Skip to content Skip to navigation

Friday Cyber News, October 28 2016

Cyber technology-related news and links from around the web, for the week of 10/22 - 10/28:

1. Last Friday's internet outage was a coordinated attack against Dyn, one of the companies that runs the internet's DNS. The attack used Internet of Things devices with insecurities that allow them to be coordinated into a botnet. The botnet known as Mirai, in the news earlier for an attack on security journalist Brian Krebs, was part of the DDoS traffic, though not all of it. Mirai is composed of devices like cameras and DVRs that have hard-coded credentials; many of these devices have been recalled, but consumer enthusiasm for taking down--or even patching--that camera on the roof is expected to be low (if you have a camera or other IoT device that you're worried about, one thing you can do is check whether it's public on Shodan). NIST and the NTIA are setting up working groups to try and plug the holes in IoT security and regulations. Always late to the party, 102 California DMV offices experienced an internet outage on Tuesday.  [Stanford News; Wired; Network World; Bullguard; CyberScoop; KTLA]

2. When I was their age, we coded uphill in Basic, both ways: 15 under 15 herald the new generation of cyber experts. [CSM Passcode]

3. Cyber insurance policies are full of "trap doors", warn insurance attorneys, as policy terminology and the scope of coverage can vary widely across policies from different insurers, leaving customers unsure of what they can expect to be covered after a cyber attack. [Cyber Scoop]

4. As artificial intelligence evolves the capabilities to learn and mimic your unique texting and speaking styles, the potential for criminal impersonation increases. Sure, we'd like Gmail to be able to predictively respond to our emails for us, but when you can't be sure that your friend actually wrote--or even authorized the composition of--their response to your email, will you trust anything it says? [NY Times; Fortune]

5. Remember the OPM hack? Wired has a detailed look back at how it unfolded. The infiltration was accomplished through variants of PlugX malware, preferred by Chinese hackers, and a team of OPM engineers worked with Cylance to identify all the variants of the malware everywhere they sat on the network, so that every access point the hackers were using could be shut off simultaneously, during a fortuitously-timed power outage. [Wired]

6. Visa's permissioned blockchain platform, Chain, goes open source; invites "that's off the chain" puns. Private blockchains are growing in popularity amid recent research indicating that the Bitcoin system is unstable without the block mining reward, which is inexorably decreasing. [Fortune; Freedom to Tinker]

7. Chinese hackers targeted foreign government personnel who visited a US aircraft carrier. [Financial Times]

8. Recently released information about law enforcement requests to DC and Northern Virginia courts to conduct electronic surveillance reveals that the number of requests has increased by almost 500% since 2011, and the vast majority remain sealed. [Washington Post]

9. AT&T's Project Hemisphere mined its own databases to suggest potential leads to the DOJ in cases ranging from Medicare fraud to murder. Companies are not required to proactively help investigate cases in this manner, and AT&T's newly-revealed documents on the program suggest that it attempted to keep its involvement secret. [Daily Beast]

10. Don't Skype and type: acoustic emanations from keyboards captured by VoIP can be used to reconstruct what was typed. [Arxiv]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)