The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Washington is once again pushing back against attempts by Chinese telecommunications companies to expand into the United States. Citing national security concerns, several lawmakers are urging AT&T to sever ties to Huawei Technologies, the world’s largest telecom manufacturer, and oppose plans by China Mobile to enter the U.S. market. Last week, Rep. Mike Conaway (R-TX) introduced a bill that would ban U.S. government agencies from using equipment made by the companies.


Earlier this month, AT&T bowed to mounting political pressure and scrapped a plan to offer its customers Huawei handsets. Among the commercial ties members of Congress reportedly want the U.S. telecom giant to cut are its collaboration with Huawei over standards for the next generation 5G network and the use of Huawei handsets by AT&T’s discount subsidiary Cricket.

The news is yet another setback for Huawei, which is already banned from selling its equipment in the United States and has had multiple takeovers in the U.S. blocked. (Reuters, The Verge, Guardian, WSJ)


Olympics: A Russia-linked hacker group calling itself "Fancy Bears" published a set of emails it reportedly stole from several organizations linked to the Olympics. The hack, which focuses on correspondence between antidoping investigators, followed Russia's December ban from the 2018 Winter Games in South Korea. (Wired)


WhatsApp: Researchers in Germany have discovered flaws in the encrypted messaging application that could allow anyone who controls WhatsApp's servers to insert new people into an otherwise private group. Experts say the spying method is limited to sophisticated hackers who could compromise those servers, WhatsApp staffers, or governments that coerce WhatsApp to give them access. (Wired)

Mexican Bank: Authorities in Mexico are investigating an attempt to hack and rob the government-run export bank Bancomext. The bank alerted clients that it had suspended operations but hackers were reportedly unable to extract any funds. (Reuters)


Spyware: Phillip R. Durachinsky was charged in Ohio federal court for allegedly installing malware on thousands of computers for more than 13 years in order to watch, listen to, and obtain personal data from unknowing victims. (Reuters)

Encryption: In remarks at a cybersecurity conference in New York, FBI Director Christopher Wray characterized the inability of law enforcement to access data from electronic devices due to powerful encryption as an “urgent public safety issue.” (Reuters)

  ON THE HILL                                    

Russia Probe: President Donald Trump’s former chief strategist Steve Bannon will meet behind closed doors today with the U.S. House of Representatives committee investigating Russia’s interference in the 2016 presidential election. (Reuters)


Digital Currencies: The U.S. Commodity Futures Trading Commission has emerged as the federal overseer of digital currencies like bitcoin, but skeptics wonder if the agency is suited to the task. (Bloomberg)

Autonomous Vehicles: The Trump administration is expected to unveil revised voluntary guidelines this summer for driverless cars, trucks, and other vehicles. Last October, the U.S. National Highway Traffic Safety Administration said it was looking for input on how to remove regulatory roadblocks to self-driving vehicles. (Reuters)

  PRIVATE SECTOR                             

Facebook: The social media giant has begun to change the way it filters posts and videos on its centerpiece News Feed in order to prioritize what friends and family share and reduce the amount of non-advertising content from publishers and brands. Facebook has been criticized heavily for algorithms that may have prioritized misleading news and misinformation in people’s feeds. (Reuters)


Skype: Microsoft announced that Skype will offer end-to-end encryption for audio calls, text, and multimedia messages through a feature called Private Conversations. Currently only Skype Insiders can use the service as part of a beta test before it rolls out more broadly. (Wired)

Blackberry: The Canadian company has launched new cybersecurity software that identifies vulnerabilities in programs used in self-driving cars. Earlier this month BlackBerry and the Chinese internet search firm Baidu signed a deal to jointly develop self-driving vehicle technology. (Reuters)

  THE WORLD                                     

Iran: Authorities in the country have increased their policing of the internet in recent weeks, part of an attempt to mitigate far-reaching protests. However, the crackdown is reportedly driving millions of Iranians to tools like Telegram and Lantern that can help them evade online censors. (WSJ)

France: The government is aiming to expand its powers to block foreign takeovers of French companies deemed as strategic, to also include firms involved in data protection and artificial intelligence. (Reuters)


How the Government Hides Secret Surveillance: “First described in government documents obtained by Reuters in 2013, parallel construction is when law enforcement originally obtains evidence through a secret surveillance program, then tries to seek it out again, via normal procedure. In essence, law enforcement creates a parallel, alternative story for how it found information. That way, it can hide surveillance techniques from public scrutiny and would-be criminals,” writes Louise Matsakis in Wired.


Uber’s Secret Anti-Raid Tool: “Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies. The ride-hailing startup’s reputation for flouting local labor laws and taxi rules has made it a favorite target for law enforcement agencies around the world. That’s where this remote system, called Ripley, comes in. From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven’t been previously reported,” write Olivia Zaleski and Eric Newcomer for Bloomberg.

Cybersecurity Today Is Treated Like Accounting Before Enron: “The tepid consequences are part of a growing problem. From a corporate governance and accountability perspective, cybersecurity today is being treated like accounting was before the fallout from the Enron scandal inspired the Sarbanes-Oxley Act’s increased standards for corporate disclosures. With the privacy and personal data of hundreds of millions of people at risk, and especially now with the increasing ubiquity of connected devices in our lives, the security of digital assets is too important for that kind of treatment,” writes Nathaniel Fick in the New York Times.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.