The Stroz Friedberg Cyber Brief


email : Webview : Cyber Brief: Heists Are 'Wake-Up Call' to Secure Global Financial Network
The Cyber Brief
Today's Top Story
MONDAY, MAY 23, 2016
HEISTS ARE ‘WAKE-UP CALL’ TO SECURE GLOBAL FINANCIAL NETWORK
The Society for Worldwide Interbank Financial Telecommunication, commonly known as Swift, notified customers last Friday that it is working on new cybersecurity measures and reminded banks that they are required to report any network breaches. The note came after news that hackers in early 2015 stole some $9 million from an Ecuadorian bank, the third such heist to come to light in recent weeks. Cyber criminals made off with $81 million from Bangladesh’s central bank in February, and attempted to steal more than $1 million from a Vietnamese bank in late 2015.

Swift continues to stress that its core messaging network has not been compromised and noted the attacks have targeted weaknesses in users’ security. “Management of local systems, authorization and credentials is under customers’ responsibility,” a spokeswoman for Swift said Friday. Still, a former top official at the organization said Swift needs to do more to make financial transactions secure. “It’s a huge wake-up call,” said Leonard Schrank, who was chief executive of Swift for 15 years until he left in 2007. (WSJ, Reuters)
LinkedIn: The professional networking site said that hackers were attempting to sell what they claimed were 117 million email addresses and passwords, suggesting that a data breach in 2012 was far larger than initially thought. Since the attack, LinkedIn has beefed up security, including enabling two-step verification. (NYT)

U.S. Election: Director of National Intelligence James Clapper said officials had seen indications that unidentified hackers were attempting to target the 2016 presidential campaigns. The last two presidential cycles in 2008 and 2012 saw a barrage of cyberattacks. (WashPost)
SCOTUS: The Supreme Court sent Spokeo v. Robins back to lower court for it to take another look at whether a California man, Thomas Robins, had alleged the kind of injury that would allow his suit to go forward. Robins sued Spokeo, a company that sells personal data online, for distributing false information about him under a part of the Fair Credit Reporting Act that provides damages of up to $1,000. (NYT)

U.S.-UK Partnership: The Manhattan District Attorney’s Office is giving $25 million over five years from criminal forfeits to fund the Global Cyber Alliance with the City of London Police. Both will give offices and staff to the not-for-profit organization, which dubs itself a “voluntary clearing house” for cyber intelligence, and will prioritize prevention over enforcement. (FT)

Manning Case: Chelsea Manning has filed an appeal three years after she was sentenced to 35 years in prison for what is considered the largest leak of classified government documents in history. Journalist Kim Zetter explains why her attorneys took so long. (Wired)

Credit Fraudster: A Macedonian man, Djevair Ametovski, was extradited to the United States to face charges related to his website, called Codeshop, where authorities say he sold the data of thousands of credit cards from around the world. (Reuters)

Mozilla: A judge in Washington State rejected Mozilla’s request for the FBI to disclose a vulnerability in its Firefox browser, a flaw that the agency exploited to target a child pornography ring on the dark web. (Newsweek)
Background Checks: Director of Intelligence Clapper signed a policy that will allow background check investigators to scan social media postings as part of their assessment. The news comes shortly after Twitter denied government agencies access to a data service that scans all existing tweets for trends. (Defense One)

Warrant Bill: Sens. Ron Wyden (D-OR) and Rand Paul (R-KY) introduced a bill that would block a pending judicial rule change allowing federal judges to issue search warrants for remote access to computers in any jurisdiction. Companion legislation is expected in the House soon, Wyden said. (Reuters)

DHS: The Department of Homeland Security plans to expand its Silicon Valley office to a staff of about 20. The step will allow the department to relocate some of its experts in critical infrastructure who are already based in California as well as hire additional cybertechnology personnel. (Bloomberg)
Cyber Command: Congress is debating the authority of U.S. Cyber Command. The House National Defense Authorization Act, which cleared the lower chamber last week, would elevate the command to a standalone warfighting entity, however, this language is absent from a draft Senate version of the bill. Cyber Command is currently under the authority of the Strategic Command and shares a commander with the National Security Agency. (The Hill)
Google: The company is launching two new apps, Allo, a messaging service, and Duo, a video calling service, that will use end-to-end encryption, which analysts say will likely frustrate government surveillance efforts. (Wired)

Microsoft: The software giant is updating its terms of use to specifically ban the posting of "terrorist content" on its services. However, it will not hide results for this material on its search engine unless it is banned by local governments. (The Hill)
France-U.S.: French tech billionaire Xavier Niel is attempting to export his free software engineering school to Silicon Valley to train future computer programmers. Based on the model he launched in France in 2013, the U.S.-based non-profit will grow to 10,000 students within the next five years, the school said. (Bloomberg)

EU: Half of the European Union's member states have called for the removal of barriers to the free flow of data both within and outside the 28-nation bloc to ensure the continent can benefit from new data-driven technologies. (Reuters)
Must Reads
Facebook’s Subtle Empire: “In one light, Facebook is a powerful force driving fragmentation and niche-ification. It gives its users news from countless outlets, tailored to their individual proclivities. It allows those users to be news purveyors in their own right, playing Cronkite every time they share stories with their “friends.” And it offers a platform to anyone, from any background or perspective, looking to build an audience from scratch. But seen in another light, Facebook represents a new era of media consolidation, a return of centralized authority over how people get their news,” writes Ross Douthat in the New York Times.

Google’s Competition Battle in the EU: “Google has already been formally charged twice over its monopoly abuse. It stands accused of systematically favouring its own price comparison shopping product over that of its rivals in Web search. More recently, the European Commission concluded in a preliminary decision that Google had abused its dominant position by imposing restrictions on Android device makers. It's understood that, in a matter of weeks, Google will also face a record-breaking fine rumoured to be around $3 billion, which—based on Alphabet Inc's 2015 figures—represents a little under five percent of its annual turnover. More significantly, however, Google will also be told by the commission's antitrust officials to stop manipulating its search results,” writes Kelly Fiveash for Ars Technica.

The Problem of Defining Cyberwar: “As malicious behavior advances toward acts of war, it is likely that retaliation will become more aggressive and severe. But there is no requirement that a cyberattack should be countered with a cyber-response; an act of cyberwar can unleash the whole arsenal of hard and soft power. Unless adversaries know when the US will use military force, and when costs of an attack outweigh the benefits, there is little hope in achieving any real level of deterrence,” writes Andrea Little Limbago in the Christian Science Monitor.
Top Op-Eds
Follow us:

EDITOR-IN-CHIEF, KAREN J. GREENBERG, DIRECTOR, CENTER ON NATIONAL SECURITY, FORDHAM LAW SCHOOL
Stroz Friedberg
powered by emma