The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Then President Obama decided in early 2014 to increase U.S. cyber and electronic attacks on North Korea’s ballistic missile program, reports the New York Times. Shortly thereafter, a large number of the Asian country’s rockets began to explode or malfunction. However, it’s unclear what effect the U.S. efforts at sabotage actually had. Proponents claim they set back the Kim regime’s missile ambitions by several years, while critics say they may have had little impact.


The New York Times investigation, which began last spring, and included interviews with members of both the Obama and Trump administrations, found that the United States does not have the capability to effectively counter the North’s nuclear and missile programs, and concluded that those threats are far more acute than many experts thought.

President Obama’s decision to escalate cyberattacks reportedly came after he concluded that the hundreds of billions spent on conventional ballistic missile defense systems had failed its purpose of protecting the continental United States. In the search for alternatives, the administration pursued so-called “left of launch” technologies, which are so named because they target missiles before they reach the launchpad, or just as they lift off. (NYT)


Yahoo: The company said that hackers using forged cookies were able to access about 32 million user accounts over the last two years. Some of the recent intrusions can be connected to the "same state-sponsored actor believed to be responsible for the 2014 breach," Yahoo said. Meanwhile, CEO Marissa Mayer will not receive her 2016 cash bonus, and she has volunteered to forgo her 2017 equity compensation. (Reuters, WSJ, NYT)


Pence: The U.S. vice president had a private email account that was breached last spring while he served as governor of Indiana. The hackers emailed his contacts attempting to scam them out of money. Pence reportedly opened the AOL account in the mid-1990s and occasionally used it to conduct official business. A spokesman for Pence said his use of the account was consistent with previous governors. (Indy Star, WaPo, AP)


Slack: A cybersecurity researcher discovered a bug that would have allowed hackers to gain illicit access to millions of Slack accounts, including shared files and chat histories. Creators of the work messaging app patched the vulnerability within hours. (Wired)

Smart Teddy: A company that sells internet-connected teddy bears that allow kids and their parents to exchange messages left more than 800,000 customer credentials, as well as two million message recordings, exposed online for anyone to see. (Motherboard)


Tor Exploit: In order to keep a valuable FBI hacking method secret, federal prosecutors in Washington state dropped all charges against a man accused of accessing a child pornography website. The Department of Justice is currently prosecuting over 135 people nationwide whom they believe accessed the illegal website. (Ars Technica)

  ON THE HILL                                    

Trump Wiretapped? President Trump accused his predecessor on Twitter this weekend of ordering his phones tapped at Trump Tower during the 2016 campaign. However, experts note that presidents cannot legally order a wiretap, and FBI Director James Comey reportedly asked the Justice Department to publicly reject President Trump’s claim. The department has not released such a statement. Meanwhile, the president on Sunday demanded that Congress investigate whether Obama abused the power of federal law enforcement agencies. (NYT, WSJ)


FISA: The Trump administration says it does not want to reform the Foreign Intelligence Surveillance Act to address privacy concerns. Parts of FISA, including a provision that undergirds two controversial electronic surveillance programs, are set to expire at the end of the year unless reauthorized by Congress. (Reuters)


Russia Probe: Democratic lawmakers on the House Intelligence Committee said FBI Director Comey refused to answer questions regarding the scope of the FBI’s investigation into Russia’s alleged interference in the 2016 election. (WSJ)

Top Adviser Death: Howard A. Schmidt, a cybercrime expert who advised Presidents George W. Bush and Barack Obama, died last Thursday. Among other things, Schmidt drafted cybersecurity safeguards that were approved by Congress in 2015. (NYT)

  PRIVATE SECTOR                             

Uber: The ride-hailing service confirmed that it used a secret tool called Greyball to avoid authorities in markets where it was banned or faced political resistance. Greyball uses data from the Uber app and other methods to identify and circumvent officials who aim to ticket or apprehend Uber drivers. A spokeswoman for the company said a scaled-back version of Greyball was still in use. (Reuters, NYT)


IBM: IBM is marketing blockchain to hundreds of its clients, including Walmart, as a better way to help them track various goods and services. IBM now has around 650 employees dedicated to the technology. (NYT)

Honda: The Japanese automaker is creating a research arm focused on artificial intelligence. R&D Center X is expected to open in Tokyo in April as a software-focused counterpart to Honda’s existing hardware-focused basic research center. (WSJ)


Trump, Putin, and the New Cold War: “For those interested in active measures, the digital age presented opportunities far more alluring than anything available in the era of Andropov. The Democratic and Republican National Committees offered what cybersecurity experts call a large ‘attack surface.’ Tied into politics at the highest level, they were nonetheless unprotected by the defenses afforded to sensitive government institutions,” write Evan Osnos, David Remnick, and Joshua Yaffa in the New Yorker.


World War Meme: “There is no real evidence that memes won the election, but there is little question they changed its tone, especially in the fast-moving and influential currents of social media. The meme battalions created a mass of pro-Trump iconography as powerful as the Obama “Hope” poster and far more adaptable; they relentlessly drew attention to the tawdriest and most sensational accusations against Clinton, forcing mainstream media outlets to address topics—like conspiracy theories about Clinton’s health—that they would otherwise ignore,” writes Ben Schreckinger on Politico.


The Plan That Could Stop Drone Terrorism: “They returned to Black Sage’s headquarters in Boise, Idaho, and spent a year enhancing their system so that it can now not only track drones but also bring them safely to the ground using radio-frequency-jamming technology. There is only one small hitch: Like almost every drone-­interdiction technology in development, frequency jammers run afoul of several U.S. laws,” writes Douglas Starr in Wired.

Cyber Strategy and Policy: “Existing international law, although not yet settled, is adequate to support a strong cyber-defense strategy, including a powerful deterrent. The answers to many international law questions, such as those I have discussed, depend on specific, case-by-case facts, and are likely to be highly contested for a long time to come. This means that the United States should continue to exercise leadership in advancing interpretations that support its strategic interests,” writes Matt Waxman on Lawfare.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.