Skip to Content

Threat Sheet—Saturday, July 25, 2015

Welcome to the Cyber Saturday edition of Data Sheet! Fortune reporter Robert Hackett here, filling in for your regular host Heather Clancy.

This week: Pro hackers wirelessly took control of a Jeep mid-drive, users of infidelity site Ashley Madison got hot under the collar, and law enforcement authorities caught people allegedly linked to last summer’s JPMorgan hack. Stay safe, and have a great weekend.

Have feedback? Reach me on Twitter (@rhhackett) or via email robert.hackett@fortune.com. Or if you have a real juicy tip, let’s chat off-the-record through a messaging service like Cryptocat or Jabber. You can find me at rhhackett@jabber.ccc.de, fingerprint: F225E829 13846232 0709A43A 1ECB83D3 BDDFF6A7. (We can always use good old-fashioned PGP encryption, too.)

TOP INTELLIGENCE

Baby you can hack my car. This week two veteran security researchers played puppet-master, taking control of a Jeep Cherokee from miles away with a bit of wireless wizardry. While the stunt’s hairy theatrics commandeered the conversation, I wrote that I was primarily disappointed with Fiat Chrysler’s response.

Then yesterday, the company announced a voluntary recall for 1.4 million of its potentially vulnerable cars. That’s a great step forward. Among other improvements, auto-manufacturers need to establish a process that automatically pushes software updates to their connected cars; otherwise, many vulnerabilities will go unfixed.

If you happen to own one of these vehicles, keep an eye out for a memory stick from Fiat Chrysler, or download and install the update yourself here. Whatever you do, please remember to patch your system. That, or stay off the road—for everyone’s sake.

THREATS

An affair to remember. Hackers threatened to release the stolen records of millions of users of the adulterous (and morally questionable) dating network Ashley Madison. That’s bad news for would-be cheaters. And for Ottawans, 1-in-5 of whom are apparently registered on the site.

JPMorgan data-robbers apprehended? Israeli and FBI authorities arrested four men linked to the cyberattack on the bank last summer (another remains at large). Details are hazy—they’ve been nabbed for other financial crimes—but if these men were involved in last summer’s data heist, then the event may represent a rarity in cybersecurity, since most crimes go unpunished.

 

ACCESS GRANTED

To secure your job from existential cyber threats, read this adaptation from Humans are UnderratedFortune senior editor at large Geoff Colvin’s new book. (It’s also our latest cover story.)

The emerging picture of the future casts conventional career advice in a new light, especially the nonstop urging that students study coding and STEM subjects—science, technology, engineering, math…. As infotech continues its advance into higher skills, value will continue to move elsewhere. Engineers will stay in demand, it’s safe to say, but tomorrow’s most valuable engineers will not be geniuses in cubicles; rather they’ll be those who can build relationships, brainstorm, collaborate, and lead. Read more on Fortune.com. (Or buy the book.)

ELEVATED PRIVILEGES

Microsoft is reportedly buying Israeli cybersecurity startup Adallom for $320 million.

Baltimore-based cybersecurity startup Terbium Labs raised $3.7 million.

The Defense Information Systems Agency, which provides combat communications support, has a new director in Lt. Gen. Alan Lynn.

Securities hub Depository Trust & Clearing Corporation, announced the appointment of its first chief security officer, forrmer Experian information security chief Stephen Scharf.

RECON

In the U.S. government’s fight against hackers, it’s pretty obvious who is winning. (New York Times)

FTC calls consumer data protection company Lifelock a liar. Again. (Fortune)

Photo service manager PNI Digital media possibly breached. Retailers like Costco and Sam’s Club have closed their photo printing stores as a precaution. (Reuters)

U.S. won’t name China in OPM breach. Even though the Obama administration is almost certain the country is responsible. (Daily Beast)

Drone-delivered spyware. Boeing subsidiary Insitu tossed around the idea with Italian spy-tool firm Hacking Team. (The Intercept)

South Korean suicide note. The deceased national intelligence service officer allegedly swore his team didn’t spy on citizens during election season. (New York Times)

Should Edward Snowden be hanged? Former Senator Saxby Chambliss thinks so. (BuzzFeed)

Microsoft issues an emergency patch. You know the drill: Update your Windows systems.

Lockheed Martin could sell part of its cybersecurity unit. It recently agreed to buy United Technologies’ Sikorsky helicopter business for $9 billion. (Washington Post)

“Whoops,” says Department of Homeland Security Secretary Jeh Johnson. He used Gmail at work. (Politico)

Prepare for a cyberattack. The FBI is sensing hints of a plot to come. (Wall Street Journal)

TREATS

Global 500. China is on the rise. (Fortune)

KGB echoes. A fractious security state. (The New Yorker)

Ladybits. Are not machines. (Refinery29)

ID, please? That’ll be $20. (Quartz)

Trunk releases. A kidnapper’s bane (Atlas Obscura)

Cold War maps. Soviet-era cartography. (Wired)

EXFIL

“We did, you know, attack you—but we did it in as safe a way as we could.”

A dubious reassurance offered by car-hacker Charlie Miller after he and his associate hijacked Wired stunt man-reporter Andy Greenberg’s Jeep on a public highway. (Er, was that really the safest way possible?)