The Stroz Friedberg Cyber Brief

  FEATURED STORY            

MONDAY, APRIL 30, 2018


An international coalition of police arrested several administrators of a popular online marketplace,, which sold distributed denial-of-service attacks for as little as $15. The investigation was led by British and Dutch police with the support of Europol and a dozen other law enforcement agencies.

UK officials say that seven of the largest British banks were victims of attacks using the Webstresser service in November 2017, forcing them to reduce operations or shut down systems. Experts say that Webstresser is just one of many sites operating openly on the web as a “stresser” business, offering to test a company's cybersecurity. Stresses can be used to settle scores between business rivals, carry out industrial espionage, or hold businesses for ransom. (BBC, Reuters, Europol, FT)


Amazon Echo: Researchers were able to turn the electronic assistant into a surveillance device using a malicious Alexa applet, known as a "skill," which could be uploaded to Amazon's Skill Store. Amazon has fixed the vulnerability. (Wired)


Hotel Locks: Finnish security researchers discovered a flaw that could allow hackers to create a master key from an expired hotel key card. The radio-frequency ID key card system in question, Vision by Vingcard, is in use in several hundred thousand hotel rooms worldwide. (Reuters)

Mexican Banks: In recent days, three banks experienced “incidents” when operating Mexico’s interbank electronic transfer system, forcing them to enact contingency plans. Client money was reportedly not affected. (Bloomberg)


Huawei: Federal prosecutors in New York are reportedly investigating whether the Chinese tech giant violated U.S. sanctions on Iran. News of the probe follows a series of U.S. actions aimed at reducing the access Chinese tech firms have to the U.S. economy. (WSJ)

  ON THE HILL                                    

Intellectual Property: The Trump administration said 36 countries were inadequately protecting U.S. intellectual property rights, putting China on a priority watch list for the 14th consecutive year. Senior White House officials are traveling to China this week for talks on trade and IP. (Reuters)


Cyber Command: Army Lt. Gen. Paul Nakasone was confirmed by the Senate to be the next director of the National Security Agency and the leader of U.S. Cyber Command. The new assignment also comes with a promotion to four-star general. A change-of-command ceremony is scheduled for Friday. (WaPo)

  PRIVATE SECTOR                             

Energy Companies: Security analysts report that energy companies are spending less than 0.2 percent of their revenue on cybersecurity, at least a third less than financial institutions. The news comes amid rising threats to the energy sector, including a recent attack on several U.S. power and natural gas suppliers. (Bloomberg)


Facebook: The company’s chief technology officer, Mike Schroepfer, faced more than four hours of questions from a British parliamentary committee over its data-collection techniques, oversight of app developers, fake accounts, political advertising, and links to Cambridge Analytica. (NYT)

Uber: The ride-hailing company announced changes to how it rewards cybersecurity researchers who report flaws in its software. New terms more clearly define what Uber does and does not consider “good faith” vulnerability research. (Reuters)

  THE WORLD                                     

Russia: Moscow is reportedly keen to dominate the rollout of blockchain technology. Experts say that the companies and countries that establish an early lead could guide the direction of blockhain for both commercial and security purposes. (NYT)

China: The National Integrated Circuitry Investment Fund, also known as the “Big Fund,” is near to closing a $19 billion investment round for a second fund to support China’s domestic chip sector. (Reuters)


America vs. the Hackers: “It is a war game with a twist. Instead of army officers, election officials are in charge. Instead of battling against an enemy armed with missiles, defences are choreographed against hackers hidden behind foreign computers. With the US midterm elections fast approaching, more than 160 election officials from across the country have just months to learn how to defend democracy,” writes Hannah Kuchler in the Financial Times.


The Era of Fake Video Begins: “The internet has always contained the seeds of postmodern hell. Mass manipulation, from clickbait to Russian bots to the addictive trickery that governs Facebook’s News Feed, is the currency of the medium. It has always been a place where identity is terrifyingly slippery, where anonymity breeds coarseness and confusion, where crooks can filch the very contours of selfhood. In this respect, the rise of deepfakes is the culmination of the internet’s history to date—and probably only a low-grade version of what’s to come,” writes Franklin Foer in the Atlantic.

Is the Threat of Cyberwar Over-Hyped? “Our research suggests that, although states like Russia will continue to engage in cyberattacks against the foundations of democracy (a serious threat indeed), states are less likely to engage in destructive “doomsday” attacks against each other in cyberspace. Using a series of war games and survey experiments, we found that cyber operations may in fact produce a moderating influence on international crises,”’ write Benjamin Jensen and David Banks in the Washington Post.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.