FEATURED STORY            

MONDAY, OCTOBER 15, 2018

FACEBOOK LOWERS ESTIMATE OF HACKED ACCOUNTS

The social media platform said that 30 million of its users had their access tokens stolen in a massive security breach weeks ago, adjusting its estimate down from 50 million. Facebook, which discovered the incident on September 25 and stopped it two days later, said that 14 million accounts were the most affected. Hackers gained access to these users’ names, contact information, gender and relationship status, as well as the last several places they checked into and their most recent searches. Fifteen million more had their names and contacts accessed.

At this point, it’s unclear if and how hackers may have used the stolen data. Facebook is working on an investigation of the breach with the FBI, and has been asked not to comment on possible perpetrators. (WSJ, NYT)
  HACKERS                                          

Pentagon: The Defense Department reported a security breach of travel records, including personal information and payment card data, for up to 30,000 of US military and civilian personnel. The incident affected a single commercial vendor, the department said, and no classified information was stolen. (MT)

Router Fixer: A mysterious Russian-speaking, grey-hat hacker, who goes by the name of Alexey, is reportedly breaking into people's routers and patching security flaws in them. He is being transparent about his actions, saying that he is trying to prevent further abuse by other cyber-criminals. Analysts say that despite what appear to be his good intentions, he is breaking the law. (ZDNet)


  COURTS                                          

Fraud Ring Leader: Romeo Vasile Chita, a Romanian national, was extradited from his home country to the United States to face charges in Ohio federal court for leading an international cyber fraud ring that used malware to steal more than four million dollars. Chita is one of nine charged in a U.S. grand jury indictment in 2010. One of the group's methods was to send "phishing" emails to its targets to capture sensitive information from users, including bank account information. The phishing emails appeared to come from the Better Business Bureau, the IRS, U.S. Tax Court, the National Payroll Records Center, and other entities, according to the FBI.  (Cleveland)

 

Genealogy Site: A website called GEDmatch has helped investigators solve fifteen murder and sexual assault cases since April. The GEDmatch database, which unlike other genealogy sites like 23andMe has no lab, is a website where people, who have had their DNA analyzed elsewhere, can locate more relatives and dive deeper into their ancestry. The GEDmatch database can now be used to identify at least 60 percent of all Americans of European ancestry. According to a study published last week in the journal Science, within three years, the DNA of nearly every American of Northern European descent - who make up the primary users of the site - will be identifiable through cousins in the site’s database. (NYT)

Campaign Hacking: In a motion to dismiss a lawsuit, lawyers for Donald Trump’s 2016 presidential campaign argue that the First Amendment protects the campaign’s “right to disclose information—even stolen information—so long as (1) the speaker did not participate in the theft and (2) the information deals with matters of public concern.” The campaign is being sued by two donors and one former employee of the DNC for allegedly working with Russia and WikiLeaks to publish hacked emails. (Atlantic)
 

  ON THE HILL                                    

China Hacking: Senator John Thune (R-SD), the Republican chair of the Senate Commerce Committee, asked Apple, Amazon, and Super Micro Computer, for briefings about a Bloomberg report that the Chinese government implanted malware into U.S. hardware, which the companies have denied. (Reuters)


  DOD                                                

Weapons: A newly released report from the Government Accountability Office found that nearly all of the military’s new weapons systems suffer from “mission-critical cyber vulnerabilities.” The study drew on security audits from 2012 to 2017. The agency warned that the problems probably represent “a fraction” of the holes in the Pentagon’s network. (WaPo)

Google: The company has removed itself from the running for a major cloud computing contract with the Defense Department, called the Joint Enterprise Defense Infrastructure project, after concluding the work might breach its principles for the use of artificial intelligence. (WaPo)


  PRIVATE SECTOR                             

Google: The company has decided to shutter its failing social network Google Plus after it discovered a security vulnerability that exposed the information of up to 500,000 users. Google said it did not disclose the breach, which was discovered and patched in March, because it didn’t appear that anyone had accessed the information, and the company was not legally required to report it. (NYT)

Payment Firms: More than a dozen global payment companies, including JPMorgan Chase, Mastercard, and WorldPay, held their inaugural joint cybersecurity war games. The exercises are intended to test their readiness for simultaneous cyberattacks. (Bloomberg)


  THE WORLD                                     

Vietnam: The country is getting ready to strictly enforce a new law that requires global technology companies to establish local offices and store data locally. Analysts note that despite sweeping economic and social reforms, Vietnam’s Communist Party keeps a tight grip on media and dissent. (Reuters)
MUST READS

Hacking Is About to Get Worse: “The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space,” writes Bruce Schneier in the New York Times.

 

The Pentagon’s Push to Program Soldiers’ Brains: “DARPA has dreamed for decades of merging human beings and machines. Some years ago, when the prospect of mind-controlled weapons became a public-relations liability for the agency, officials resorted to characteristic ingenuity. They recast the stated purpose of their neurotechnology research to focus ostensibly on the narrow goal of healing injury and curing illness,” writes Michael Joseph Gross in the Atlantic.

Artificial Intelligence: When Humans Coexist With Robots: “Without careful design, the intelligent systems making their way into the world could provoke a backlash against the technology. Once people come to understand how limited today’s machine learning systems are, the exaggerated hopes they have aroused will evaporate quickly, warns Roger Schank, an AI expert who specialises in the psychology of learning. The result, he predicts, will be a new “AI winter” — a reference to the period in the late 1980s when disappointment over the progress of the technology led to a retreat from the field,” writes Richard Waters in the Financial Times






 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.