The Stroz Friedberg Cyber Brief

The Stroz Friedberg Cyber Brief, May 15, 2017
  FEATURED STORY            

MONDAY, MAY 15, 2017


A ransomware attack dubbed WannaCry began spreading around the world on Friday, encrypting and holding files hostage at thousands of businesses, hospitals, and government agencies in at least 150 countries. French automaker Renault SA, among the most high-profile corporate targets, was forced to cease operations at factories across Europe. But, so far, researchers say the fallout appears limited to costly disruptions. The virus has not been blamed for destroying hardware or for putting patients lives in grave danger.  


The spread of the virus was reportedly slowed late Friday when an anonymous British researcher activated what turned out to be a “kill switch” embedded in the malicious code.


The United States appeared relatively unscathed by the malware compared with Europe and Asia, but the FBI, National Security Agency, and Department of Homeland Security are investigating. Tom Bossert, White House homeland security and counterterrorism adviser, held emergency meetings with cabinet members Friday night and Saturday morning. The source of WannaCry is a delicate issue for the U.S. government because the vulnerability on which it is based was published by a group called the Shadow Brokers, which last summer began publishing cybertools developed by the NSA. (WSJ, NYT, WaPo, Reuters)


Reuters: Cyberattack Fuels Concerns About Exploit Disclosures

NYT: How to Catch Hackers? Old-School Sleuthing, With a Digital Twist

Wired: The Ransomware Meltdown Experts Warned Us About Is Here

Bitcoin: The digital currency has come under renewed scrutiny amid the outbreak of the WannaCry ransomware, which demands that those targeted pay criminals in Bitcoin. However, Bitcoin’s price remains near a record high that reflects a gain of about 80 percent so far this year. (WSJ)


Cyberespionage: Researchers at FireEye, a California-based cybersecurity company, say that a Vietnamese hacking group likely linked to the government has been spying on foreign companies in the manufacturing, hospitality, and consumer products sectors since at least 2014. (NYT)

Brooks Brothers: The U.S. clothing company said that the payment card information of certain customers were compromised at some of its retail locations in the United States and Puerto Rico for 11 months until March. (Reuters)


Uber: A federal judge in San Francisco has denied a motion to move a legal battle over driverless car technology between Uber and Waymo into private arbitration. (NYT)

  ON THE HILL                                    

Cyber Order: President Trump signed an executive order on Thursday to bolster the government's cybersecurity and protect critical infrastructure from cyberattacks. The order, which drew largely favorable reviews from experts and industry groups, is his first significant action to address the issue that he has called a top priority. (Reuters)


Air Travel Tech: The Department of Homeland Security is reportedly considering banning laptops and other large electronic devices from carry-on bags on flights from Europe to the United States. The policy would extend a limited ban that was put in place in March, which affected passengers traveling through airports in 10 Muslim-majority countries. (NYT)

Russian Software: U.S. intelligence officials told a congressional committee on Thursday they are reviewing the government’s use of software from Russia's Kaspersky Lab, as senators have expressed concerns that Moscow might use the products to attack U.S. computer networks. (Reuters)

  PRIVATE SECTOR                             

United Airlines: The aviation company sent out an alert about a breach in cockpit-door security procedures after a flight attendant mistakenly posted information that included access codes on a public website. (WSJ)

AI Pricing: Retailers are increasingly using artificial-intelligence software to set optimal prices, testing textbook theories of competition. Meanwhile, the rise of AI pricing poses a challenge to antitrust law, analysts say. (WSJ)

  THE WORLD                                     

China: Trade groups representing companies in the United States, Europe, and Asia called on authorities in Beijing to delay a cybersecurity law set to go into force June 1, saying it could discriminate against foreign businesses. Critics say the law’s vague wording hands Chinese regulators broad powers to block a tech company’s products. (WSJ)

Australia: Eight years after the country began an unprecedented broadband modernization effort that will cost at least 49 billion Australian dollars, or $36 billion, its average internet speed still lags behind that of the United States, most of Western Europe, Japan and South Korea. (NYT)


More Is Needed to Fight Hackers: “There are...many technical measures that can be taken to build operating systems that are structurally less vulnerable to bugs. In other words, we can’t eliminate bugs, but with careful design, we can make it so that they cannot easily wreak havoc like [they have with WannaCry]. For example, Chromebooks and Apple’s iOS are structurally much more secure because they were designed from the ground up with security in mind, unlike Microsoft’s operating systems,” writes Zeynep Tufekci in the New York Times.


Brace for Chaos if U.S. Expands Laptop Ban: “While companies won’t abandon trans-Atlantic trips, an electronics ban may dampen corporate travel when combined with other recent regulations that have made traveling more onerous,” write Justin Bachman and Michael Sasso for Bloomberg. “When faced with having to part with their computers—potentially putting sensitive corporate information at risk—some companies may tell employees to leave their computers at home.”

Real Threat to Our Government Is Tech Illiteracy: “[James Comey’s] agency oversaw the investigation into the Hillary Clinton email scandal, and Comey recently testified that the FBI is looking at connections between Russian hackers and the 2016 US presidential election. And while the public has largely been consumed with questions over how Comey handled both of those issues—and how President Trump fired Comey Tuesday based on the director’s handling of the former while the investigation into the latter is ongoing—the dustups all share a similar theme: The government appears to have deep-rooted problems with tech literacy,” writes Emily Dreyfuss in Wired.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.