The Strategist Cyber wrap | The Strategist

Cyber wrap

Posted By Michael Chi on August 16, 2017 @ 12:32

Getting a handle on the ‘cyber’

It’s been a big week in internet regulation ^[1], with unsavoury activities being plugged left and right. GoDaddy, a major domain registration service, evicted the Daily Stormer ^[2] from its platform, after an article was posted on the website slandering one of the women killed ^[3] in Charlottesville, Virginia. The website was linked with white supremacists who organised the rally that turned violent. The site moved to Google, which quickly announced ^[4] that it would also cancel the Daily Stormer’s shiny new domain name registration.

In between the exodus from GoDaddy to Google, Anonymous also apparently took control of the website (leaving its trademark #tangodown ^[5] post behind ^[6]), although the fact that all the hateful content remained untouched left eyebrows raised. @YourAnonNews ^[7], what amounts to a representative for the collective, issued a series ^[8] of denials ^[9] against the claim, and ^[7] took a couple of jabs ^[10] at the Daily Stormer for trying to plant a false flag. Discord, a free chat and VoIP service, has also shut down ^[11] a number of accounts associated with white supremacists.

In Australia, the federal government is formally advancing its agenda to make telecommunications and internet service providers the ‘gatekeepers’ of the internet ^[12]. The government has accepted ^[13] the recommendations of a joint parliamentary committee ^[14] for new telecommunications legislation ^[15], which will impose an obligation on telcos and internet service providers to actively protect themselves and customers on their networks from unauthorised access and interference.

Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon is looking at ways to get a handle on the proliferation of cyber-hyphenated terms. Last Friday, he convened a roundtable discussion on an early draft ^[16] of a government ‘Cyber security lexicon’, which aims to build a common cyber vocabulary among all the different groups that are involved in cybersecurity.

Which came first, data or AI?

Backchannel has gone into how Baidu’s rich trove ^[17] of behavioural data from China’s incomparably large customer base might push the company to the top of the global race to develop AI. Theorising about future trends aside, it’s notable that Baidu’s past success in this field has attracted leading figures from Stanford ^[18] and Microsoft ^[19], and China is betting big ^[20] when it comes to AI research.

AI research in general has continued to hit major milestones. A bot from Elon Musk–backed company OpenAI has added Dota 2 to the list of solved problems in AI research (chess ^[21], Go ^[22] and poker ^[23] have already been cracked, and StarCraft seems to be next on the list ^[24]). The bot crushed one of the world’s best players ^[25] at the annual tournament in a best-of-three matches contest—winning the first in less than 10 minutes (in a game where an average round takes 40–60 minutes ^[26]). Elon Musk has praised the accomplishment ^[27] as a landmark in AI research, though that comes in stark contrast to his other tweets this week on the risks of AI ^[28].

Malware, malware everywhere

‘Biohackers ^[29]’ from the University of Washington have encoded DNA with malware ^[30] that can exploit software in the DNA sequencing process. The news has picked up a lot of buzz this week, particularly about how it might’ve put some sci-fi authors out of work ^[31], but the researchers have also been criticised for using deliberately introduced vulnerabilities ^[32] that ^[33] make the reality less sexy ^[34] than the headline might imply.

Good old-fashioned hacking

HBO hacker ‘Mr Smith’ has dumped ^[35] three ^[36] sets ^[37] of HBO files online ^[38], including Game of Thrones scripts and a log of emails from one of HBO’s VPs, and demanded a ransom of US$6 million, by one estimate ^[39]. Among the data dumped were ^[40] the personal details of several Game of Thrones stars, and other sensitive contact information. HBO has reportedly decided ^[41] to pay some of the ransom—offering US$250,000 and spinning it as a ‘bug bounty’ rather than a ransom payment.

Marcus Hutchins, or @MalwareTechBlog ^[42], has pleaded not guilty ^[43] to the various counts of computer crime and fraud he’s been accused of by US prosecutors. His next hearing will be held on 17 October 2017, and in the meantime ^[44] he’s been barred from leaving the US, though he has been granted the right to use the internet.

Cybersecurity by the numbers

Dashlane, a password management software vendor, has conducted a review ^[45] of the password practices of the web’s 40 most popular websites—and found Amazon, Google, Instagram, LinkedIn, Venmo and Dropbox to fail the most ^[46] basic ‘password power’ criteria. Curiously, the criteria on which the researchers assessed password power were the same criteria that were recently renounced ^[47] by their initial creator ^[48] (after decades of criticism) as incorrect and unhelpful.

And lastly, BDO and AusCERT have started taking responses ^[49] on board for their second annual Cyber Security Survey. The survey closes on 15 September, and interested individuals can take part here ^[50] or here ^[51].

Michael Chi is a research assistant in ASPI’s International Cyber Policy Centre. Edited image courtesy of Ken Ohyama via Wikimedia Commons.

Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-177/

URLs in this post:

[1] internet regulation: https://www.newscientist.com/article/mg23531383-300-we-can-stop-hacking-and-trolls-but-it-would-ruin-the-internet/

[2] evicted the Daily Stormer: http://www.csoonline.com/article/3215865/security/godaddy-kicks-daily-stormer-which-then-claimed-it-was-hacked-by-anonymous.html

[3] slandering one of the women killed: https://twitter.com/Amy_Siskind/status/896908664900009984/photo/1

[4] quickly announced: http://www.independent.co.uk/news/world/americas/daily-stormer-google-charlottesville-neo-nazi-virginia-godaddy-a7893401.html#gallery

[5] #tangodown: https://twitter.com/hashtag/tangodown?lang=en

[6] post behind: https://twitter.com/Badwolfatl/status/897024421369610244

[7] @YourAnonNews: https://twitter.com/YourAnonNews/status/896993443364208640?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.csoonline.com%2Farticle%2F3215865%2Fsecurity%2Fgodaddy-kicks-daily-stormer-which-then-claimed-it-was-hacked-by-anonymous.html

[8] series: https://twitter.com/YourAnonNews/status/896987338781237248

[9] denials: https://twitter.com/YourAnonNews/status/896991235147128832

[10] couple of jabs: https://twitter.com/YourAnonNews/status/896988366738038785

[11] has also shut down: https://www.theverge.com/2017/8/14/16145432/discord-nazi-ban-white-supremacist-altright

[12] gatekeepers’ of the internet: http://www.afr.com/technology/cyber-security-minister-says-firms-need-to-tell-customers-more-about-threats-20170422-gvqbl7

[13] accepted: http://www.9news.com.au/national/2017/08/09/19/48/changes-to-telco-security-reforms-accepted

[14] recommendations of a joint parliamentary committee: http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TSSRBill

[15] new telecommunications legislation: http://www.aph.gov.au/Parliamentary_Business/Bills_LEGislation/Bills_Search_Results/Result?bId=s1051

[16] roundtable discussion on an early draft: http://www.zdnet.com/article/australia-to-try-taming-unruly-cyber-words/

[17] how Baidu’s rich trove: https://www.wired.com/story/how-baidu-will-win-chinas-ai-raceand-maybe-the-worlds

[18] Stanford: http://www.scmp.com/news/china/article/1519211/ex-google-brain-head-andrew-ng-lead-baidus-artificial-intelligence-drive

[19] Microsoft: https://www.bloomberg.com/news/articles/2017-01-17/microsoft-executive-qi-lu-departs-to-join-china-s-baidu-as-coo

[20] betting big: https://www.theatlantic.com/technology/archive/2017/02/china-artificial-intelligence/516615/

[21] chess: https://qz.com/502325/an-ai-computer-learned-how-to-beat-almost-anyone-at-chess-in-72-hours/

[22] Go: https://qz.com/639952/googles-ai-won-the-game-go-by-defying-millennia-of-basic-human-instinct/

[23] poker: https://www.wired.com/2017/02/libratus/

[24] next on the list: https://www.technologyreview.com/s/608576/what-ai-needs-to-learn-to-master-alien-warfare/

[25] crushed one of the world’s best players: http://www.ibtimes.co.uk/elon-musk-backed-startup-comprehensively-defeats-worlds-best-dota-2-gamer-its-ai-bot-1634829

[26] average round takes 40–60 minutes: http://www.escapistmagazine.com/news/view/140186-DoTA-2-Competitive-Match-Lasts-Three-Hours

[27] praised the accomplishment: https://twitter.com/elonmusk/status/896163163581825025?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.ibtimes.co.uk%2Felon-musk-backed-startup-comprehensively-defeats-worlds-best-dota-2-gamer-its-ai-bot-1634829

[28] on the risks of AI: http://fortune.com/2017/08/12/elon-musk-ai-poses-vastly-more-risk-than-north-korea/

[29] Biohackers: https://www.wired.com/story/malware-dna-hack/

[30] encoded DNA with malware: http://dnasec.cs.washington.edu/dnasec.pdf

[31] put some sci-fi authors out of work: https://twitter.com/evacide/status/895894143460818944

[32] deliberately introduced vulnerabilities: https://www.theregister.co.uk/2017/08/11/malware_in_dna/

[33] that: https://twitter.com/froggleston/status/895666858853924864

[34] make the reality less sexy: https://twitter.com/snare/status/896181945134063616?s=09

[35] dumped: https://www.bleepingcomputer.com/news/security/hackers-breach-hbo-and-leak-game-of-thrones-script/

[36] three: https://www.bleepingcomputer.com/news/security/hbo-hackers-dump-script-for-game-of-thrones-episode-5/

[37] sets: https://www.bleepingcomputer.com/news/security/hackers-leak-more-hbo-shows-but-no-game-of-thrones-this-week/

[38] HBO files online: https://www.washingtonpost.com/news/morning-mix/wp/2017/08/08/hackers-post-stolen-hbo-game-of-thrones-scripts-online-demand-bitcoin-ransom/

[39] by one estimate: https://www.nytimes.com/2017/08/07/business/hackers-demand-ransom-for-stolen-hbo-files.html

[40] data dumped were: https://www.theguardian.com/technology/2017/aug/08/game-of-thrones-stars-personal-details-leaked-hbo-hackers-demand-ransom

[41] reportedly decided: https://www.iol.co.za/business-report/technology/hbo-agrees-to-pay-ransom-to-data-hackers-10783297

[42] @MalwareTechBlog: https://twitter.com/MalwareTechBlog

[43] pleaded not guilty: http://www.npr.org/2017/08/14/543465981/british-cybersecurity-expert-pleads-not-guilty-to-federal-malware-charges

[44] in the meantime: http://www.latimes.com/business/technology/la-fi-tn-cybersecurity-20170814-story.html

[45] conducted a review: https://blog.dashlane.com/dashlane-password-power-rankings-2017/

[46] fail the most: https://www.helpnetsecurity.com/2017/08/10/password-power-rankings/

[47] recently renounced: https://www.pcauthority.com.au/News/470540,much-of-what-i-did-i-regret-the-guy-behind-password-rules-says-sorry-for-making-them-so-damn-hard.aspx

[48] initial creator: https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118

[49] started taking responses: https://securitybrief.com.au/story/bdo-auscert-kick-2017-nz-cyber-security-survey/

[50] here: https://www.auscert.org.au/blog/2017-08-08-2017-cyber-security-survey

[51] here: https://www.bdo.com.au/en-au/insights/cyber-security/surveys/2017-cyber-security-survey?utm_medium=Web&utm_source=HomepageBanner

Click here to print.