Skip to content Skip to navigation

Friday Cyber News, December 9 2016

Cyber technology-related news and links from around the web, for the week of 12/3 - 12/9:

1. Facebook's fake news is still causing real problems. One of the more popular conspiracy theories centered on a pizza restaurant, and this week a gunman showed up there to investigate the fake news reports that he thought were real. One solution is through design: make it harder to share fake news, make fake news easily distinguishable from reputable articles; Facebook currently camouflages fake news in the timeline and the news feed. To get to solutions, though, Facebook needs to stop hiding its intentions. Far from intending to be neutral, Mark Zuckerberg recently asked his board for permission to remain in control of Facebook while serving in government (the board said no). Facebook COO Sheryl Sandberg reiterated this week that Facebook doesn't think fake news swayed the election--again, there is no way for her to know this without having access to private voting records, and Facebook has previously published research showing that Facebook sways voter turnout--but the problem, as we saw in the first story, is whether Facebook content can sway individual opinion and real-world behavior, a problem they are tacitly admitting to when they agree to track and remove terrorist-sympathizing content (see #3 below). [Medium; The Verge; Bloomberg; The Hill]

2. President Obama ordered an investigation into election-related hacking, to be completed before he leaves office. The Secretary of State of Georgia accused the DHS of trying to break through its firewall. [Politico; Georgia.gov]

3. Facebook, Google, and other tech companies are tracking terrorist content in the same way that law enforcement agencies track explicit images, in an attempt to remove the content from their platforms. This enhanced tracking is partially meant to address demands by the European Commission that tech companies act on reports of hate speech within 24 hours. Trolls can be a thorny problem for platforms that want to give the appearance of valuing free speech, but Github has been successful at combating trolls by changing the way that tools can be used: ensuring that users consent to being tagged, for example. Meanwhile, we have all been given a very prominent example of cyber bullying that needs to be stopped. [NY Times; Motherboard; London Review of Books; Fusion; Washington Post]

4. The report from the Presidential Commission on Enhancing National Cybersecurity came out after press time for this newsletter last week, so here it is, as well as key takeaways from Stanford's Herb Lin, Commission Member. Top priorities highlighted by Brian Krebs include IoT security and, of course, DDoS protection. Public-private partnerships made an appearance in the report's recommendations and are generally viewed skeptically, but a private sector-FBI collaboration was successful at taking down the Avalanche network of bot-hosting and malware-deploying services this week. [NIST; Lawfare; Krebs on Security; Cyber Scoop]

5. At what point does browsing history become criminal? A French man was sentenced to two years in prison for visiting pro-ISIS websites, though there is no evidence he planned any violence. To help you avoid falling into the trap of overly exuberant Googling, the search giant has removed sexist and anti-semitic autocomplete suggestions after a reporter pointed out the offending phrases. [The Verge; Guardian x2]

6. IBM's Watson, the computer that won Jeopardy, is being deployed to combat ransomware and analyze suspicious behavior on networks in the health and energy sectors. To add to the cybersecurity buzzword bingo, there are various ways that blockchains can provide data security and protect against ransomware (by providing verified backups). [Wired; TechCrunch]

7. NSA is suffering from brain drain, for reasons of morale and low pay compared to private-sector tech jobs. The NSF plans to spend another $20M in 2017 on computer science education, bolstered by teacher-training efforts, in an attempt to widen the pipeline at its base. [Cyber Scoop; The Hill]

8. "More unsettling still, with two billion people networked online in the world, will we ever look to our neighbors for community again? If the election is any indication of how much political power resides in online coalitions, it seems hard to imagine our struggles over the past few years have done anything beyond connect us further online. Have our blockades and rallies drawn us further out of our own geographies and into a network of digital affinity? Are we accumulating followers, or dismantling the regimes of power acting against the communities we actually live in? It’s honestly hard to tell, and as we raise our heads from our phones to look around, we’ll have to ask ourselves an even harder question: are our communities still here?" [Mask]

9. German conglomerate ThyssenKrupp confirmed a massive cyber breach that it attributes to South Asian hackers. Researchers have published the details of a distributed guessing attack that takes advantage of a security loophole in the VISA system that lets you test potential security code and expiration date combinations for stolen card numbers across multiple sites simultaneously, reducing the time needed to find a valid number to 6 seconds. South Korea accused North Korea of attacking their cyber command and leaving behind malware. [Reuters; NCL.AC.UK; Yonhap News]

10. This week in cyber dystopia: 90% of computers used by NHS Trusts (basically regional healthcare organizations in the UK) are still running Windows XP. The Glass Room is a data- and cybersecurity-focused art exhibit in NYC that lets you look up your hacked LinkedIn password, surveil the elderly, and see how your iPhone tracks everywhere you've been this year. William Gibson mulls privacy, history, and encryption from the lens of the Apple-FBI case. Your editor's vote for best tech talk of the year: Why superintelligence is an idea based on faulty premises but believed by tech billionaires. [Infosec Magazine; Datasociety; NY Times; Youtube]

Year-end prognostication exercise: What will be the biggest cyber news story of 2017? What will be the trends, economic indicators, or new products? What will the cyber dystopia bring? Give us your cyber predictions for 2017, and some will be featured in the Cyber Initiative's end-of-year newsletter. The most accurate prediction wins a prize in December 2017! Tell us here.

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)