The Stroz Friedberg Cyber Brief


*|MC:SUBJECT|*
  FEATURED STORY            

MONDAY, JANUARY 29, 2018

HACKERS TAKE HALF BILLION IN HISTORIC CRYPTO HEIST

Unidentified thieves hacked into Coincheck, one of Japan’s top cryptocurrency exchanges, and made off with the rough equivalent of $530 million in a virtual currency called NEM, short for “New Economy Movement.” It is the largest known theft of digital currency to date and highlights the risks of trading assets that policymakers are struggling to regulate. Coincheck said it plans to return about 90 percent with internal funds, but it has yet to say how or when.

The Japanese government ordered Coincheck to file a report on the breach, and said it will, if necessary, conduct on-site inspections of cryptocurrency exchanges. Last year Japan became the first country to regulate cryptocurrency exchanges at the national level. In early 2014, Japan’s Mt. Gox exchange was the target of a $450 million bitcoin heist. (Reuters, WSJ, Ars Technica)

  HACKERS                                          

Cozy Bear: Dutch intelligence agents reportedly provided the FBI with “crucial information” about Russia’s interference in the 2016 U.S. election. Dutch agents infiltrated the network of the infamous Russian hacker group Cozy Bear and reportedly witnessed their launching an attack on the U.S. Democratic Party. (De Volkskrant)

 

ATMs: Two of the world’s largest ATM makers have warned that hackers are targeting U.S. cash machines with tools that force them to spit out cash in schemes known as “jackpotting.” (Reuters)

Dark Web Buys: Researchers have shown that it’s easy to dig up evidence of old bitcoin transactions when the spenders didn't carefully launder their payments. In many cases, researchers could connect someone's bitcoin payment on a dark website to that person's public account. (Wired)


  COURTS                                          

Fake Followers: New York’s attorney general has opened an investigation into Devumi, a company that sold millions of fake followers on social media platforms. “Impersonation and deception are illegal under New York law,” Eric Schneiderman wrote on Twitter. “We’re opening an investigation into Devumi and its apparent sale of bots using stolen identities.” (NYT)

Net Neutrality: Analysts say that Montana’s recent efforts to restore net neutrality could face legal challenges. Last week, Governor Steve Bullock issued an executive order declaring that any internet service provider with a state government contract cannot block or charge more for faster delivery of websites. (NYT)


  ON THE HILL                                    

Russia Probe: Multiple media outlets reported that President Trump ordered the firing last June of special counsel Robert Mueller, but say he ultimately backed down after White House counsel Don McGahn threatened to resign. Trump dismissed the revelations as “fake news.” (NYT)

 

Wireless Network: A senior administration official said that U.S. intelligence officials are weighing options to counter the threat of China spying on U.S. phone calls that include the government building a super-fast 5G wireless network. (Reuters)

DNC Security: The Democratic National Committee has hired Bob Lord, most recently Yahoo's head of information security, to be its chief security officer. The position is brand new, created in the aftermath of the 2016 election hacking. (Wired)


  PRIVATE SECTOR                             

Intel: The U.S. chipmaker did not have time to notify the U.S. government about critical security flaws in its products, but it reportedly was able to notify a small group of customers, including Chinese technology companies. The company’s decision has raised concerns. (WSJ)

Alphabet: Google’s parent company has launched a new business unit dubbed Chronicle that will sell cybersecurity software to Fortune 500 companies. The initiative reflects Alphabet’s desire to become a major player in enterprise computing technology, analysts say. (Reuters)


  THE WORLD                                     

Russia: U.S. tech companies Symantec and McAfee let a Russian defense agency scour some of their source code in order to sell their products in the country. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers. (Reuters)

EU: Global tech firms are preparing for a stringent new set of data privacy rules in the European Union, called the General Data Protection Regulation. The GDPR, which will restrict what types of personal data companies can collect, store, and use across the 28-member bloc, is set to take effect on May 25. (NYT)

MUST READS

The Follower Factory: “Despite rising criticism of social media companies and growing scrutiny by elected officials, the trade in fake followers has remained largely opaque. While Twitter and other platforms prohibit buying followers, Devumi and dozens of other sites openly sell them. And social media companies, whose market value is closely tied to the number of people using their services, make their own rules about detecting and eliminating fake accounts,” write multiple authors at the New York Times.

 

Regulators Are Looking at Cryptocurrency: “A key issue before market regulators is whether our historical approach to the regulation of currency transactions is appropriate for the cryptocurrency markets. Check-cashing and money-transmission services that operate in the U.S. are primarily regulated by states. Many of the internet-based cryptocurrency-trading platforms have registered as payment services and are not subject to direct oversight by the SEC or the CFTC. We would support policy efforts to revisit these frameworks and ensure they are effective and efficient for the digital era,” write Jay Clayton and J. Christopher Giancarlo in the Wall Street Journal.

Deterring Cyberattacks With Nukes? “Americans were statistically less likely to support retaliation for a cyberattack, even if that attack had the same kind of consequences as a physical attack. If a cyberattack left thousands dead, our respondents were reluctant to respond with force — but they were remarkably bellicose about the same results after a conventional or nuclear attack,” write Sarah Kreps and Jacquelyn Schneider in the Washington Post.







 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.