Skip to Content

Threat Sheet—Saturday, July 18, 2015

Welcome to the Cyber Saturday edition of Data Sheet! Fortune reporter Robert Hackett here, filling in for your regular host Heather Clancy. This week: Adobe Flash flaws flared up, international cybercrime-ring Darkode got busted, and revelations from the Italian spyware firm Hacking Team’s own hacking continued to surface. Stay safe, and have a great weekend.

Have feedback? Reach me on Twitter (@rhhackett) or via email robert.hackett@fortune.com. Or if you have a real juicy tip, let’s chat off-the-record through a messaging service like Jabber. You can find me at rhhackett@jabber.ccc.de, fingerprint: F225E829 13846232 0709A43A 1ECB83D3 BDDFF6A7.

TOP INTELLIGENCE

Rocket launchers. Land mines. Software exploits? The U.S. is currently debating a bit of regulation that concerns international arms control. In its current form, the proposal could gravely hinder security research. “That control of physical weapons doesn’t really translate to the digital world,” policy chief Katie Moussouris of the bug bounty startup HackerOne told Fortune yesterday when she dropped by the office. “It doesn’t actually help protect human rights. What it does instead is hinder the ability of defenders to exchange information.”

You can read Moussouris’ excellent Wired op/ed piece about the U.S.’s potential implementation of the so-called Wassenaar Arrangement here. If you have some time this weekend, consider sending a note to the U.S. Bureau of Industry and Security, which is seeking feedback on the plan. The comment period is open until Monday, July 20.

THREATS

Flash in the pan. As part of the ongoing revelations from the data leak at Hacking Team, several serious “zero-day” software vulnerabilities affecting Adobe Flash Player hit the Internet over the past week or so. The news had some experts, including Facebook chief security officer Alex Stamos, calling for Flash’s demise.

Intern, or criminal mastermind? The FBI and its partner agencies brought down a prolific cybercrime-ring involving 70 members across 19 countries. One of the people apprehended in the “Darkcode” bust was a Carnegie Mellon engineering student who also interned at the cybersecurity firm FireEye.

Swear on the Bible. Leaked emails from the spy-tool firm Hacking Team show that governments across the world are keenly interested in using ethically questionable technology to surveil their citizens. One of the company’s sales pitches even involved a booby-trapped Bible app tailored for the Vatican.

ACCESS GRANTED

A lively roundtable at Fortune’s recent Brainstorm Tech conference in Aspen, Colo., focused on cybersecurity. Fortune assistant managing editor Brian O’Keefe covered the panel: 

Can artificial intelligence stop hackers? One crucial advantage that artificially intelligent defense systems would have is the ability to react instantly in real time. “You cannot have humans in the mix,” said Symantec CTO Amit Mital. By the time people recognize and take action to combat a hack, it’s often too late. Read more on Fortune.com. (And here’s another take from O’Keefe involving corporate boards, too.)

ELEVATED PRIVILEGES

Google led a $100 million series c round of funding in the cybersecurity firm CrowdStrike.

Insider risk analytics startup RedOwl raised $17 million in series b funding. (Fortune exclusive.)

Security software firm Rapid7 raised $103 million in its IPO.

Symantec and Frost Data Capital announced a cybersecurity startup incubator partnership.

In-Q-Tel vice president Aaron Hughes has been appointed the Pentagon’s deputy assistant secretary of defense for cyber policy.

Cyprian Intel chief Andreas Pentaras resigned after his agency was caught using Hacking Team spy software.

RECON

Who says data breaches aren’t good for business? Investors pumped $1.2 billion into cybersecurity startups in the first half of 2015.

The OPM hackers stole more than one million fingerprint records. And you can’t reissue a fingerprint.

Award-winning Snowden documentary filmmaker sues the U.S. government. Laura Poitras wants to know why she’s been detained more than 50 times at airports since 2006.

Automakers unite to prevent cars from being hacked. Ford, General Motors, and others will join forces to create a center for sharing information and analysis.

Leadership lessons from the OPM data breach. #3: Don’t downplay the problem.

Spam email is dying! But other money-making schemes, like ransomware, are taking its place.

Black Hat publishes its first-ever attendee research report. Most security pros say they their organizations are understaffed and ill-equipped when it comes to digital defense.

UCLA Health System gets hit with a data breach. The records of nearly 5 million patients may be affected.

Forget-me-not. Its not just criminals that want to have their histories stricken from Google’s record.

The U.S. is losing the new (cyber) cold war. As one inspector general puts it: “We’re trying to put a Band-aid on a carotid artery that’s been severed.” (Paywall)

Germany will penalize critical infrastructure groups with poor cybersecurity practices. Fines can reach as high as 100,000 euros.

A not-so great escape. Infamous Mexican druglord “El Chapo” broke free from prison in what may be history’s longest escape tunnel.

A massive earthquake will devastate the Pacific northwest. The question isn’t “if,” but “when.”

TREATS

Siri, HELP! Secret 9-1-1 iPhone commands.

NSA censorship typeface. Redacted.

Shakespearean encryption. Wherefore art thou cryptography?

Plutonian data. A 16-month-long beaming…

Hello, Miss Moneypenny. Facebook virtual assistant.

Ride with hitchBOT. San Fran or bust!

EXFIL

Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)”

A June email from Hacking Team CEO David Vincenzetti described a hypothetical scenario in which the internal communications of his surveillance software firm are leaked to the notorious whistleblowing website. The ironic comment came to light after his company was royally hacked, and its emails were released—where else—on WikiLeaks.