Skip to content Skip to navigation

Friday Cyber News, March 10 2017

Cyber technology-related news and links from around the web, for the week of 3/4 - 3/10:

1. Wikileaks released documents from the CIA's Center for Cyber Intelligence, describing undisclosed vulnerabilities and programs with fancier codenames than the NSA's--such as Philosoraptor, Weeping Angel, and Umbrage--though the associated code for the exploits described was not released. Wikileaks says it will be providing the code to tech companies. In question is why, if the documents' dates indicating they were exfiltrated in February or March 2016 are correct, the CIA did not inform companies whose products would be affected by the described exploits falling into adversarial hands. However, data on zero-days shows that they have an average lifespan of 6.9 years, and only 5.7% are publicly discovered and disclosed by a second entity. [NY Times; Lawfare; RAND]

2. Proposed legislation in the US House of Representatives would allow companies under cyber attack to "hack back" in limited ways: they could do so to stop the attack, or to gather information about the attackers to turn over to authorities. Former NSA Director Keith Alexander cautioned against allowing companies to hack back against nation state attackers, and FBI head Jim Comey, speaking at a security conference this week, was also against the idea, saying it would impede the FBI's investigations. [NextGov; Motherboard]

3. China has begun tightening regulations on news sites, asking these portals to shut down sections on political commentary, the military, international relations, and Taiwan. A history of Chinese netizen behavior offers Weibo as the last bastion of dissenting discourse. Also cracking down on online activity is Germany, whose courts fined a parent €956 for not adequately preventing his 11-year-old son from illegally downloading an audio book. [Wall Street Journal; Lithub; Naked Security]

4. This week in blockchain, the Global Blockchain Business Council is opening a DC office and intends to hold educational events. The MIT Media Lab and Digital Currency Initiative predict how the use of blockchain will reimagine financial and legal services,  and the Cyber Initiative explores the security of private blockchains. [CyberScoop; HBRx2]

5. Twitter's approach to the problem Facebook also faces, of being rewarded for promoting viral content with little regard to its truthfulness or value, is to classify tweets as "salad" or "doughnuts" and attempt to give users a balanced diet in their newsfeed. Social network sharing can affect the type and strength of collective memories formed, increasing the importance of showing users accurate information. [Slate; Nature]

6. The US's cyber campaign to infiltrate and disrupt North Korea's missile program has failed to dampen Kim Jong-un's enthusiasm for ICBMs. In a country with only 28 websites, it's fair to assume that anything North Korean and online is a potential target for Cyber Command, but some are concerned that deploying a cyber attack against nuclear launch systems would cross a line, or provoke a reciprocal attack. [NY Times]

7. Researchers used game theory to demonstrate that attribution of cyber attacks can backfire in cases where the perpetrator has little to lose from being named, and the victim's credibility may be doubted. [Science]

8. This weekend we found out about Uber's Greyball program, used to detect government officials and regulators using the app, and deny them rides to avoid oversight. [NY Times]

9. Rather than reveal the code behind their Tor exploit, federal prosecutors chose to drop charges against a man they had accused of possessing child pornography. [Ars Technica]

10. Google's featured answers, it turns out, are easily gamed; this week searches for "who is the King of the United States" and "why are firetrucks red" demonstrated the lack of oversight over the process by which answers are highlighted. Meanwhile, the Dark Web has shrunk by 85%. [The Outline; Bleeping Computer]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)