The Stroz Friedberg Cyber Brief


email : Webview : Cyber Brief: Microsoft Challenges Secrecy of Government Searches
The Cyber Brief
Today's Top Story
MONDAY, APRIL 18, 2016
MICROSOFT CHALLENGES SECRECY OF GOVERNMENT SEARCHES
The U.S. software maker is challenging the constitutionality of a thirty-year old law that allows courts to block companies from alerting customers about requests from the government to turn over their data. Microsoft, like other tech giants, fulfills thousands of requests each year from federal and state prosecutors for customer information. The company alleges that the gag order component of the Electronic Communications Privacy Act of 1986 violates the Fourth Amendment right of its clients to know when they are subject to a search, and says it breaches the company’s First Amendment right to free speech.

The lawsuit, filed against the Justice Department in Seattle federal court, disclosed that, in the past 18 months, courts have issued nearly 2,600 orders preventing Microsoft from notifying customers that their remotely stored data was searched. More than two-thirds of these gag orders were of indefinite duration, the company said. Legal analysts say the case may take months or even years to work its way through the system. (NYT, Reuters, WaPo, WSJ)
Banks Heist: Researchers at IBM said they discovered a new type of malware that has been used to target customers of several banks in the United States and Canada. Roughly $4 million dollars was stolen in the first few days of April, the researchers said. (WSJ)

Ransomware: Criminals are reportedly becoming much more adept at extorting money from their online victims, in some cases employing call centers and technical support to streamline payment and data recovery. (Reuters)

Wire-Transfer Scam: An unnamed U.S. company was defrauded last year out of nearly $100 million by individuals who created a fake email address in order to pose as one of its vendors. Details of the scheme came out as the U.S. government filed a civil forfeiture suit in Manhattan federal court seeking to recover about $25 million derived from the fraud held in banks around the world. (Reuters)

Shortened URLs: Researchers at Cornell Tech have demonstrated how hackers using only a few machines guessing shortened URLs could access web addresses that users assume are private. (Wired)

HTTPS: Since launching less than six months ago, a small nonprofit in San Francisco, Let’s Encrypt, has helped 3.8 million websites switch from HTTP to HTTPS encryption, which shields web browsing from surveillance. (Wired)
Apple-FBI Battle: In a Brooklyn federal court filing, Apple said the government has “utterly failed” to show that only the company’s engineers can crack a drug dealer’s encrypted iPhone. Apple specifically referenced the government’s handling of the case in San Bernardino, CA, in which prosecutors initially insisted that only Apple could help the FBI. However, the Bureau reportedly paid professional hackers a one-time fee to crack the terrorism suspect’s iPhone. Sources say that nothing of significance has been found on the phone. (WaPo, CBS)

DOE Hacker: A former employee of the Department of Energy, Charles Eccleston, was sentenced to 18 months in prison on a federal charge stemming from an attempted email spear-phishing campaign last year targeting dozens of government employees. Eccleston was convicted of attempting to sell access to sensitive U.S. computer networks to foreign governments. (WaPo)

Journalist: A Sacramento federal judge sentenced Matthew Keys to two years in prison for helping members of the Anonymous hacking collective gain access to the Los Angeles Times website in 2010. (Reuters)
White House: President Obama has assembled a team of experts from the public and private sectors as well as academia to help advise the executive branch on cybersecurity. Members of the new Commission on Enhancing National Cybersecurity include Keith Alexander, former head of the NSA, and executives from Uber, Facebook, Microsoft, and MasterCard. (White House)

U.S.-EU Data Deal: Privacy regulators in France, Germany, and other European states said that the data-sharing pact signed with the United States early this year does not go far enough to protect the personal information of Internet users in Europe. The warning puts U.S. companies like Google, Facebook, and Amazon on notice that they could face protracted legal battles overseas. (NYT)
Missile Defense: The persistent campaign of cyberattacks on the U.S. Missile Defense Agency and its major weapons programs poses as great a threat to the country as Iran’s or North Korea’s development of intercontinental ballistic missiles, the admiral who heads the agency said. (Reuters)

APT Study: The Pentagon has awarded a group of U.S. universities a five-year grant worth $7.5 million to research advanced persistent threats, which, unlike conventional computer viruses, exploit vulnerabilities that allow them to persist undetected over a very long time. (Seattle Times)
Facebook: The social media giant wants businesses to start using bots to communicate with their customers on its Messenger service, in the hope that opening up its artificial intelligence tools to companies will transform industries. (FT)

Carmakers: Industry analysts say that while Ford is developing a sophisticated self-driving car that its engineers hope will be able to manage whole journeys without human intervention, GM is taking a more incremental approach, developing a semi-autonomous system that takes only the most routine driving away from humans. (FT)

Uber: In its first “transparency report,” the company said it shared internal data on millions of its riders with U.S. authorities in the second half of 2015 but reported no requests on national security grounds. (WSJ)

BT: British Telecom is recruiting 900 people to work in its cybersecurity business as part of a drive to tackle the growing threat from hacking. Most of the new hires will be in the UK, but BT also said it was hiring specialists across the globe. (Sky News)

Must Reads
The Minecraft Generation: “It’s a world of trial and error and constant discovery, stuffed with byzantine secrets, obscure text commands and hidden recipes. And it runs completely counter to most modern computing trends. Where companies like Apple and Microsoft and Google want our computers to be easy to manipulate — designing point-and-click interfaces under the assumption that it’s best to conceal from the average user how the computer works — Minecraft encourages kids to get under the hood, break things, fix them and turn mooshrooms into random-­number generators. It invites them to tinker,” writes Clive Thompson in NY Times Magazine.

The Vigilante Who Hacked Hacking Team: “After eight months of almost complete silence, the pseudonymous digital vigilante behind the hack has resurfaced, publishing a detailed explanation of how he broke into the company’s systems and laid bare its most closely guarded secrets. The write-up breaks down not only how the hacker, who calls himself Phineas Fisher, sneaked into Hacking Team’s network and quietly exfiltrated more than 400 gigabytes of data, but also serves as a manifesto of his political ideals and the motives behind the hack,” writes Lorenzo Franceschi-Bicchierai of Motherboard.

Obama’s ‘Splinternet’ Legacy: “In 2014, President Obama announced he would end U.S. stewardship over the global Internet. By protecting the root zone of web names and addresses through a contract with the Internet Corporation for Assigned Names and Numbers, or Icann, the U.S. empowered developers and engineers to build networks free of pressure from other governments. Unless Congress stops him, Mr. Obama will surrender U.S. control before the end of his term, making it possible for authoritarian regimes to censor the Internet globally, not just in their own countries,” writes L. Gordon Crovitz in the Wall Street Journal.
Top Op-Eds
Follow us:

EDITOR-IN-CHIEF, KAREN J. GREENBERG, DIRECTOR, CENTER ON NATIONAL SECURITY, FORDHAM LAW SCHOOL
Stroz Friedberg
powered by emma