The Stroz Friedberg Cyber Brief

The Stroz Friedberg Cyber Brief, May 8, 2017
  FEATURED STORY            

MONDAY, MAY 8, 2017


The U.S. Department of Justice has launched a criminal investigation into Uber’s use of a software tool called Greyball, which helped its drivers evade local transportation authorities in many cities around the world. The New York Times first uncovered Greyball in March, raising concerns about its legality. The ride-hailing company later said it would stop its employees from using the controversial software to circumvent regulators.

The federal inquiry was disclosed recently in a transportation audit conducted by the City of Portland, OR. Portland officials reported that Uber had used Greyball to evade more than a dozen city authorities, denying them dozens of rides in December 2014, before Uber was authorized to operate there. Uber said it used Greyball while it was operating without approval because it was “deeply concerned that its driver-partners would be penalized financially” or otherwise. (NYT, Reuters, WSJ)


Macron Campaign: Some cybersecurity experts say the hacking of the French president-elect’s campaign was rushed and clumsy, mixing obviously bogus documents with seemingly innocuous genuine material. Additionally, reports of the hack were invisible to many French voters, as mainstream news media enforced a government ban on campaign coverage from midnight Friday until polls closed Sunday night. (Bloomberg)


Netrepser: Researchers at Bitdefender have reportedly discovered a cyber espionage campaign over the last year that has compromised more than 500 government agencies worldwide. The malware, dubbed “Netrepser,” was stitched together entirely from code and applications publicly available online. (FT)


Hollywood: Criminals have learned that instead of trying to hack into major entertainment corporations like Universal or Netflix, it’s much easier to breach the cyberdefenses of the various vendors those firms collaborate with. (NYT)

Gmail: A sophisticated phishing scam against Google’s email users may have affected as many as 1 million people. The company said it was able to halt the scam within “approximately one hour.” The scam replicated through people’s Gmail contacts when they clicked on a bogus Google Doc that appeared to have been shared by a known contact. (Atlantic)


NYPD: The Center for Privacy & Technology at Georgetown University law school is suing the New York Police Department to demand the release of documents related to its use of facial-recognition technology. The Center for Privacy & Technology reported last year that half of America's adults have their images stored in at least one searchable facial-recognition database used by local, state, and federal authorities. (Reuters)

  ON THE HILL                                    

Russia Probe: Former Acting Attorney General Sally Yates will testify today before a Senate Judiciary subcommittee investigating Russia’s alleged interference in the 2016 presidential campaign. Yates is expected to say that she told White House counsel Donald McGahn that then National Security Advisor Mike Flynn hadn’t been truthful about his conversations with Russian officials and that Flynn’s actions could put him at risk of being compromised by Russian intelligence services. (WSJ)


NSA: A report from the office of Director of National Intelligence said that the NSA collected more than 151 million records of Americans' phone calls last year. Meanwhile, the names of 1,934 "U.S. persons" were "unmasked" last year in response to specific requests, compared with 2,232 in 2015. (Reuters)

  PRIVATE SECTOR                             

Quantum Computing: Companies including D-Wave Systems and IBM have been pioneering the technology, and experts say that within five years it could be powerful enough to solve new classes of problems that are beyond the grasp of modern supercomputers. (WSJ)

Amazon: The company plans to open a new center in Cambridge, England, for more than 400 scientists and engineers to develop technologies including the Alexa digital assistant. (Reuters)

  THE WORLD                                     

France: Many tech leaders in France say their nation’s hopes to be an innovation leader just got a shot in the arm with the election of Emmanuel Macron, a pro-European Union former investment banker. Before launching his presidential bid, Macron courted executives at the Consumer Electronics Show and took a month-long tour around Silicon Valley to meet with tech moguls. (WSJ)

UK: Facebook published ads today in British newspapers, giving advice to its users in the country on how to spot misinformation online. The company also said it had removed tens of thousands of possibly fake accounts and had tweaked its algorithms to reduce the amount of misinformation and spam it circulates. (NYT)


Facebook Struggles With Fake News: “Throughout its 13-year rise to 1.9bn users and a commanding share of the digital advertising market, the group has maintained that it is a “neutral technology platform” with very limited responsibility for the content it hosts. Its only social obligation, it has maintained, is to be a conduit for connecting people. But over the past year, it has been harder for the company to maintain this argument,” write Madhumita Murgia and Hannah Kuchler in the Financial Times.


How Digital Network Tech Threatens Privacy and Security: “Digital network technology has in general been bad both for privacy and for security. The technology offers enormous benefits, in the form of smartphones, nifty apps, cloud storage, the Internet of Things, and all the rest. But it also has costs. In [“Digital Divergence”], I try to explain how digital network technology has exploded the familiar zero-sum game between privacy and security, causing losses to both values simultaneously. I explore some of the legal changes, statutory and constitutional, that may follow from this,” writes David Kris on the Lawfare blog.

Google Phishing Attack Was Foretold: “The "Google Docs" phishing attack that wormed its way through thousands of e-mail inboxes earlier this week exploited a threat that had been flagged earlier by at least three security researchers—one raised issues about the threat as early as October of 2011. In fact, the person or persons behind the attack may have copied the technique from a proof of concept posted by one security researcher to GitHub in February,” writes Sean Gallagher for Ars Technica.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.