Skip to content Skip to navigation

Friday Cyber News, July 13 2018

Cyber technology-related news and links from around the web, for the week of 7/7 - 7/13:

1. Twitter is cracking down on fake accounts, removing 70M+ users suspected to be fake or malicious. Reports of the platform's actions caused its share price to fall 5%, but the effort is well-intentioned and should improve the reliability of Twitter data for researchers and media professionals. Facebook, on the other hand, wants to have the best of both worlds--not removing accounts that purposely spread conspiracy theories and incite harassment, but tweaking its algorithm so that their posts and accounts are harder to find for the average user. The thing is, Reddit has already demonstrated that banning and removing harassing accounts and groups works; they initially tried a Facebook-style approach of letting pockets of hatred fester while not promoting them as default subreddits, but removing them was more effective at curbing harassment that inevitably migrated outward, or planned invasions of default subreddits. And where fake accounts can be identified, removing them is far better than letting them carry out their multi-year plans to, in the case of Russia's Internet Research Agency, impersonate local American newspapers to build false credibility. To its credit, Facebook will be providing researchers with a petabyte of anonymized user data, to help them study the effects and spread of misinformation. [The Hill; Washington Post; Fast Company; Techcrunch; NPR; Bloomberg]

2. Released today: the US indictment of 12 GRU officers for hacking US officials, state systems, and committees associated with the 2016 election. The conspirators set up their own bitcoin mining network to partially fund their operations, and used XTunnel malware to exfiltrate large amounts of data through encrypted traffic. Facebook apologized this week for "accidentally" tagging 65,000 Russian users as "interested in treason," which may imply this indictment is off by a factor of five and a half thousand. [Justice.gov; Gizmodo] 

3. China's surveillance technologies are less widespread, less interconnected, less rapid, and less accurate than they're promoted to be. The desired effect of societal conformity, though, doesn't require the threatened shame of being recognized (and, for example, displayed on a billboard of jaywalkers) to be delivered consistently. [NY Times]

4. In response to the Spectre and Meltdown vulnerabilities, Chrome has debuted a new feature, Site Isolation, that protects memory access, and Senators are investigating why the vulnerability disclosure process left the Department of Homeland Security out of the loop. [Cyberscoop x2] 

5. As IBM is refining its estimate of the costs of large breaches to US companies, Cyber Initiative fellow Andrew Grotto wants laws establishing public breach disclosure and data reporting requirements. [IBM; Lawfare]

6.​ A Missouri hospital hit with a ransomware attack has shut down its electronic health record system and is diverting trauma and stroke patients away from its ER, leading to delays in treatment. [Becker's Hospital Review]

7. Retention challenges mean that Cyber Command's security operators find it difficult to be promoted or to access external training resources, while being continually confronted with the work of private sector security engineers paid much higher wages. [War on the Rocks]

8. Timehop, an application that helps Facebook users rediscover old posts, was hacked on July 4th, leaking 21 million users' email addresses and phone numbers, and some access tokens that would allow the hackers to log in to Facebook accounts. [The Hill] 

9. Apple's quick fix to prevent phones in China from displaying the Taiwanese flag was crashing some phones anytime the flag emoji was cued to display in any app. While fixable, the bug highlights the "hidden censorship code" in devices whose manufacturers have chosen to abide by individual countries' territorial peccadilloes. [Wired] 

10. Want to bet on events not covered by the fiat futures market? (This newsletter is rooting for Croatia on Sunday). Augur, a prediction platform that runs on Ethereum's network, launched this week. [Augur]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)