Skip to content Skip to navigation

Friday Cyber News, April 6 2018

Cyber technology-related news and links from around the web, for the week of 3/31 - 4/6:

1. New national security advisor John Bolton is a fan of "retaliatory" offensive cyber attacks, encouraging them against Russia, North Korea (Bolton described their attach on Sony as an act of terrorism verging on an act of war), China (after the OPM breach, Bolton said the US's response should be "disproportionate"), and WikiLeaks (which Bolton believes Cyber Command should use for "target practice"). [Politico]

2. The Department of Homeland Security acknowledged in a letter to Senator Ron Wyden that it has found evidence of Stingrays (cell site simulators) in use in DC, and not by law enforcement. US authorities' desire to use Stingrays themselves has held them back from more effectively restricting the sale or use of the devices. [The Hill]

3. Continuing to clean up after public backlash ("Facebook is, at its core, a surveillance machine"), Facebook has removed 70 accounts, 65 Instagram accounts, and 138 Facebook Pages controlled by the Russian Internet Research Agency. Facebook also updated its API access rules, which broke Tinder logins. [Vox; NY Times; FB Newsroom; The Verge]

4. "Stop fooling around on the internet" vs. "digital literacy": An ethnographic study of tech use in three middle schools with differing racial compositions shows that teachers' attitudes toward students' use of tech for play and experimentation differ by race. (From the abstract: "Teachers effectively discipline students’ digital play but in different ways. At a school serving working-class Latino youth, students are told their digital expressions are irrelevant to learning; at a school with mostly middle-class Asian American youth, students’ digital expressions are seen as threats to their ability to succeed academically; and at a private school with mainly wealthy white youth, students’ digital skills are positioned as essential to school success.") [American Journal of Sociology]

5. Recent cyber attacks on four US natural gas pipelines have shut down operator-customer communications systems and websites used to post notices to customers. [Bloomberg] 

6.​ Thousands of Google employees have co-signed a letter to CEO Sundar Pichai asking that Google end its working relationship with the Pentagon and Project Maven, which involves AI-supported drone video analysis and could be used to improve drone targeting and the lethality of drone strikes. The Google employees' letter warns that Google "should not be in the business of war", and mentions the effects of the development of weapons on tech companies' struggle to retain the public's trust. [NY Times] 

7. Escalating tension between the US and China over tariffs is expected to lead to more Chinese-backed cyber espionage, levels of which had decreased--or shifted to collecting confidential business information and not IP--after a 2015 Obama-Xi agreement. [Cyberscoop; The Hill]

8. The Senate Judiciary Committee, and Senators Grassley and Feinstein in particular (the latter of whom should know better by now), are working on yet another encryption-backdoor bill, despite the failure of a previous 2016 bill. [Cyberscoop]

9. After an initially negative reception of ICOs, South Korea has become far more accepting, and Seoul is even planning to launch its own cryptocurrency, S-coin, for use in city-funded welfare programs. Japan's central bank is also viewing cryptocurrencies positively, noting the importance of a real-world trial of their utility. [Coindesk; CCN]

10. Panera Bread's website leaked 37 million customer names, email addresses, birthdays, addresses, and partial credit card numbers for eight months after it was notified of the flaw. Relationship app Grindr was found to be sharing data on users' HIV statuses with two external analytics companies with whom the app contracts. Customer credit card information was leaked from Sears, Delta, and others, as the result of a breached third-party chatbot system that both companies, and many others, use. [Krebs; Buzzfeed; Naked Security]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)