Skip to content Skip to navigation

Friday Cyber News, March 2 2018

Cyber technology-related news and links from around the web, for the week of 2/24 - 3/2:

1. Admiral Rogers, prior to his retirement, testified before Congress that he has not been granted specific authority to counteract Russian cyber attacks against US elections, and that the steps taken thus far, including sanctions and indictments of individual Russian hackers, have not had an effect. Presumably the counteractions Rogers is referring to are cyber-weapon-based (and not, for example, closer partnerships with Facebook, or diplomatic outreach), and if so, hesitation to go further may be based on a strong estimation of Russia's inclination to respond in kind. Russian hackers are also turning their attention to German governmental networks, opening up the possibility for a coordinated response. [The Hill; Bloomberg; DW]

2. At least they're doing something: the DoD and the State Department have partnered on a $40M series of projects designed to counter foreign misinformation campaigns in the US, including "grants to civil society groups, media content providers, nongovernmental organizations, federally funded research and development centers, private companies and academic institutions that work to combat foreign-based disinformation campaigns." [Federal Times]

3. Apple announced this week that the encryption keys for Chinese users' iCloud accounts will be stored in China, as the iCloud content is also moved to in-country servers. This announcement drew strong criticism from privacy advocates, who argue that this effectively provides the Chinese government with full access to iCloud data. China's recent actions aren't reassuring; after removing constitutional presidential term limits this weekend, in what many speculate is the first step in setting up Xi Jinping as ruler for life, many terms were censored on Weibo, including "shameless", "emigrate", and even the letter N. [WSJ; Guardian]

4. Search engines exhibit bias around terms related to identity, and for a sophisticated company, their solutions to these problems are often surprisingly heavy-handed and one-dimensional, as when they "fixed" Google Photos' problem with misidentifying dark-skinned faces as gorillas by removing the ability to identify gorillas in any photo--even photos of gorillas--and this week, when they "fixed" the problem of guns being advertised on Google Shopping by banning the search term "guns"--even in Guns N Roses. Google received clarification from the EU this week on its guidelines for the removal of terrorist content flagged by European authorities, and the content is expected to be removed within one hour, a tight deadline that may lead to further indelicate curtailments of functionality. Adding pressure from the private sector, IBM's Vice President of government affairs published an article in favor of two pieces of legislation making their way through Congress: the Honest Ads Act, which would require more scrutiny of political ads on platforms like Google and Facebook, and legislation aimed to combat human trafficking that would remove some of the legal protection for hosted content under which Facebook and Google operate. [Technology Review; Wired; SFGate; WSJ; The Hill] 

5. This week in cryptocurrency news: China, via the People's Daily newspaper, reiterates its pro-blockchain stance. This newsletter previously criticized a proposal for New York City to offer its own cryptocurrency, instead recommending municipal bonds, and now it turns out Berkeley is planning an ICO along much the same lines, by selling pieces of municipal bonds as tokens. Bill Gates came out against cryptocurrencies this week, citing their use in illegal drug purchases, and contrary to previous reporting, 50 Cent now denies owning any bitcoin. The CFTC now allows its employees to invest in cryptocurrencies, just not the bitcoin futures that the CFTC directly regulates. [Technode; Coindesk; Ars Technica; Techcrunch; Bloomberg]

6.​ Cellebrite can now unlock any iPhone, though their ability to further decrypt the data stored on those devices is in question. [Ars Technica]

7. Github survived the largest recorded DDoS attack on Wednesday, with 1.35 terabits of traffic per second directed at the site, primarily driven through exposed memcached servers. [Wired] 

8. When the CEO of Trustico, a certificate reseller, wanted DigiCert to revoke its customers' Symantec TLS certificates so that the customers would be forced to switch to a different certificate authority, he attached all 23,000 private keys to an email to demonstrate that they had been compromised. Which then they had! But storing private keys at all, and particularly emailing them at-will to a third party, has brought scrutiny to Trustico's security practices. [Ars Technica]

9. Democrats in the US House and Senate introduced legislation to overturn the FCC's repeal of net neutrality rules. [The Hill]

10. Apple confirms that iCloud is actually Google Cloud. [CNBC]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)