Skip to Content

Threat Sheet—Saturday, August 1, 2015

Welcome to the Cyber Saturday edition of Data Sheet! Fortune reporter Robert Hackett here, filling in for your regular host Heather Clancy.

This week: A single text can hack nearly every Android phone, the attackers that broke into the Office of Personnel Management’s databases allegedly also breached United Airlines’ networks, and security experts alternatively delighted and distressed over the debut of Windows 10. Stay safe, and have a great weekend.

Have feedback? Reach me on Twitter (@rhhackett) or via email robert.hackett@fortune.com. Or if you have a real juicy tip, let’s chat off-the-record through a messaging service like Cryptocat or Jabber. You can find me at rhhackett@jabber.ccc.de, fingerprint: F225E829 13846232 0709A43A 1ECB83D3 BDDFF6A7. (We can always use good old-fashioned PGP encryption, too.)

TOP INTELLIGENCE

Android’s Faustian deal. This week we learned of a terrible bug in Google’s Android operating system that can compromise nearly every Android phone. (It’s bad, yes.) And even though Google has already delivered patches to its partner phone-makers, the problem remains largely unfixed.

Here’s the bigger bug though: the Android ecosystem’s inability to promptly push software updates to customers through its dawdling manufacturer middlemen. This is the devil’s deal that Google has struck in order to win market share, as my peer Lorenzo Franceschi-Bicchierai at Vice Motherboard relates. To become the dominant platform, Google has had to relinquish control, letting others handle such updates as they see fit.

To be sure, Google does a lot in terms of security for its users. But if you’re on the fence shopping for a new smartphone, know the trade-offs. You may end up, like Franceschi-Bicchierai, switching teams.

THREATS

The White House strikes back. The Obama administration has vowed to retaliate—somehow, somewhere, sometime—for the recent cyberattack against the federal Office of Personnel Management. Though the U.S. hasn’t formally identified the attackers, the smart money is on China.

United Airlines hacked. Security pros suspect that the perpetrators behind a data breach at the world’s second-largest airline are the same ones who infiltrated the U.S. government’s HR agency and the health insurer Anthem. Coincidentally, Symantec just released a new report on the hacking group, which it has dubbed “Black Vine.”

Is Windows 10 more secure? A new feature in Microsoft’s latest operating system has some people concerned. The system backs up users’ encryption keys to the company’s cloud service OneDrive by default. That’s helpful, sure. But it could also make for a prime target for hackers.

ACCESS GRANTED

Fortune contributor David Z. Morris reveals how freight thieves are turning to lives of cybercrime.

The ease of falsifying trucking entities is illustrated by the case of father-and-son heist team Jon and Kyle Dickerson. They operated a string of cover operations over fourteen years, with names including D&T Trucking, Night Line Trucking, and Fish and More. When one company racked up safety violations or otherwise came under suspicion, they just started a new one. Read more on Fortune.com.

ELEVATED PRIVILEGES

Cybersecurity firm Blue Coat, owned by Bain Capital, acquired the cloud security company Perspecsys for an undisclosed sum.

Washington attorney and Obama fundraiser Glenn Gerstell has been tapped to become the NSA’s new top lawyer.

Next generation anti-virus company Cylance raised $42 million in a Series C round of funding led by DFJ Growth.

RECON

Here’s a secret NSA map that pinpoints Chinese cyber invasions in the U.S. Let’s all move to North Dakota, I guess?

Pakistan kicks BlackBerry to the curb for “security reasons.” Another blow for the struggling phone-maker.

Hackers can change the target of Internet-connected sniper rifles. Ready, aim, re-aim, fire…

The NSA will delete its bulk telephone metadata archive. In T-minus four months when the spy agency ends its dragnet.

General Motor’s OnStar system has a vulnerability. The security researcher calls his exploit “OwnStar.”

Elon Musk, Stephen Hawking, Steve Wozniak, and others want to ban AI-enabled weapons. Remember that hacked Sniper (above)?

Google Cloud goes BYO-Key. The search giant’s cloud offering will now let you bring your own encryption keys.

I beg your pardon? The Obama administration has, unsurprisingly, swatted down a petition requesting NSA-leaker Edward Snowden be pardoned.

 

TREATS

Fax bomb. Now that’s what I call a paper trail.

Tor libraries. Exit nodes brought to you by…taxpayers.

Bitcoin tycoon cuffed. Does Mark Karpeles have the missing Mt. Gox loot?

Strong encryption advocacy. From unlikely government security veterans.

Want to delete yourself? Good luck.

 

EXFIL

“If in 30 to 40 years, God forbid, we’re no longer No. 1, are we really going to take the same approach to get to first place—that we’ll never do [corporate espionage]? I’m dubious of that.”

A speculation put forth by CrowdStrike cofounder and CTO Dmitri Alperovitch at an Atlantic Council event this week. Perhaps the U.S. might change it’s tune about economic espionage, Alperovitch mused, if the country fell from its privileged position in the world economy.