The Stroz Friedberg Cyber Brief


*|MC:SUBJECT|*
  FEATURED STORY            

MONDAY, OCTOBER 24, 2016

POWERFUL DDOS WAVE HITS INTERNET INFRASTRUCTURE

Unknown hackers unleashed an “historic” distributed denial-of-service attack last Friday that prevented many in the United States and Europe from accessing popular websites like Twitter, Paypal, and the New York Times. The cyber criminals reportedly commandeered hundreds of thousands of internet-connected devices and bombarded a company called Dyn DNS with queries. The New Hampshire-based firm acts as a key switchboard for internet traffic.

Cybersecurity experts say the massive DDOS attack offered a glimpse of a new era of threats facing a super-connected society. “There are tens of millions more insecure ‘smart’ things that could cause incredible disruptions, if harnessed,” said Chester Wisniewski, a computer researcher at the security company Sophos. The U.S. Department of Homeland Security and the FBI said they were investigating. (NYT, Reuters, WSJ, FT)


 
  HACKERS                                          

Assange: Ecuador directed its embassy in London to suspend the Internet access of its long-term guest Julian Assange, founder of WikiLeaks. The country said the organization’s recent document releases have had a “major impact” on the U.S. presidential election. (WaPo)

 

Anonymous: Hector “Sabu” Monsegur has for the past year been working for a Seattle security firm where he manages a small team that breaks into clients’ networks to demonstrate vulnerabilities. The job marks his turn to full-time cybersecurity work after a much higher profile career as leader of a hacktivist team. (Wired)

 

Podesta Emails: Hackers backed by the Russian government used a spear-phishing attack to gain access to the email account of John Podesta, Hillary Clinton’s campaign chairman. Podesta reportedly received an email on March 19 that contained what looked like a Google link. (Motherboard)

AI: Advances in artificial intelligence technology, like computer-synthesized voice, will allow cybercrime to become automated and scale exponentially, warn experts. (NYT)


  COURTS                                          

Russian Hacker: A federal grand jury in Oakland, CA, indicted Yevgeniy Aleksandrovich Nikulin for breaking into computer systems at three internet companies in 2012. He was arrested this month while vacationing with his girlfriend in the Czech Republic. (NYT)

 

NSA Contractor: The Justice Department is bringing espionage charges against Harold T. Martin III, the National Security Agency contractor accused of stealing a massive cache of classified information, including top secret hacking tools. The charges carry far more severe penalties than previously announced charges. (The Hill, NYT)

Yahoo: The tech company asked U.S. Director of National Intelligence James Clapper to declassify a surveillance order it received so it can respond to a Reuters report that it set up a special program last year to scan all Yahoo Mail users' incoming messages. (Reuters)

 
  ON THE HILL                                    


Financial Regs: The Federal Reserve, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency are planning to impose stronger cybersecurity standards on the industry. The regulators will issue a formal proposal in January 2017. (The Hill)


  DOD                                                

Bug Bounties: The Pentagon announced it gave yearlong contracts to HackerOne and Synack, a pair of firms specializing in bug bounties, to create a broader, more long-lasting program. The department ran a successful one-month pilot program between April and May. (The Hill)


  PRIVATE SECTOR                             

St. Jude: The medical-device maker said that it planned to set up an advisory board focused on cybersecurity issues affecting patient care and safety. The news comes as the FDA investigates claims that the company’s heart devices are riddled with defects that make them vulnerable to fatal hacks. (Reuters)

Microsoft: The software giant has opened a center in Brazil where officials will be able to inspect its programming code. The move is an attempt to allay suspicions in the region that its software programs are vulnerable to spying, analysts say. (Reuters)


  THE WORLD                                     


Thailand: Thailand’s government met with representatives from Google amid growing calls from hardline royalists to bring those who insult the monarchy to justice. The company affirmed that it would continue to help the Thai government remove content from YouTube, a Google subsidiary, that it deemed offensive. (Reuters)

 
MUST READS

Inside the Cyberattack That Shocked the U.S. Government: “When OPM went public with news of the hack in early June, speculating about the attackers’ plans for the data became a popular Beltway pastime: Some of the theories involved a Chinese plot to recruit agents and, more outlandishly, a scheme to graft finger­prints onto Chinese spies so they could foil biometric sensors. But concrete evidence of the hackers’ long-term intentions remains virtually nonexistent, which may be the scariest part of all,” writes Brendan I. Koerner in Wired.

 

Inside the Strange, Paranoid World of Julian Assange: “The questions asked about the organisation and its leader are often the wrong ones: How has WikiLeaks changed so much? Is Julian Assange the catspaw of Vladimir Putin? Is WikiLeaks endorsing a president candidate who has been described as racist, misogynistic, xenophobic, and more? These questions miss a broader truth: Neither Assange nor WikiLeaks (and the two are virtually one and the same thing) have changed – the world they operate in has. WikiLeaks is in many ways the same bold, reckless, paranoid creation that once it was, but how that manifests, and who cheers it on, has changed,” writes James Ball for BuzzFeed.

New Strategies for Securing Our Private Lives: “The challenges posed by how hackable we all are profound. Before resigning ourselves to a new reality in which either no privacy can be expected or where any sensitive communications must be limited or conducted by analog means to avoid compromise, we should look for ways to employ technology—and networks of trusted friends and institutions—to facilitate protections for ourselves and those with whom we communicate,” writes Jonathan Zittrain on Lawfare.



 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.

Comment