Skip to content Skip to navigation

Friday Cyber News, February 2 2018

Cyber technology-related news and links from around the web, for the week of 1/27 - 2/2:

1. There was no mention of cybersecurity in the State of the Union this week, but cybersecurity problems that deserved to be mentioned include the collapse of cyber deterrence against Russia, ransomware and the growing population of IoT devices, and the risk of hardware and software subversion in a globally distributed infotech supply chain. [War on the Rocks]

2. Strava was scrutinized this week after they updated their heatmap tool, adding 2016-2017 data, and curious researchers noticed that military personnel were tracing their routes around--and sometimes in--bases and other restricted sites, as a result of not removing their fitness trackers (or turning off Strava recording). Strava's opt-out privacy policy, military encouragement of Fitbit use, and users' failure to recognize that personal tracking devices shouldn't be worn in classified sites were variously blamed for the lapse in privacy. Regardless, the model of personal acceptance of privacy policies ignores the ways in which we increasingly don't know what the privacy consequences are of each instance of data sharing, and in some cases can't know until after the fact how two data sets can be combined to reveal private information not fully present in either. [Strava; Twitter; NY Times] 

3. The UK's "snooper's charter" electronic surveillance program was declared unlawful this week, because it allows police officers and "other government officials" to authorize their own access to digital records without court approval or oversight. The UK is also announcing fines of up to £17M for companies that fail to adequately protect themselves from cyber attacks, beginning this May. [Guardian; BBC]

4. 94% of US workers think it's unlikely they'll lose their jobs to automation. And, understandably given their market position, Uber's self-driving truck team says self-driving trucks will create more trucking jobs (for humans). [Tech Review; Atlantic]

5. New research from the University of Toronto's Citizens Lab shows that the cost to run a phishing campaign targeting Tibetan activists and other targets of interest to China is relatively paltry: $1,068. [Citizen Lab]

6.​ This week in cryptocurrency news: India announced it considers cryptocurrencies illegal, and will move to eliminate their use, while South Korea announced it has no plans to ban cryptocurrencies, but also uncovered more than $500M in illegal cryptocurrency trading. Tokyo-based exchange Coincheck lost 58 billion yen of NEM in a hack, but plans to return approximately 90% of the lost coins to customers. The US Commodity Futures Trading Commission sent subpoenas to Bitfinex and Tether, interrelated businesses that claim to back bitcoin with the US dollar, but are wary of auditors. The SEC froze the assets of a Texas-based ICO that did not register its token as a security. Insurers are beginning to offer protection against cryptocurrency theft. [Reuters x3; The Hill; Bloomberg; Reuters]

7. Facebook is banning ads that promote cryptocurrencies and ICOs, a bold move for a company that, as of two months ago, was still struggling to figure out how to ban racially discriminatory housing ads from its platform. [The Hill; The Verge]

8. The US House Foreign Affairs Committee will be holding a hearing next week on the State Department's cyber diplomacy efforts after the departure of cyber diplomat Chris Painter in July. [The Hill]

9. Increasing numbers of cloud-connected pacemakers are being installed in the chests of people with little technical ability to monitor the data they transmit (or verify that the devices are behaving correctly and haven't been hacked). "First, let’s save your life, the medical establishment might surmise, and later we can chitchat about how having a wireless, subdermal implant for the rest of that life might expose you to hacking, infections, and other health hazards." [Atlantic]

10. Online voting scandal in Australia: the New South Wales transport minister falsified the results of an online boat-naming poll, declaring Ferry McFerryface the winning name when the winner was, in fact, Ian Kiernan. In other Australian Mishaps news, this is more "security" than "cyber", but...classified and top secret Australian government files were discovered in two locked filing cabinets being sold at a secondhand shop as government castoffs. [The Guardian; ABC.AU]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)