Skip to content Skip to navigation

Friday Cyber News, January 13 2017

Cyber technology-related news and links from around the web, for the week of 1/7 - 1/13:

1. The email privacy act (which would require federal investigators to obtain a warrant to access your old emails) has been re-introduced in the House of Representatives. Meanwhile, demand for encrypted messaging apps like Signal is increasing post-election among church congregations, artists, nonprofits, and anyone with a reasonable interest in private communication. Privacy is becoming harder and harder to find, as surveillance systems spread to include government, corporate data gathering, IoT devices, and foreign spies. Even WhatsApp has a vulnerability related to its integration with Facebook that would allow Facebook to read encrypted WhatsApp messages. [Inside Privacy; The Verge; Harvard Magazine, h/t Alex; Guardian]

2. A Swedish national security organization monitors all emails, texts, and calls traveling along fiber optic networks into and out of Sweden (notable because these cables connect to Russia on the other end), which has made it a key ally of the NSA. Meanwhile, Sweden has maintained its position of neutrality and its support of internet freedom, which has softened the blow of Snowden's revelations for Swedish citizens. With Russian internet communications now in the spotlight, Sweden's role in intelligence collection is becoming more important. [NY Review of Books]

3. Cellebrite, provider of cell-phone hacking tools and data extraction services, was itself hacked, and documents including customer support tickets were leaked, showing Cellebrite's global network of government customers. Our researchers in the Crypto Policy Project warned of this risk to the use of third-party hacking in their amicus brief when the FBI was looking for external help to access a locked iPhone. [Ars Technica; Stanford, h/t Riana]

4.  US election systems have been designated as critical infrastructure--too little too late, given the ODNI report's damning evidence of Russian interference throughout the electoral process--and the new target is France, anyway. [Ars Technica; Lawfare; Telegraph]

5. The FCC issued a report this week on telecommunications services that offer zero-rating, calling the practice "potentially unreasonable discrimination in favor of their own affiliates" (because, e.g., AT&T can provide content from DirecTV, its subsidiary, for free, which encourages the use of that service). The report is a jab rather than a hammer, but could indicate future enforcement of the FCC's Open Internet Order that requires equal treatment of internet traffic. [The Hill]

6. The apparent correlation between falling renminbi and rising bitcoin prices prompted the People's Bank of China to meet with the country's three largest bitcoin exchanges and remind them of restrictions on the outflow of capital from China. 98% of global bitcoin trading volume over the past six months was renminbi transactions, though some traders question whether these trades really represent a large-scale exodus of capital from China. [FT]

7. FBI Geek Squad technicians served as paid federal informants, as their repair efforts occasionally uncovered illegal material of interest to the FBI. Now, the question is whether Best Buy employees were acting as an arm of the government, thereby running afoul of the Fourth Amendment protection against searches. [Washington Post]

8. Former NY mayor Rudy Guiliani will be an informal advisor to the incoming administration on cybersecurity, building on experience gained running his eponymous security consulting firm, Giuliani Security, whose website is currently down after security researchers commented upon the site's numerous vulnerabilities and expired certificates. [Washington Post]

9. Markets dominated by pricing algorithms (such as Amazon third-party sellers, which in 2011 produced listings for a $21m textbook after their pricing algorithms failed to set caps) will lead to algorithms that collude, and that collusion will be difficult to detect when algorithms are subject to no external oversight. [FT]

10. Last week China required Apple to remove the NY Times app from the Chinese app store, and this week Russia is demanding the removal of LinkedIn from Google's and Apple's app platforms within Russia. The FTC sued D-Link over false claims of security, when in fact many of its routers had hard-coded passwords and other vulnerabilities. Thousands of public (and likely misconfigured) MongoDB databases fell victim to ransomware this week, including one with the personal information of 3.3M Hello Kitty fans. Is nothing sacred. [NY Times; Cyber Scoop; Krebs; Threatpost]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)