Skip to content Skip to navigation

Friday Cyber News, January 15 2016

Cyber technology-related news and links from around the web, for the week of 1/9 - 1/15:

1.  Suppose that a document describing an attack plan were discovered on the Google Drive account of a terrorist. Could Google search all Drive accounts to see who else was in possession of, or had edited, the document? Would that search be constitutional? This type of 4th Amendment dilemma, hypothetical at this point, goes hand in hand with recent government requests that tech companies do more to curb terrorism online, perhaps by developing an algorithm. [Just Security; Fusion]

2. Police are using software called Beware to calculate "threat scores" for individuals involved in a 911 call--before even responding to the call. The software pulls from police records as well as housing records and social media, which many find an uncomfortable level of surveillance. Our recent blog post explores how far along the slippery slope we are, in allowing intrusive data surveillance. [Washington Post; Cyber Initiative]

3. Judges are struggling with sentencing for cyber crimes: whether loss is defined as loss to the victim or loss to the system (including costs to upgrade or add more security), and how responsible someone who wrote code but didn't deploy it should be, are some of the issues under consideration. [The Hill]

4. Is Bitcoin over? Recent updates to the system make payments changeable until they are incorporated in the blockchain, meaning that a vendor would need to wait until a block is accepted before knowing you have paid him. That process is also taking longer due to restrictions on block sizes that leave the system vulnerable to attacks that flood the queue with transactions and increase the amount of time the vendor would have to wait, sometimes up to 14 hours. Due to these developments, some Bitcoin investors and developers are backing out. Another dream declared over: using the dark web for illicit marketplaces isn't as fun anymore, after the collapse of the Silk Road. [Forbes; Wired]

5. The fascinating story of how a wire fraud case exposed governmental use of Stingrays--cell tower simulators--because the crime was planned so well, no publicly-disclosed method of surveillance could have caught the perpetrator. [The Verge]

6. A recent ruling by the European Court of Human Rights appears to outlaw mass surveillance in Europe, noting that violations of privacy must be shown to directly contribute to preserving democratic institutions, and that indiscriminate, massive monitoring of communications doesn't meet this threshold. [CDT]

7. Stop doing this: the hacker who broke into CIA director John Brennan's AOL email account has now targeted Director of National Intelligence James Clapper, accessing his Verizon account among others, and forwarding all of his incoming calls to a Palestine activist group. This is not going to make the government more likely to compromise on backdoors. [Vice]

8. Wifi depends on unlicensed radio spectrum, but as IoT devices and other proliferate, that spectrum is getting crowded. Where will innovators go if it fills up? [New America]

9. Microsoft is retiring Internet Explorer, citing security issues, but their woes don't end there: Kaspersky Lab discovered a zero-day in Silverlight, which may have been used by Hacking Team. [Tech Times; ZDNet] 

10. Last week, we learned that malware was partially behind a disruption of the Ukrainian power grid, and wondered whether the US was next. To put the threat in perspective, though, squirrels have been responsible for 702 hours of electric grid disruptions--are they the real cyber warriors? This illustrates the difficulty of evaluating the risk of a rare but serious event, and the need to seal off more of our infrastructure from wildlife (those squirrel-led disruptions likely caused the squirrels to lose power, as well). [Passcode; The Verge]

Thanks,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, subscribe, or unsubscribe, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can also subscribe or view news from past weeks at https://tinyletter.com/CyberNewsBytes)