Skip to content Skip to navigation

Friday Cyber News, December 21 2018

Cyber technology-related news and links from around the web, for the week of 12/15 - 12/21:

1. This week in Facebook: There's been a lot! The Senate Intelligence Committee (more about their report in #8) found that Facebook withheld data from US government inquiries about Russian interference on its platform. But Facebook has not been nearly so withholding when it comes to partners developing apps on their platform; they have, in fact, given Microsoft, Netflix, Amazon, Spotify, and other companies full access to Facebook users' friend contact information, private messages, and other personal data, leading Senator Brian Schatz to call for a federal privacy law in the absence of meaningful self-regulation by Facebook and other companies. The DC Attorney General filed a lawsuit against Facebook this week for failing to protect users' privacy in the Cambridge Analytica matter, which by now has been augmented by so many additional pieces of negative Facebook news that you may need a handy recap of all of Facebook's scandals in 2018. [NY Times x2; Business Insider; The Hill; WSJ; Buzzfeed] 

2. The DOJ charged two Chinese nationals working with APT10 with conducting spearphishing campaigns targeting US government agencies, companies, and the Navy. [The Hill]

3. Leaked European diplomatic cables reveal concerns over Russia's influence on the US, unexpected US policy decisions, Chinese information operations, and more, as well as the higher-level question of the responsibility of journalists to publish, or not publish, this type of hacked information. [NY Times]

4. An Amazon customer in Germany who requested his data from the company in accordance with new GDPR regulations was sent 1,700 audio recordings from someone else's Alexa. [NPR]

5. The FBI seized domains associated with 15 DDoS-for-hire providers, known as booter and stresser sites. [Techcrunch]

6.​ The EU High-Level Expert Group on Artificial Intelligence published draft guidance on AI ethics this week, including principles of beneficence, non-maleficence, autonomy, justice, and explicability. [Inside Privacy]

7. This week in cryptocurrency: Tether might actually have the dollar reserves it promised, but could still be manipulating bitcoin prices; crypto exchange Bithumb may not have the trading volume it claims; the first futures contract settled in bitcoin is coming; and finally, the definitive blockchain book for anyone on your gift list. [Bloomberg; Forbes; WSJ; Amazon]

8. Read something new over winter break: the Senate Intelligence Committee's detailed report on the tactics and tropes of the Internet Research Agency shows how the group collected information on social media users and attempted to deepen conflict over divisive issues, as well as other gems. Pairs well with: is the internet good for authoritarianism? [Documentcloud; New York Magazine; Harpers]

9. Learn something new over winter break: how to remotely brick a server, taking advantage of a flaw in the baseboard management controller. [Dark Reading]

10. Blind, an anonymous social network used to discuss malfeasance at major tech companies, was not as anonymous--or as secure--as it claimed, as demonstrated by a security breach involving an unsecured server and improperly hashed passwords. [Techcrunch]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at