Skip to content Skip to navigation

Friday Cyber News, June 16 2017

Cyber technology-related news and links from around the web, for the week of 6/10 - 6/16:

1. US Cyber Command is still struggling to combat ISIS online; previous exploits that were effective against Iran and North Korea attacked stably located physical infrastructure, which is not the basis of ISIS' internet strategy. [NY Times]

2. Breaches of US election systems prior to November were more serious than initially reported, encompassing not only (publicly available) data on registered voters' addresses, but also access to software used to verify vote tallies and voter rolls. At least 39 states were affected, some of which do not keep paper trails of electronically-recorded votes. Georgia and its upcoming special election are of particular concern; the state does not keep paper records of electronic votes, has been storing sensitive files including login details and manuals for vote-tallying in an unsecured database and, to add insult to injury, set up the site hosting that content using a version of Drupal with a known, years-old vulnerability. [Bloomberg; Politico]

3. New America's Kevin Bankston outlines three issues we should be arguing about instead of crypto backdoors: the vulnerability disclosure process; government hacking and the technological education of government hackers; and cross-border data transfers. [Lawfare]

4. This week in malware: an analysis of Crash Override, the malware that caused an outage in the Ukrainian electrical grid last year, indicates it could be used against other power utilities, and could cause overheating and destruction of physical power plant equipment. The latest Vault7 release describes CherryBlossom, firmware the CIA used to infect popular brands of home routers and monitor incoming and outgoing traffic, as well as potentially infecting connected devices. If you've got a phone whose messages you want to surveil and no CIA connection, that service is $500 on the dark web. [Wired; Ars Technica; Verge]

5. The UN sent aid to 10,000 Syrian refugees using cryptocurrency-based vouchers recorded on the Ethereum blockchain. [Coindesk]

6.​ Facebook outlined the way it uses AI to search for and remove terrorist content, under the operations of a team of 150 moderators dedicated to keeping the platform free of violence. They want feedback on how to do this better, as well as how to address other "hard questions" like how to identify fake news, and how to make social media good for democracy. One quick suggestion: not showing moderators' names, pictures, and profiles to users kicked off the platform for posting terroristic content, as Facebook did to 1,000 moderators last year. Facebook has also built an AI negotiation-bot that learned to feign interest in items it did not wish to obtain in order to get its actual quarry, which is probably nothing to worry about and not applicable to other concerns about manipulative AI lying to humans. [The Hill; Techcrunch; Guardian; Quartz]

7. In Congress this week, Representative Joe Kennedy proposed the creation of a Russian Threat Response Center under ODNI, to combat Russian cyber operations. Russia continues to target the US military online, though the ongoing probe into current and former White House officials' Russian interactions may stall the Threat Response Center. [The Hill; Politico]

8. Germany's internet (and physical) surveillance plans including forcing companies to include crypto backdoors in their software, allowing authorities to surreptitiously install software on phones that would relay text from encrypted messaging apps, and fingerprinting children. [BoingBoing]

9. A sociology of the smartphone: "...the most basic tasks we undertake in life now involve the participation of a fundamentally different set of actors than they did even ten years ago. Beyond the gargantuan enterprises that manufacture our devices, and the startups that develop most of the apps we use, we’ve invited technical standards bodies, national- and supranational-level regulators, and shadowy hackers into the innermost precincts of our lives. As a result, our ability to perform the everyday competently is now contingent on the widest range of obscure factors [...] from the properties of the electromagnetic spectrum and our moment-to-moment ability to connect to the network to the stability of the software we’re using and the current state of corporate alignments." [Longreads]

10. I'd like to predict now the inevitable future Black Hat presentation on hacking the Digital to Biological Converter--an internet-directed printer of DNA, RNA, viruses, bacteriophages, and more--to print a deadly airborne infectious agent. [Motherboard]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)