The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Civil liberties advocates and many tech executives are worried about what cybersecurity policies the Donald Trump administration will push to the fore beginning next year. During his campaign, the Republican candidate supported enhanced U.S. surveillance powers, calling for a boycott of Apple products over its refusal to help the FBI unlock a terrorist suspect’s iPhone. Some companies are reportedly considering relocating their servers and other assets out of the United States to put them beyond the legal reach of a Trump administration.

Meanwhile, analysts say Trump may also overturn the net neutrality rules put in place by the Obama administration. At first, the Federal Communications Commission under Trump could simply decide not to enforce the rules but later could take formal steps to remove them from the books. Additionally, Trump could undermine FCC rules that limit how Internet providers use and sell customer data. (Reuters, WaPo, Wired)

Bangladesh Bank: Bangladesh's central bank has reportedly recovered just under a fifth of the $81 million that was stolen from its account at the New York Federal Reserve in February. Philippines authorities handed over $15.25 million to Bangladesh's ambassador to the country. (Reuters)


Russian Banks: At least five of Russia's largest banks were struck by massive distributed denial-of-service attacks. Russia's central bank confirmed it had identified "attacks on a number of large banks," describing their intensity as "medium" and saying they did not disrupt access to banking services. (AFP)


Yahoo: The company discovered the hack that led to a data breach affecting more than a half billion accounts nearly two years before it was disclosed in September, according to documents filed with financial regulators. In a section listing risks to its deal with Verizon, Yahoo said the telecom giant may seek to renegotiate or call off the agreement because of the breach. (WaPo)

Cellphones: Cellphone numbers are increasingly used as a link to private information maintained by all sorts of companies, including money lenders and social networks. Unlike Social Security numbers, they are not regulated and are easier for identity thieves and other criminals to access. (NYT)


Bitcoin Exchange: Ricardo Hill was arrested last month in Florida and charged in Manhattan federal court with conspiring to operate an unlicensed money transmitting business. Hill is the latest person to face criminal charges in connection with what U.S. prosecutors say was an illegal bitcoin exchange owned by an Israeli allegedly behind the hacking of companies including JPMorgan Chase. (Reuters)

Child Porn: The FBI reportedly ran 23 child pornography websites to try to ensnare users, according to an affidavit acquired by the ACLU. The new disclosures show that the FBI's sting was much broader than previously thought. (The Hill)


Army: The U.S. Army is launching its “Hack the Army” bug bounty this month, asking selected hackers to vet and find flaws in its digital recruiting infrastructure. The security consulting firm HackerOne, which helps institutions establish bug bounties, facilitates both Hack the Pentagon and Hack the Army. (Wired)

  PRIVATE SECTOR                             

IBM: The tech giant showed off its artificial intelligence software last week for use as a foundation for programmers. Other companies that have built AI engines have focused on embedding them in their own products, but IBM has taken a platform approach, offering more than a dozen services that can be used independently or together. (WSJ)


Drones: Weak consumer demand and falling prices are driving startups to shift their focus to specialized business applications. Many drone makers overestimated demand from hobbyists, but they now see big opportunities selling to businesses under newly relaxed U.S. regulations. (Reuters)

Facebook: The company has been embroiled in accusations that it helped spread misinformation and fake news stories that influenced how the U.S. electorate voted. The social network was reportedly internally questioning what its responsibilities might be. Some employees have been galvanized to send suggestions to product managers on how to improve Facebook’s powerful news feed. (NYT)

  THE WORLD                                     

EU: The European Commission has asked the United States about a secret court order Yahoo used to scan thousands of customer emails for possible terrorism links. The request follows concerns that the U.S. may have violated a new data transfer pact. (Reuters)

China: Dozens of international business and technology organizations expressed “deep concerns” to the Chinese government about a new cybersecurity law they said would likely increase the separation between China and the rest of the world. (Reuters)

The Danger of Going Soft on Russia: “Since Mr. Trump has refused to criticize the Kremlin, it’s important that Mr. Obama figure out, before he leaves office, how to punish Russia for the hacking in a way that demonstrates Washington’s determination to resist cyberattacks without further escalating the conflict. Getting the balance right will not be easy. Mr. Obama should also keep talking with Russia on mutually acceptable cyber-deterrence guidelines that set rules for regulating, defending against and deterring malicious intrusions in cyberspace,” write editors of the New York Times.


If Trump Controlled the NSA: “The president’s discretion over the NSA’s actions doesn’t just apply to privacy-invasive spying. It also controls the agency’s capability to develop disruptive or destructive cyberattacks. Trump would have final say over the use of digital weapons like Stuxnet, the malware created by the NSA and Israeli intelligence and deployed by the CIA to destroy equipment in Iranian nuclear enrichment facilities,” writes Andy Greenberg in Wired.

Understanding China’s Cybersecurity Law: “When the Cybersecurity Law takes effect on June 1, internet companies operating in China will be subject to a broad and ill-defined array of regulations and potential punishments. Notwithstanding the enhanced individual protections that it provides, the law primarily serves to increase the state’s ability to control domestic Internet activity. As the country moves toward implementation in June, we must look toward the new implementing regulations that will be released in order to better understand just how far this new authority will extend,” writes Chris Mirasola on the Lawfare blog.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.