Skip to content Skip to navigation

Friday Cyber News, March 1 2019

Cyber technology-related news and links from around the web, for the week of 2/23 - 3/1:

1. Proactive cyber defense with the goal of deterrence was touted by NSA cybersecurity advisor Rob Joyce this week as a way for Cyber Command to indicate its opposition to Russian election interference, and during the 2018 US midterm elections a new report indicates the US did just that, blocking the internet access of the Russian Internet Research Agency on the day of, and shortly after, the election, and was able to monitor real-time internal IRA communications in response to the attack. [Cyberscoop; Vox; Thomas Rid]

2. Encryption laws passed in Australia and the UK still threaten to compel companies to create backdoors into their secured products, a situation the companies are banding together to warn about and lobby against, before another high-profile case like Apple's San Bernardino court fight occurs. [WSJ]

3. Two vulnerabilities in 4G and 5G cell network standards allow attackers to track cell phone locations and brute-force IMSI numbers, which allows stingrays to track devices and potentially intercept calls. [Techcrunch]

4. In Facebook news this week (for more, see #7 below), opting out of different forms of tracking doesn't effectively remove the data correlations used to serve location- and activity-based ads; Facebook, Telegram, and Signal are all planning to launch their own digital payment tokens for facilitating cross-border value transfer, with greater and lesser degrees of centralization; Facebook filed a patent for a political comment forum that would allow users to make suggestions to policy winding its way through the legislative process; and New York's Department of Financial Services is requesting documentation from Facebook about what types of medically-adjacent data, including body weight and menstrual tracking, were shared between app developers and FB. [WSJ; NYTimes; The Verge; WSJ] 

5. TikTok agreed to a $5.7M settlement with the FTC over violating COPPA in the way it collected minors' personal data on its app. [Axios]

6. Are we too calm about the potential for a cyber attack against the US electric grid? "According to the Worldwide Threat Assessment of the U.S. Intelligence Community, China is able to launch cyber attacks that cause localized, temporary disruptive effects on critical U.S. infrastructure for days to weeks; Russia is able to execute cyber attacks on electrical distribution networks, and “Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage”; Iran is trying to develop cyber capabilities that enable cyberattacks against the critical infrastructure of the U.S. and our allies; and North Korea has the ability to use cyber attacks to steal from financial institutions, including a successful heist of some $81 million from a New York Federal Reserve account." [The Hill]

7. Moderators working for Facebook are under strict scrutiny while on the job, not allowed any paper or writing implements (to protect Facebook users' personal data), and sometimes grow to believe, through persistent exposure, the very conspiracy theories flagged for their evaluation. "There are a lot of things Facebook could do [to fix their content problem]. They could require some form of real-world identification to sign up and permanently ban repeat or severe offenders. They could decentralize moderation and allow users to choose their own guardians and find an equilibrium after a free-for-all in which communities war over reasonable standards. Facebook could charge $5 per account and wipe out half the [problem] they’ve brought into the world, from Macedonian troll farms to boys taking a gap year before college to see if they can start racial holy war. But doing any of the above means removing a significant population of accounts—real or otherwise—that make the clicks go, and any such action is actively hostile both to the business model of ever expanding activity and exploitable humanity and to the greater aspiration of trapping more of the world safely within the gates." [The Verge; The End of the Peninsula]

8. On Thursday, Senator Masto of Nevada introduced a data privacy bill that would "prohibit companies from using data collected on users to discriminate based on race, religion, political affiliation or gender" through enhanced FTC enforcement powers. [The Hill]

9. Unplug that external hard drive: new research shows that vulnerabilities in Thunderbolt ports allow peripherals to take complete control of the computer into whose port they plug. [University of Cambridge]

10. Recent advances in the density of magnetic tape storage are making the old technology newly relevant for secure (offline) storage. [Quartz]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)