Skip to content Skip to navigation

Friday Cyber News, November 2 2018

Cyber technology-related news and links from around the web, for the week of 10/27 - 11/2:

1. Saturday's shooting at the Tree of Life synagogue in Pittsburgh has prompted hosting companies, including GoDaddy, and payment processing companies, including Paypal, to remove service from the social media site Gab, which hosted comments by the shooter and other controversial speech, including calls for violence. [The Hill]

2. Election interference in the form of a misinformation campaign led by dozens of Iranian-linked Facebook and Instagram accounts has led to the removal of 82 pages, groups, and accounts. The accounts posted mostly left-wing messages, interspersed with criticism of Saudi Arabia and Israel. For its part, Israel has drawn a tentative link between the recent malware campaign against strategic Iranian networks, the bugging of Iranian President Rouhani's phone, and the legacy of Stuxnet. [WSJ; Times of Israel] 

3. Even in the absence of the ACDC act, "active defense through litigation" provides additional measures that companies can take to attribute cyber attacks, gather perpetrators' data, and shut down botnets through ex parte orders for the seizure of equipment. Writs of replevin also provide the opportunity to recover stolen or wrongfully withheld electronic data. [Inside Privacy]

4. Yanjun Xu was not the only Chinese intelligence officer hacking US aviation companies; this week the Justice department unsealed indictments of nine more, for hacking in the service of corporate espionage. [The Hill]

5. Of 113 investigations into cyber attacks in Q3 of this year, a new report from Carbon Black finds that 47 involved China or Russia (or both). The top 5 industries targeted were finance, healthcare, retail, manufacturing, and professional services. [Carbon Black]

6.​ Under its new contracts with phone manufacturers, Google is mandating that devices be provided with two years of Android security updates. [The Verge]

7. Sneaky requests by reporters posing as all 100 US Senators to include "paid for by" disclosures on Facebook ads were approved, indicating that the platform's ad transparency measures are still too easily circumvented. "Paid for by Mark Zuckerberg" requests were denied, however. Organizations are also able to register their Facebook ads as "paid for" by made-up organizations, as the American Fuel & Petrochemical Manufacturers have done recently on ads supporting the rollback of fuel emissions standards. [Vice News; ProPublica]

8. Ohio's Franklin County is planning to move all of its home deeds to a blockchain within the next two years, in an effort to speed closing times for homebuyers and reduce escrow costs. [Bloomberg]

9. One Florida court of appeals has added to the 5th amendment debate over the compelled disclosure of passcodes by subjects in custody: rather than demonstrating only that the subject knows the passcode, law enforcement in Florida now need to show proof that information necessary to the prosecution of the case is on the locked device. [Sophos]

10. North Korean hackers are undeterred by public attribution of their attacks, the FBI advised this week. [Cyberscoop]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)