The Stroz Friedberg Cyber Brief


*|MC:SUBJECT|*
  FEATURED STORY            

TUESDAY, NOVEMBER 1, 2016

LAWMAKERS PRESS DOJ FOR INFO ON NEW HACKING POWERS

A bipartisan group of federal lawmakers asked the Justice Department last week to provide more information on how a coming expansion to the government's hacking powers could impact privacy rights. The new authorities, which are set to take effect December 1, would let judges grant warrants allowing the FBI to hack into and search devices that are part of a network of hijacked machines known as a botnet, or when the government is uncertain where the devices are located.


DOJ has reportedly worked on the rule changes for years, asserting they are needed to keep pace with criminal threats posed by new technologies. Some civil liberties advocates and tech firms, including Google, have said the changes could allow searches that run afoul of privacy rights. (Reuters, AP, EFF)

 
  HACKERS                                          

Dyn Attack: Researchers at the cyber-intelligence firm Flashpoint say the massive DDoS attack that crippled the internet’s infrastructure late last month may have been carried out by amateurs who frequent a popular hacking forum. (WaPo)

 

ShadowBrokers: The hackers who stole the NSA’s cyber tools have reportedly published a new collection of files that experts say could allow certain parties to determine if they were targeted by the NSA’s hacking unit. However, more work needs to be done to validate the contents of the dump, they say. (Motherboard)


Lawful Hacking: A new exemption to the decades-old law known as the Digital Millennium Copyright Act that just took effect allows Americans to hack their own devices without fear that manufacturers could sue them. (Wired)


  COURTS                                          

FL Spammer: Florida man Timothy Livingston pleaded guilty in New Jersey federal court to charges stemming from his role in a wide-ranging scheme that hijacked email accounts to send unsolicited spam. He is scheduled to be sentenced January 27. (Reuters)

 

Dutch Hacker: Sven Olaf Kamphuis, the man accused of launching an unprecedented DDoS attack on Geneva and London-based volunteer group Spamhaus that reportedly “almost broke the internet” in 2013, is heading to trial in the southern Dutch city of Dordrecht. (Guardian)


Data Pact: An Irish privacy advocacy group has filed a widely expected legal challenge to the EU-U.S. Privacy Shield, the commercial data sharing pact that was agreed to early this year. It will be a year or more before the Luxembourg-based General Court rules on the case, legal analysts say. (Reuters)
 

  ON THE HILL                                    

Treasury: The Treasury Department's office of Financial Crimes Enforcement Network, or FinCEN, released an advisory that details what banks should include in suspicious activity reports when there is a cyber element in fraud cases. FinCEN is the U.S. regulator responsible for anti-money laundering. (Reuters, WSJ)


FCC: The Federal Communications Commission approved new privacy rules that prevent broadband providers like AT&T and Comcast from collecting and sharing digital information about individuals. Analysts say the regulations are a clear victory for consumers. (NYT)


  DOD                                                


Booz Allen: The defense and intelligence contractor has launched an external review of its security and staffing processes following its second major personnel scandal in three years. Former FBI Director Robert Mueller will lead the inquiry. (WSJ)


  PRIVATE SECTOR                             

CyTech: A congressional report released in September offered the small cybersecurity company some vindication, saying it played a role in identifying the massive breach at the U.S. Office of Personnel Management, and noting that OPM had downplayed that work as part of a broader damage-control strategy. (Bloomberg)

 

Qualcomm: The smartphone chipmaker has agreed to buy NXP Semiconductors for about $38 billion in the biggest-ever deal in the semiconductor industry. With the deal, Qualcomm is taking a big bet on the so-called Internet of Things, analysts say. (Reuters)


IBM: The Wall Street Journal’s editor in chief, Gerard Baker, sat down for a conversation with IBM CEO Virginia Rometty to discuss the company’s ambitious plans for Watson and its AI-related business. (WSJ)


  THE WORLD                                     

China: A cybersecurity law that has spurred protests from foreign governments and business groups neared approval yesterday as China’s legislature held a third reading of the draft bill. Critics are particularly concerned about requirements that companies store data locally and provide encryption keys. (Reuters)

 
MUST READS

The Pentagon’s ‘Terminator Conundrum’: “Just as the Industrial Revolution spurred the creation of powerful and destructive machines like airplanes and tanks that diminished the role of individual soldiers, artificial intelligence technology is enabling the Pentagon to reorder the places of man and machine on the battlefield the same way it is transforming ordinary life with computers that can see, hear and speak and cars that can drive themselves,” write Matthew Rosenberg and John Markoff in the New York Times.

 

How to Fix an Internet of Broken Things: “While the rise of smart products holds the promise to revolutionize business and society, the burning question now is whether security can scale alongside the fast pace of innovation. The market for internet-connected devices is growing so quickly that Samsung recently announced that all of its products would be connected to the Internet by 2020. There's a way of developing connected gadgets that aren't easily susceptible to outside attack, that have more security protections, and are designed with security in mind. But it'll take more pressure on industry to make sure that happens,” writes Scott Shackelford in the Christian Science Monitor.

 

Into the Grey Zone: “A key element of a cyber strategy for the private sector is active defense, a term that captures a spectrum of proactive strategic and technical cybersecurity measures that are the focus of this report. Such measures—if developed and used within a carefully defined legal and policy framework that accounts for technical risks and companies’ differing capabilities—provide a powerful tool for addressing cyber threats to the private sector,” writes a task force of experts for the George Washington Center for Cyber and Homeland Security.

EVENTS & VIDEOS OF NOTE

 


 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.

Comment