The Stroz Friedberg Cyber Brief

  FEATURED STORY            



FBI agents in Las Vegas arrested the British cybersecurity researcher credited with neutralizing the global “WannaCry” ransomware attack earlier this year. An indictment filed in Wisconsin federal court accused Marcus Hutchins and an unidentified codefendant of distributing and profiting from malware code known as "Kronos," which stole online banking credentials and credit card information. The alleged crimes took place more than two years ago.


Some cybersecurity professionals who worked closely with the 23-year-old said the actions in question may have been normal research intended to gain credibility in certain online forums. Hutchins is part of a large but loosely regulated cadre of private security firms that companies hire to protect against cyberattacks.

Some say Hutchins’ arrest once again highlights the legal gray area that so-called white hackers operate in. “Security researchers live in fear their contributions will be misinterpreted by the FBI [or] prosecutors,” said Robert Graham, an analyst with the cybersecurity firm Erratasec. “We already have similar cases of people going to jail for a long time because they happened to write code that was later used by evildoers. It concerns people like me, because frequently some of the code I write ends up in viruses.” (Wired, WSJ, Reuters, NYT)


HBO: The media company is conducting a forensic review of its systems to better understand the scope of a recent cyberattack. Hackers reportedly stole 1.5 terabytes of data and leaked a script or treatment for an upcoming episode of "Game of Thrones," along with episodes of others shows. (Reuters)


Voting Machines: Hackers attending the annual DefCon conference in Las Vegas were invited to probe a dozen digital voting machines. While all of the machines are known to be hackable, some were used in recent elections and have since been decommissioned. (Wired)


White Hats Wanted: The U.S. government has trouble recruiting the cybersecurity professionals it needs because the pay is often less than comparable jobs in the private sector, and because the rigid background check would disqualify many applicants. (NYT)

Bitcoin: The digital currency’s underlying software code was split last week, generating a new clone called "Bitcoin Cash." But only a small fraction of bitcoin miners have contributed their computing power to the new blockchain so far. (Reuters)


SCOTUS: The U.S. Supreme Court is finally adopting electronic filing, a move expected to delight researchers, lawyers, and analysts of all kinds. Beginning in November, the court will require “parties who are represented by counsel” to upload digital copies of their paper submissions. Those representing themselves will have their filings uploaded by the court's staff. (WaPo)

  ON THE HILL                                    

IoT Security: A bipartisan group of lawmakers in the U.S. Senate introduced a bill--the IoT Cybersecurity Improvement Act of 2017--that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices. (Krebs)

Sex Trafficking: Some tech companies and digital rights groups are worried that legislation intended to combat online sex trafficking pending in the Senate contains broad language that may infringe on speech. (NYT)

  PRIVATE SECTOR                             

Qualcomm: The U.S. corporate giant is reportedly helping China develop a number of controversial technologies including drones, artificial intelligence, and supercomputers. Some analysts fear that by working with Chinese firms, U.S. companies are sowing the seeds of their own destruction and handing over technology that the U.S. relies on for its military and space programs. (NYT)


BlueteamGlobal: A new company founded by executives with ties to Morgan Stanley said that it has raised more than $125 million and plans to offer managed security services and cyber threat intelligence. (Reuters)

Facebook: The social media company said it will start using updated machine learning to detect possible hoaxes and send them to fact checkers, potentially showing fact-checking results under the original article. (Reuters)

  THE WORLD                                     

South Korea: The country’s spy agency admitted it conducted an illegal campaign to influence the country’s 2012 presidential election, mobilizing teams of experts in psychological warfare to ensure that the conservative candidate, Park Geun-hye, beat her liberal rival. (Guardian)

Indonesia: Google and Twitter have agreed to better police controversial online content including posts by extremists. The news came after Indonesia threatened to shut down social-media and messaging apps if they failed to stop users from spreading such content. (WSJ)


Biotechnology: The U.S.-China Dispute: “Traditionally, the FBI’s weapons of mass destruction directorate has concentrated on preventing toxins such as Ebola or anthrax from falling into the wrong hands — and contributing to the spread of new germ weapons.  Now, the bureau fears that digital data sets may prove just as lethal. The concerns about large volumes of US genetic data being scooped up help explain why a law enforcement agency is tracking the potential loss of US competitive advantage,” writes David J. Lynch in the Financial Times.


Meet, Alex, the Russian Casino Hacker: “The venture is built on Alex’s talent for reverse engineering the algorithms—known as pseudorandom number generators, or PRNGs—that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money—insight that he shares with a legion of field agents who do the organization’s grunt work,” writes Brendan Koerner in Wired.

China’s Censors Up Their Game: “China has embarked on an internet campaign that signals a profound shift in the way it thinks of online censorship. For years, the China government appeared content to use methods that kept the majority of people from reading or using material it did not like, such as foreign news outlets, Facebook and Google. For the tech savvy or truly determined, experts say, China often tolerated a bit of wiggle room, leading to online users’ playing a cat-and-mouse game with censors for more than a decade. Now the authorities are targeting the very tools many people use to vault the Great Firewall,” writes Paul Mozur in the New York Times.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.