Skip to content Skip to navigation

Friday Cyber News, January 19 2018

Cyber technology-related news and links from around the web, for the week of 1/13 - 1/19:

1. The draft Nuclear Posture Review currently at the White House for approval would expand permitted usage of nuclear weapons to include responses to "attempts to destroy wide-reaching infrastructure, like a country’s power grid or communications," which some analysts interpret as indicating that nuclear weapons could be used to respond to cyberattacks. [NY Times]

2. Facebook is broadening the scope of its research into potential Russian-driven meddling in advance of the Brexit referendum. While determining the extent of political influence on Facebook is important, this also seems to be one in a series of last-ditch attempt to throw a wrench in Brexit proceedings, with the end-of-March deadline approaching. On one front, Brexit has been successfully derailed; as Minister David Jones noted, England will not be leaving the EU geographically. [WSJ; iNews]

3. DHS Secretary Nielsen told the Senate on Tuesday that DHS currently provides "active defense" cyber tools to private companies, and I'm quite curious about what those tools can do, as the majority of policy analysts have predicted widespread anarchy and hooliganism if the ACDC "hacking back" bill were to be passed. [The Hill]

4. The Senate passed a six-year extension of NSA's Section 702 domestic surveillance program. And from NSA to Nissan, the manufacturer of your car is collecting massive amounts of data on where you go in that car and when. [The Hill; Washington Post]

5. Latvia's e-health system was brought down by a DDoS attack this week. [Xinhua]

6.​ If you want to use a secure messaging app in a country with strict censorship rules, you can mask that app's traffic by routing it through traffic from a larger service, like Amazon or Google, that would be more difficult to block. In Iran, however, Google itself doesn't provide access to Google App Engine, which would allow this type of censorship circumvention, meaning that Iranians are forced to rely on less secure, but state-approved, messaging tools. Amazon and Microsoft do provide their services in Iran, but Google claims that US sanctions prohibit them from doing so; those concerned are asking the US State Department to either clarify their position or exempt Google from those sanctions. [Motherboard] 

7. Nation-state-authored malware targeting industrial control systems was mistakenly uploaded to VirusTotal by Schneider Electric, one of its victims, and left online for anyone to download and tinker with. While this tactic worked better in The Purloined Letter, in this case many people noticed and copied the malware while it was available. [Cyberscoop]

8. What if we, as a species, were never meant to be globally connected, and our current problems with internet-enabled harassment, propaganda, and fraud stem from that mistake? Ours should be a golden age of free speech, but social media tools are poisoning democracy by elevating every voice to similar levels of prominence, and using targeting tools that mean no one can reach the same audience twice. [NewCo; Wired]

9. The World Economic Forum's global risks report indicates that cybersecurity risk is growing, both in numbers of incidents and in economic impact. [WEF]

10. When Travis Kalanick wanted to decline a position on the president's business advisory council, he "walked away from his desk at the appointed time. The first call from the White House came—and went to Kalanick’s voicemail. Then came the second call [...] Kalanick walked into a glass-walled conference room to deliver the news. The conversation apparently went as one would expect. Kalanick emerged to tell his colleagues that the president was 'super un-pumped.'" Among other strange details in this piece on the fall of Uber, that phone call provides a précis of the Silicon Valley - Washington DC disconnect. [Bloomberg] 

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)