Skip to content Skip to navigation

Friday Cyber News, December 2 2016

Cyber technology-related news and links from around the web, for the week of 11/26 - 12/2:
 
1. Om Malik rightly criticizes Silicon Valley for failing to empathize with those displaced or unsettled by its technological innovations (VC, disrupt thyself). Senator Tom Cotton criticized Facebook's censorship tool for Chinese accounts, discussed in last week's newsletter. Clay Shirky argues that Facebook's offer of the tool poises it at the top of a slippery, dangerous slope of global censorship. A draft of a European trade proposal called TiSA would grant tech platforms like Facebook legal immunity for censoring content deemed "objectionable". (By whom? unclear). The Global Network Initiative (a group of tech companies that, haha, includes Facebook) released a report this week stating that companies should not be pressured by governments to change their terms of service or restrict content. [New Yorker; The Hill; FP; Motherboard; Reuters]

2. Venezuela's subsidized electricity has led to a massive uptick in bitcoin mining, one of the few stable sources of income in the unstable country. [Reason]

3. This week in local interest: San Francisco's municipal transit system, Muni, was hit by ransomware over the weekend, leading to free rides while IT staff restored the system. The hacker(s) asked for 100 bitcoin but got nothing, and are now threatening to release data stolen while the system was compromised, though Muni asserts no personal information of riders or employees was taken. The transit authority was praised for not complying with hackers and for backing up their system, which if you've ridden Muni lately you might suspect hadn't been updated for a couple of years anyway. Across the bay, Alameda County is under fire for using software so cumbersome and ineffective that it has led to arrests on invalid warrants, some the result of a backlog of file updates that is growing at 300 files per day. Vanity Fair profiles the UC Berkeley graduate student who helped discover a remote jailbreak in the wild last summer. And Season Two of our podcast Raw Data launched this week, with an episode exploring whether big data is a big sham, and checking in with our Hewlett-funded Berkeley colleagues and heading to SF to chat with Cindy Cohn of the EFF. [SFist; SF Chronicle; Vanity Fair; Cyber Initiative]

4. Despite some last-ditch Senate attempts to stop them, changes to Rule 41 of criminal procedure went into effect this week, enabling federal judges to approve warrants for computers in any jurisdiction. Previously, judges could only issue warrants for devices in their jurisdiction, making it difficult to coordinate a widespread sting or hack a device that was using location-masking software like Tor. [The Hill]

5. Remember when the DoD said we were dropping cyber bombs on ISIS? It turns out a cyber bomb is a real bomb, as ISIS social media experts are being picked off by drone strikes. [NY Times]

6. Ultrasound beacons that allow device-to-device communication can also be used to send malware to devices programmed to receive. The threat will have to be addressed if ultrasound device communication is adopted more widely, but I don't think it will be--birds, bats, rats, and other animals use ultrasound to communicate, and one thing that's definitely going to stop a grocery store from using ultrasound to push in-store coupons to an app on your phone is a mob of rats. Recycled phone numbers can still receive authentication codes and messages meant for their old owners, and even phone numbers previously assigned to landlines receive texts, so reconsider using SMS as a second factor of authentication. [New Scientist; LA Times]

7. Barrett Brown, a journalist convicted for hacking after getting too close to his sources in Anonymous (though the data he supposedly stole was released before he is said to have stolen it) was released from prison this week. His release is a win for journalistic freedom, but a loss for those who followed his Barrett Brown Journal of Arts and Letters and Prison. [DailyDot; The Intercept]

8. Mirai is dead, long live Mirai: the new version of the botnet has added a bunch of compromised routers, and a hacker going by the name BestBuy (all free advertising is good advertising?) claimed to have used it to cause outages for customers of Deutsche Telekom. [Motherboard; DW]

9. The Commission on Enhancing National Cybersecurity delivered its report to the President this week. One recommendation is that incentives work better than regulation to accomplish goals like securing the internet of things and preventing cyber attacks. RAND released a game-based framework for evaluating cyber policy options. The Council on Foreign Relations released a brief weighing the pros and cons of a federally backed cyber insurance program, as in the mold of TRIA. [NIST; Cyberscoop; RAND; CFR]

10. This week in cyber dystopia: The Internet Archive is making a backup of the entire internet that they will store in Canada, to protect it from the new US presidential administration. AT&T takes aim at net neutrality by zero-rating video provided by DirecTV, a company it owns, as opposed to video provided by other companies it doesn't own, which will count against users' data quotas. The new National Security Advisor, Michael Flynn, installed an internet connection in his Pentagon office despite that being prohibited for security reasons. Lush has a bath product called Error 404 with sales benefiting Access Now and groups attempting to preserve digital rights in countries where governments have shut down, or threatened to shut down, the internet. It smells like vanilla. (I thought the internet smelled like hot plastic; send me your suggested internet fragrances). [Motherboard; The Verge; New Yorker; Lush]

Year-end prognostication exercise: What will be the biggest cyber news story of 2017? What will be the trends, economic indicators, or new products? What will the cyber dystopia bring? Give us your cyber predictions for 2017, and some will be featured in the Cyber Initiative's end-of-year newsletter. The most accurate prediction wins a prize in December 2017! Tell us here.

Thanks for reading,
Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)