The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Yahoo is reportedly willing to shave nearly $300 million off the $4.8 billion it charges Verizon to purchase its internet properties, a discount that analysts say factors in revelations of the recent cybersecurity lapses at Yahoo. Additionally, Verizon and Yahoo’s remaining business--to be renamed Altaba Inc. after the deal--are expected to share any legal responsibilities related to the massive data breaches. The two companies could agree on a revised transaction within days, which would allow the deal to close in April.

Separately, Yahoo warned an unknown number of customers last week that state-sponsored hackers may have accessed their accounts by using a sophisticated cookie forging attack. The company reportedly publicized the cookie attack last December, around the same time it revealed the historic breach that occurred in 2013, in which hackers stole information on one billion accounts. (WSJ, Bloomberg, NYT, ZDNet, CNET)


2016 Election: The FBI has at least three open investigations relating to the alleged Russian hacking of the U.S. presidential elections. One, related to the breaches of DNC systems, is being handled by the bureau’s Pittsburgh office. Another, being led by the San Francisco office, is focused on the hack of John Podesta’s email account. And a third, run by counterintelligence agents in DC, is looking at financial transactions by Russian entities believed to have links to Trump associates. (Reuters)


Mac Malware: Researchers say the same group of Russian hackers that allegedly interfered in the U.S. election, known as APT28, has developed sophisticated malware to compromise Macs. Among other things, the malware can harvest passwords, snap pictures of screen displays, and steal iOS backups. (Ars Technica)

Android: Russian security firm Kasperky Lab has discovered that many Android phone apps that allow users to locate, unlock, and start their cars are vulnerable to hackers. The researchers hope the discovery serves as a warning to the auto industry to take cybersecurity much more seriously. (Wired)


Kim Dotcom: A New Zealand court has ruled that the internet entrepreneur and three co-defendants are subject to extradition to the United States, where they face fraud and copyright infringement charges related to the file-sharing site Megaupload. The four have said they will appeal the decision. (BBC)

Spammers: A federal court in New Jersey sentenced Timothy Livingston, a Florida resident, to four years in prison for his role in a wide-ranging hacking and spamming scheme targeting 60 million people. His two accomplices received two years probation and fines. (Reuters)


  ON THE HILL                                    

Executive Order: President Trump is expected to issue an order on cybersecurity in the coming days. Analysts say the most recent draft resembles an order signed by President Obama in 2013, and calls on federal agencies to adopt the NIST Framework for Improving Critical Infrastructure Cybersecurity. (National Law Review)


EU Data Pact: Some tech executives and European officials are worried that President Trump’s national security policies may undermine the Privacy Shield framework, which protects Europeans against indiscriminate mass surveillance. (WSJ)

RSA: Officials from the Trump administration were noticeably absent from the annual cybersecurity conference in San Francisco. The highest government voice this year was from the legislative branch, House Homeland Security Committee Chairman Michael McCaul (R-TX), who gave an opening day keynote talk. (USA Today)


NATO: The security alliance signed a political framework agreement on cyber defense cooperation with nonmember Finland. The Scandinavian country already participates in NATO’s Cyber Coalition, an annual exercise. Last year, Russia signaled it might move troops closer to the Finnish-Russian border if Finland were to join NATO. (The Hill)

  PRIVATE SECTOR                             

Signal: The popular encryption app is adding video calling and other new features, which are making the process of an encrypted call feel much more like making a normal one, analysts say. (Wired)

  THE WORLD                                     

Germany: The country’s telecommunications watchdog said hackers could use a U.S.-made doll named Cayla, which records children’s voices, to steal personal data. The agency said it was banning the toy in Germany. (NYT)

EU: Lawmakers are pushing for EU-wide legislation to regulate the rise of robots, including an ethical framework for their development and deployment. However, they rejected a proposal to impose a so-called robot tax to fund support for and retraining of workers. (Reuters)


The Brave New Cyber World: “The question facing the Trump administration — and its counterparts around the world — is how to adapt traditional concepts and tools of statecraft to the digital age. We’ve entered a new era, and we lack the shared vocabulary and political doctrines to make sense of it. Perhaps more importantly, the generation of leaders who can seamlessly integrate policies in the physical and digital worlds is still emerging,” write William J. Burns and Jared Cohen in Foreign Policy.


Cyber Order Is Reasonable Step: “The cybersecurity EO is a well thought out and reasonable step forward. It deserves to get the president’s priority attention and signature. And unless the final version takes account of our need to grow both the cyber workforce and our White House leadership in this area, more remains to be done,” writes Betsy Cooper for The Hill.

Former SecDef on the Future of War: “I think if there is going to be something ever that rivals nuclear weapons in terms of the pure fearsomeness of their destructiveness it’s more likely to come from biotechnology than any other technology. Looking back decades from now, I do think the biological revelation could rival the atomic revolution for the fearsomeness of the potential. I think that’s one reason we need to invest in it,” says Ash Carter in the Wired interview.



Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.