The Stroz Friedberg Cyber Brief


email : Webview : Cyber Brief: Records Highlight Cyber Threat to Fed
The Cyber Brief
Today's Top Story
MONDAY, JUNE 6, 2016
RECORDS HIGHLIGHT CYBER THREAT TO FED
Files obtained by Reuters through a Freedom of Information Act request show that the Federal Reserve had more than 50 cyber breaches between 2011 and 2015, some of which were described as espionage. The records are heavily redacted for security reasons and do not indicate those behind the hacking or whether sensitive data or money was stolen. Additionally, the files exclude incidents at the twelve regional Fed banks, which are not subject to FOIA requests. The central bank’s role in setting interest rates makes it a prime target for hackers, experts say.

The Fed is under greater public scrutiny following news in March that hackers stole $81 million from the Bangladesh central bank’s account at the New York Fed. But the U.S. bank is keen to point out that the incident was not caused by a breach of its systems, and notes that the instructions to make the payments were authenticated by the SWIFT global payments system. In recent days, SWIFT has threatened to suspend banks with weak cybersecurity from its network. (Reuters, Bloomberg, FT)
Mega Breaches: In June 2013, a hacker stole username and password information from what could be more than 360 million accounts of the once hugely popular social media website. Security analysts also report major account breaches at Tumblr, in 2013, and the dating website Fling in 2011. (Wired, Ars Technica)

White Hats: Over the past four years, Romanian white hat hacker Alex Coltuneac has collected bug bounty payments from Google, Facebook, Microsoft, Adobe, Yahoo, eBay, and PayPal. Analysts say his experience illustrates how bug bounty programs are a chance for hackers, particularly in Eastern Europe, to pursue a legitimate career in cybersecurity. (Wired)
CFAA: A Texas man was charged with a felony count of violating the 1986 Computer Fraud and Abuse Act for deleting a collection of files before leaving his software job in 2011. His trial started last week and his defense attorneys and some legal observers argue it represents another another example of prosecutorial overreach based on the CFAA. (Wired)

NSLs: Yahoo became the first company to go public about National Security Letters it has received without needing to battle with the government in court. The controversial subpoenas allow federal agents to obtain customer records and transaction data from internet service providers and other companies without a court order. (Wired)

Bitcoin Theft: The U.S. government has seized several million dollars from two Florida men who allegedly stole 5,400 bitcoins from the illegal online drug sales site Sheep Marketplace in late 2013. The theft led to the closing of Sheep Marketplace, which had sprung up in response to the closing of Silk Road. (Forbes)
Tech Exports: The Commerce Department is investigating whether Huawei violated U.S. export controls, and has demanded the Chinese tech giant turn over all information regarding the export or re-export of U.S. technology to Cuba, Iran, North Korea, Sudan, and Syria. (NYT)

Privacy Act: The FBI wants to exempt its growing national database of fingerprints and facial photos from a federal law that gives Americans the right to sue for government violations of the Privacy Act. The Justice Department says it is seeking the exemptions to ensure that ongoing investigations are not compromised by people learning they are the subjects of probes. (WaPo)

SEC: The corporate watchdog announced that Christopher R. Hetner has been named senior adviser on cybersecurity policy to Chairwoman Mary Jo White. He will be responsible for coordinating efforts to address cybersecurity policy, engaging with external stakeholders and boosting the SEC’s mechanisms for risk assessment. (The Hill)
NATO: Members of the transatlantic security alliance will likely agree during a summit meeting in Warsaw next month to designate cyber as an official operational domain of warfare, along with air, sea, land and space. (Reuters)

Microchips: For the next several years, the Pentagon will rely on Globalfoundries Inc., an Abu Dhabi-owned company, to supply the most advanced microchips used in U.S. spy satellites, missiles, and combat jets. IBM had been the near-monopoly supplier of the chips for more than a decade and paid Globalfoundries $1.5 billion to take the unprofitable business off its hands, analysts say. (WSJ)
Walmart: The retail behemoth is testing the use of flying drones to handle inventory at its large warehouses, which supply the thousands of Walmart stores throughout the nation. In six to nine months, the company said, the machines may be used in one or more of its distribution centers. (NYT)

BMW: The German automaker is overhauling its research and development activities to focus on self-driving cars, a move which includes a revamp of its "i" sub-brand of carbon-fibre based electric vehicles. (Reuters)
Iran: The Islamic Republic has given foreign messaging apps like Telegram a year to move data they hold about Iranian users onto servers inside the country, prompting privacy and security concerns on social media. Iran has some of the strictest internet controls and blocks access to U.S. social media platforms such as Facebook and Twitter. (Reuters)

Taiwan: A U.S. cybersecurity researcher says that the website of Taiwan’s ruling Democratic Progressive Party has come under attack from cyberspies seeking to profile visitors to the site. It’s part of a campaign to get information about the party’s policies following its election victory in January, he says. (Bloomberg)
Must Reads
World Is Preparing for Battle Against U.S. Tech Giants: “The European efforts are just a taste of a coming global freak-out over the power of the American tech industry. Over the next few years, we are bound to see increasing friction between the tiny group of tech companies that rule much of the industry and the governments that rule the lands those companies are trying to invade. What is happening in Europe is playing out in China, India and Brazil and across much of the rest of the globe, as well,” writes Farhad Manjoo in the New York Times.

The Robot Invasion Isn’t Yet Here: “The alarmist headlines at the start of this column appeared in various publications and are quoted in an essay by Richard Freeman, a Harvard labor economist. As he notes, ‘most economists’ (including Freeman) doubt the gloomy predictions of mass unemployment. True, robots enjoy some advantages over humans; they can work 24 hours a day and don’t have fringe benefits. Still, the economists have history on their side. It’s all happened before,” writes Robert Samuelson in the Washington Post.

Maybe Wall Street Has Solution to Cyberattacks: “What if there was a way to deter cyber attacks by automatically hitting countries that launch them right where it hurts—in the wallet? What if Wall Street could solve a challenge that has confounded Silicon Valley and the NSA for years? Enter our unlikely hero: sophisticated financial instruments. Specifically, a kind of securitized cyber insurance that I will call Cyber Bonds,” writes Nathan Bruschi in Wired.
Top Op-Eds
Follow us:

EDITOR-IN-CHIEF, KAREN J. GREENBERG, DIRECTOR, CENTER ON NATIONAL SECURITY, FORDHAM LAW SCHOOL
Stroz Friedberg
powered by emma