Entire US political system ‘under attack’ by Russian hacking, experts warn – Geof Wheelwright in Seattle Friday 14 October 2016 06.00 EDT

Meanwhile, some US commentators on cybersecurity issues have suggested that these attacks are not a surprise but appear to be a new spin on an old strategy

The hacks have created a dilemma for American voters.
The hacks have created a dilemma for American voters. Photograph: Tek Image/Getty Images/Science Photo Library RF

It could have been a cold war drama. The world watched this week as accusations and counter-accusations were thrown by the American and Russian governments about documents stolen during a hack of the Democratic National Committee and the email account of Hillary Clinton’s campaign chair John Podesta.

The notion that public figures have any right to privacy appears to have been lost in the furore surrounding the story, stolen correspondence being bandied around in attempts to influence the outcome of one of the nastiest, most vitriolic US presidential campaigns in history.

Some have argued that as secretary of state, Hillary Clinton’s emails were fair game for hacking because had they not been held on a private server, they would have been subject to freedom of information requests and available to the general public.

There may be some truth to that, but it doesn’t change the fact that correspondence between public figures has allegedly been hacked by those acting under the direction of a foreign government and released for everyone to peruse, with little opportunity for the authors to offer context or even confirm that the contents of the leaks are accurate.

The hacks have created a dilemma for American voters, according to Rob Guidry, CEO of social media analytics company Sc2 and a former special adviser to US Central Command. He says voters seem to want the information that has been leaked by the hackers but don’t feel entirely comfortable with the hacks that have brought the information to light.

Article continues:

Robot Hackers Could Be the Future of Cybersecurity – By Larry Greenemeier on August 4, 2016

The final round of DARPA’s Cyber Grand Challenge pits computers against one another as human programmers watch the future of cybersecurity unfold

At a live event August 4 in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” Credit: Courtesy of Getty Images/iStockphoto Thinkstock Images \ Memitina

At a live event August 4 in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” Credit: Courtesy of Getty Images/iStockphoto Thinkstock Images \ Memitina

A dozen years ago the Defense Advanced Research Projects Agency (DARPA) held its first “grand challenge”—to see if autonomous automobiles could cross a 240-kilometer stretch of the Mojave Desert on their own. Mechanical problems and mishaps ended the race before any of the competitors had gone more than 12 kilometers. DARPA, the U.S. Department of Defense’s research arm, is looking for a better outcome Thursday in its inaugural Cyber Grand Challenge, where seven autonomous computers battle one another in what the agency claims is the “world’s first all-machine hacking tournament.”

DARPA announced the competition a couple of years ago, challenging computer programmers to create machines that could find and fix flaws in their software without human intervention. At a live event Thursday evening in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” The key to victory and the $2 million prize is to successfully defend one’s digital “flags”—bits of data written into programs running on the computers—from other teams’ cyber attacks while at the same time attacking competitors’ computers to find their flags.

Article continues:

How the Candidates View Cybersecurity, From Total Indifference to Mild Indifference – BRIAN BARRETT. 03.15.16 7:00 AM

Getty Images

Cybersecurity and digital rights have become a prominent part of the national conversation, in no small part because of the ongoing standoff between Apple and the FBI over a San Bernardino terrorist’s encrypted iPhone. So it is bit surprising that the remaining presidential candidates haven’t made much an effort to outline their positions.

Not that there would be much political benefit to it. The two candidates with the most clearly defined cybersecurity and privacy platforms—Ben Carson and Jeb Bush—have quit the race, and the two with the least to say on the subject—Donald Trump and Ted Cruz—are leading the GOP race.

But the fact the candidates don’t seem to care all that much doesn’t mean that you shouldn’t. Here’s where they stand so far on one of the most important issues of this race.

The Remaining GOP Field

Donald Trump

The extent to which Trump can be said to have a defined position on anything beyond America’s decline, and how negotiation will be its panacea, is limited. He has no official position paper on cybersecurity or privacy, and it’s not among his favored stump speech topics.

When Trump does address cybersecurity, it’s through a familiar lens: China. Trump accuses the nation and its citizens of “rampant cybercrime” against the US, and promises “stronger protections against Chinese hackers” as part of his position paper on the US-China trade relationship.

Otherwise, Trump’s positions have been scattered, misguided, or both. He has proposed, at varying times, “closing” parts of the Internet to combat ISIS and boycotting Apple  in response to its FBI encryption standoff (the irony is Trump—or someone on his team—tweets from an iOS device). In 2013, he suggested that execution may be an appropriate punishment for Edward Snowden. He has said he believes in a balance of privacy and security, but also that bulk metadata collection should be restored, to “err on the side of security.”

TL;DR: Trump’s cybersecurity and privacy considerations are much like his other viewpoints: Generally devoid of context, insight, clarity, or reason.

Article continues:

Repairing America’s Cybersecurity – By Fred Kaplan FEB. 17 2016 5:57 PM

President Barack Obama announces his appointment of Sam Palmisano and Tom Donilon to the the newly created Commission on Enhancing National Cybersecurity, Feb. 17, 2016. Chip Somodevilla/Getty Images

President Barack Obama announces his appointment of Sam Palmisano and Tom Donilon to the the newly created Commission on Enhancing National Cybersecurity, Feb. 17, 2016.
Chip Somodevilla/Getty Images

President Obama announced on Wednesday that Thomas Donilon, his former national security adviser, would chair a bipartisan Commission on Enhancing National Cybersecurity—a move that likely prompted reactions ranging from shrugs to quizzical brow-furrows.

The move was the follow-up to another announcement, made last week but buried in the flurry of headlines about the New Hampshire primaries and the 2017 budget proposal—namely, Obama’s release of what he called the Cybersecurity National Action Plan, or CNAP. Donilon’s commission—which will be comprised of “top strategic, business, and technical thinkers,” tasked with drawing a “road map” for securing cyberspace in the next decade—is one piece of that plan.

Like many things that presidents call into being, blue-ribbon panels are whatever their creator wants them to be. Over the years, some have inspired serious debate and new policies, while others have proved to be purposeful distractions—a way of pretending to give an issue grave attention while in fact evading the deep thoughts and hard choices it entails.

Article continues:


Before Shopping Online This Cyber Monday, Secure Your Personal Accounts. Here’s How. by Robert Hackett @rhhackett NOVEMBER 28, 2015, 6:05 PM EST

A student types on a keyboard during a cyber-defense programming class in the "War Room" at Korea University in Seoul, South Korea, on Thursday, Nov. 26, 2015. In a darkened "war room" dozens of South Korea's brightest college students are practicing hacking each other as part of a government program to train them to battle some of the world's best -- the shadowy techno-soldiers of Kim Jong Un's regime. Photographer: SeongJoon Cho/Bloomberg via Getty Images

A student types on a keyboard during a cyber-defense programming class in the “War Room” at Korea University in Seoul, South Korea, on Thursday, Nov. 26, 2015. In a darkened “war room” dozens of South Korea’s brightest college students are practicing hacking each other as part of a government program to train them to battle some of the world’s best — the shadowy techno-soldiers of Kim Jong Un’s regime. Photographer: SeongJoon Cho/Bloomberg via Getty Images

Prepare for Cyber Monday.

I hope you’ve had a lovely Thanksgiving, Data Sheet readers.

If you chose to avoid the stampedes at brick and mortar stores on Friday—as I did, after awakening from a kingly coma and brushing a pile of pie crumbs off my belly—and plan instead to shop online, then please read on. I’ve got a simple, yet substantial cybersecurity tip for you.

First, context: Cyber Monday, the e-commerce bonanza that kicks off the beginning of the week, is set to be the biggest payday on record for electronic merchants. (We at Fortune prefer Cyber Saturday™, of course.) Crooks are no doubt eyeing the opportunity to score. Don’t let them.

One easy way to prevent hackers from profiting off the occasion involves securing your digital identity. So, the advice: Add what’s called multi-factor authentication to your online shopping accounts.

Here’s how it works. Whenever you log in to an online profile, the website’s entry field will prompt you to submit a second passcode, one on top of your usual password. This will either be a string of numbers that is sent directly to your mobile phone via text message, or a string of numbers that can be read off an “authenticator” app, which generates one-time passcodes. (See Google Authenticator  GOOG 0.28% , for example.)

Multi-factor authentication—sometimes called “two step” or “two factor” authentication, or abbreviated “2FA”—is one of the simplest measures you can take to lock down your digital persona. Think of it as adding another lock to your money vault. Amazon  AMZN -0.31%  recently added the feature to its website. Go, take advantage.

As you know from this holiday season, there are many things in life to be thankful for. Cybercrime is not one of those things. Take a stand against it; here’s a list of the places that let you armor up.

Austria’s high court to decide on class action suit against Facebook – Al Jazeera November 23, 2015 10:12AM ET

Screen Shot 2015-11-24 at Nov 24, 2015 2.57

“We therefore think that the ‘class action’ is not only legal but also the only reasonable way to deal with thousands of identical privacy violations by Facebook.”

Facebook, whose international headquarters are in Ireland, has denied any wrongdoing and sought to block a class action suit.

Ireland’s High Court last month ordered an investigation into Facebook’s transfer of European Union users’ data to the United States to make sure personal privacy was properly protected from U.S. government surveillance.

The court told the Irish Data Protection Commissioner to launch a probe following the landmark ruling by the European Court of Justice last month which invalidated a pact, calle the Safe Harbour agreement, allowing thousands of companies to transfer user data from the continent to the U.S.

Under EU law, companies may not transfer personal data to countries deemed to have lower privacy standards, such as the U.S., unless they have legal contracts in place or have the explicit permission of the person in question.

Al Jazeera and Reuters


Homeland Security chair: ‘Biggest threat today’ is terrorists using encryption – By Cory Bennett – 11/22/15 11:39 AM EST

Just because there is no “credible evidence” of an Islamic State in Iraq and Syria (ISIS) plot against the U.S. doesn’t mean the extremist group isn’t planning one, said House Homeland Security Chairman Michael McCaul (R-Texas) on Sunday.

“I think the biggest threat today is the idea that terrorists can communicate in dark space,” he said on CBS’s “Face the Nation,” referencing the myriad encrypted communications platforms that are widely available. “We can’t see what they’re saying.”

McCaul acknowledged that the phrase “credible evidence” is “an old term of art.”

“I think you need to factor in that analysis that there may be plots under way,” he added, “that we just quite frankly can’t see.”

The issue of encrypted communications has been thrust into the spotlight following the recent terror attacks in Paris that killed around 130 people.

Officials have said it’s likely the ISIS followers behind the deadly strikes likely arranged their strategy via some type of encrypted communication, although no direct evidence has been presented to back up these suspicions.

“I think there’s strong indicators that they did,” McCaul said.

Encryption makes it more difficult for investigators to monitor digital data, including emails, certain types of text messages and social media exchanges.

“And that’s precisely why nothing was picked up,” McCaul said.

“The only rationale,” he added, “is that they were using these dark platforms and dark spaces to communicate, that even if we have a court order we can’t see.”

The Paris attacks have spurred a renewed debate on Capitol Hill about government access to digital data and encrypted communications.

Some lawmakers have even called for legislation that could require tech companies to give investigators guaranteed access to customer data.


Art That Lets You Talk Back to NSA Spies | Mathias Jud | TED Talks – Published on Nov 20, 2015

In 2013, the world learned that the NSA and its UK equivalent, GCHQ, routinely spied on the German government. Amid the outrage, artists Mathias Jud and Christoph Wachter thought: Well, if they’re listening … let’s talk to them. With antennas mounted on the roof of the Swiss Embassy in Berlin’s government district, they set up an open network that let the world send messages to US and UK spies listening nearby. It’s one of three bold, often funny, and frankly subversive works detailed in this talk, which highlights the world’s growing discontent with surveillance and closed networks.

TEDTalks is a daily video podcast of the best talks and performances from the TED Conference, where the world’s leading thinkers and doers give the talk of their lives in 18 minutes (or less). Look for talks on Technology, Entertainment and Design — plus science, business, global issues, the arts and much more.
Find closed captions and translated subtitles in many languages at http://www.ted.com/translate

Obama to push cyber issues ahead of State of the Union address – By Elise Viebeck – 01/10/15 12:00 PM EST

Getty Images

President Obama will spend next week laying out new proposals to improve Americans’ cybersecurity, broaden access to the Internet and guard against identify theft, the White House said Saturday.

The shift in focus will lay the foundation for Obama’s upcoming State of the Union address on Jan. 20, and follows trips around the country this week in which Obama emphasized manufacturing, housing issues and the improving economy.

Obama will spend most of the week in Washington, with events scheduled at the Federal Trade Commission (FTC) on Monday and the National Cybersecurity and Communications Integration Center on Tuesday.

He is expected to announce new efforts to increase voluntary collaboration between industry and government on cybersecurity. At the FTC, he’ll focus on ways to fight identify theft and improve consumer and student privacy, a White House official said on background.

Increasing high-speed broadband access will be a topic as Obama travels to Iowa on Wednesday.

The president will also meet with congressional leaders from both chambers and parties next week to discuss potential areas of common ground, the White House said.

Vice President Biden will also take part in laying out the pre-State of the Union agenda by traveling to Norfolk, Virginia on Thursday to announce new funding for job training in cybersecurity.

Article continues:


Sony hack could be game changer for cybersecurity push – By Cory Bennett – 01/04/15 02:30 PM EST

Getty Images

The high-profile hack at Sony Pictures has injected new urgency into the years-old push for cybersecurity legislation, with a broad spectrum of lawmakers suddenly vowing to take action in the new Congress.

“It’s basically fair game for everything cyber” after the cyberattack on Sony, said Jessica Herrera-Flanigan, a lobbyist at Monument Policy Group, which represents tech giants like Microsoft.

The recent cyber assault caused Sony to briefly pause the release of a multi-million dollar movie, spurred a White House response and escalated tensions between the U.S. and North Korea, which the FBI has blamed for the attack.

It has also transformed what some viewed as a stale debate on Capitol Hill over cybersecurity issues.

“We’ve been having the same discussion on information sharing … since the mid-90s,” said Herrera-Flanigan, referring to various long-stalled cybersecurity information-sharing measures that would give legal protections for companies exchanging cyber threat info with the government.

After years of narrow congressional focus, the Sony cyberattack has put an array of new cyber topics on the table, including offensive cyber tactics, cyber crime laws and the international community’s definition of cyber warfare, to name a few.

Lawmakers have pledged to hold hearings on these topics, called on the White House to declare cyber war with North Korea and pressed for heightened economic sanctions on the reclusive East Asian regime.

The sudden attention springs directly from the movie studio’s decision to temporarily scrap the Christmas Day release of a film in the wake of violent threats from the hackers. The controversial comedy, “The Interview,” portrays the assassination of North Korean leader Kim Jong Un.

“If they would have just released the God—- movie, the president wouldn’t be talking about it,” said Jason Healey, a director at the Atlantic Council who has worked on cyber defenses at the White House and for Goldman Sachs in Hong Kong.

“This would have just been another company being hacked and having their personal emails and such put out there,” Herrera-Flanigan said.

Even though Sony recanted a week later — releasing the film online and in several small theaters — the initial decision set off a firestorm in Washington. Lawmakers scrambled to denounce the encroachment on Americans’ free speech and decry the weak White House response.

That rhetoric puts the onus on Congress to actually do something when it reconvenes in January.

“A lot of members who had not previously dedicated a lot of their own time and resources to cybersecurity … are going to get smarter on it in 2015,” said Andrew Borene, a fellow with the Truman National Security Project who teaches a class on transnational crime at American University. “I think that’s inevitable.”

But what can lawmakers actually achieve legislatively to back up their calls for action?

Article continues: