The Fog of Cyber War
It was a crazy week for cyber news with revelations about Yahoo (again) and lousy opsec at the NSA (again). But if there is a common thread, it’s that first reports are false or incomplete and the story is not what it seems.
Take the brouhaha over Yahoo using software to feed emails to the NSA. The news led to hyper-ventilating among privacy types and predictable high-horse behavior from rival tech giants like Google and Microsoft. But as Robert explained, a lot of this fulminating took place before anyone really knew the facts — which are still emerging in dribs and drabs.
Meanwhile, journalists (me included) breathlessly reported another security lapse at Edward Snowden’s old stomping groups, Booz Allen, which led the FBI to arrest a contractor for stealing secrets. But now it turns out the guy was probably just a kook and a hoarder. It’s still not a good situation but it sure doesn’t look like the stuff of a John LeCarre novel.
So call it the fog of cyber war. In an era where everyone is amped up about cyber attacks, a lot of first impressions are tinged with paranoia and misinformation or are just flat out wrong. I don’t know what to do about this except to say that, as with other dramatic events like mass shootings, it’s best to take first reports with a giant grain of salt.
Meanwhile, there’s a whole lot of other cyber news, including a remarkable court ruling about software patents for anti-virus tools, that you can read below. Stay skeptical and thanks for reading.
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You can reach Robert Hackett here via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Just what’s in that Yahoo court order? The problem with secret courts is their orders are, well, secret. To clear up the mystery – and legality – of what Yahoo gave the NSA, lawmakers and civil libertarians are asking the U.S. to release the content of the court order justifying the email searches. (Fortune/Reuters)
IoT bot army bigger than we thought: More info is trickling out about the unprecedented DDoS attack that took down the website of security researcher Brian Krebs. The attack, which relied on enslaved IoT devices like home cameras, involved more than one bot network (Security Week)
A hoarder not a leaker? There was a big fuss this week after the US charged an NSA contractor with stealing secrets. But it looks like his motives might have been benign. Money quote: “Let’s just say he’s only a psycho hoarder and he keeps this stuff with his old copies of National Geographic and his collection of lunch boxes.” (New York Times)
“Security fatigue” is officially a thing: So says a study that used the phrase to describe how Americans are tired of all the bother and nagging that goes with trying to lock down all their accounts. The result? People are “fatalistic” and can’t be bothered. The upshot is the cyber crowd should focus on design – finding ways to deliver security with less pain. (BBC)
Apple and the FBI, take two: You knew this was coming — it turns out the Minnesota mall terrorist used an iPhone, and now the FBI says it can’t get into the device. This sets the stage for Apple and FBI to reprise an earlier legal showdown that ended when the agency was able to crack a phone used by the San Bernardino killers. (Fortune)
Have some malware with your Wikileaks: Julian Assange is totally unconcerned that his document dump site is crawling with at least 30,000 malicious files. He says the toxic files, tucked into an email dump Turkey, are not a big deal since lots of stuff you download on the internet can contain malware. Not everyone sees it that way. (Motherboard)
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
One of our most read stories this week is about software patents — which are widespread in the cyber-security industry, but are deeply unpopular with engineers. In a remarkable ruling about anti-virus patents, an appeals court said it’s time to get rid of them altogether:
The end may be in sight for software patents—which have long been highly controversial in the tech industry—in the wake of a remarkable appeals court ruling that described such patents as a “deadweight loss on the nation’s economy” and a threat to the First Amendment’s free speech protections.
The ruling, issued on Friday by the U.S. Court of Appeals for the Federal Circuit, found that three patents asserted against anti-virus companies Symantec SYMC -0.36% and Trend Micro were invalid because they did not describe a patentable invention.
Read more on Fortune.com
Ex-Yahoo Info Chief’s Startup Raises Millions by Robert Hackett
IBM and Carbon Black Offer a Rapid Response Tool for Cyber Attacks by Jeff John Roberts
Marissa Mayer is Being Scapegoated for Yahoo’s Cyber Scandals by Jeffrey Sonenfeld
Why JP Morgan Chase is Building a Blockchain on Ethereum by Robert Hackett
Microsoft Opened a Cyber-Security and ‘Transparency’ Outpost by Jonathan Vanian
Clinton Foundation Denies Hacking Claim by Robert Hackett
Carbon Black Quietly Filed for an IPO by Robert Hackett
ONE MORE THING
Pretty please buy my stolen NSA files: the hacking cabal known as the Shadow Brokers (almost certainly the Russian government) are grousing in their trademark Borat-style English that no one is bidding the stolen NSA they’ve put up for auction. It’s a pretty safe bet they’re trolling the heck out of everyone but it’s still kind of funny/alarming. (Motherboard)