Skip to content Skip to navigation

Friday Cyber News, December 8 2017

Cyber technology-related news and links from around the web, for the week of 12/2 - 12/8:

1. Rodrigo Duterte's use of Facebook as a propaganda machine in the Philippines is bolstered by Facebook's explicit partnerships with, and preferential treatment of, the Duterte government. Facebook also has different response strategies to identifying and banning fake accounts in different countries, choosing to be more proactive in France than in the Philippines. Facebook also has a problem with hosting paid political advertising that is actually malware, raising concerns about how closely political ads are vetted by the platform before they are run. [Bloomberg; ProPublica]

2. NIST released the second draft of an update to its framework for critical infrastructure cybersecurity, including guidance on vulnerability disclosure programs and supply chain security. [NIST.gov]

3. Germany's Interior Minister wants backdoors in every internet-connected device that allow state surveillance, and a "kill switch" allowing the device to be remotely booted from the internet. [CSO Online]

4. A suspected Iranian cyber espionage group, APT34, is using a Microsoft Office vulnerability to target a government organization in the Middle East, following a multi-year pattern of targeting critical infrastructure companies. Iranian hacking groups have been improving lately, partly due to government support and partly due to better talent recruitment, and the number of groups has proliferated. [Fireeye; Wired; Cyberscoop]

5. The SEC filed a complaint this week against a fraudulent ICO, the first indication of how the SEC's newly created cyber fraud unit will address cryptocurrency offerings. [Ars Technica]

6.​ In a recent report, the Government Accountability Office asked for more information on how Cyber Command and other combatant commands intend to interact with civilian agencies and the private sector, particularly in supporting private sector response to data breaches. [Cyberscoop]

7. Bitcoin went on a tear this week, reaching heights above $19,000 before coming back down to $16,000 Thursday evening, despite a hack of large mining marketplace NiceHash resulting in a $64m theft. Nathaniel Popper explores whether "digital gold" is now even better than gold. You might also have seen claims that Bitcoin's energy usage is going to kill the planet, or exceed the energy usage of the whole United States, which I think are overblown. Bitcoin mining does use energy, because the "proof of work" system relies on performing computations that require powering, and cooling, servers. (In context, bitcoin uses about 8 terrawatt-hours per year; gold mining uses 132 terrawatt-hours per year). The bitcoin network's energy usage has been increasing because the price of Bitcoin has been going up, while the (heavily subsidized) price of electricity in China, where most miners operate, has stayed constant and low, so miners are incentivized to bring more mining power online, and that in turn increases the difficulty of the proof-of-work algorithm. Saying that in a certain amount of time the Bitcoin network is going to use more energy than the US ignores that any of these incentives could change (China could reduce or eliminate its subsidies; Bitcoin could switch to an algorithm like proof-of-stake that uses less energy than proof-of-work; the price of Bitcoin could stabilize or fall, reducing miners' incentives to add more mining power; better cooling and power management technology could reduce the amount of energy that bitcoin and all computer systems or data centers use; or China could follow through on a promised crackdown on cryptocurrency activity within its borders, pushing miners to other countries where electricity is more expensive and they'll all have to reduce the amount of mining power they're using). China is not unaware that this is where some of its subsidized electricity is going, and right now they're kind of looking the other way because miners are selling the bitcoin they mine to pay workers to run their server farms, and to buy electronics, and this is net positive for the Chinese economy, but there's an equilibrium point at which it wouldn't be, and that point arrives far sooner than bitcoin using more electricity than the whole US. [Guardian; Grist; NY Times]

8. Senators Markey and Blumenthal are looking closely at Messenger Kids, the children's version of Facebook Messenger, to ensure it complies with COPPA rules and does not sell data about children's use of the app. [The Hill]

9. Britain's Digital Economy Act of 2017 would keep a record of everyone who accesses adult content, through an age verification requirement, and would potentially also track exactly what adult content was viewed. Are they absolutely sure these private viewing records could never be leaked? [Mother Jones]

10. "1% of traffic on the Ethereum blockchain is being used to breed digital kitties." It's a game to introduce people to digital contracts through the purchase of digital cats, but it's also cuter than Neopets. [Motherboard]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)