Skip to content Skip to navigation

Friday Cyber News, May 19 2017

Cyber technology-related news and links from around the web, for the week of 5/13 - 5/19:

1. The WannaCry(pt) ransomware that swept Windows machines at the end of last week, including many NHS computers, was temporarily blocked by a quick-thinking researcher who registered a previously unregistered domain used as a sandbox-checking mechanism by the worm. Here's a video showing how WannaCry(pt) works. Some aspects of the WannaCry(pt) worm point to Pyongyang. The group responsible for the leaks of NSA tools that included a vulnerability on which WannaCry(pt) is based is offering a monthly subscription service for future leaks. [NYTimes; Malwaretech; YouTube; NYTimes; The Hill]

2. 21st-century propaganda is digital, questioning the assumption that democracies are immune to any threats posed by the free flow of information. In the latest episode of Raw Data, Cyber Initiative co-director Mike McFaul and LLNL scholar Jackie Kerr explain the motivations behind Russian election meddling, and what it means to hack the vote. [Quartz; Raw Data Podcast]

3. The Carnegie Endowment for International Peace launched the Cyber Norms Index this week, comparing how governments around the world view capacities, threats, and law on cybersecurity. Search by keywords, like "attribution" or "critical infrastructure", or compare the ways language is used to discuss threats (e.g., "information weapons", "criminal threat", "denial of access"). [Carnegie Endowment]

4. Spurred by the NSA-discovered vulnerability underlying WannaCry(pt), the US Senate introduced the Protecting our Ability to Counter Hacking (PATCH) act this week, which would establish a vulnerability equities review board to oversee government disclosure of vulnerabilities. The current vulnerability equities process is ad hoc and not required for all vulnerabilities discovered by government agencies. [Senate.gov]

5. Dutch and French regulators ruled that Facebook did not provide users with sufficient control over how their data is used, but only assessed a $164,000 fine, a rounding error for the company's $27B revenue. More significantly, the European Commission's antitrust division levied a $122M fine against Facebook for misrepresenting its technical capabilities vis a vis WhatsApp data and user identification during the WhatsApp acquisition. [NYTimes; Ars Technica]

6.​ Google hardware and software are cornering the elementary education market--from Chromebooks to student work in Google Docs, to Google Classroom for assignments--which means Google gets more data on young people who will grow up to become customers. Google's adherence to FERPA, in terms of what data it collects on students and how long the data are retained, has come under question as classrooms become beta-testers for Google's educational products. Related: Google, not the government, is building the (technological) future. [NYTimes x2]

7. Cyber Initiative researchers win Best Paper award for developing an online platform that aids in the creation of flash organizations, making it possible to complete complex, open-ended virtual projects. The platform mimics the structures of film crews and emergency response teams, making it easier and faster to hire online labor and collaborate on projects from web app development to making a physical card game. [Stanford News]

8. US and European business alliances are asking China to delay implementation of its recently passed cybersecurity law that would require businesses operating in China to store their data in the country and pass government security checks. [Reuters]

9. Aggregated mobility data, like cell tower check-ins, cannot be considered sufficiently anonymizing for 73%-91% of users. [Arxiv.org]

10. They can't catch a break: United accidentally posted its cockpit access codes on a public website. Disney was also in the news this week after hackers stole a copy of an unreleased movie and are demanding ransom in exchange for not releasing it. For thematic consistency, the stolen film is the new Pirates of the Caribbean. [TechCrunch; CyberScoop; Graham Cluley]

Special note: Work with the Cyber Initiative! The Stanford Cyber Initiative is seeking candidates for a full-time one-year fixed-term research position to produce original research and writing on policy-relevant issues that arise from the study of computer security, with a particular focus on either labor and the workforce, financial systems and risk, democracy, internet governance, or the tension between individual security and state security. Learn more and apply here: 
https://stanfordcareers.stanford.edu/job-search?jobId=74870

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)