The Stroz Friedberg Cyber Brief

The Stroz Friedberg Cyber Brief, April 17, 2017
  FEATURED STORY            

MONDAY, APRIL 17, 2017


A trove of classified documents released on Friday by the Shadow Brokers hacking group  reportedly shows how the U.S. National Security Agency has penetrated into the financial infrastructure of the Middle East. The disclosures include evidence that the NSA hacked into EastNets, a Dubai-based company that oversees payments in the international SWIFT transaction system for banks and other businesses. By hacking EastNets, the NSA may have successfully infiltrated computers inside some of the biggest banks in the region. EastNets has disputed that its systems were compromised.


Analysts say that the NSA was likely seeking to track the financial movements of certain Middle Eastern bank clients, ostensibly to gain insight into potential terrorist groups or government officials.

The leak also reportedly contained hacking tools the U.S. government may have used to break into various Microsoft products. Microsoft acknowledged the vulnerabilities and said they had been patched. While the authenticity of the leaks could not be independently verified by media, many cybersecurity experts said that the data in them appeared to be legitimate. (WSJ, NYT, Wired, Reuters)


Passwords: A new Pew Research Center report finds that 39 percent of online adults report having a hard time keeping track of their passwords. This group was much more likely to use passwords that are less secure than those who did not report memory issues. (Pew Research Center)

Fingerprints: New findings by researchers at New York University and Michigan State University suggest that authentication systems on smartphones can easily be fooled by fake fingerprints. Experts say that while full human fingerprints are hard to falsify, finger scanners on phones are so small that they read only partial fingerprints. (NYT)


Carter Page: The FBI obtained a secret court order last summer, during the presidential campaign, to monitor Carter Page’s communications to Donald Trump as part of an investigation into possible links between Russia and the Trump campaign. Officials said the government’s application for the surveillance order included a lengthy explanation detailing the reasons agents suspected Page was acting as an agent of the Russian government. (WaPo)


Microsoft: The tech giant said it had received at least a thousand surveillance requests from the U.S. government for foreign intelligence purposes during the first half of 2016, more than double what it said it received in the prior six months. (Reuters)

Border Searches: Federal agents working at U.S. ports of entry almost doubled their searches of electronic devices in the last six months to nearly 15,000. A bipartisan group of lawmakers on Capitol Hill recently introduced legislation that would require customs officers to get a warrant for these searches. (NYT)

  ON THE HILL                                    

WikiLeaks: In his first speech as CIA chief, Mike Pompeo described the anti-secrecy group founded by Julian Assange as “a nonstate hostile intelligence service often abetted by state actors like Russia.” Some critics saw his comments as remarkable because Pompeo had directed people to view the WikiLeaks website during the recent presidential campaign. (NYT)

Net Neutrality: FCC Chairman Ajit Pai faces a challenge in rolling back the Obama administration’s regulations. Experts say if he moves too fast to end the existing rules, he risks provoking a tough legal battle, but if he moves too slowly he and his Republican allies might suffer politically. (WSJ)


NATO: Several NATO and EU countries came together in Helsinki to agree to establish a European Centre of Excellence for Countering Hybrid Threats. Among other things, the center will focus on protecting members against cyberattacks, propaganda, and disinformation. (Reuters)

  PRIVATE SECTOR                             

Baidu: The Chinese internet giant agreed to acquire U.S. computer vision firm xPerception for an undisclosed amount. The purchase is intended to support Baidu’s renewed efforts in artificial intelligence. The announcement comes as Chinese foreign acquisitions face increased regulatory scrutiny. (Reuters)

Apple: The company has secured a permit to test autonomous vehicles in California. Apple rivals have been testing their vehicles on the roads here for some time, especially Waymo LLC, the Google sister company developing self-driving cars. (WSJ)

  THE WORLD                                     

China: Authorities in Beijing released a draft law that would require firms exporting data to undergo an annual security assessment, and would ban the export of any economic, technological, or scientific information whose transfer would pose a threat to security or public interests. (Reuters)

New Zealand: A municipal effort to recruit tech talent to the island country, called LookSee Wellington, was besieged with more than 48,000 applications, including workers at Google, Amazon, Facebook, MIT, and NASA. (NYT)


How the FBI Took Down Russia’s Spam King: “For the time being at least, [Peter Levashov’s arrest] perhaps marked the end of one of the most powerful spam networks on the internet, a global network of malware-infected computers that had proven uniquely difficult to dismantle, reappearing multiple times and evolving even as its chief output—multitudes upon multitudes of unwanted junk emails advertising Viagra, adult entertainment, and, at worst, phishing emails that spread even more malware—continued unabated for the better part of a decade,” writes Andy Greenberg in Wired.


The Nasty Fight Over Cylance: “One reason Cylance and other new malware protection contenders have drawn so much investment—over $1.8 billion in venture capital since 2014—is that the malware protection industry is ripe for disruption,” writes Sean Gallagher for Ars Technica. “But over the past year, competitors and testing companies have accused Cylance of using product tests that favor the company. These critics have also accused Cylance of using legal threats to block independent, competitive testing.”

The Future of CYBERCOM’s Relations With the NSA: “Though the debate over CYBERCOM’s independence and institutional design will no doubt continue, a complete separation now seems inevitable. While CYBERCOM’s shift away from reliance on NSA will be necessarily gradual, General Hayden estimates the transition could be achieved in as little as nine months. This means that a fully independent CYBERCOM—with all its potential benefits and liabilities—could be just a few years away,” write Emma Kohse and Chris Mirasola on Lawfare.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.