups Grows


You’re an entrepreneur, managing the business from your PC. You’re a doting mother, with hundreds of photos of your children on your laptop. Now, if someone seized all those files, how much would you pay to get them back?

There’s nothing theoretical about the scenario. Hundreds of thousands of people have had to wrestle with that question as so-called ransomware infections have surged, encrypting billions of documents. Hackers demand hundreds or thousands of dollars to provide the key that unscrambles files so you can view and use them again. One particularly virulent strain, called CryptoWall, has infected about 625,000 systems and encrypted more than 5.25 billion files since mid-March, according to new research from Dell SecureWorks. One desperate U.S. victim paid the hackers $10,000.

Most malware is like a pickpocket, taking your valuables before you’re aware of it. CryptoWall and other ransomware is like a mugger: your money or your files. It’s smart, really, because in most cases, your files are most valuable to you. It’s also easy money for hackers, a lot less work than trying to sell 40 million purloined card numbers on the black market, a la the Target breach. Keith Jarvis, a SecureWorks researcher in Atlanta, found that 1,683 CryptoWall victims forked over a total of $1.1 million to the hackers.

“There’s nothing going on in the back end for these guys, they just sit back and wait for the money to come in,” says Jarvis. “They don’t have to paw through the data, they don’t have to figure out how to sell it.”
The stickup artists have also gotten a lot better at the scam in recent months. Ransomware started surfacing a few years ago, designed to lock your computer screen and demand money to get access back, says Jarvis. It was a bluff, though; the hackers might claim your files were encrypted, but they weren’t. Victims could break the lock with security software. The criminals relied on ignorance and threats of legal action for illegal downloads of movies or pornography to cow people into paying.

A more powerful version emerged last September called CryptoLocker, which, as the name suggests, really did encrypt files. If you didn’t pay, you lost your files forever. CryptoLocker spread to more than 530,000 machines, reaping $3 million for the group behind it, according to Fox-IT, before the infrastructure it relied on got taken down as part of a massive law enforcement effort in late May.

TDHServices, a small construction company near Houston that specializes in doors and frames, got hit in October. An office worker set the malware loose by clicking on an e-mail attachment, and within 24 hours up to 40,000 files on the company’s server and its cloud backup files were encrypted, says Julian Ramos, TDH’s vice president and the son of the company’s founder.

“We had 15 years’ worth of work in that server,” he says.

The screen displayed on the compromised computer had an ominous-looking timer that counted down from 72 hours, the ransom deadline, Ramos remembers. He quickly figured out he wasn’t going to be able to break it, and his father paid the $300 demanded. The thieves kept their end of the bargain and decrypted the company’s files. If they hadn’t, TDHServices might now be out of business.

“I don’t know what the threshold is where we would have said no,” Ramos says. “I think we probably would have paid up to every penny we all had, because every file is important.”

CryptoWall is the latest ransomware du jour, and it also does the encryption right. Unless you have backups somewhere unconnected to your computer or server, there’s no way to get your files without paying. Rates vary; SecureWorks saw one victim shell out $10,000, but most paid $500 to $1,000. Although large enterprises may have enough protections in place to foil ransomware on their networks, small businesses and individuals often don’t, Jarvis says. Adding to the headache: The CryptoWall group requires payment in Bitcoin, which most people and businesses don’t use.

More traditional ransomware varieties are also on the rise. Kovter, one of the screen-locking types, reached a high of 43,713 infections on a single day in June, according to security company Damballa. For the third quarter so far, the peak count for a single day has already surpassed that, at 59,589.

At TDHServices, no one in the office opens anything unless they recognize it, and the cloud file backup has its own backup. Just to be safe, Ramos also copies everything to a separate external hard drive on Fridays, before he leaves.

“We saw a police report that said don’t pay ’em,” Ramos says. “And I thought, ‘That’s easy for you to say, it’s not your business that’s on the line.’”