Cyber Week in Review: January 15, 2016
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: January 15, 2016

Cyber Net Politics Ukraine CFR
Cyber Net Politics Ukraine CFR

More on:

Terrorism and Counterterrorism

Russia

Technology and Innovation

Europe and Eurasia

Ukraine

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. It’s confirmed! There was a cyberattack on Ukraine’s power grid. Security researchers have confirmed that a Ukrainian power utility was the victim of a cyberattack, though they noted that the malware’s payload may not have directly caused the power outage--the attacker probably interacted directly with the utility’s network to cause it. In a blog post, the SANS industrial control systems team noted that the malware, reportedly part of the BlackEnergy malware family that targets power systems, infiltrated the power utility’s network, blinded employees to the fact the network was infected, and flooded the utility’s phone system to prevent people from reporting a power outage. No word yet on who is behind the attack, but Ukraine has pointed the finger at Russia and some security researchers have argued that it’s the work of a group called the Sandworm team, which allegedly has ties to the Russian government. Security researchers have been warning about the cyber threat to utilities for more than a decade, and have most recently pointed out cyber vulnerabilities in nuclear facilities. Looks like we have proof attacks against the grid can actually materialize.

2. Is Twitter responsible for the death of a U.S. contractor in Jordan? Twitter is being sued for providing a platform on which the Islamic State is able to organize, raise funds, and recruit members. The suit, brought by the widow of Lloyd “Carl” Fields, Jr., a private contractor killed by a terrorist in Jordan last year, claims that “Twitter has knowingly permitted the terrorist group ISIS to use its social network as a tool for spreading extremist propaganda,” and this lack of diligence enabled the Islamic State to carry out that attack in which Fields was killed. Over at Lawfare, Benjamin Wittes has something of an “I told you so” post on the case, pointing to an argument he made last year about the potential for civil cases against tech companies providing end-to-end encryption. Wittes argues the case will be decided on whether Twitter has been diligent in taking down terrorist content and whether that content can be said to have caused Fields’ death. The attacker in that incident was not affiliated with the Islamic State and does not appear to have ever used Twitter (although he did communicate his intent to go on “a journey … [to] paradise or hell” to friends over WhatsApp). Meanwhile, Ars Technica comes to a different conclusion than Wittes, arguing that Twitter, as a provider of an “interactive computer service,” is not liable for terrorist communications under the Communications Decency Act.

3. New Safe Harbor agreement expected in February. The latest word on Safe Harbor is that a new agreement won’t be out until next month, rather than by the end of this month, as negotiators initially suggested. The U.S. Department of Commerce presented their proposals for Safe Harbor 2.0 to the EU negotiators this week, who said they hoped to come to a consensus with the U.S. side by February 2. EU data regulators have said that any new agreement would have to include a process by which EU citizens could have judicial redress in the United States if their privacy was violated.

4. Happy birthday Wikipedia!

More on:

Terrorism and Counterterrorism

Russia

Technology and Innovation

Europe and Eurasia

Ukraine