When capitals collide

By Robert Hackett
January 9, 2016

Welcome back to your regularly scheduled Cyber Saturday dispatch, dear readers. I hope you’ve had a pleasant new year. (I know I have.)

To build on what your weekday host, Adam Lashinsky, reported yesterday—that Washington’s law enforcement and intelligence establishment planned to pay a visit to Silicon Valley on Friday—Fortune has now learned more about the proceedings of that closed-door meeting. Yes, the reports are in. And they’re surprisingly…encouraging?

The nation’s biggest spy and security bosses convened in the tech Mecca—a calculated show of deference, no doubt—to make a request: Help, they beseeched, terrorism cannot be countered alone. Indeed, the threats that our increasingly connected world faces today are unlike any that have come before; operatives coordinate—crowd-source, really—attacks through the social media networks and messaging apps that ordinary citizens enjoy for purposes of free expression. These same tools of democracy are being exploited to radicalize and recruit mass murderers. What can anyone do to fight back?

Presidential contenders Hillary Clinton and Donald Trump—the respective Democratic and Republican frontrunners—have both recently called upon the ingenuity of America’s innovation capital to help combat the Islamic State in cyberspace. And that’s just what Friday’s hours-long conversation entailed. A person familiar with the day’s goings-on described the atmosphere as being one of a brainstorming session. At the table, no paucity of leadership: Tim Cook of Apple, Sheryl Sandberg of Facebook, Susan Wojcicki of Google, to name a few of the big hitters representing the coding contingent. From that other capital: James Comey, director of the FBI, Michael Rogers, director of the NSA, and James Clapper, director of national intelligence, among others. What might easily have devolved into a clash of titans manifested as a discussion marked by civility and the potential for (cautious) collaboration.

Matthew Prince, CEO of CloudFlare, told Fortune after the summit that he went into the meeting highly skeptical of the other side’s aims and intentions. He was prepared to hold his ground against strong-arming and one-sided arguments. That’s why he was pleasantly surprised to discover that Washington’s bigwigs approached the tech side in the spirit of unpretentious partnership—not asking for “backdoor” access to data, but for assistance in brainstorming possible ways to keep social media sites safe and open fora for users. “I came in tweeting cynically, and I left feeling optimistic,” he said.

“It’s what I would hope a government would do,” he added.

The suits and the hoodies have often talked past one another on matters of security in recent months, especially when it comes to the subject of encryption. Perhaps the latest confab signals a detente of sorts. D.C. and S.V. may not see eye to eye on every matter, but they can at least agree on the common enemy of their enemy. More news below.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.

 


THREATS

Washington met with Silicon Valley to talk ISIS and social media. Nationals security and intelligence bosses met with top execs of tech giants on Friday to discuss possible ways to counter terrorist organizations online. The factions—frequently at odds ever since Edward Snowden revealed the scope of government spying in 2013—seemed open to cooperation. (FortuneGuardian)

First cyberattack power outage confirmed. A blackout affecting a Ukrainian utility has been linked by several cybersecurity firms to a hacking campaign that used strains of “BlackEnergy” and “KillDisk” malware. For six hours, 80,000 customers of Prykarpattyaoblenergo lost power, and at least two other utilities’ networks were also infected. Ukraine’s state security service blamed Russia, while computer forensics researchers have linked the attack to a potentially Moscow-based group. (Fortune)

Time Warner Cable customers hacked. The cable company notified customers that as many as 320,000 of them may have had their email addresses and account passwords stolen. The FBI had, in turn, warned the company that some of of its customers’ data “may have been compromised.” That makes this the new year’s first major data breach announcement. (Fortune)

Uber settled over privacy breach. The ride-sharing service must pay a $20,000 fine for belatedly reporting a security breach that exposed the personal information of its drivers. The New York Attorney General’s office began investigating the company and its privacy practices after learning that an employee has accessed a user’s ride logs without permission. The office ultimately penalized Uber for failing for months to report an incident in which an engineer had unwittingly uploaded the login information for one of the company’s private database online. (Fortune)

Comcast’s home security system flawed. The cybersecurity firm Rapid7 said that its researchers easily overcame Comcast’s Xfinity home security product. They used conventional radio-jamming equipment to interfere with the system’s sensors, thus preventing an alarm from sounding during a break-in. Rapid7 said it tried to report the vulnerability to the company a couple of months ago, but Comcast never responded. Comcast said Rapid7 had notified the wrong email address. (Ars Technica)

Prepare for a cyber insurance bonanza. Insurance specialists expect revenue collected on cyber insurance premiums to rise by 300% or more in the next five years, according to Bloomberg’s Bureau of National Affairs. The industry is still young and has few standards. (Bloomberg BNA)

Share today’s Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.


ACCESS GRANTED

Should governments support strong, end-to-end encryption?

The Dutch government has released its official position on whether it should require tech companies to provide law enforcement agencies with special access to encrypted data and communications. In the case of the Netherlands, the decision is, at least for now, clear: No backdoors… Read the rest on Fortune.com.


TREATS

Poet? Didn’t know it. Verse-filled server logs. (Vice Motherboard)

Hack me twice? Fool on PayPal. (SC Magazine)

Goodnight, sweet Internet Explorer. Hello, Edge. (Fortune)

Biggest power grid threat: Squirrels, not hackers. (CSM Passcode)

Sorry, Tarantino. A hacker-cinephile’s apology. (The Hollywood Reporter)



ONE MORE THING

Most top cybersecurity startups are cockroaches, not unicorns. They’re good at hunkering down during nuclear (read: VC funding) winters in order to keep financially afloat. But investors dislike their lengthy exit cycles. (TechCrunch)


EXFIL

“My hope is that at the very least, people debating it, from the staffers to the congresspeople, understand how it works. I have a sneaking suspicion in a lot of cases they do not.”

PayPal co-founder and Affirm CEO Max Levchin, discussing his reasons for funding a brand new cryptography prize: the Levchin Prize for Real-World Cryptography, which was awarded to two parties for the first time on Wednesday. (“It,” in the quote above, refers to “encryption.”) Levchin said in a personal blog post that he owes much of his technologic—ergo business—success to the mathematical science. (Wall Street Journal, To Long Too Tweet)

SPONSORED FINANCIAL CONTENT

You May Like