Skip to content Skip to navigation

Friday Cyber News, June 22 2018

Cyber technology-related news and links from around the web, for the week of 6/16 - 6/22:

1. The Supreme Court released its decision in Carpenter v United States today, and found that the police need a warrant to obtain cell phone location data, citing 4th Amendment protections. [Supremecourt.gov; CNet] 

2. US-based satellite companies have been attacked by a Chinese-linked hacking group called Thrip, which since late 2017 has become more aggressive in its efforts to penetrate the companies' networks. [Cyberscoop]

3. Germany has publicly blamed the Russian government for a year-long cyberattack against its domestic energy providers. The group carrying out the attack has been added to the Russian bear hackers menagerie as the fanciful Berserk Bear. [Intel News]

4. China plans to increase its technological surveillance measures with the introduction of facial recognition and palm scanners in the subway and RFID chips in car windshields. [CSO]

5. The Senate passed its version of the National Defense Authorization Act, which now faces reconciliation with Congress' version; interestingly, the Senate version contains language calling for a demonstration of US offensive cyber capabilities. This is a timely suggestion, as security journalist David Sanger notes that other countries aren't afraid of our cyber capabilities, and they are acting as a poor deterrent, partially due to several leaks of US-written cyber tools. [Lawfare; NY Times]

6.​ This week in cryptocurrencies: SEC Director of Corporate Finance William Hinman declares that ether and bitcoin are not securities. South Korean exchange Bithumb was hacked, and $30M of various cryptocurrencies were stolen. Tether released a report prepared by its law firm declaring that the cryptocurrency is fully dollar-backed as of June 1st; critics have raised questions about the limited scope of the report. The Federal Reserve Bank of St. Louis added four cryptocurrencies to its FRED (Federal Reserve Economic Data) tracking database. US Congresspeople are now required to disclose cryptocurrency holdings worth more than $1,000. [Yahoo; CCN; Coindesk; Bitcoin News; Bloomberg]

7. Two people have pled guilty in Virginia to identity theft and fraud conducted using information from the OPM breach. The two perpetrators are not suspected of being involved in the hack, but rather suspected to have purchased the data from an online reseller. [Washington Post]

8. Adding a new layer to deepfake capabilities, Facebook has a GAN-powered tool that fills in realistic open eyes in images of people with their eyes closed. [Techcrunch]

9. The MD Anderson cancer center was charged $4.3M in fines for not encrypting thumb drives carrying patient data used for research. [Politico]

10. Employee activism as a means to enforce ethical behavior in tech companies is catching on; Amazon employees have organized to protest the sale of Rekognition facial-analysis technology to police departments, following protests at Microsoft over its contracts with ICE and at Google over its contract with the Pentagon. [Gizmodo]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)