Data Sheet—Saturday, December 5, 2015
When president Barack Obama shook hands with Xi Jinping, his Chinese counterpart, on an economic cyber espionage truce in late September, the world wondered about its implications. Would the pledge fundamentally change Sino-American relations in cyberspace, or was it merely the pretense for a photo-op during Xi’s first state visit to the White House? No one could say for certain.
Reports so far have been mixed. Following those anti-hacking accords, the California-based cybersecurity firm CrowdStrike released a report linking cyber intrusions at several U.S. companies to Chinese actors. Anonymous government officials, on the other hand, told the Washington Post recently that they had indeed seen a reduction in hacking activity originating from China. Time will tell which is the truer state of affairs.
Putting this question aside for a moment, another outcome of that meeting suggests that the entente was not in vain. The Obama-Xi olive branch yielded fruit this week. On Tuesday and Wednesday, officials from both states met in Washington, D.C., to chart a path forward on how best to collaborate in combating cybercrime. The talks appear to have been productive, although details on what exactly they accomplished remain skimpy. Among the highlights though: the creation of a so-called hotline between the two states that will allow them to coordinate and cooperate during cybercriminal investigations. More diplomatic discussions are set to resume in the summer.
Separately, I contributed a few cybersecurity forecasts for the coming year in the latest issue of Fortune magazine. I predict, for instance, that the present cyber-startup boom-times face an impending extinction event, leading to a slew of quiet “tuck-in” acquisitions. Give the list a perusal here. Whether you agree, disagree, or have predictions of your own for 2016, I would love to hear your thoughts.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.
Feds investigate San Bernardino shooters' digital trail. Authorities trying to determine whether a mass killing in Southern California should be categorized as a terrorist attack or workplace violence have collected electronic evidence the homicidal couple left behind. The items include thumb drives, computers, and cell phones, but the killers had no obvious social media accounts. (Washington Post)
Target settles data breach lawsuit. The retailer is nearing a resolution for the claims of payment card issuing banks that were affected by the company's massive hack, disclosed in Dec. 2013. The proposed amount owed—$39.4 million—requires court approval. Roughly half the sum will go to banks, and the other half will go to MasterCard. (Fortune)
Toymaker hack bigger than expected. A cyberattack targeting the Hong Kong-based digital toy company VTech exposed data on 6.4 million children and 4.9 million adults. Although the personal details could be worth millions of dollars, the hacker who claimed responsibility said he had no plans to do anything with the looted info. (Fortune)
Hackers breach Australian government computers. Chinese hackers reportedly gained access to the Australian Bureau of Meteorology's computer network, as well as other government agencies that link to it. The weather bureau neither confirmed nor denied the cyber intrusion in a statement posted to its website. (Fortune)
Kazakhstan mandates encryption backdoors. In order to the surveil the country's Internet traffic, the post-Soviet state has decreed that all citizens must install a "national security certificate" on their devices. The certificate acts as a backdoor, allowing the government to snoop on anything a person does online. (ZDNet)
BlackBerry exits Pakistan. The Canadian handset designer said it will vacate the country after failing to reach an agreement with the Pakistani government regarding access to customers' encrypted communications. BlackBerry plans to shut down the servers it has based there before the end of the year, according to the company's chief operating officer. (Fortune)
Secretive spy court appoint five advisors. The Foreign Intelligence Surveillance Court, a shadowy federal group that oversees U.S. intelligence activities and green-lights certain investigations, has named a handful of lawyers as amici curae, or "friends of the court." The appointees will offer expertise on technical and legal matters, and serve as a check-and-balance on the current system. (The Hill)
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Is the Syrian war linked to climate change? The authors behind a key scientific paper connecting the two weigh in.
Prince Charles, Secretary Kerry, President Obama and many others were spot on when they recognized that a drought made more severe by climate change, occurring in a country already heavily strained, was one important factor contributing to the onset of the Syrian war.
As the authors of one of the key scientific papers underpinning this claim, we wish to summarize this case to the reader: After decades of water mismanagement and inefficient farming practices, Syria experienced a drought from 2007-10 more severe than previously seen. Those in the country’s breadbasket region of the northeast were largely crippled by crop failure, and the persistence of the drought forced many to relocate from their rural villages to the outskirts of Syria’s cities. Read more on Fortune.com.
Or is the association erroneous? A Heritage Foundation senior fellow and former deputy assistant secretary of defense gainsays the assertion.
The claim is always carefully hedged, but clearly the White House wants us to believe that climate change—once it really kicks in—will create or exacerbate all sorts of national security problems, including terrorism. It’s a great technique for generating a sense of urgency.
But the rhetorical construct, while interesting, is weak.
There seems to be no strong quantitative (i.e., empirical) evidence to prove a cause-and-effect relationship between changes in the climate and conflict. Moreover, as others have noted, how humans respond to change—be it climate change or any other type of change—is a matter of choice, not destiny. Read the rest on Fortune.com.
Supercomputing's future. Achieving 10 exaflops. (IEEE Spectrum)
Credit monitoring or security freeze? A.K.A. locks versus alarms. (Krebs on Security)
Come on, Barbie. Let's go party? (Fortune)
Moral cryptography. Math against mass surveillance. (University of California, Davis)
Random Darknet Shopper. An art exhibit. (Ars Technica)
Top VC Says Gene Editing Is Riskier Than Artificial Intelligence by Stacey Higginbotham
It's a Great Time to be a Ghostwriter by Anne VanderMey
Human Brains Are Wired to Blame Rather Than Praise by Hilary Brueck
This is Phil Schiller's Grand Unified Theory of Apple by Philip Elmer-DeWitt
ONE MORE THING
How should governments deal with encryption? Here's how Israel has been coping with the technology since the '70s. (Lawfare)
"Among the cases discussed included the one related to the alleged theft of data of the U.S. Office of Personnel Management by Chinese hackers. Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected."
China's official news agency Xinhua, reporting on diplomatic cybersecurity talks between the U.S. and China this week. The dialogue, an outcome of Chinese president Xi Jinping's first state visit to the U.S. in September, addressed ways their law enforcement agencies might cooperate on fighting cybercrime, including the establishment of a hotline. U.S. officials have not confirmed whether they agree with China's assessment about the digital ransacking of the Office of Personnel Management. (Xinhua)