Cyber wrap
16 Aug 2017|

Getting a handle on the ‘cyber’

It’s been a big week in internet regulation, with unsavoury activities being plugged left and right. GoDaddy, a major domain registration service, evicted the Daily Stormer from its platform, after an article was posted on the website slandering one of the women killed in Charlottesville, Virginia. The website was linked with white supremacists who organised the rally that turned violent. The site moved to Google, which quickly announced that it would also cancel the Daily Stormer’s shiny new domain name registration.

In between the exodus from GoDaddy to Google, Anonymous also apparently took control of the website (leaving its trademark #tangodown post behind), although the fact that all the hateful content remained untouched left eyebrows raised. @YourAnonNews, what amounts to a representative for the collective, issued a series of denials against the claim, and took a couple of jabs at the Daily Stormer for trying to plant a false flag. Discord, a free chat and VoIP service, has also shut down a number of accounts associated with white supremacists.

In Australia, the federal government is formally advancing its agenda to make telecommunications and internet service providers the ‘gatekeepers’ of the internet. The government has accepted the recommendations of a joint parliamentary committee for new telecommunications legislation, which will impose an obligation on telcos and internet service providers to actively protect themselves and customers on their networks from unauthorised access and interference.

Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon is looking at ways to get a handle on the proliferation of cyber-hyphenated terms. Last Friday, he convened a roundtable discussion on an early draft of a government ‘Cyber security lexicon’, which aims to build a common cyber vocabulary among all the different groups that are involved in cybersecurity.

Which came first, data or AI?

Backchannel has gone into how Baidu’s rich trove of behavioural data from China’s incomparably large customer base might push the company to the top of the global race to develop AI. Theorising about future trends aside, it’s notable that Baidu’s past success in this field has attracted leading figures from Stanford and Microsoft, and China is betting big when it comes to AI research.

AI research in general has continued to hit major milestones. A bot from Elon Musk–backed company OpenAI has added Dota 2 to the list of solved problems in AI research (chess, Go and poker have already been cracked, and StarCraft seems to be next on the list). The bot crushed one of the world’s best players at the annual tournament in a best-of-three matches contest—winning the first in less than 10 minutes (in a game where an average round takes 40–60 minutes). Elon Musk has praised the accomplishment as a landmark in AI research, though that comes in stark contrast to his other tweets this week on the risks of AI.

Malware, malware everywhere

Biohackers’ from the University of Washington have encoded DNA with malware that can exploit software in the DNA sequencing process. The news has picked up a lot of buzz this week, particularly about how it might’ve put some sci-fi authors out of work, but the researchers have also been criticised for using deliberately introduced vulnerabilities that make the reality less sexy than the headline might imply.

Good old-fashioned hacking

HBO hacker ‘Mr Smith’ has dumped three sets of HBO files online, including Game of Thrones scripts and a log of emails from one of HBO’s VPs, and demanded a ransom of US$6 million, by one estimate. Among the data dumped were the personal details of several Game of Thrones stars, and other sensitive contact information. HBO has reportedly decided to pay some of the ransom—offering US$250,000 and spinning it as a ‘bug bounty’ rather than a ransom payment.

Marcus Hutchins, or @MalwareTechBlog, has pleaded not guilty to the various counts of computer crime and fraud he’s been accused of by US prosecutors. His next hearing will be held on 17 October 2017, and in the meantime he’s been barred from leaving the US, though he has been granted the right to use the internet.

Cybersecurity by the numbers

Dashlane, a password management software vendor, has conducted a review of the password practices of the web’s 40 most popular websites—and found Amazon, Google, Instagram, LinkedIn, Venmo and Dropbox to fail the most basic ‘password power’ criteria. Curiously, the criteria on which the researchers assessed password power were the same criteria that were recently renounced by their initial creator (after decades of criticism) as incorrect and unhelpful.

And lastly, BDO and AusCERT have started taking responses on board for their second annual Cyber Security Survey. The survey closes on 15 September, and interested individuals can take part here or here.