Skip to content Skip to navigation

Friday Cyber News, October 27 2017

Cyber technology-related news and links from around the web, for the week of 10/21 - 10/27:

1. Targets in Russia and Eastern Europe are being hit by ransomware that bears a strong resemblance to NotPetya and is now being called Bad Rabbit. The malware was found to be pretending to be a Flash upgrade. Meanwhile, a "vast" IoT botnet called IoTroop looms on the horizon, uses pieces of Mirai's source code but involving more functions. [Motherboard; WSJ; Cyberscoop]

2. The "Honest Ads Act", meant to curb Russian meddling in election advertising online, doesn't provide strong enough barriers to deter motivated (and particularly state-motivate) trolls. The Act's proposed database of all political ads would be unlikely to be useful to the average member of the public seeing a curated stream of ads on his Facebook page; clicking through a vast database of additional ads is unlikely to be interesting to a non-academic. Trolls are good at creating viral content, capable of setting up a "news agency" to take advantage of a media exception in the act, and able to send operatives to buy US SIM cards, set up US servers, and use Paypal to appear to be purchasing ads from within the US. What could work instead? "When the platforms are recognized as publishers, it should become impossible to broadcast content anonymously, without the author's true, verified identity being known at least to the platforms themselves; it should also be impossible to buy an ad in the U.S. without a U.S. bank account." [Bloomberg]

3. From WEP to WPA, warboating to sidejacking, the history of wifi hacking. [The Outline]

4. The more data we provide about our preferences and habits, the more likely companies are to draw from that data to better market to us products that represent ourselves, or our idealized consumerist selves. Is it that far-fetched, then, to predict that online dating will move toward a model where algorithms analyze our physical activity, frequently-visited places, communications styles, and even diets and spending habits, to recommend to us partners that fit our lifestyles? Problems with AI-suggest chat replies and emojis (e.g., from the article, suggesting the person-in-turban emoji after the gun emoji) indicate one problem: if these tools learn from human behavior and preferences, how can they separate pro-social from antisocial behavior? [Gizmodo]

5. A patch has been released to fix a cybersecurity vulnerability in pacemakers, but the patch itself may cause the devices to malfunction, entering a different pacing mode than the patient's customized rhythm. Is it worth updating, and who should make that decision--the patient, the doctor, or the device company? [WSJ]

6.​ The CEOs of Facebook, Google, and Twitter have been invited to explain their content moderation policies before the US House Committee on Energy and Commerce, including "how content moderation policies are made, enforced and monitored; how users are informed of these things; how “creators of fabricated content” are detected; and how users may appeal or otherwise affect these policies." A disappointing aspect of the need for this request is that these policies are not clearly explained to users by Facebook, Google, and Twitter themselves; it seems that this information should be readily available to everyone, rather than requiring compelled disclosure by Congress. Relatedly, YouTube's processes for filtering content that appears on YouTube Kids is being questioned for allowing strangely violent (and probably copyright-infringing) cartoon videos. [TechCrunch; Mashable]

7. The FBI has been unable to access data on more than 6,900 mobile devices in the past year, due to encryption. [Fifth Domain]

8. Vladimir Putin released five Presidential Orders last weekend related to blockchain and cryptocurrency, including requirements that miners register with the government and that token sales during ICOs be regulated in the same manner as securities during IPOs. [Motherboard]

9. After criticism of Russia's review of the source code of American companies' software products, McAfee will no longer allow any government--US or foreign--to review the source code of its products. [The Hill]  

10. Israeli police arrested a Palestinian man after Facebook mistranslated his "good morning" photo caption as "attack them". [Guardian]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at