Cyber wrap
21 Jun 2017|

The encryption debate has continued to dominate cyber security news this week. German ministers discussed measures to monitor encrypted messaging by forcing ‘source telecoms’ to install monitoring software. Conversely, the European Parliament is currently considering amending the EU Charter of Fundamental Rights to prohibit decryption or other monitoring on encrypted communications. On top of that, founder of the encrypted messaging service Telegram, Pavel Durov, has claimed that the US government previously approached Telegram to install ‘backdoors’ in the service, offering hefty financial incentives to boot.

Facebook has finally weighed in on the elephant in the room in the encryption debate—terrorist communications. In an unusually high-profile blog post, the company stated that it has embraced technological solutions to remove terrorist communications and accounts from Facebook, including artificial intelligence. The blog post will be the first in a series called ‘Hard Questions’, where Facebook seeks to address complex social issues. It’ll be a series to watch closely as Facebook begins taking a more active role in public debate.

Back in Australia, the government has selected host universities for Australia’s first Academic Centres of Cyber Security Excellence. The University of Melbourne and Edith Cowan University will be the inaugural hosts for the centres, and will receive shares of funding allocated by the Cyber Security Strategy. That positive step in cyber education comes on top of Australia’s high performance in the International Telecommunications Union’s annual Global Cybersecurity Index. Australia placed 7th out of 134 member states in cybersecurity commitments and policy, with our technical certification and standards highlighted as a strong suit. Lastly, the Department of Defence is looking at introducing intelligence analytics tools and techniques to manage natural language data, from text, speech and video.

A data firm affiliated with the Republican National Committee, Deep Root Analytics, accidentally left a database full of voter information open on the internet to random users—potentially exposing private information on 198 million US voters. Election security has been a prominent theme elsewhere this week, with early findings from investigations in Illinois indicating that cyber attackers attempted to delete or alter voter data on software systems across 39 states in the 2016 presidential election—far more than previous reports indicated. North of the border, the Canadian Communications Security Establishment released a report stating that hackers attacked the 2015 General Election using a combination of selective leaks and disinformation campaigns. The report found that the attacks were relatively unsophisticated and not conducted by nation-states, but there’s little to suggest the next Canuck election will prove as resilient.

The Trump administration has taken an aggressive approach to government deregulation, issuing a memo instructing government agencies to remove up to 50 outdated reporting requirements, seven of which had forced federal agencies to provide updates on their preparedness for the Y2K bug—17 years after the bug became a non-issue. There’s nothing quite like timeliness…

By letting registration of a control domain expire, Samsung left phones with the stock Samsung S Suggest app potentially vulnerable to hijacking. The app was discontinued in 2014, but continued to receive instructions from a web domain, which expired this week. Fortunately, ethically-minded cybersecurity researchers bought out the domain before harm could be done, but they found that the domain could have pushed malicious code directly to phones with the app.

Finally, in the US, the Girl Scouts of the USA have announced a partnership with Palo Alto Networks to introduce cybersecurity education to the girl scouts including  18 new cybersecurity badges starting in 2018. The new focus area was decided on as a result of a survey of young women, who stated they wanted to learn technical skills and boost their participation in STEM. The badges provide programs for all skill levels, from the basics of privacy and online safety to learning how to become an ethical hacker.