The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Cybersecurity experts have discovered two long-hidden vulnerabilities, dubbed Spectre and Meltdown, in computer chips made by Intel, Advanced Micro Devices, and ARM Holdings. The flaws, which could allow hackers to steal the entire memory of a target machine, affect most computing devices made in the last two decades.


The chipmakers and their customers and partners, including Apple, Google, Amazon, and Microsoft had been racing to address the vulnerabilities even before word of them leaked out last week. The U.S. Computer Emergency Readiness Team and other researchers initially thought the only way to defend against the flaws would be total hardware replacement, but they now recommend that users update their operating systems.

Experts say that while patches have started rolling out slowly, it could be years before the hardware flaws are fully addressed. So far there is no evidence that hackers knew about or exploited either Spectre or Meltdown in the past, but that shouldn’t serve as a definitive assurance, analysts say. Attackers could find new ways to exploit either bug and circumvent the patches that come out. (Wired, WSJ, NYT, Reuters)


Iran: A new report from the Carnegie Endowment for International Peace follows nearly a decade of the day-to-day activities of Iranian hackers and how they have evolved into an organized workforce running cyberespionage campaigns aimed at promoting Iran’s interests around the world. (NYT)

Russian Trolls: A Russia-linked influence network has turned its sites on Robert Mueller and the Department of Justice's investigation into Russian interference in the 2016 election. Many of the articles shared by those users are related in some way to the so-called deep state, the bulk of which aim to discredit Mueller. (Wired)


Net Neutrality: An industry group that represents the country’s largest tech firms said it planned to join a looming legal fight against the FCC over its repeal of so-called net neutrality rules. Lawsuits seeking to block the commission’s new policy, which was approved in December, are expected in the weeks ahead. (NYT)

Border Searches: U.S. agents searched a record number of cellphones and other devices at points of entry last year. The government searched the devices of 30,200 people, the vast majority leaving the country, up from 19,051 in fiscal year 2016. More than 80 percent of the devices belonged to foreigners or legal permanent residents. (WSJ)

  ON THE HILL                                    

White House: Chief of Staff John Kelly is banning employees from using personal mobile phones while at work in the West Wing, citing security concerns. Staff will be able to conduct business on their government-issued devices. (Bloomberg)

Bitcoin: The SEC warned investors to “exercise caution” with cryptocurrencies like bitcoin, noting that state and federal regulators may not be able to recoup any lost investments from illegal actors. (Reuters)

  PRIVATE SECTOR                             

Twitter: The social media company defended its decision to allow elected world leaders on its site, noting that they “play a critical role in that conversation because of their outsized impact on our society.” Twitter has faced criticism for allowing President Trump to use its service. (NYT)

Amazon: The retail and cloud giant turned over a record amount of customer data to the U.S. government in the first-half of last year in response to demands by law enforcement. Amazon received 1,618 subpoenas and 229 search warrants, of which it reportedly complied with more than 40 percent. (ZDNet)

  THE WORLD                                     

Germany: Berlin has defended a new law on online hate speech that puts Germany at the forefront of global efforts to police the internet, but critics say it, in effect, censors social media. The Network Enforcement Act requires platforms such as Facebook and Twitter to remove potentially illegal material within 24 hours or face fines of up to 50 million euros. (FT)


South Korea: Regulators have started on-site inspections of the country’s large commercial banks to monitor their compliance with anti-money-laundering obligations related to cryptocurrency trading. (WSJ)

China: Mobile payments in China totaled a record $9 trillion in 2016. Because they are not required to go through the central bank’s clearing system, it makes it harder for China’s monetary authorities to follow capital flows and watch for money laundering and fraud, analysts say. (WSJ)


The Looming Digital Meltdown: “As a citizen of a world in which digital technology is increasingly integrated into all objects — not just phones but also cars, baby monitors and so on — it is past time to panic. We have built the digital world too rapidly. It was constructed layer upon layer, and many of the early layers were never meant to guard so many valuable things: our personal correspondence, our finances, the very infrastructure of our lives,” writes Zeynep Tufekci in the New York Times.


China’s Watchful Eye: “Facial recognition is the new hot tech topic in China. Banks, airports, hotels and even public toilets are all trying to verify people’s identities by analyzing their faces. But the police and security state have been the most enthusiastic about embracing this new technology,” writes Simon Denyer in the Washington Post.

How Kaspersky Fell Under Suspicion: “While the U.S. government hasn’t offered conclusive evidence, Wall Street Journal interviews with current and former U.S. government officials reveal what is driving their suspicions. Some of these officials said they suspect Kaspersky’s antivirus software—the company says it is installed on 400 million computers world-wide—has been used to spy on the U.S. and blunt American espionage. Kaspersky’s suspected involvement in U.S. security breaches raises concerns about the relationship between the company and Russian intelligence,” write authors at the Wall Street Journal.



Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.