Skip to content Skip to navigation

Friday Cyber News, December 30 2016

Cyber technology-related news and links from around the web, for the week of 12/24 - 12/30:

1. The Russian sanctions are here: 35 Russian diplomats are being expelled from the US, and high-ranking members of Russian intelligence agencies are also singled out for travel bans. The White House released a report naming the Russian election-hacking activity Grizzly Steppe, and promised a more detailed report in the next three weeks. DHS, FBI, and ODNI also issued a joint report. Unlike the President-elect, Republican Senators Lindsey Graham and John McCain take the threat of Russian hacking seriously, and are calling for even stronger sanctions, and a hearing on the matter. [NY Times; Whitehouse.gov; DHS; CNBC]

2. The President of Ukraine also accused Russia of waging a cyber war against its state institutions, including the State Treasury and the finance and defense ministries. [Radio Free Europe]

3. Facebook buys data from commercial data brokers to better target ads to users of its platform and doesn't disclose to users what data it stores about them. Even if you ration how much information you provide on Facebook, you're still allowing the company to put together a detailed profile of you that it can, in turn, sell to its own advertisers. Facebook is also in legal trouble for its biometric recognition algorithms, which a class action suit alleges run afoul of the State of Illinois' Biometric Information Privacy Act. The Act requires "rigorous disclosure of methods, intentions and guarantees regarding" biometric data. [Pro Publica; TechCrunch]

4. The FDA released a 30-page guideline document for medical device manufacturers, advising them how to address and repair cyber vulnerabilities in devices like pacemakers, insulin pumps, and imaging systems. The guidelines are nonbinding but point out that medical devices provide very important functions and store private data, and have long lifecycles. [Scientific American; TechCrunch]

5. Pakistan's defense minister, responding on Twitter to a fake article about Israeli nuclear threats, tweeted a nuclear threat of his own. Facebook's safety check was erroneously triggered by a false report of an explosion in Bangkok. In 2017, we need to vastly reduce the amount of fake news online. In other nuke news: some nuclear submarines are running a pretty old version of Windows, along with other vulnerabilities, both cyber and traditional. [South China Morning Post; The Verge; New Yorker]

6. Support for net neutrality in the US has yet to lead to challenges to companies that offer "data-free" or zero-rated streaming services, but the Netherlands, which has net neutrality rules, has ordered T-Mobile to stop offering data-free streaming. [The Verge]

7. The state of UK and US critical infrastructure, SCADA systems, and cyber vulnerabilities are, as you might expect, worrisome and suffering from inconsistent norms. [Political Science Quarterly]

8. Homicide investigators are trying to subpoena an unlikely witness: an Amazon Alexa, present in the suspect's home. While Alexa doesn't record continuously, it can turn on by accident (by mishearing "Alexa", for example) and police are hoping it recorded part of the night of the murder. Amazon has refused to turn over any data, and the situation adds to legal disagreement over the responsibilities of companies with access to your data to safeguard your privacy. [Technology Review; thanks, Izzy!]

9. This week in blockchain: HBR argues that blockchain is not disruptive but foundational, analogous to TCP/IP, meaning it may take longer than expected to catch on, but has broad applicability. Ledger, the first peer-reviewed journal on blockchain and cryptocurrency research, published its first issue. Check out articles on governance in blockchain, subchains, ring confidential transactions, and more. [HBR; Ledger Journal]

10. This week in cyber dystopia: Travel agent and airline ticketing systems rely on six-digit codes and passengers' last names, which can be easily guessed or identified through pictures of boarding passes or luggage tags, allowing adversaries to alter itineraries. NYPD raided the wrong family's house, but still posted a picture of the family, handcuffed, to Snapchat, illustrating problems with law enforcement's use of social media. Underreported fallout of the Yahoo breach: hackers could have accessed Yahoo's cookies as well as email accounts and login credentials, allowing them to track and personally identify users who still have the cookies on their machines. Three Chinese citizens have been charged in the US with hacking and insider trading, showing how law firms hold information that can be very valuable to hackers. North Korea launched its own Android tablet that is heavily restrictive in terms of what content it will load and display, but does have a version of Angry Birds. [Motherboard; The Outline; CyberScoop; Reuters; Motherboard]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)