The Stroz Friedberg Cyber Brief

  FEATURED STORY            



The Atlanta-based credit reporting agency faces a mountain of customer criticism, official scrutiny, and legal action following a cybersecurity intrusion that may have exposed private information of about 143 million U.S. consumers. Shares of Equifax dipped nearly 14 percent in trading on Friday, as analysts said the company’s operations were likely to be investigated by the SEC, FTC, and state attorneys-general across the United States. Meanwhile, Capitol Hill lawmakers are also planning hearings.

Equifax reportedly first discovered the security vulnerability in late July but chose not to announce it publicly until more than a month later. The company has been widely criticized for its customer service in the aftermath of the hack, as users struggled to understand whether their information had been affected. The breach is second in size only to the one disclosed by Yahoo last year but potentially more dangerous given the company’s role in assigning consumer credit ratings and warehousing people’s personal information. (FT, WSJ, Bloomberg, Reuters)


Russian Election Influence: The social media company said it had identified more than $100,000 worth of divisive advertisements purchased during the 2016 U.S. election by a Russian company linked to the Kremlin. The disclosure is more evidence of the broad Russian campaign to sway the presidential election. (NYT)


Energy Espionage: Researchers at Symantec say that state-sponsored hackers may have targeted U.S. and European energy companies in a sophisticated espionage campaign that began in late 2015 and continued to this year. (Reuters)

NSA Leaks: The hacking group that for more than a year has been leaking documents they claim were stolen from the National Security Agency said they will leak documents twice a month and will continue to double the cost to access the leaks from each release. (The Hill)


Uber: Federal authorities in New York are investigating whether the ride-hailing company used software known internally as “Hell” to interfere illegally with Lyft, a competitor. Analysts say a critical question for investigators is whether “Hell” constituted unauthorized access of a computer. (WSJ)

Russian Hacker: Roman Valeryevich Seleznev, a Russian cyber-criminal who sold stolen credit card data and other personal information, pleaded guilty yesterday in two separate criminal cases in Nevada and Georgia federal court. (LV Review Journal)

  ON THE HILL                                    

Autonomous Vehicles: The House of Representatives unanimously approved a proposal that would speed the deployment of self-driving cars. The bill would allow automakers to obtain exemptions to deploy up to 25,000 vehicles without meeting existing auto safety standards in the first year. The cap would rise over three years to 100,000 vehicles annually. (Reuters)

Chipmaker: Lattice Semiconductor is asking President Trump to approve its takeover by a Chinese government-backed fund, requesting that he overrule the recommendation of the Committee on Foreign Investment in the U.S., which reviews deals for national security concerns. (WSJ)

  PRIVATE SECTOR                             

Lyft: The ride-hailing company said that self-driving cars will soon be dispatched to certain passengers who request a ride through the app in the San Francisco area. The cars will come from, a Mountain View, California, startup that builds software to turn cars into autonomous vehicles. (Reuters)

  THE WORLD                                     

Germany: The hacking collective Chaos Computer Club has uncovered a selection of serious vulnerabilities in some of Germany’s voting software. The country has faced suspected Russian hackers in the past. (Daily Beast)


China: Authorities in Beijing plan to shut down domestic bitcoin exchanges. The move delivers what analysts say is a final blow to a once-thriving industry of commercial trading for virtual currencies, which took off inside the mainland four years ago. (WSJ)


Bangladesh: The country’s central bank is sending a team of officials to the Philippines to push for the recovery of more of the $81 million stolen from its account at the New York Federal Reserve last year and routed through a bank in Manila. (Reuters)

EU: Europe’s human rights court has ruled that companies can monitor their employees’ email only if they are notified in advance. (NYT)


Treat Data Breaches Like Oil Spills: “U.S. policymakers should steal a play from environmental policy and require companies to carry insurance to cover the full societal costs of the loss. If oil tankers want to operate in U.S. waters, they are required to have a “certificate of financial responsibility” issued by the U.S. Coast Guard National Pollution Funds Center. The certificate shows that the vessel carries the necessary insurance to cover the full loss of cleanup should the oil be lost,” writes Robert Knake for the Council on Foreign Relations.


Workers: Fear Not the Robot Apocalypse: “Throughout history, automation commonly creates more, and better-paying, jobs than it destroys. The reason: Companies don’t use automation simply to produce the same thing more cheaply. Instead, they find ways to offer entirely new, improved products. As customers flock to these new offerings, companies have to hire more people,” writes Greg Ip in the Wall Street Journal.

The Fake Americans Russia Created to Influence the Election: “The Russian information attack on the election did not stop with the hacking and leaking of Democratic emails or the fire hose of stories, true, false and in between, that battered Mrs. Clinton on Russian outlets like RT and Sputnik. Far less splashy, and far more difficult to trace, was Russia’s experimentation on Facebook and Twitter, the American companies that essentially invented the tools of social media and, in this case, did not stop them from being turned into engines of deception and propaganda,” writes Scott Shane in the New York Times.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.