Pete Recommends – Weekly highlights on cyber security issues, September 28, 2019

Subject: Facebook’s Suspension of ‘Tens of Thousands’ of Apps Reveals Wider Privacy Issues
Source: The New York Times

SAN FRANCISCO — Facebook said on Friday that it had suspended tens of thousands of apps for improperly sucking up users’ personal information and other transgressions, a tacit admission that the scale of its data privacy issues was far larger than it had previously acknowledged.

The social network said in a blog post that an investigation it began in March 2018 — following revelations that Cambridge Analytica, a British consultancy, had retrieved and used people’s Facebook information without their permission — had resulted in the suspension of “tens of thousands” of apps that were associated with about 400 developers. That was far bigger than the last number that Facebook had disclosed of 400 app suspensions in August 2018.

The disclosures about app suspensions renew questions about whether people’s personal information on Facebook is secure, even after the company has been under fire for more than a year for its privacy practices. Mr. Polonetsky called for the Federal Trade Commission to act quickly against developers who broke Facebook’s terms of service around customer data.

“For nearly a year, Facebook has fought to shield information about improper data-sharing with app developers,” Maura Healey, the Massachusetts attorney general, said in a statement. “If only Facebook cared this much about privacy when it was giving away the personal data of everyone you know online.”

filed under:


Subject: ‘Perfectly real’ deepfake videos are 6 months away: report
Source: Business Insider

  • Deepfake artist Hao Li, who created a Putin deepfake for an MIT conference this week, told CNBC on Friday that “perfectly real” manipulated videos are just six to 12 months away.
  • Li had previously said that he expected “virtually undetectable” deepfakes to be “a few years” away.
  • When asked for clarification on his timeline, Li told CNBC that recent developments, including the emergence of the wildly popular Chinese app Zao, had led him to “recalibrate” his timeline.

He continued: “Soon, it’s going to get to the point where there is no way that we can actually detect [deepfakes] anymore, so we have to look at other types of solutions.”

When CNBC asked for clarification on his timeline in an email after his interview this week, Li said that recent developments, including the emergence of the wildly popular Chinese app Zao, had led him to “recalibrate” his timeline.

Subject: EasyDNS Threatened With Criminal Complaint over ‘Pirating’ Customer
Source: TorrentFreak

A German law firm has threatened to file a criminal complaint against domain name registrar easyDNS. The Canadian registrar refuses to hand over personal details of an allegedly copyright infringing customer without a valid court order, nor is it planning to pay the proposed €1,481 in damages and fees demanded by the law firm.

Over the past several years, the Canadian company easyDNS has come up in several piracy-related news articles. The company’s domain registrar activities, in particular, have been a topic of discussion. Not least because it serves high-profile customers, including The Pirate Bay.

EasyDNS CEO Mark Jeftovic has always made it very clear that he doesn’t want his company to be a refuge for pirate sites. However, at the same time he is committed to protecting due process. This became clear a few years ago when the company refused to suspend domain names based on allegations from the City of London Police. This stance was repeated later when the RIAA asked easyDNS to suspend The Pirate Bay’s domain, which it refused to do without a court order.

Tagged in:

RSS for tab:

Subject: Air Force unveils 10-year cyber warfare plan
Source: FCW

The Air Force released an overview of its 10-year “Cyber Warfare Flight Plan” Sept. 18, which attempts to fuse all of the best parts of electronic, cyber, and information operations. That’s how Lt. Gen. Veralinn Jamieson, the Air Force’s deputy chief of staff for Intelligence, Surveillance, Reconnaissance, and Cyber Effects Operations, described it.

“The mathematical equation for information warfare, IW: I have ISR, plus cyber warfare, plus electronic warfare, plus information operations, equals information warfare,” she told reporters at the Air Force Association’s Air Space Cyber conference in National Harbor, Md. Sept. 18 just a few hours after announcing the strategy.

Subject: The Extended Corporate Mind: When Corporations Use AI to Break the Law
Source: North Carolina Law Review via beSpacific

Diamantis, Mihailis, The Extended Corporate Mind: When Corporations Use AI to Break the Law (July 18, 2019). North Carolina Law Review, Vol. 97, Forthcoming. Available at SSRN: or “Algorithms may soon replace employees as the leading cause of corporate harm. For centuries, the law has defined corporate misconduct — anything from civil discrimination to criminal insider trading — in terms of employee misconduct. Today, however, breakthroughs in artificial intelligence and big data allow automated systems to make many corporate decisions, e.g., who gets a loan or what stocks to buy. These technologies introduce valuable efficiencies, but they do not remove (or even always reduce) the incidence of corporate harm. Unless the law adapts, corporations will become increasingly immune to civil and criminal liability as they transfer responsibility from employees to algorithms. This Article is the first to tackle the full extent of the growing doctrinal gap left by algorithmic corporate misconduct. …

beSpacific Subjects: Financial System, Knowledge Management

Subject: Most Health Data Breaches Expose Sensitive Information
Source: Annals of Internal Medicine via Medscape

Nearly three fourths (71%) of health data breaches that have occurred during the past 10 years exposed protected health information (PHI), including sensitive demographic or financial information, new data show. Those exposures put 159 million patients at risk for identity or financial fraud, according to an article published online today in the Annals of Internal Medicine.

John (Xuefeng) Jiang, PhD, who is with the Eli Broad College of Business at Michigan State University in East Lansing, and Ge Bai, PhD, CPA, who is with the Johns Hopkins Carey Business School and the Bloomberg School of Public Health in Baltimore, Maryland, analyzed the 1461 PHI breaches that occurred between October 2009 and July 2019.

Two percent of the breaches exposed sensitive medical information, such as substance abuse, HIV status, or mental health status. Those breaches affected 2.4 million patients, the investigators found.

Until now, damage reports regarding health entities that have been hacked have centered on how many people were affected, but this analysis sheds light on what cyberthieves want.


Subject: 27 countries sign cybersecurity pledge with digs at China and Russia
Source: CNNPolitics

New York (CNN) Twenty-seven countries have signed a joint agreement on what constitutes fair and foul play in cyberspace — with a nod toward condemning China and Russia. The statement, released on Monday at the United Nations ahead of the beginning of the UN General Assembly’s General Debate, is largely a broadly written agreement that countries should follow international law. While views of what constitutes acceptable state-sponsored hacking vary, the US and its allies generally agree on a basic rules. It’s fair game for intelligence services to hack targets purely to spy and to attack military targets, but attacking civilian infrastructure or to give a country an economic advantage is off limits.

Subject: Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid
Source: U.S. GAO

The nation’s electric grid is becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain. The Department of Energy (DOE) plays a key role in helping address cybersecurity risks in each component of the electric grid’s infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy. We recommended that it do so.

Additional Materials:

Subject: ‘Nightmare’ for global postal system if Trump pulls out, U.N. body says
Source: Reuters via Yahoo

GENEVA (Reuters) – A threat by Donald Trump to pull the United States out of the global postal system could lead to a “nightmare scenario” of mail going undelivered, packages piling up and American stamps no longer being recognized abroad, the U.N. postal agency said.

The Universal Postal Union (UPU) has been holding an emergency meeting in Geneva to persuade Washington not to follow through on a threat to quit the agency, which sets rules to ensure mail gets delivered around the globe.

The Trump administration says it wants to charge other countries more than UPU rules now permit to have letters and packages delivered in the United States. It has set a deadline of next month for rates to be raised or it will quit.

Washington says the fees are too low, which unfairly benefits exporters from countries such as China, who can send goods ordered online to U.S. customers while the U.S. Postal Service bears part of the cost of delivering them.

Other countries that receive more mail than they send, including Brazil, Canada, Norway and South Africa, were also being hit, he said. Countries should be allowed to set their own rates, which he said “might cause some very short-term disruptions” but was “the clearest, cleanest, fairest and quickest path to a reform that is long overdue”.

Posted in: AI, Cybersecurity, Energy, Government Resources, Health, Privacy