Skip to content Skip to navigation

Friday Cyber News, April 21 2017

Cyber technology-related news and links from around the web, for the week of 4/15 - 4/21:

1. After a video of a murder was posted on Facebook this week, and a confession streamed on Facebook Live, what responsibility does an online platform have to censor the violent and disturbing productions of its users? The inability of Facebook, YouTube, and others to automatically identify extremist videos or illegal images has raised problems in the past, but is insufficient technological capability the same as a lack of responsibility? Other industries have addressed this issue, notably television; the problem is people, as many have pointed out. New tools will be used to broadcast hate and pain as well as joy and juice-squeezing technologies, and Facebook is hesitant to proactively address the ability of its tools to be co-opted and abused. Facebook wants to be the linchpin in its users' online activities--this week it also debuted delegated account recovery, a process by which Facebook can store authentication tokens for other websites and apps, and allow users to recover external accounts by authenticating themselves to Facebook--but it hasn't proven its ability to manage that power in a way that prioritizes privacy. [New Yorker; TechCrunch; Buzzfeed; Naked Security] 

2. It's happening again: Oxford researchers find that 25% of political links shared on Twitter in France are 'fake news', many spread by bots, in a situation mirroring, but not reaching the scope of, the misinformation campaigns that plagued the 2016 US election. In the months leading up to the November election, voters in Michigan shared an equal number of links to fake news as to actual news. In the days prior to the German election in February, only 20% of shared links were to fake news. [Reuters]

3. A North Korean missile test that failed last weekend is being held up as an example of US cyber interference, but the evidence isn't there. The failure could be anywhere along the supply chain, pointing to the true value of suspected but unverified sabotage: the time and effort required for a full review of every part and piece of software involved in the production of a missile. [NY Times; Foreign Policy]

4. Open repositories of government data, and direct citizen participation in decision-making are two ways that tech can improve the workings of democracy, accompanied by participation incentives and rules to ensure responsible data use. [Nature]

5. Smartphone spyware, or "stalkerware", is a growing market of tools individuals can buy to install on any phone they have access to, which in many cases are the phones of family members or romantic partners who are unaware of the surveillance. Adding an additional layer of vulnerability, many spyware manufacturers store the logs from these tools in shoddily-protected and internet-accessible databases. [Motherboard]

6.​ The most recent Shadow Brokers information release contained the names of NSA hackers, potentially in retaliation for US indictments of Iranian and Chinese hackers. [Emptywheel]

7. One way to answer the question of how jus ad bellum applies in cyberspace is to sidestep it entirely: the IDF's Cyber Chief of Staff describes his division's capabilities by noting that "the cyber front ignores world order. It has no limits, no rules." [Ynet News]

8. A letter from U.S. Senator Ron Wyden indicates the Senate doesn't have two-factor authentication for its computer systems, and that Senators' versions of ID cards with embedded chips--used by other federal employees for secure logins--are printed with a picture of a chip instead of actually having one. [Politico]

9. A new type of ad-blocking tool, developed by a team including Initiative affiliate Jonathan Mayer, uses computer vision and word recognition (e.g., "close ad" or "sponsored") to identify ads previously exempted from ad-blockers, and avoid anti-ad-blocking software. Taking a different tactic, Google is building an ad-blocker into Chrome that would allow certain "acceptable" ads through, hoping that users who favor ad blocking will accept the Chrome tool and not install broader blockers. [Motherboard; PCWorld]

10. An infosec company has been accused of providing "malware samples" that weren't malware at all, to make its tool look uniquely capable. Another cybersecurity company was accused of using screenshots and network information from a hospital customer in its online demo videos without permission. And power outages hit LA, San Francisco, and NYC this morning, though there's no evidence yet of hacking. [Ars Technica; WSJ; Inverse]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)