Tech Advances Make It Easier to Assign Blame for Cyberattacks

WSJ.com: WSJD - Technology

"All you have to do is look at the attacks that have taken place recently--WannaCry, NotPetya and others--and see how quickly the industry and government is coming out and assigning responsibility to nation states such as North Korea, Russia and Iran," said Dmitri Alperovitch, chief technology officer at CrowdStrike Inc., a cybersecurity company that has investigated a number of state-sponsored hacks. The White House and other countries took roughly six months to blame North Korea and Russia for the WannaCry and NotPetya attacks, respectively, while it took about three years for U.S. authorities to indict a North Korean hacker for the 2014 attack against Sony . Forensic systems are gathering and analyzing vast amounts of data from digital databases and registries to glean clues about an attacker's infrastructure. These clues, which may include obfuscation techniques and domain names used for hacking, can add up to what amounts to a unique footprint, said Chris Bell, chief executive of Diskin Advanced Technologies, a startup that uses machine learning to attribute cyberattacks. Additionally, the increasing amount of data related to cyberattacks--including virus signatures, the time of day the attack took place, IP addresses and domain names--makes it easier for investigators to track organized hacking groups and draw conclusions about them.


Apple says the iPhone doesn't listen to your conversations

Engadget

Last month, members of the House Energy and Commerce Committee fired off a letter to Apple following reports that phones and other devices, such as smart speakers, can listen in on conversations. Now, the tech giant has sent the Representatives its response: iPhones, it says, don't listen to people's conversations and don't share people's spoken words with third-parties. In what could be interpreted as a dig at its staunchest competitors, Cupertino explains in the letter (courtesy of CNET) that the customer is not its product and that its business model "does not depend on collecting vast amounts of personally identifiable information to enrich targeted profiles marketed to advertisers." In the original letter the lawmakers sent, they specifically noted reports that third-party apps could access the data devices supposedly collect while listening for their "trigger words," such as "Hey, Siri, "OK Google" and "Hey, Alexa." During Facebook's congressional hearing back in April, Senator Gary Peters (D-MI) even asked Mark Zuckerberg whether the social network listens in on people through their phone mics in order to serve relevant ads.


Ultrasonic Attacks Can Trigger Alexa & Siri With Hidden Commands, Raise Serious Security Risks

#artificialintelligence

Over the last two years, academic researchers have identified various methods that they can transmit hidden commands that are undetectable by the human ear to Apple's Siri, Amazon's Alexa, and Google's Assistant. According to a new report from The New York Times, scientific researchers have been able "to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites." This could, perhaps, allow cybercriminals to unlock smart-home doors, control a Tesla car via the App, access users' online bank accounts, load malicious browser-based cryptocurrency mining websites, and or access all sort of personal information. In 2017, Statista projected around 223 million people in the U.S. would be using a smartphone device, which accounts for roughly 84 percent of all mobile users. Of these 223 million smartphones users, around 108 million Americans are using the Android Operating System, and some 90 million are using Apple's iOS (operating system).


Zuckerberg takes out ads to apologize as Facebook data misuse crisis intensifies

USATODAY - Tech Top Stories

A copy of'The Observer' shows an advertisement paid by Facebook in London, March 25, 2018. Facebook Chief Executive Mark Zuckerberg apologized for a "breach of trust" involving misused data from millions of Facebook users. The ads also appeared in The New York Times, Washington Post and Wall Street Journal. SAN FRANCISCO -- As Facebook continues to buffet winds of criticism, its founder took out full page ads in U.S. and British newspapers Sunday to apologize to consumers for not properly securing their personal data. "This was a breach of trust, and I'm sorry we didn't do more at the time," Mark Zuckerberg said in the signed ad, which was published in The New York Times, The Wall Street Journal, The Washington Post and six British papers.


Spammers were behind recent Facebook data breach, company tentatively concludes

The Japan Times

BENGALURU, INDIA – Facebook has tentatively concluded that spammers looking to make money, and not a nation-state, were behind the largest-ever data theft at the social media company, the Wall Street Journal reported on Wednesday. The people behind the attack were a group of Facebook and Instagram spammers who present themselves as a digital marketing company and whose activities were previously known to Facebook's security team, the Journal reported, citing people familiar with the company's internal investigation. Last week, Facebook said cyberattackers had stolen data from 29 million Facebook accounts using an automated program that moved from one friend to the next, adding that the data theft had hit fewer than the 50 million profiles it initially reported. Facebook said in an email that it was cooperating with the Federal Bureau of Investigation on this matter. The breach has left users more vulnerable to targeted phishing attacks and could deepen unease about posting to a service whose privacy, moderation and security practices have been called into question by a number of scandals, cybersecurity experts and financial analysts have said.