The Stroz Friedberg Cyber Brief


*|MC:SUBJECT|*
  FEATURED STORY            

MONDAY, OCTOBER 10, 2016

U.S. BLAMES RUSSIA FOR POLITICAL HACKING

The Obama administration on Friday officially blamed the Kremlin for trying to interfere in the 2016 election by leaking emails stolen from the Democratic National Committee and other entities. A joint statement from the Department of Homeland Security and Office of the Director of National Intelligence said that the disclosures of emails on WikiLeaks and other websites “are intended to interfere with the U.S. election process” and that “based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.” It is the first time the White House has publicly attributed the hacking to Russia.

 

WikiLeaks founder Julian Assange said the group would publish about one million documents related to the U.S. election and three governments in coming weeks, but denied the releases were aimed at damaging Hillary Clinton.

Foreign policy experts say President Obama is likely considering a range of responses from issuing a new round of economic sanctions, to indicting the Russians behind the hacking, to ordering U.S. intelligence agencies to attack Russian computer servers. With any response, the United States wants to deter future cyberattacks of this nature while avoiding an escalation that spirals out of control, analysts say. (Reuters, NYT, Wired, WSJ, FT)


 
  HACKERS                                          

Clinton Foundation: The New York-based charitable organization warned donors about attempts by hackers to use fraudulent emails to steal personal information. However, the foundation said it had "no evidence that our system was breached." (NYT)

 

Botnet: Security experts fear a new wave of powerful distributed denial-of-service attacks after a botnet code was released on the internet in recent days. The botnet software remotely connects to video recorders and routers and then tries out default usernames and passwords until it gains control of the device. (WSJ)

Med Devices: Johnson & Johnson is notifying patients of a security vulnerability in one of its insulin pumps that hackers could exploit to overdose diabetics with insulin, though the company describes the risk as “extremely low.” (Reuters)
 


  PRIVATE SECTOR                             


Yahoo: U.S. intelligence agencies reportedly demanded that Yahoo scan its customers' emails for certain threat information. Some experts said it represents the first known case of a U.S. Internet firm searching all incoming emails to comply with a government request. At least two Yahoo officials left in protest. Meanwhile, Verizon is attempting to negotiate a $1 billion price cut for its acquisition of Yahoo after last month’s news that at least 500 million of its accounts were hacked. (Reuters, NYPost)

 

Samsung: The company is acquiring U.S. artificial intelligence platform developer Viv Labs, a firm run by a co-creator of Apple’s Siri voice assistant. Viv executives will continue managing the business independently. (Reuters)

Toyota: The Japanese automaker unveiled a small robot, dubbed Kirobo Mini, designed as a baby-like companion. Toyota plans to sell it for 39,800 yen ($392) next year in Japan, where birth rates have plummeted. (Reuters)


  COURTS                                          

NSA Worker: In August, the FBI arrested a National Security Agency contractor, Harold Thomas Martin, on charges of stealing highly-classified information, and agents are looking into possible links to a recent leak of secret U.S. hacking tools. The case has also placed Booz Allen, the firm where Martin worked, under renewed scrutiny. Martin’s arrest is the second time in three years that a Booz contractor has been accused of stealing potentially damaging material from the NSA. Edward Snowden leaked stolen records in 2013. (WSJ, NYT)

 

Weapons Tech: A U.S. citizen and two Russian nationals were arrested on charges relating to the alleged illegal export of U.S. military technology to Russia. The Justice Department said the microelectronics that were allegedly shipped to Russia included digital-to-analog converters and integrated circuits used in a range of military systems, including radar and missile guidance systems. (Reuters)

Encryption Firm: Open Whisper Systems, which makes a widely used encryption app called Signal, received a subpoena earlier this year for information associated with two phone numbers that came up in a federal grand jury investigation in Virginia. The subpoena came with a court order that said the company was not allowed to tell anyone about the information request for one year. (NYT)

 

  THE WORLD                                     

China: President Xi Jinping said China must speed up plans to replace insecure internet technology with domestic alternatives. Foreign businesses have urged Chinese officials to revise a series of pending regulations mandating "secure and controllable" network technologies in industries from banking to insurance. (Reuters)

Europe: Analysts say Europe has a “love-hate relationship” with U.S. tech companies: European business leaders envy Silicon Valley’s success and innovation, but EU authorities are irritated at U.S. tech firms' perceived indifference to their laws and culture. (WaPo)

MUST READS

The DNC Hack and (the Lack of) Deterrence: “One hopes that the USG is doing much more in secret to deter our cyber-adversaries, though one doubts it based on news reports about internal uncertainty and disarray in responding to each new offensive cyber-operation.   As far as the public record shows, the USG deterrence strategy appears to be: dithering followed by, at worst, a wrist slap.   Is it any wonder that Russia—which is increasingly antagonistic to the United States around the globe, and reeling under U.S. sanctions—is emboldened to harm the United States via cyber?   And will the hesitant response to the DNC hack do anything other than further embolden Russia and other adversaries?  ‘No,’ and ‘no,’ I believe,” writes Jack Goldsmith on Lawfare.

 

The Most Likely U.S. Response Is Non Cyber: “Great powers are still trying to navigate the bounds of acceptable and proportionate responses when faced with confrontational state-sponsored cyber activity. Although analogies to nuclear policy or previous U.S. experience with Russian kompromat from the past may be helpful to navigate the present, cyberspace has unique characteristics that make these imperfect parallels. Washington’s response to Moscow’s actions will set the bar for future responses and set the example for other countries who could be victim of the same kind of activity. The White House will want to choose its next move carefully,” writes Adam Segal at the Council on Foreign Relations.

The Internet Finally Belongs to Everyone: “Ultimately, the transfer of IANA to ICANN is more of a formality than a real change of policy. But it’s an important formality. The fact that the US government had the final say over the domain name system never sat well with the rest of the world, especially after 2013 when Edward Snowden revealed the scope of US Internet surveillance. Severing that last tie to the US will allow foreign governments and companies to have confidence that the Internet is outside of the US’s control,” writes Klint Finley in Wired.



 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.

Comment