Skip to content Skip to navigation

Friday Cyber News, December 22 2017

Cyber technology-related news and links from around the web, for the week of 12/16 - 12/22:

1. The US (and the UK) have publicly attributed the WannaCry ransomware campaign to the North Korean Lazarus Group, and commended Facebook and Microsoft for helping to delete accounts tied to the WannaCry perpetrators, and applying patches to affected customers, respectively. The Lazarus Group (also responsible for the Sony hack) are currently targeting cryptocurrency exchanges and individual wallets, in an attempt to fund their work. [WSJ; Reuters]

2. New York City passed a first-of-its-kind algorithmic accountability bill this week, which "establishes a task force that will study how city agencies use algorithms to make decisions that affect New Yorkers’ lives, and whether any of the systems appear to discriminate against people based on age, race, religion, gender, sexual orientation, or citizenship status." [Ars Technica]

3. In contrast to the sound and fury of US concern over online misinformation, Europe has enacted significant rules, and accompanying penalties, targeting online platforms that host hate speech, copyright-protected media, or other forms of illegal content. This strict regime will certainly err on occasion in identifying legitimate content as objectionable, but could the results--a kinder, gentler internet? Measured discourse during election season, perhaps--be worth it?  [Foreign Affairs]

4. Although it may seem that everyone's passwords have already been leaked, the market for stolen credentials is still rolling merrily along, netting criminals $15 for the average AirBnB or AT&T credentials and up to $190 for frys.com customer logins, either because Frys makes fraud easy or because credential scammers know exactly how much an 8TB external hard drive is going for. [Krebs on Security]

5. A dissection of cybersecurity references in the 2017 US National Security Strategy document yields meager fare: Russia is "destabilizing" and "uses information operations as part of its offensive cyber efforts to influence public opinion across the globe," China engages in "cyber-enabled economic warfare," "economic and personal transactions are dependent upon the '.com world,' and wealth creation depends on a reliable, secure Internet," water is wet but life-sustaining, etc. [Lawfare]

6.​ After updates to the language in the Wassenaar arrangement, a multinational export control agreement and a real coup for the global recognition of the correct spelling of the Dutch suburb, cross-border vulnerability disclosure and information sharing about incident responses will not require an export control license. [The Hill]

7. Can the CFAA be invoked to prevent the use of scraping tools that automatically gather and sort information from publicly-available webpages? LinkedIn says yes; the EFF says no. At issue is the definition of "authorized" access: LinkedIn makes profile pages public by default, to allow others to find LinkedIn pages through search results, but attempts to prohibit automatic scraping through its terms of service. [EFF]

8. Before it becomes ubiquitous, Tyler Cowen asks: will virtual reality make us, or our society, more virtuous? The effects of VR on empathy suggest that we could use it to cultivate caring, but when forewarned of an opportunity to be altruistic, many purposely do not show up. [Bloomberg]

9. China's social credit score system, backed by the ubiquitous mobile payment platform Alipay, offers bonuses--expedited visas, better airline reservations--to those with higher scores, though maintaining a high score requires removing friends with lower scores from your contacts. [Wired]

10. After early anomalies in Bitcoin Cash trading, Coinbase is investigating allegations of insider trading stemming from changes to trading rules on its GDAX exchange that led to artificially high prices. The price of regular Bitcoin fell to around $12,000 at the end of this week. [Quartz; WSJ]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)