Cyber Scene #23 - Denials and Affirmations
Cyber Scene #23
DENIALS AND AFFIRMATIONS
July's Pandora's Box of front burner, headline grabbers exploded. This reality-challenging explosion includes indictments against a dozen Russian cyber attackers and discussion (now thankfully dismissed) of a "hostage" (author's injection), on site, interview exchange including a Moscow trip (?one way?) for a former US diplomat and ambassador, the incarceration in the US of an Anna Chapman wannabe flight risk and above the fold (if you still read print) presidential credence in an old KGB chief's intelligence over that of the US Intelligence Community. Only mushrooms (no Cyber Scene readers) could miss this. Below the surface, however, the current of steady ramming speed oars of growing cyber threats and countermeasures continues digitally afoot, or "a-fin" to not mix metaphors. The drumbeat will predictably continue, if not increase, in intensity.
DENIAL
FACEBOOK: FACE THE NATION (and China and UK)
The media giant has understandably snared headlines of late. Recently, (NYT 24 July) the explosive Chinese news (no, not the bomb outside the US Embassy on 25 July) was of momentarily approval by Chinese authorities for a Facebook innovation lab in China, 10 years in the making--a nanosecond on China's timeline. (If memory serves, Johns Hopkins SAIS/Nitze School Prof. David Lampton once said: "China has had a few bad centuries but is making a comeback.") However, the approval lasted only one week: after concerns by China's Cyberspace Administration which had not apparently been consulted, the Chinese Government withdrew approval on 25 July (NYT 25 July). Per the New York Times's Paul Mozur and Sheera Frenkel, the Chinese Communist Party considers all social media destabilizing, unless of course it controls said media. Readers may recall that over this same decade of Facebook effort, Google was "Sino-cized" by Chinese authorities to be permitted to conduct business there. According to the NYT piece, Facebook CEO Mark Zuckerberg stated last week that the company was "a long time away from doing anything" in China. He was more prescient than he may have realized. Things move quickly on a 21st Century tech timeline, including tech bottom line precipitous drops.
Mr. Zuckerberg has been in overdrive of late. In response, as your author promised, to the April grilling from Congress on data use, the CEO responded in 747 pages to the House of Representatives on 29 June, captured in miniature in the Wall Street Journal above-the-fold (WSJ 1 July) front page, entitled "Facebook Reveals Apps, Others That Got Special Access to User Data." This bombshell (vice the Beijing sort) included an acknowledgement that Facebook gave dozens of companies special access to user data in contrast to earlier statements. The WSJ had previously published info in June about customized sharing agreements with companies such as Nissan. As Cyber Scene predicted in April, Facebook's delay in response left the window open for more questions from Congress: in June the response was 450 pages to the two Senate committees, but the 747 pages for the 29 June deadline was to the House. It also revealed that it gave 61 app developers a nearly six-month extension after it said it stopped access to user data in 2015. Five other companies may have had access to user Facebook friends' data. And the Securities and Exchange Commission is also looking into such data-security breaches, most recently regarding the "son of Yahoo," Altaba Inc. per WSJ journalists Dave Michaels and Georgia Wells (WSJ 12 July).
Across the Pond, the UK imposed a maximum (but per Facebook-math, infinitesimal) fine of $660,000 in early July for data-protection violations as a result of the 14-month investigation of Cambridge Analytica. In addition to failing to safeguard user data, it also "failed to be transparent about how people's data was harvested by others" (NYT 11 July). The fine represents the landmark first fine of its sort world-wide. The UK continues to investigate companies associated with Cambridge Analytica which is now "decommissioned." Given the paltry fine, one might opine that Mr. Zuckerberg's European tour this spring was a success unless there is more restrictive fallout. In a possibly related move, however, Google was fined $5 billion ("real money" per the apocryphal Everett Dirksen comment) by the European Union referred to in the 18 July Wall Street Journal editorial "Europe Fights the Last Google War." The charge is that Google violated Brussels rules in forcing smartphone makers to preload Google browser apps. The WSJ maintains that this is an antiquated issue, and that Google is guilty of far more serious infractions. The editorial does, usefully, underscore the fact that tech innovations travel at a speed incalculably faster than the regulators, implying "so catch us if you can."
DENIAL: FACEBOOK AND FRIENDS but Jefferson? Not So Much.
The US Congress (again and still), however, is more relentless and possibly more timely. In a "lively exchange" over several hours on 17 July, the House Judiciary Committee hosted three policy chiefs from Facebook, Twitter and Google ("YouTube" subbed for parent Google) respectively. In the wake of DNI Coats' prior reference to the country being under attack, Congressman Nadler (D-NY) cited a national emergency and asked Chairman Goodlatte (R-VA) for an executive session (presumably closed) which was voted down 12-10. Nevertheless, the questions were probing--no love fest--covering the gamut from social media platforms to fake news to transparency. Facebook's Monica Bickert noted that it coordinates with both the Republican and Democratic National Committees to counter election interference, hiring five companies to do so which digressed into "which companies and what political leanings" and conspiracy theories. Twitter's Nick Pickles found himself in one when asked about the 1st Amendment which he, being British and only recently on this side of the pond, didn't seem to understand meant freedom of speech, but partially redeemed himself by noting that Twitter can eliminate 95% of terrorist tweets before they are transmitted. While the British may still consider Thomas Jefferson a terrorist cousin, Congress does not and was beyond dismay to find out that the Declaration of Independence was preemptively removed from Facebook. Much discussion ensued regarding particular, partisan removals on both sides of the aisle. Google's representative, Juniper Downs of YouTube, also faced her share of questions with a similar answer-to-the-question ratio as her two comrades. The Judiciary Committee seemed to be seriously distressed with evasive responses, having dealt with the CEOs themselves--more savvy and all-encompassing than the policy chiefs. Congressman Raskins (D-MD) suggested that the Committee should, like the EU, initiate legislation to protect privacy. That did not happen. Facebook was asked why the "InfoWars" page alleging that the Sandy Hook shooting didn't exist and that the Parkland FL victims were actors was not taken down, but the response, unacceptable to the Committee, was that while that page repeatedly violated Facebook's content standards would be suspended, "the threshold varies depending on the severity of different types of violations" (WSJ, 17 July, Big Tech Asked How it Fights Fake News). Another noted that a hate posting proposing another shooting similar to the one of Republican Members VA baseball practice must also be taken down. Despite partisan divergence, the hearing concluded on a quasi-bipartisan note with two Members (the Chair being one) supporting each other in demanding that hate posts (such as ones cited against both the Republicans and Democrats) be removed preemptively. NBC covered the "Declaration as hate speech" round on 5 July but to see not the 1976 Rotunda photo of the Declaration but our Congress in full action, "attend" the session itself.
MORE DENIALS... OF POWER
The Department of Human Services noted, per the WSJ's Rebecca Smith on 23 July ("Russia Hackers Reach U.S. Utility Control Rooms"), that Russian hackers who worked for "Energetic Bear" broke thru air-gapped servers to position themselves to "throw the switch" and take down US electricity utilities managed by vendors trusted by DHS. The hackers entered via smaller companies with weaker cybersecurity, stealing credentials to gain access to the utilities themselves. They vacuumed info to be able to appear as normal daily users. DHS is also concerned that the Russian hackers may automate their attacks. DHS is planning four briefings to improve the public-private sector exchange as it seeks to counter such attacks.
...OF LOCAL GOVERNMENT SERVICE (aka, Not Playing in Peoria)
As an unfortunate reminder that hacking hits home, local government servers in several small mid-west towns and Atlanta were recently held hostage by a ransomware hacker/hackers. The Poneman Institute (WSJ "Ransom Demands and Frozen Computers" of 24 June) research company believes that 38% of the public sector entities its samples (out of 1,000) this year will report ransomware attacks. The entities are scrambling to prevent this denial of service.
...OF SECURE HEALTH DATA
In the "not-so-healthy and getting personal" category, the health care industry is also a target of ransomware attacks. Following attacks on Atlanta International Airport and the UK National Health Service canceling appointments and diverting ambulances, LabCorp of America has also reported a broad cyberattack similar to ransomware on its genetic testing units, as reported by WSJ's Rob Copeland and Melanie Evans (WSJ 19 July "Medical Giant LabCorp Hit by Cyber Attack"). In this latest attack, the hackers demanded bitcoin payment to unlock all encrypted devices. The company wasn't proactively notifying customers but is "working to respond to specific customer inquiries." You might want to check.
AFFIRMATION--ALL EARS
Even as systems we depend on are increasingly denied to us, small microphones are proliferating rapidly and burrowing into our lives. Christopher Mims (WSJ 12 July "Your Gadgets Will Soon Be All Ears") predicts that "If every tree falling in every forest might soon be heard by an internet-connected microphone, what hope is there for our privacy?" The world talks to Siri and Google, but we can also talk to our trash can, and as the illustration conveys, your dog can too. The author anticipates an increasing anthropomorphism (your author's term) of things (a la Siri) leading to naming your oven or dishwasher, as in "David Bowie, preheat the oven to 350 degrees. Frank Zappa, wash the dishes." If only these affirmations were 100% humor...