The Stroz Friedberg Cyber Brief

The Stroz Friedberg Cyber Brief, June 5, 2017
  FEATURED STORY            
MONDAY, JUNE 5, 2017

Hours after three men killed seven people and injured dozens of others in the heart of London -- the third terrorist attack in the U.K. in three months -- British leaders escalated their criticism of tech companies, calling for international regulations to hinder extremists who use cyberspace to spread their message and recruit supporters.
“We cannot allow this ideology the safe space it needs to breed,” said British Prime Minister Theresa May the morning after the attack. “Yet that is precisely what the internet, and the big companies that provide internet-based services provide.” May called for increased government surveillance of cyberspace, already a component of the Conservative Party’s platform in Britain’s upcoming snap election later this week. “We need to work with allied democratic governments to reach international agreements to regulate cyberspace to prevent the spread of extremism and terrorism planning,” she said.
It is unclear whether any of the three known assailants in Saturday’s attack relied on encrypted messaging in hatching their plot.
Mark Mitchell, New Zealand’s defense minister, joined May in criticizing Silicon Valley, calling the ability of terrorists to use social media and the internet to rally supporters a “clear and present security threat to us all.” That view was driven home by the attacks in London, he said in Singapore at the International Institute for Strategic Studies’ annual Shangri-La Dialogue. Wall Street Journal, Guardian, Washington Post
Reuters: After London Attack, Facebook Says Aims to Be a ‘Hostile Environment’ for Terrorists

Massive ‘Fireball’ adware: The security firm Check Point has warned that 250 million PCs could be infected with malicious code they’ve called Fireball, designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. Wired
UAE Ambassador allegedly hacked: A hacker group calling itself “GlobalLeaks” has begun distributing hacked emails stolen from the inbox of Yousef Al Otaiba, the United Arab Emirates’ ambassador to the United States. The hackers say the emails demonstrate “how a small rich country/company used lobbyists to hurt American interests and those of it allies.” Daily Beast
Possible extradition of Russian hacker: A Russian suspected hacker has moved a step closer to being sent to the U.S., as a Czech judge gave tentative approval last week for an extradition to go ahead. Yevgeniy Nikulin, who was arrested in Prague last October, is accused by the FBI of massive hacks of LinkedIn, Dropbox and Formspring in 2012. Guardian
Dark Overlord threatens ABC: The hacker who broke into the network of a Hollywood-based post-production company late last year and later threatened Netflix that it would leak the still-unreleased fifth season of “Orange Is the New Black” issued a vague threat against ABC via Twitter on Friday, suggesting that they might release one of the broadcaster’s TV shows online. Variety


Silk Road mastermind loses appeal: Ross Ulbricht, the founder of the Silk Road darknet drug and contraband marketplace, lost his appeal last week of his lifetime prison sentence. The 2nd Circuit Court of Appeals found no legal grounds for reversing Ulbricht’s conviction and 2015 sentence for founding and operating Silk Road. USA Today, Wired
Social media vetting: Visa applicants who the U.S. State Department suspects may pose a danger if allowed into the country will be required to provide their social media handles on a new application (PDF) the government just unveiled. Ars Technica
Dakota pipeline protesters: The Intercept reports that documents reveal how a private security group called TigerSwan treated Dakota Access Pipeline protesters as an “insurgency” group. Coordinating with government authorities across five states, the organization surveilled the group in depth, even infiltrating activist camps using false identities. The Intercept
Municipal eyes in the sky: Miami-Dade police may deploy sophisticated aerial surveillance capable of photographing everyone outside for 32 square miles in an effort to track vehicles and individuals involved in crimes. Miami Herald

  ON THE HILL                                    

FCC and threatening calls: The Federal Communications Commission said last week it will take up a proposal this month to revise its rules to allow law enforcement personnel to identify threatening callers, following a series of threatening calls to Jewish community centers. FCC rules generally require phone companies to respect a calling party’s request to have caller-ID information blocked from the party receiving the call. Reuters
Net neutrality: Netflix appeared to back off its fight for net neutrality last week, when the streaming company’s founder and CEO Reed Hastings told the Recode conference that “it’s not our primary battle at this point.” Slate
Revenge hacking?: Rep. Tom Graves (R-Ga.) has drafted a bill that would make it legal for victims of hacker intrusions to hack back against the attacker, the first move to legalize any form of computer intrusion since the federal Computer Fraud and Abuse Act was enacted in 1986. Daily Beast

  PRIVATE SECTOR                             

Google takes on phishing: Wired goes inside Google’s ‘war room’ targeting global phishing scams -- an effort that has taken on greater urgency after a phishing scheme disguised as a Google Docs request flooded the web last month. Wired

  THE WORLD                                     

Putin says ‘patriotic’ Russians may have meddled in U.S. election: Russian President Vladimir Putin shifted away from previous blanket denials and suggested on Thursday that “patriotically minded” private Russian hackers could have been involved in cyberattacks last year that meddled in the U.S. presidential election. He also said that U.S. intelligence agencies could have easily faked what he said was false evidence that Russia had hacked the Democratic Party. New York Times, Reuters
How Twitter is being gamed to feed misinformation: “Twitter often acts as the small bowel of digital news,” writes Farhad Manjoo in the New York Times. “It’s where political messaging and disinformation get digested, packaged and widely picked up for mass distribution to cable, Facebook and the rest of the world….This makes Twitter a prime target for manipulators: If you can get something big on Twitter, you’re almost guaranteed coverage everywhere.”
Forget far-right populism -- crypto-anarchists are the new masters: “The rise of the right is better seen as an early skirmish in a much longer, and far more significant, technology-led restructuring of our politics and society,” writes Jamie Bartlett in the Guardian. “Digital technology has helped the populist right for now, but it will soon swallow them up, along with many other political movements unable or unwilling to see how the world is changing.”
The major component missing from Trump’s executive order on cybersecurity: “When it comes to cybersecurity, your daily life might be far more affected by your state or city government than national policy,” writes Emefa Addo Agawu in “And yet when President Trump issued a long-awaited executive order on cybersecurity—a largely uncontroversial document that mostly continued Obama’s efforts—on May 11, it included virtually no mention of these tiers of government. That’s deeply disappointing, because we can’t afford for states and localities not to be part of the national cybersecurity policy conversation.”



Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.