from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: February 6, 2015

Anthem Cyber CFR Adam Segal Net Politics
Anthem Cyber CFR Adam Segal Net Politics

February 6, 2015

Anthem Cyber CFR Adam Segal Net Politics
Anthem Cyber CFR Adam Segal Net Politics
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • Anthem, the second largest health insurance company in the United States, announced it was the victim of a cyber incident which exposed some of the personal data of roughly eighty million customers. Anthem disclosed the breach to the FBI and the public within a few days of having discovered it according to the Wall Street Journal. Bloomberg quotes anonymous sources close to the investigation that claim that China is the early suspect given its history of going after rich data sources, such as insurance companies, to build profiles of its intelligence targets. As usual, China vigorously denied the claims, calling them "groundless."
  • The Office of the Director of National Intelligence gave an update on the implementation of President Obama’s 2014 policy directive to reform the United States’ foreign intelligence collection practices. Of note, the U.S. intelligence community will now routinely delete information collected on non-U.S. persons through signals intelligence after five years, unless the information meets a standing intelligence requirement. Critics of the NSA are not impressed. Kevin Bankston of the Open Technology Institute called the update “disappointingly mild, merely nibbling around the edges of the NSA’s vast surveillance authorities.” Just Security and Lawfare have their respective takes on the reforms here and here.
  • In what has been a steady stream of announcements that signal a further tightening of China’s control of the Internet within its borders, the Chinese Cyberspace Administration announced that users registering for online services (e.g. social media, web forums, cloud storage, e-commerce) will be required to do so with their real names and government-issued identification. China is not the first country to adopt such rules. South Korea implemented a similar policy in 2007 but it was struck down by its supreme court in 2012. The announcement comes the same week that the foreign ministers of China, Russia and India issued a joint communiqué in which they "underscored that sovereignty of a state over the Internet [...] should be respected."
  • Supporters of the Syrian government are using tried and tested social engineering techniques to lure opposition fighters into revealing their plans. The New York Times reports that Syrian government supporters are posing as women to contact opposition fighters with the hopes of getting them to download PDFs laced with malware. Once installed on a rebel’s phone or computer, the malware allows government supporters to rifle through the victim’s digital files, which can include information on the Syrian opposition’s strategy, battle plans, and supply requirements.
  • The White House released a new national security strategy. You can find my quick take on the cybersecurity portions here.