The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Equifax said that 2.4 million more Americans had their names and partial drivers' license information stolen in the cyberattack on the credit reporting agency last year. Revised figures now show that nearly 148 million Americans, as well as some Canadian and British nationals, were affected in the historic breach. Equifax said it will alert new victims directly, and will offer free identity theft protection and credit monitoring.

Meanwhile, Equifax expects costs related to the cyberattack to rise by $275 million this year, which analysts say would make it the most costly hack in corporate history. The projected costs are on top of $164 million in pre-tax charges posted in the second half of 2017. That brings expected costs through the end of this year to $439 million, some $125 million of which the credit agency said will be covered by insurance. (CNN, ZDNet, Reuters)


Crypto Investing: Analysts say that recent hacks show the particular vulnerability investors can face when buying unproven, speculative tokens on startup exchanges that aren’t regulated and derive a large chunk of volume from new, untested currencies. (WSJ)


Github: The popular developer platform was reportedly struck by the most powerful distributed denial of service attack to date. Github automatically called on its DDoS mitigation service, which managed and scrubbed the traffic. The attack dropped off after about 8 minutes. (Wired)

iPhones: Cellebrite, a major U.S. government contractor, claims to have found a way to unlock most iPhones on the market. In the last few months the Israel-based vendor has developed techniques to get into iOS 11 and is advertising them to potential clients across the globe. (Forbes)


Digital Privacy: The U.S. Supreme Court has held that the government can use illegally obtained evidence gathered by investigators who acted in good faith, but some legal experts say the rules often lag behind technology. (WSJ)

  ON THE HILL                                    

State Dept: The U.S. agency has reportedly not spent any of the $120 million it has been allocated since late 2016 to counter foreign efforts to meddle in elections or sow distrust in democracy. Critics say the inaction is just one symptom of the largely passive response to the Russian interference by President Trump. (NYT)


SEC: The Securities and Exchange Commission has sent subpoenas to dozens of people and companies behind initial coin offerings, in what experts say is a clear sign the agency is poised to rein in the popular new fund-raising method. (NYT)


Wireless: Republican and Democratic lawmakers agreed to allow the sale of spectrum, the public radio frequency, to speed up the introduction of next-generation 5G wireless networks. The U.S. House of Representatives is expected to vote on the measure on Tuesday. (Reuters)

Qualcomm: The U.S. Treasury-led foreign investment watchdog, known by its acronym CFIUS, is investigating whether Broadcom’s proposed takeover over of Qualcomm poses undue national security risks. Broadcom called the inquiry “a blatant, desperate act by Qualcomm.” (FT)


Cyber Command: President Trump’s nominee to lead the U.S. Cyber Command, Gen. Paul Nakasone, testified that the United States does not have much of a deterrent for cyberattacks originating from Russia, China, and other countries. (Reuters)

Restructuring: U.S. intelligence officials are studying the UK’s National Cyber Security Centre, the public-facing division of the GCHQ, as a potential model for restructuring U.S. cyber programs. (FT)

  PRIVATE SECTOR                             

Palantir: The company has reportedly provided software to a secretive police program in New Orleans that traces people’s ties to gang members, outlines criminal histories, analyzes social media, and predicts the likelihood individuals would commit violence or become a victim. (The Verge)


Facebook: The social media giant confirmed that it has ended a controversial test where it split its signature News Feed into two, separating brands and publisher content from friends and family posts. It was testing the concept in six countries dating back to last fall. Facebook decided to maintain one feed because people told the company in surveys they did not like the change. (Recode)

YouTube: The company is cracking down on the videos of some prominent far-right actors and conspiracy theorists, continuing an effort that has become more visible since the school shooting in Parkland, Florida. (NYT)

  THE WORLD                                     

Germany: A powerful cyberattack on the government’s computer network was allegedly part of a worldwide campaign likely carried out by a Russian hacker group known as Snake, sources say. Berlin has launched a preliminary investigation into possible espionage related to the incident. Russia has denied the claims. (Reuters)


China Presses Its Censorship Efforts Across the Globe: “As Mr. Xi asserts himself and the primacy of Chinese geopolitical power, China has also become more comfortable projecting Mr. Xi’s vision of a tightly controlled internet. Beijing had long been content to block foreign internet companies and police the homegrown alternatives that sprouted up to take their place, but it is now directly pressuring individuals or requesting that companies cooperate with its online censorship efforts. That puts many American tech giants in a tricky position, especially those that want access to China’s vast internet market of more than 700 million strong,” writes Paul Mozur in the New York Times.


How Facebook Misread America’s Mood on Russia: “The social-media giant’s months-long obliviousness to deepening public concern about its social impact has worsened a backlash against it and other Silicon Valley giants. That misjudgment appears particularly to have fueled new tension between Facebook and Democrats, who had long been close to the company,” write authors for the Wall Street Journal.

Justices Divided Over Disclosure of Overseas Emails: “The justices were interpreting what Justice Anthony Kennedy characterized as a “difficult statute”: the Stored Communications Act, a 1986 law that requires an email provider to turn over the contents of emails if the government obtains a warrant...After struggling with the issues (and the technology) in the case for approximately an hour of oral argument, it wasn’t at all clear how the justices will rule – if they even have the opportunity to do so before Congress enacts legislation that would resolve the case,” writes Amy Howe on the SCOTUS Blog.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.