The Stroz Friedberg Cyber Brief

email : Webview : Cyber Brief: Nuclear Facilities Worldwide Lack Cyber Safeguards
The Cyber Brief
Today's Top Story
Twenty countries with nuclear weapon materials or nuclear power plants do not have any government regulations requiring basic cybersecurity measures for those facilities, according to a report from the Nuclear Threat Initiative. This is the first study from the Washington, DC-based nonproliferation group, which focuses primarily on the physical security of nuclear and biological weapons sites, to take cyber into account. Low-scoring countries included Iran, China, North Korea, Italy, Mexico, and many others.

The report is based on open sources and does not factor in classified measures that may be in place. Moreover, some analysts point out that a lack of regulations does not necessarily mean facilities are not taking steps to protect themselves from hackers. At the same time, others note that having cybersecurity safeguards in place does not necessarily mean the facilities are not vulnerable. (NYT, WashPost, Economist, Lawfare)
Bitcoin: Prominent Bitcoin developer Mike Hearn said the crypto-currency was destined to fail because of poor governance and technical problems, and he says he has sold all of his coins. (Medium)

Internet Routers: A study commissioned by the Wall Street Journal found that many popular routers are vulnerable to hackers, and faulted manufacturers for cutting corners on security and failing to keep customers informed of software updates. (WSJ)

LastPass: A security researcher released a tool that can steal the login details and two-factor authentication key for the popular password manager. The attack relies on a victim visiting a malicious website or one that has been compromised with a malicious ad or code. (Guardian)

DNI: A hacker who goes by the nickname “Cracka” said that he had broken into a series of accounts linked to Director of National Intelligence James Clapper. The FBI is investigating. The individual is reportedly part of the group that hacked into CIA Director John Brennan’s email account last October. (Motherboard)
Twitter: The family of a U.S. defense contractor killed in Jordan in a terrorist attack last year has sued Twitter alleging the company knowingly allowed terrorist groups like ISIS to spread extremist propaganda. (Mercury News)

Silk Road: Attorneys for Ross Ulbricht filed papers calling for an appeals court to throw out his conviction on seven charges, including conspiracies to traffic in narcotics, money laundering, and computer hacking. Analysts say the most powerful argument in the appeal is the claim that the court wrongly suppressed information about federal agents investigating the Silk Road who used their positions to steal bitcoins and even attempted to extort money from Ulbricht. (Wired)
Federal Workforce: The Congressional Research Service released a report examining the challenges faced by the Departments of Defense and Homeland Security in hiring and retaining cybersecurity professionals. (CRS)

FBI: The Bureau is looking for a new chief information officer and will accept applications through January 22. Jerome Pender, who was appointed FBI CIO in 2012, left in September 2015. (NextGov)
ISIS: The killing of two ISIS hackers, Junaid Hussain and Siful Haque Sujan, is raising new questions about how the Pentagon is targeting the terrorist group's tech-savvy members. Some analysts say that having hacking skills alone should not be a justification for a targeted strike, but it could bump an individual up the so-called kill list. (The Hill)

NSA: In a new transparency report, the National Security Agency says it is adequately protecting Americans’ civil liberties and privacy as it shifts to a new intelligence collection program. The agency is under greater scrutiny following significant changes to its surveillance mandate under the USA Freedom Act, which became effective last November. (The Hill)
Self-Driving Cars: The Obama administration is proposing $4 billion, to be spent over the next decade, to finance research projects and infrastructure improvements tied to driverless cars. A major challenge for auto engineers in the near term is figuring out how and when to handoff control of vehicles to human operators. (NYT)

Apple: CEO Tim Cook reportedly lashed out at Obama administration officials who came calling on tech leaders in San Jose last week, criticizing them for a lack of leadership on encryption policy. Cook has been outspoken in his opposition to the idea that privacy and digital security need to be sacrificed for the sake of public safety. (The Intercept)
EU: Europe’s top rights court ruled that companies can monitor workers’ online communications. The case revolved around a Romanian engineer who was fired in 2007 after his company discovered he was using Yahoo Messenger to chat with his fiancee and brother. (Guardian)
Must Reads
RIP Bitcoin: “It’s time to admit that the current Bitcoin needs to be scrapped and to take advantage of the innovations behind the technology that underlies Bitcoin, the blockchain. The blockchain is a transparent ledger of transactions—concurrently hosted on numerous computers around the world—allowing the creation of digital currencies and virtual banks. Implemented correctly, it will, I believe, prove to be a better transactional and verification model that we presently use for the global financial system and for many other types of activities such as voting, public registries, provenance of works of art, and real-estate transfers,” writes Vivek Wadhwa in the Washington Post.

Silk Road’s Dream Is Dead: “The Silk Road’s purported ideology of enabling only victimless crime has vanished. Fears of law enforcement surveillance, and suspected vulnerabilities in tools like Tor meant to protect the anonymity of site administrators have eroded the incentive to create a longterm trusted business. The result has been that the libertarian free-trade zone that the Silk Road once stood for has devolved into a more fragmented, less ethical, and far less trusted collection of scam-ridden black market bazaars,” writes Andy Greenberg in Wired.

Scamming Online Daters: “Whether they’re looking for sexcapades or long walks on the beach, the desire for companionship and connection makes people vulnerable to a most 21st-century crime: the online romance scam, which bilked victims of all ages and orientations out of more than $200 million last year, according to the FBI,” writes Kate Murphy in the New York Times.
Top Op-Eds
Follow us:

Stroz Friedberg
powered by emma