Skip to content Skip to navigation

Friday Cyber News, February 16 2018

Cyber technology-related news and links from around the web, for the week of 2/10 - 2/16:

1. North Korea's Office 91 sends groups of young software engineers into Russia, Malaysia, and China to work as freelance software developers, or as hackers--or both--in order to send money back to the homeland and identify vulnerabilities in commercial software that can be used in the country's cyber operations. [Bloomberg]

2.  Instagram gave in to requests from Russia's telecommunications regulator to remove posts showing Deputy Prime Minister Prikhodko and a Russian oligarch on a yacht, claiming the latter's right to privacy as the reason for the deletion. In fact, the deletion requests were likely motivated by a political disagreement between opposition leader Alexei Navalny and Prikhodko. The willingness of tech companies to acquiesce to the censorship demands of regimes with little respect for political opposition and minority views is an ethical failure that strengthens the power of despotic leaders, with no concern given to the individuals living under those regimes and receiving news from platforms managed by those tech companies (see also: PhilippinesMyanmar). [Washington Post; Bloomberg; Guardian]

3. Inside Facebook's delayed reaction to the fake news problem, and scattershot approach to addressing foreign intelligence operations on the platform. Security researcher Renée DiResta notes, "the way the Russians used the platform was neither a surprise nor an anomaly. 'They find 100 or 1,000 people who are angry and afraid and then use Facebook’s tools to advertise to get people into groups,” he says. “That’s exactly how Facebook was designed to be used.'" [Wired]

4. US intelligence chiefs warn that Russia is already conducting influence operations on social media targeting the midterm elections, but not targeting election infrastructure like voting machines and voter information databases--yet. [NY Times]

5. A new NIST report calls for cybersecurity standards for IoT devices, connected cars, and medical devices. The National Academies of Science, Engineering, and Medicine released a new report on the encryption debate, which proposes a framework for evaluating proposals to provide authorized government agencies with access to unencrypted versions of encrypted communications and other data. [NIST; National Academies]

6.​ The Clarifying Lawful Overseas Use of Data Act (yes, the CLOUD act; yes, the scourge of Congressional acronyms must be stopped) would streamline the process for compelling the disclosure of data stored abroad, when the data is stored in a country that enters into a fast-track data provision agreement. [NY Times]

7. A newly-developed chip performs elliptic curve computations while using less power than required by a software-only implementation, or previous (albeit smaller) chip designs. The researchers propose using the chip in IoT devices. [MIT News]

8. Lt. Gen. Paul Nakasone, currently the head of Army Cyber Command, has been nominated to lead the NSA and US Cyber Command when Mike Rogers retires this spring. [Politico]

9. A German regional court has found that Facebook does not adequately inform users about how their data will be used, and uses default sharing options in lieu of informed consent, in violation of consumer protection laws. A Belgian court also ruled this week that Facebook must stop tracking users' browsing activities after they leave the platform, and delete related data already collected. What else is Facebook up to that the courts might be interested in? Promoting its Onavo VPN, which also tracks your browsing activity across apps, and using phone numbers provided for two-factor authentication to text users with (non-security-related) notifications of new posts on their feed. [The Hill; Bloomberg; Techcrunch; Gizmodo]

10. If you don't want to see the ads on Salon.com, they're going to use your CPU to mine Monero, a novel maneuver in the ad-blocking wars. [Cyberscoop]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)