Skip to content Skip to navigation

Friday Cyber News, August 19 2016

Cyber technology-related news and links from around the web, for the week of 8/13 - 8/19:

1. A group called Shadow Brokers claimed to have hacked the Equation Group this week, and posted persuasive evidence that they had gathered exploits attributed to the NSA circa 2013. Security researchers suspect the group gained access to a staging server used by the NSA, and a bitcoin auction for some of the code was shut down (but not before it got rickrolled), supporting the legitimacy of the files. The exploits affect routers from Cisco, Juniper, Fortinet, and two Chinese companies. For more on what the NSA is up to, see Kaspersky reports on Strider/Sauron. [Medium;; Wired; Technology Review; Motherboard; WSJ; Lawfare]

2. Uber's first self-driving fleet arrives this month, in...Pittsburgh. Rides are free for now, and prices are expected to stabilize at a level lower than current Uber rides. San Francisco's "fear of missing out" culture has been vindicated. [Bloomberg]

3. Jeremy Bailenson and Jaron Lanier are exploring the best uses of VR, including empathy creation and the broader distribution of rare, expensive experiences. But many new (and old) technologies enhance empathy, and provide a transporting experience--from novels to IMAX--is VR all that different? Will VR really increase donations to charity, or even charitable feelings about immigrants and ocean life, that extend beyond a visit to a VR researcher's lab? [Slate; Statnews; One World One Ocean Foundation]

4. Tim Cook doubles down on Apple's response to the FBI request regarding the San Bernardino iPhone: "I was shocked they would even ask for this," he says, also noting that no other governments have asked for similar access, a point of contention when it comes to Chinese access to the phones. "Shocked" is also a bit strong when Comey has asked that all companies providing end-to-end encryption find a way to allow government access to decrypted messages...Comey is likely flipping through this Black Hat presentation on breaking into the Secure Enclave chip as we speak. And installing RetroScope, a tool developed by Purdue University that shows the previous screens viewed on an Android device, even after the phone has been shut down. [Washington Post; Quartz; Fortune; Intercept; Black Hat; IEEE]

5. Australian authorities hacked into computers in the US as part of a global child exploitation investigation. The jurisdictional questions raised are somewhat eased by the FBI's enthusiastic cooperation after Australian authorities turned over the information they had gathered, but participation in the Five Eyes fraternity isn't quite enough to guarantee our citizens' computers are open to other countries' law enforcement. After all, sometimes the supposed criminal is just a pro-Fijian Democracy advocate living in the UK, spied on by New Zealand, and venting on Facebook. [The Intercept]

6. About 10% of customers like the sheen of added security that comes with 2FA or extra questions at login. About 30% prefer convenience, and will stop using sites where they keep forgetting passwords or enduring lengthy login times. 60% are ambivalent. How to address all of these segments? A McKinsey study finds that preferences for different types of added security vary by segment, with removing automatic log-outs more palatable to the security-minded than automatic log-ins, for example. [McKinsey]

7. Cybersecurity spending--and stock performances--have declined from highs in 2015. Though high-profile hacks like Target and Home Depot spurred spending, the continuing evolution of threats through phishing and ransomware may be leading to security spending fatigue. [WSJ]

8. Twitter has been criticized over its response to harassment on the platform, but has no qualms about responding to accounts promoting terrorism: 235,000 such accounts have been banned over the last six months, though accounts frequently respawn with slight username changes. [NY Times, h/t Herb]

9. Human collective intelligence--like that displayed by crowdsourcing platforms--is a form of distributed Bayesian inference using popularity as a prior. []

10. AIM was a great idea that almost wasn't released, and that AOL never found a way to monetize. What can current tech learn about failures to predict the future? [Mashable]

P.S. Interested in how to evaluate cyber threats, and want to learn more at SXSW? Vote for a panel with the Cyber Initiative, R Street, the Mercatus Center, and TechDirt: More interested in how to identify psychopaths in Silicon Valley? Vote for our colleague Jeff Hancock's panel: Jeff is a professor of Communication here at Stanford, and will be joined by a social scientist, a venture capitalist, and a clinician.

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at