Skip to content Skip to navigation

Friday Cyber News, May 12 2017

Cyber technology-related news and links from around the web, for the week of 5/6 - 5/12:

1. James Comey, a frequent promoter of the idea that encryption is leading to law enforcement losing access to communications and "going dark", was fired from his position as Director of the FBI, over concerns that his treatment of the Clinton email investigation--which, as a reminder, included opening an investigation, closing the investigation and testifying no wrongdoing was found, then publicly reopening the investigation days before the election, only to conclude again, after the election, that no wrongdoing was found--was irresponsible and meddlesome. Comey, who had recently testified before Congress that he wouldn't have done anything differently, was leading the FBI's investigation of the president's ties to Russia. In testimony before the Senate this week, the Directors of National Intelligence and the CIA both noted the strength of the evidence that high-level Russian officials orchestrated online influence operations during the 2016 election cycle, and called Russian cyberthreats the foremost security threat facing the US. Senator King of Maine has wisely requested $160M from Senate Appropriations for auditable voting machines, as 2018 approaches. [The Hill; NY Times; The Hill]

2. Perhaps eager to provide a distraction to those closely following the Comey fall-out, the White House brought that long-awaited cybersecurity executive order out of the drawer, and it has now been signed. The order calls for many reviews, studies, and plans, including audits of critical infrastructure and risk management, and a plan to bolster the cyber workforce. The order also calls for a 90-day review of all cyber systems and capabilities, which some say is not enough time to fully catalog the range of outdated systems running federal agencies. [The Hill; ZDnet]

3. Admiral Rogers outlines his best- and worst-case cyber scenarios. The worst-case includes critical infrastructure destruction, data manipulation in situ, and non-state actors using cyber tools as weapons. How about all three? A non-state actor could hack into industrial robot control systems and change their calibration data so that they assemble aircraft fuselages ever-so-slightly off-center, which, as Trend Micro notes, could be catastrophic. Also, in response to a question about the non-terrestrial limits of critical infrastructure, "it could be space." The best case involves continuing to improve our capabilities, though those capabilities can lead to debate, as when Cyber Command and the CIA, FBI, and State Department disagreed over whether to warn countries of an operation to take down ISIS websites that could have affected computers within their borders. [Washington Post; Recode; Washington Post]

4. Facebook promises to crack down on "low-quality" links, those that lead to pages with a lot of ads and little "substance". China, a leader in social media censorship, invites Facebook to come learn from them, and suggests that many more content reviewers than currently planned would be required to meet China's standards for streaming video. Remember, use of Facebook is negatively correlated with happiness, as a number of studies have found. [The Hill; WSJ; NYTimes; Oxford University Press]

5. This week in hacks: 130M credentials from India's Aadhaar identity system leaked online, including biometric information, leading to concerns about the security and usability of the system. HP laptops were discovered to include a keylogger as part of an audio driver, which writes a log of all keystrokes to a publicly readable file on the C drive. A new IoT botnet targeting 120,000 vulnerable internet-connected cameras was discovered, and this one was named Persirai. Hospitals across England's NHS healthcare system were subjected to ransomware attacks, locking staff out of patient records and administrative files and causing a major slowdown in operations. [Hack Read; Ars Technica; Trend Micro; The Guardian]

6.​ DHS is considering a ban on laptops in the cabins of all flights originating from Europe. No such ban has been announced, though European security officials had expected an announcement as soon as Thursday, perhaps due to the backlash accompanying reports of the possibility of the ban. [Daily Beast]

7. Andrew McAfee predicts a robot-human war resulting from increasing automation, and calls for an educational system that focuses on making humans even better at skills that robots can't complete. But perhaps robots aren't (yet) taking enough jobs? Growth in productivity is slow, even as job creation continues robustly. Less-automated sectors like education, health care, social assistance, leisure and hospitality are identified by article author Greg Ip as "low-productivity sectors" that could use more automation. [Chronicle of Higher Ed; WSJ]

8. Companies from Scandinavian gas stations to Staples are using AI to provide dynamic pricing, changing prices hourly or continuously in response to consumer demand and the actions of competitors. Regulators worry this drives prices up and leads to algorithmic collusion. The algorithms use goal-directed reinforcement learning to predict the consequences of price changes from previous consumer behavior, and can also predict customer demand cycles throughout the day or in response to competitors' price changes. Meanwhile, that one Chevron in Menlo Park has given up on AI and uses a simpler algorithm of just charging 70 cents more per gallon than any other nearby gas station. 

9. Speculative: If the price of Bitcoin, which has reached a new high of $1780, continues to climb, bankrupt exchange Mt. Gox might become solvent again, allowing it to reimburse former customers whose coins were stolen. A Japanese exchange is launching Bitcoin accounts that would pay interest, an offering that would be exempt from banking regulations in Japan. [CNBC; Reddit; Nikkei]

10. Scam or fake-news farm? Craigslist ads offering to pay $300-$400 to "rent" your Facebook or Twitter account are popping up, under the guise of a marketing scheme. [Craigslist]

Special note: Work with the Cyber Initiative! The Stanford Cyber Initiative is seeking candidates for a full-time one-year fixed-term research position to produce original research and writing on policy-relevant issues that arise from the study of computer security, with a particular focus on either labor and the workforce, financial systems and risk, democracy, internet governance, or the tension between individual security and state security. Learn more and apply here: 
https://stanfordcareers.stanford.edu/job-search?jobId=74870

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)