Skip to content Skip to navigation

Friday Cyber News, September 14 2018

Cyber technology-related news and links from around the web, for the week of 9/8 - 9/14:

1. The European Court of Human Rights ruled this week that GCHQ's bulk intelligence collection methods violated UK citizens' privacy and failed to employ safeguards (such as a warrant requirement, or independent oversight) that would have brought the surveillance activities into legally permissible territory. Edward Snowden tweeted in support of the ruling. [Guardian]

2. An executive order signed this week establishes a 45-day window for investigations into election interference, and an array of subsequent potential sanctions, should the investigation bear fruit. Critics of the EO, including the sponsors of the more strongly worded DETER Act, are concerned that making any type of sanction an optional response means successful election interference will easily go unpunished. [Whitehouse.gov]

3. AT&T, Sprint, T-Mobile, and Verizon, realizing that they are the weak links in many phishing scams and SIM swapping attacks, are working on a project to more securely authenticate mobile phone users through a combination of device characteristics, customer reputation data, and location. [Krebs]

4. Two years before the 2017 Equifax hack, the credit-rating company worried it was the target of Chinese espionage--perhaps in support of the China-based Sesame Credit, which launched soon thereafter--and began building a program to monitor the network activity of its ethnically Chinese employees. This questionably legal project was soon scuppered by Equifax's in-house counsel. [WSJ]

5. The removal of PPD-20 (which had established review processes for cyber weapon use) seems as though it clears the way for easier and faster military deployment of cyber weapons, but cyber weapons have a long development lead time and are individually limited in the scale of damage they can cause, so it's unlikely that greater ease of use of cyber weapons will spur escalation to kinetic conflict, argue Erica Borghard and Shawn Lonergan. However, removing intelligence community oversight of cyber weapon use may result in the prioritization of military aims over intelligence ones. [Council on Foreign Relations]

6.​ Facebook is better prepared to fight election interference now, Zuckerberg claims, citing their development of better automated detection algorithms for fake accounts, the hiring of an additional 10,000 employees to identify and remove suspicious activity, and the requirement that purchasers of US political ads be US citizens. Facebook also debuted an AI model that can identify offensive memes (and automatically extract and analyze text from images, and soon video), and the adversarial examples generated to test this model are going to be great. [NY Times; FB]

7. A Russian hacker extradited from France pleaded guilty in the US this week to operating the Kelihos botnet, which stole login credentials and sent spam emails to thousands. [The Hill]

8. A bipartisan group of members of the House Intelligence Committee have requested that DNI Dan Coats initiate an investigation into "deepfakes", manipulated audio and video files that have escaped from their origins on Reddit to represent a class of well-produced and believable fake media. [The Hill] 

9. Electronic surveillance, infiltration of chat networks, and the use of undercover informants to talk with would-be jihadis online have been crucial to the arrests of individuals planning attacks on behalf of ISIS, particularly in Europe. [NY Times]

10. You might say that all cyber threat information sharing hubs operate on faith, but now there's one that does explicitly: the Faith-Based Information Sharing and Analysis Organization is a group for religious organizations to share threats to donor data and religious websites. [Cyberscoop]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)