Cyber Brief- 7/9/2012
This Week’s Top Stories
THOUSANDS FACE INTERNET BLACKOUT AS FBI CUTS SEIZED SERVERS
Roughly 300,000 internet users across the globe could lose access to the internet today as the FBI shuts down servers it seized in November 2011 in order to nab a gang of cyber criminals. The group of fraudsters infected over a half million computers with malware that targeted domain name routing, forcing users to view certain advertisements. The scam resulted in the gang being paid over $14 million. The "clickjacking scheme," started in 2007, involved six Estonians and one Russian that used several front companies to perpetrate their scam. Since the FBI took over the affected servers late last year, it has worked with internet service providers to alert those with infected PCs. While most users have sought technical solutions, just over 300,000 users, many of which reside in the United States, have not. Security researchers say it may take a while for the remaining computers to get cleaned up. (Wired, BBC, NPR)
CYBER LIBERTIES GROUPS ANNOUNCE 'DECLARATION OF INTERNET FREEDOM'
An alliance of over 100 cyber liberties groups and individual advocates unveiled a "Declaration of Internet Freedom" last week, a set of five principles aimed at keeping the internet "free and open." The five tenets touch on expression, access, openness, innovation, and privacy. Analysts say the movement marks a concerted effort to head off federal anti-piracy legislation, examples of which include the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA). Both bills stalled in Congress this year after a wave of protests. Critics argued the legislation would effectively censor the internet and inhibit innovative start-ups. Advocates of the new "declaration" hope to solicit feedback from the public this summer and encourage policymakers to sign on as supporters. (The Hill, Reuters)
Twitter Speech: A Manhattan criminal court ordered Twitter to hand over subpoenaed messages posted to its site by a Brooklyn man charged with disorderly conduct during the Occupy Wall Street protests last fall. The judge's ruling affirmed that private speech was protected, while public comments on Twitter are not. (NYT)
The "Analyzer": A New York federal court sentenced Ehud Tenenbaum, an infamous Israeli hacker known as "the Analyzer," to time served for a single count of credit card fraud for his part in a hacking scam that officials allege stole $10 million from U.S. banks. (Wired)
FBI Training: According to a contract notice, the FBI is sending agents of its cyber team to the SANS Institute for special certification. The 38-course curriculum, called the Cyber Career Path Program, will teach seminars covering a variety of subjects, including hacker techniques and cloud security fundamentals. (NextGov)
DHS Cyber Team: The Department of Homeland Security announced several additions to its cybersecurity team, including Mike Locatis as Assistant Secretary for Cybersecurity and Communications and Rosemary Wenchel as Deputy Assistant Secretary for Cybersecurity Coordination. (DHS)
Olympics Threat: Atos, the technology company responsible for the networks supporting the Olympic Games in London this summer, says it has employed a group of "ethical hackers" to help test and defend the Games from potential cyber attacks. (WashPost)
Small Biz: Hackers are increasingly targeting small and medium-sized businesses, which often have weaker cyber defenses, says the Wall Street Journal. The best strategy may be for these firms to secure their networks just enough to make would-be criminals look elsewhere for prey. (WSJ)
EU Anti-Piracy: The European Parliament voted down the Anti-Counterfeiting Trade Agreement in overwhelming numbers. Critics argued the anti-piracy treaty would infringe on internet freedoms. The development marks another setback for supporters of similar legislation, such as SOPA and PIPA, in the United States. (AP)
ICANN: The U.S. Commerce Department renewed its contract with the Internet Corporation for Assigned Names and Numbers (ICANN), permitting the nonprofit group to continue its administration of the web's address system. (The Hill)
Twitter Transparency: Following the lead of Google, Twitter disclosed the number of official government requests for its users' details: 1,181 accounts in the first half of 2012. The report indicates the company complied with just under two-thirds of all requests, most of which were in the U.S. (FT)
CRS reports on U.S. Cybersecurity Law: This report written by Eric A. Fischer at the bipartisan Congressional Research Service provides an overview of proposed revisions to federal cybersecurity law. "More than 50 statutes address various aspects of cybersecurity either directly or indirectly," he writes, "but there is no overarching framework legislation in place." He says that "while revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002."
Quinn Norton on Anonymous's Strategy: "The success of Anonymous without leaders is pretty easy to understand—if you forget everything you think you know about how organizations work," writes Quinn in Wired. "Anonymous is a classic 'do-ocracy,'" she writes, "that means rule by sheer doing: Individuals propose actions, others join in (or not), and then the Anonymous flag is flown over the result. There’s no one to grant permission, no promise of praise or credit, so every action must be its own reward."
Kenneth Rogoff on the Cyber Threat: "There do seem to be an uncomfortable number of similarities between the political economy of cyberspace regulation and of financial regulation," writes Rogoff on Project Syndicate. "Both cyber-security and financial stability are extremely complex topics with which government regulators can hardly keep up. Industry remuneration for experts is far in excess of any public-sector salary, and the best minds are continually bid away," he says. "With slowing growth in advanced economies," he adds, "information technology seems to hold the moral high ground, just as finance did until five years ago. And crude attempts by governments to enforce regulation are likely to prove ineffective in protecting against catastrophe."