Skip to content Skip to navigation

Friday Cyber News, January 12 2018

Cyber technology-related news and links from around the web, for the week of 1/6 - 1/12:

1. This week in DC cybersecurity news: A Senate bill to reverse the FCC repeal of net neutrality received a sufficient number of supporters to progress to a full-Senate vote. In a response to the Equifax breach, Senators Warren and Warner introduced a bill this week, the Data Breach Prevention and Compensation Act, that would allow the FTC to fine credit reporting agencies $100 per individual whose data was involved in a breach, and an additional $50 for each additional piece of that individual's personal information that was leaked. Half of the revenue from that fine would return to the affected individuals. A bipartisan group of six Senators, with clear input from election security researchers, have introduced the Secure Elections Act, to remove paperless electronic voting machines and support states in conducting routine post-election audits of their voting systems. And the US House of Representatives voted to extend Section 702, the NSA's warrantless surveillance program. The legislation now heads to the Senate, where attempts to add privacy protections and warrant requirements for searches of 702 databases for US citizens' information have faced significant opposition. [The Hill; Recode; Ars Technica; NY Times]

2. National Security Advisor H.R. McMaster warns that Russia is conducting online influence operations targeting the Mexican presidential election in July. [Reuters]

3. APT 28/Fancy Bear is directing its phishing attacks against officials associated with the 2018 Olympics and US Senators. [Cyberscoop]

4. A new report from British think tank Chatham House identifies cyber vulnerabilities in nuclear weapons systems, including communications and maintenance records. [Chatham House]

5. News of another questionable Uber program, code-named Ripley, shows that Uber used the program to remotely shut down or change passwords on company-owned devices, and that they particularly did so when law enforcement officials had shown up with a warrant, toeing the line between obstruction of justice--the digital equivalent of someone running to the back room with a shredder--and protecting company assets. [Bloomberg]

6.​ Baidu and Tencent app users in China are beginning to raise concerns over the privacy of their data that those apps gather, as well as practices like auto-enrolling users in social credit monitoring systems. Those concerns are tempered by the extent to which most messaging, digital payment, and web browsing is conducted through Tencent and Baidu products. [WSJ]

7. North Korean malware that hijacks target computers and directs them to mine Monero has been found by cybersecurity researchers, though the quality of the code indicates that it may be a student project. Any cryptocurrency generated by the malware is sent to servers at Kim Il Sung university for collection, bolstering the 'student project' possibility. [WSJ]

8. This week in cryptocurrency news: A memo from China's internet finance regulator shows that it intends to reduce the number of bitcoin miners operating in China, due to concern over miners' use of environmental resources and their contributions to financial speculation. In the US, the Senate Banking Committee will be holding a hearing in early February on the financial implications of Bitcoin, with testimony by Commodity Futures Trading Commission Chairman Christopher Giancarlo and Securities and Exchange Commission Chairman Jay Clayton. At the CES electronics expo, Kodak announced its own cryptocurrency, intending to help photographers manage their digital image rights, and a branded bitcoin-mining rig with questionable financial predictions, and was roundly and justifiably mocked. A bug in Coinbase's communication with Overstock temporarily allowed customers to pay bitcoin cash for items priced in bitcoin, and receive refunds in bitcoin, despite drastic price differences between the two currencies. Dogecoin, a cryptocurrency explicitly created as a joke, hit a $2B market cap, and its creator is worried. Part of that increase is due to students mining cryptocurrencies in their dorm rooms, with varying amounts of success. In Japan, an all-girl pop group named Kasotsuka Shojo, or the Virtual Currency Girls, released their first song, which is about online security. [Techcrunch; The Hill; CNN; CNBC; Krebs; Motherboard; Quartz x2]

9. Is a volunteer cyber defense unit feasible in the United States? Based on the Estonian model, a situation-dependent rapid-response force would avoid the problem of convincing cybersecurity experts to leave industry for lower pay and more bureaucracy, and instead allow civilians access to restricted information and coordination with military teams where needed during incident response. [War on the Rocks]

10. Harley the FBI Cyber Dog is trained to sniff out flash drives, SIM cards, and hard drives, and gave a presentation at this week's FBI-hosted International Cyber Security Conference. If the FBI stops talking about encryption backdoors and starts talking about encryption doggie doors, I'll be more sympathetic. And a few updates on programs mentioned in recent newsletters: the Department of Homeland Security has sped up its state election security assessments, to complete all requested assessments by April of this year. Facebook's news feed algorithm will now show more posts by friends and family, and fewer posts by pages and ad sponsors. [WSJ; The Hill; Guardian]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)