Cyber wrap
Posted By
Michael Chi
on June 21, 2017 @ 12:56
The
encryption debate has continued to dominate cyber security news this week. German ministers
discussed measures to monitor encrypted messaging by forcing ‘source telecoms’ to install monitoring software. Conversely, the European Parliament is
currently considering amending the EU Charter of Fundamental Rights to prohibit decryption or other monitoring on encrypted communications. On top of that, founder of the encrypted messaging service Telegram, Pavel Durov, has
claimed that the US government
previously approached Telegram to install 'backdoors' in the service, offering hefty financial incentives to boot.
Facebook has finally weighed in on the elephant in the room in the encryption debate—terrorist communications.
In an unusually high-profile blog post, the company stated that it has embraced technological solutions to remove terrorist communications and accounts from Facebook, including artificial intelligence. The blog post will be the first in a series
called ‘Hard Questions’, where Facebook seeks to address complex social issues. It’ll be a series to watch closely as Facebook begins
taking a more active role in public debate.
Back in Australia, the
government has selected host universities for Australia’s first Academic Centres of Cyber Security Excellence. The University of Melbourne and Edith Cowan University will be the inaugural hosts for the centres, and will receive shares of funding allocated by the
Cyber Security Strategy. That positive step in cyber education comes on top of Australia’s high performance in the International Telecommunications Union’s
annual Global Cybersecurity Index. Australia placed 7th out of 134 member states in cybersecurity commitments and policy, with our technical certification and standards highlighted as a strong suit. Lastly, the Department of Defence is
looking at introducing intelligence analytics tools and techniques to manage natural language data, from text, speech and video.
A data firm affiliated with the Republican National Committee, Deep Root Analytics, accidentally left a
database full of voter information open on the internet to random users—potentially
exposing private information on 198 million US voters. Election security has been a prominent theme elsewhere this week, with early findings from investigations in Illinois
indicating that cyber attackers attempted to delete or alter voter data on software systems across 39 states in the 2016 presidential election—
far more than previous reports indicated. North of the border, the Canadian Communications Security Establishment released a report stating that
hackers attacked the 2015 General Election using a combination of selective leaks and disinformation campaigns. The report found that the attacks were relatively unsophisticated and not conducted by nation-states, but there’s little to suggest the next Canuck election will prove as resilient.
The Trump administration has taken an aggressive approach to government deregulation,
issuing a memo instructing government agencies to
remove up to 50 outdated reporting requirements, seven of which had forced federal agencies to provide updates on their preparedness for the Y2K bug—17 years after the bug became a non-issue. There’s nothing quite like timeliness…
By letting registration of a control domain expire, Samsung left phones with the stock Samsung S Suggest app
potentially vulnerable to hijacking. The app was discontinued in 2014, but continued to receive instructions from a web domain, which expired this week. Fortunately,
ethically-minded cybersecurity researchers bought out the domain before harm could be done, but they found that the domain could have pushed malicious code directly to phones with the app.
Finally, in the US, the Girl Scouts of the USA have
announced a
partnership with Palo Alto Networks to introduce cybersecurity education to the girl scouts including
18 new cybersecurity badges starting in 2018. The new focus area was decided on as a result of
a survey of young women, who stated they wanted to learn technical skills and boost their participation in STEM. The badges provide
programs for all skill levels, from the basics of privacy and online safety to learning how to become an ethical hacker.
Michael Chi is the CSC intern at ASPI. Image courtesy of Flickr user wackystuff.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-169/
[1] encryption debate: https://www.aspistrategist.org.au/going-dark-strong-encryption-security-part-1/
[2] discussed measures to monitor encrypted messaging: http://fortune.com/2017/06/14/germany-fingerprint-children-spy-messages/
[3] currently considering: https://www.mobileworldlive.com/featured-content/top-three/european-parliament-seeks-encryption-backdoor-ban/
[4] amending the EU Charter of Fundamental Rights: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2F%2FEP%2F%2FNONSGML%2BCOMPARL%2BPE-606.011%2B01%2BDOC%2BPDF%2BV0%2F%2FEN
[5] claimed: https://twitter.com/durov/status/873868773119451136
[6] previously approached Telegram to install 'backdoors': http://www.wired.co.uk/article/telegram-bribe-fbi-us-government
[7] In an unusually high-profile blog post: https://newsroom.fb.com/news/2017/06/how-we-counter-terrorism/
[8] called ‘Hard Questions’: https://newsroom.fb.com/news/category/hard-questions/
[9] taking a more active role: https://www.theguardian.com/technology/shortcuts/2017/feb/17/facebook-manifesto-mark-zuckerberg-letter-world-politics
[10] government has selected host universities: https://www.computerworld.com.au/article/620677/govt-selects-melbourne-uni-edith-cowan-cyber-security-funding/
[11] Cyber Security Strategy: https://cybersecuritystrategy.pmc.gov.au/
[12] annual Global Cybersecurity Index: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf
[13] looking at introducing intelligence analytics tools: https://www.itnews.com.au/news/defence-looks-to-ai-for-national-security-465047
[14] database full of voter information open on the internet: https://www.upguard.com/breaches/the-rnc-files
[15] exposing private information on 198 million US voters: https://www.techdirt.com/articles/20170619/07021037612/gop-data-firm-left-personal-data-198-million-american-voters-openly-accessible-amazon-server.shtml
[16] indicating that cyber attackers attempted: https://www.bloomberg.com/politics/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections
[17] far more than previous reports indicated: https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
[18] hackers attacked the 2015 General Election: http://www.securityweek.com/canada-hackers-targeted-countrys-2015-election-may-try-again
[19] issuing a memo: https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/M-17-26.pdf
[20] remove up to 50 outdated reporting requirements: https://www.bloomberg.com/politics/articles/2017-06-15/trump-orders-government-to-stop-work-on-y2k-bug-17-years-later
[21] potentially vulnerable to hijacking: https://motherboard.vice.com/en_us/article/samsung-left-millions-vulnerable-to-hackers-because-it-forgot-to-renew-a-domain
[22] ethically-minded cybersecurity researchers: https://twitter.com/jgouv/status/874296684993445888
[23] announced: http://www.prnewswire.com/news-releases/palo-alto-networks-and-girl-scouts-of-the-usa-announce-collaboration-for-first-ever-national-cybersecurity-badges-300473336.html
[24] partnership with Palo Alto Networks: http://blog.girlscouts.org/2017/06/girl-scouts-and-palo-alto-networks.html
[25] 18 new cybersecurity badges: http://fortune.com/2017/06/16/girl-scouts-cybersecurity/
[26] a survey: http://money.cnn.com/2017/06/16/technology/business/girl-scouts-cybersecurity-badges/index.html
[27] programs for all skill levels: http://mashable.com/2017/06/17/girl-scouts-cybersecurity-badges/#GCzU2lmBL5qj