Cyber Week in Review: January 29, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Press speculation gives misleading account of attack on Israel Electric Authority. Israel’s Electricity Authority, and not its power grid, was the target of a cyberattack this week. Employees of the agency, Israel’s utility regulator, opened emails that infected their computers with ransomware. What consisted of no more than a phishing attack on government employees was reported by the media to be an attack against the country’s electrical grid. The misunderstanding is thought to be rooted in a statement made by Israel’s Minister of Infrastructure, Energy and Water, Yuval Steinitz, who told Cybertech conference attendees in Tel Aviv that a “severe cyberattack” was ongoing against the utility regulator. The reporting of this attack is a prime example of how, even as cyberattacks become more prevalent—including actual attacks on the power grid, such as the recent incident in Ukraine—media coverage of cyber incidents frequently continues to be confused or misleading.

2. Search engine highlights problems with Internet of things. Intimate glimpses of thousands of individuals’ private lives can now be viewed by all thanks to Shodan, which launched a tool that allows users to access any webcam that isn’t password-protected. Computer security researchers have long used Shodan to identify Internet-connected devices that perhaps shouldn’t be--like certain industrial control systems. Shodan’s ability to find unprotected webcams is probably the tip of the iceberg with the Internet of things. As more and more manufacturers build devices such as refrigerators, home alarm systems and cars that connect to the Internet, the likelier it will become for just about anyone to find them online and access them. 

3. Amendments to Judicial Redress Act could complicate Safe Harbor negotiations between the United States and European Union. The U.S. Senate is considering a bill--the Judicial Redress Act-- that would grant EU citizens the same privacy protections as people in the United States. The act is the centerpiece of negotiations between the United States and European Union to replace the Safe Harbor framework invalidated last fall. The bill, headed for the Senate floor, has a provision that could prove problematic for the negotiations. Inserted by John Cornyn (R-Tx), the provision requires the U.S. attorney general to certify that participating countries do not have policies that “impede the national security interests of the United States.” Although negotiators from both sides have said they want to release Safe Harbor 2.0 by the end of the month, the amendment may make it difficult to come to an agreement that would satisfy the standard set by the Court of Justice of the European Union in its ruling last October.

4. Does the self-declared Islamic State have an encrypted messaging app? Islamic state militants have allegedly created an app called Alrawi, which purportedly encrypts communications to evade foreign intelligence services. Ghost Security Group, an organization that claims to fight the Islamic State online, first brought attention to the app earlier this month, but has been unable to provide a version of Alrawi that has any cryptographic abilities. The Daily Dot--the online news website--looked into the claim and found that the app was impossible to find online and that all supposed screenshots of Alrawi were actually images of other apps.

5. Head of the NSA’s Tailored Access Operations unit speaks publicly. Rob Joyce, the chief of the NSA’s Tailored Access Operations--the unit that develops the tools NSA uses to access foreign networks to gather intelligence-- explained his group’s methods, the steps they take to break into systems and the challenges they face. Joyce gave his remarks at the USENIX Enigma conference, which took place this week in San Francisco. You can view his full remarks here.