Skip to content Skip to navigation

Friday Cyber News, July 6 2018

Cyber technology-related news and links from around the web, for the week of 6/30 - 7/6:

1. This week in Facebook: The FBI, the SEC, the FTC, and the Justice Department have broadened their investigations into Facebook's data sharing with Cambridge Analytica and Facebook's claims that it was misled by the consultancy. Facebook's role in disseminating hate speech and disinformation in Myanmar, leading to protests and to riots targeting Muslim and Rohingya groups, are also still under investigation. Facebook is still contradicting itself in public and in court statements regarding whether its role in distributing media is that of a platform, which is less responsible for the content of that media, or that of a publisher, which makes first amendment-protected editorial decisions but is not expected to be completely neutral. And, right in time for the 4th of July, Facebook apologized for flagging parts of the Declaration of Independence as hate speech, a headline that seems real but which I still suspect might have been generated by a Russian-backed Outrage Synecdoche bot. Or King George III. [NY Times; Wired; Guardian; The Hill]

2. Israeli cybersecurity company NSO group was the victim of an insider threat when a former employee downloaded proprietary malware developed by the company and attempted to sell it on the dark web. [Cyberscoop]

3. Iranian APT Charming Kitten has set up a fake website for the cybersecurity group that exposed it, attempting to phish visitors interesting in reading more about its activities. "Charming Kitten is one of Iran's many cyber-espionage groups, which also include Rocket Kitten (which many security firms consider to be Charming Kitten 2.0), CopyKitten, OilRig, and Magic Hound." Iran has also restricted local activity on bitcoin exchanges in response to 127% inflation and sanctions affecting its fiat currency. [Bleeping Computer; ZYcrypto]

4. ZTE is agreeing to measures including a fine, new leadership, and a US monitoring team, in an effort to have a ban on US sales removed. China is also targeting Taiwanese company Micron in an intellectual property theft campaign that aims to increase domestic production of smartphone and computer chips. [CNN; WSJ]

5. The pleasures of in-home convenience encourage users to downplay the associated problems of personal privacy and surveillance related to IoT devices, establishing a contradiction between 'soft' and 'hard' security problems. [JStor]

6.​ Cyber Command and the US Air Force are requesting development proposals for a Unified Platform cyber weapons system, described as the cyber version of an aircraft carrier. Parsing that phrase is a full-fledged thought experiment of its own, and should be included in any responses to the Air Force's request. [Fifth Domain]

7. A new analysis of the effects of automation on industry show that rather than leading to unemployment, increased automation is more likely to lead to stagnant wages and deindustrialization, and that the poorer a country is, the more of its jobs are automatable. [Center for Global Development]

8. Although I might have chosen a different verb than the Today Show did to describe "teens being groomed as the future of cybersecurity" ("trained"? "Educated"?), the Cyber Patriot competition is a useful and seemingly fun way to encourage students to learn security in tandem with computer science. The Cyber Initiative supports Stanford's student cybersecurity competition team at challenges like the National Collegiate Penetration Testing Competition, which they won last year. [Today; Stanford Engineering]

9. Thermanator is a new password-security attack demonstrating that users who can be convinced to type their passwords and then leave the keyboard, after which the keyboard is thermally imaged, leave enough body heat residue on the keys they have touched to reveal the relevant characters of their password. [Arxiv, UC Irvine]

10. New York City's free wifi booths were hacked to play an ice-cream truck jingle during a recent heatwave. What would you DDoS for a Klondike bar? [Motherboard]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at