Skip to content Skip to navigation

Friday Cyber News, January 25 2019

Cyber technology-related news and links from around the web, for the week of 1/19 - 1/25:

1. Wikileaks has appeared to avoid publishing Russian kompromat, an oversight addressed this week by a trove of leaked emails and documents released today, given the cutesy name of Distributed Denial of Secrets. Other chats leaked this week shed light on how nation-state surveillance programs shop for and test the malware sold by companies like FinFisher and NSO Group. [Daily Beast; Cyberscoop] 

2. In the Cyber Diplomacy Act of 2019, introduced this week, Representatives McCaul and Engel intend to establish an Ambassador for Cyberspace in the State Department, create international cyber policy that specifically "rejects attempts by Russia and China to extort more control and censorship over the internet," and require the State Department's annual human rights report to include a section on internet freedom. []

3. New precedent for data breach settlements: Yahoo's shareholders were awarded $29M after three derivative lawsuits determined that the company's officers and directors breached their fiduciary duties in failing to secure customer data between 2013 and 2016. [NY Times]

4. The biggest GDPR penalty levied thus far--50 million euros--was assessed against Google by a French regulator this week, after finding that the company failed to get sufficient consent from users for targeted advertising. [WSJ]

5. Even though Bloomberg's report that SuperMicro motherboards had been compromised by the Chinese government has yet to be substantiated, supply chains involving, e.g., Huawei devices or AMI BIOS software are vulnerable to compromise. DoD documents from Snowden's neverending trove of wonders reveal which points in these supply chains have engendered particular concern about Russian or Chinese interference. [Intercept] 

6. Responding to Japanese Prime Minister Abe's goal of 40% cashless payments by 2025, the country's largest bank is building a blockchain-based payment network that it hopes will launch in time for the influx of tourists associated with the 2020 Olympics. [Tech Review]

7. Loan and mortgage documents dating back to 2008--24 million records' worth--were leaked from an unprotected server and available for two weeks before a security researcher notified the data and analytics vendor hosting the documents. [Techcrunch]

8. In the run-up to the 2016 election, a new study from Northeastern, Harvard, and the University of Buffalo has found that 0.1 percent of individuals accounted for nearly 80 percent of the sharing of fake news sources on Twitter. [The Hill]

9. On Wednesday, German, Chinese, Japanese and South African leaders gathered in Davos expressed support for the international oversight of data governance and usage. [NY Times]

10. New technology, old problems: a fitness tracker tied a mob hit man's murders to his marathon records; a facial recognition tool (called ChimpFace!) is being used to track smuggled chimpanzees on social media; a local industrial suburb is deploying a distributed encryption system to protect the keys to its streetlights, cementing its position as the Lantern Waste of California; and while recent examples (e.g., Covington Catholic) of the ability of decontextualized video to galvanize public discord don't add anything new to the deepfakes discourse, tracing the origins of the problem back to Gulliver's Travels and an 1845 Edgar Allen Poe short story is a nice touch. [Runner's World; BBC; StateScoop; Narnia wiki; The Hill]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at