The Stroz Friedberg Cyber Brief

The Stroz Friedberg Cyber Brief, June 19, 2017
  FEATURED STORY            
MONDAY, JUNE 19, 2017

Facebook and Google both announced new policies over the past week aimed at bolstering their efforts to take down extremist content and accounts. The moves follow growing pressure from governments for major tech firms to do more to remove terrorist propaganda and offensive content from their platforms.
In a blog post Thursday, Facebook described how it plans to increase its use of artificial intelligence to flag and remove inappropriate content. One tool, in use for several months now, combs the site, including live videos, for known terrorist imagery, like beheading videos, to stop them from being reposted. Another set of algorithms attempts to identify—and sometimes autonomously block—propagandists from opening new accounts after they have already been kicked off the platform, while another tool uses A.I. to identify language used by terrorist propagandists.

Facebook says that for now, AI will be used in conjunction with human moderators, who review content on a case-by-case basis. Brian Fishman, Facebook’s lead policy manager for counterterrorism, said the company had a team of 150 specialists working in 30 languages doing such reviews. BBC News, Washington Post, Wall Street Journal
On Sunday, Google, YouTube’s parent company, also announced a set of policies aimed at curbing extremist videos on the platform. For videos that are clearly in violation of its community guidelines, such as those promoting terrorism, Google said it would continue to quickly identify and remove them. But in a policy change, other offensive videos that do not meet the standard for removal — for example, videos promoting the subjugation of religions or races without inciting violence — will now come with a warning and cannot be monetized with advertising, or be recommended, endorsed or commented on by users. “That means these videos will have less engagement and be harder to find,” Kent Walker, Google’s general counsel and senior vice president, wrote in a company blog post. New York Times, Bloomberg
Wired: Facebook’s Counterterrorism Playbook Comes into Focus
Guardian: Facebook Exposed Identities of Moderators to Suspected Terrorists

Russia’s cyberattack on the U.S. electoral system ahead of the 2016 vote was far more widespread than has been publicly revealed, Bloomberg reported last week, and included incursions into voter databases and software systems in 39 states -- nearly twice as many states as has been previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The state gave the FBI and the Department of Homeland Security almost full access to investigate its systems. As many as 90,000 records were compromised, the investigators found, after a hacker gained access to the state’s voter database. Investigators also found evidence that the hackers tried but failed to alter or delete some information in the database, an attempt that has not been previously reported. Bloomberg
Britain’s National Cyber Security Centre has reportedly attributed the WannaCry malware, which crippled the UK’s National Health Service and other organizations worldwide in May, to the North Korean-affiliated hacking team Lazarus Group. The BBC and Guardian report that the NCSC led an international investigation into the WannaCry bug and completed its assessment within the last few weeks. BBC, Guardian
BBC: University College London Hit by Major Ransomware Attack
Alleged Canadian hacker may not fight extradition to U.S.: Karim Baratov, a Canadian accused of helping Russian intelligence agents break into email accounts as part of a massive 2014 breach of Yahoo accounts, may waive his right to fight a U.S. extradition request, his lawyer said on Friday. Baratov is reportedly  talking with the FBI and U.S prosecutors in Washington about the details of the case. A final decision about whether to fight the extradition request will come at a hearing to be held on July 7. The Hill, Reuters

  ON THE HILL                                    

Self-driving car restrictions: A GOP proposal before the House of Representatives would bar California and other states from setting their own rules governing design and testing of self-driving cars. Under the proposed bill, federal regulators would also be blocked from demanding pre-market approval for autonomous vehicle technology. Reuters
Net neutrality Day of Action: Netflix has joined Amazon and Reddit in planning for an “Internet-Wide Day of Action to Save Net Neutrality” on July 12. Participating websites are expected to display prominent messages about FCC Chairman Ajit Pai's plan to gut net neutrality rules. Sites are also expected to provide visitors with tools to contact Congress and the FCC. Ars Technica
FCC nominee: President Donald Trump plans to nominate Democrat Jessica Rosenworcel for another term on the Federal Communications Commission. Rosenworcel had to leave the commission at the end of last year when the Republican-led US Senate refused to reconfirm her for a second five-year term.  Ars Technica


It has been more than a year since the Pentagon announced that it was opening a new line of combat against ISIS, directing Cyber Command to mount computer-network attacks in order to disrupt the ability of the terror group to spread its message, attract new adherents, and circulate orders from commanders. But American officials say the results have been a consistent disappointment, according to the New York Times. Recruitment efforts and communications hubs reappear almost as quickly as they are torn down. “This is just much harder in practice than people think,” said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. “It’s almost never as cool as getting into a system and thinking you’ll see things disappear for good.” New York Times
A newly declassified 2016 report by the Defense Department’s inspector general concludes that the government’s efforts to tighten access to its most sensitive surveillance and hacking data after the leaks of NSA files by Edward Snowden fell short. The NSA failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms and  also failed to meaningfully reduce the number of officials and contractors who were empowered to download and transfer data classified as top secret. The report was made public in redacted form last week in response to a Freedom of Information Act lawsuit by the New York Times. New York Times
Wikileaks document describes CIA’s router-hacking efforts: WikiLeaks has published a detailed set of descriptions of the CIA’s router-hacking toolkit. The document describes a program called Cherry Blossom, which uses a modified version of a router’s firmware to turn it into a surveillance tool. PCMag, Wired, The Verge

  PRIVATE SECTOR                             

Company lost secret 2014 fight over NSA surveillance: An American communications company in 2014 pushed back against an “expansion” of the NSA’s surveillance program, but was ordered to comply by the Foreign Intelligence Surveillance Court, a newly declassified 2014 ruling shows. The declassified portions of the ruling did not say what the expansion was or the legal arguments the anonymous company had made. New York Times

  THE WORLD                                     

Germany builds an election firewall to fight Russian hackers: To guard against Russian interference in Germany’s upcoming elections in September, Chancellor Angela Merkel’s Christian Democratic Union is calling for a law that would allow the country to “hack back” and wipe out attacking servers. Bloomberg
Girl Scouts unveil cybersecurity badge: Girl Scouts will soon be able to earn a cybersecurity badge. The focus for younger Girl Scouts will include data privacy, cyberbullying and protecting themselves online. Older members will learn how to code, become white hat (or ethical) hackers and create and work around firewalls. CNN
Canada preps for hacktivists attacks ahead of 2019 vote: Canada's electronic spy agency said on Friday it was “very likely” that hackers will try to influence Canada's 2019 elections and it planned to advise political parties next week on how to guard against cyber threats. Reuters
Pakistani man sentenced to death for Facebook post: In an unprecedented ruling, a court in the Pakistani city of Bahawalpur sentenced 30-year-old Taimoor Raza last week to death for posting blasphemous statements about Prophet Mohammed and his family on Facebook. Slate
Making Google the censor: European leaders are calling on tech firms to do more to police terrorist content and violent speech. “But making private companies curtail user expression in important public forums is dangerous,” writes Daphne Keller in the New York Times. “The proposed laws would harm free expression and information access for journalists, political dissidents and ordinary users. Policy makers should be candid about these consequences and not pretend that Silicon Valley has silver-bullet technology that can purge the internet of extremist content without taking down important legal speech with it.”
Trump’s dangerous indifference to Russia: “A rival foreign power launched an aggressive cyberattack on the United States, interfering with the 2016 presidential election and leaving every indication that it’s coming back for more — but President Trump doesn’t seem to care,” writes the New York Times in an editorial.
An AI developed its own non-human language: “A buried line in a new Facebook report about chatbots’ conversations with one another offers a remarkable glimpse at the future of language,” writes Adrienne LaFrance in The Atlantic. “The model that allowed two bots to have a conversation—and use machine learning to constantly iterate strategies for that conversation along the way—led to those bots communicating in their own non-human language.”
Should social networks be held liable for terrorism? “In January 2016, the widow of a military contractor killed in an ISIS attack in Jordan sued Twitter in U.S. court. Her claim was simple: By allowing terrorists to radicalize potential recruits, spread propaganda, and fundraise, Twitter shared responsibility for her husband’s death,” writes Nina Iacona Brown in That claim and others “are based on federal laws that make it a crime to provide ‘material support’ to terrorists -- a new legal tack.”


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.