from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: March 18, 2016

China Cyber Net Politics

March 18, 2016

China Cyber Net Politics
Blog Post

More on:

China

Cybersecurity

Intelligence

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Are you a laid-off PLA hacker looking for work? There has been an uptick in ransomware-based attacks on computers in the United States coming from China in recent months, four cybersecurity firms said this week. According to the firms, the ransomware appears to be the work of “a known advanced threat group from China” and display a level of sophistication similar to that by previous intrusions attributed to state-sponsored groups. This is unusual because ransomware is typically used by criminals, not government hackers. Some have suggested that following last year’s agreement between President Obama and Chinese President Xi Jinping to not support cyber-enabled theft of intellectual property for economic gain, Chinese government hackers have had to turn to other avenues to make some cash. Whether that’s true remains to be seen, especially given that there’s some evidence threat actors are increasingly turning to false flag operations to frustrate attribution efforts.

2. Updates in the Apple-FBI case. The Apple-FBI fight over encryption continues to work its way through the court system as more public figures have come out in support of both sides. Last weekend at SXSW, President Obama urged Apple to not “take an absolutist view” of “fetishizing our phones above every other value.” Comedian John Oliver did a whole segment on the issue, concluding that “strong encryption has its costs,” but “the risks of weakening encryption, even a little bit, even just for the government, are potentially much worse.” Apple’s lawyers filed more court documents saying “the government misunderstands the technology” and that the founding fathers “would be appalled” by the FBI’s request. And Apple engineers told the New York Times they would rather quit their jobs than write the code the government is asking for. Net Politics contributor Alex Grigsby and I even weighed in with an op-ed in the Washington Post. Simultaneously, a similar storm is brewing between the Justice Department and WhatsApp, the world’s most popular messaging app and a Facebook subsidiary. The Department of Justice is trying to figure out what to do when law enforcement officers have a lawful warrant to wiretap calls made with the app, but are stopped by encryption. Welcome to the future, everyone.

3. Encrypt all web traffic! Google released a new section of its transparency report to specifically focus on the deployment of HTTPS, a mechanism that allows web browsers or applications to encrypt its connection with a website. According to the report, a little over 75 percent of all Google server requests are encrypted and the five countries that request the most encrypted connections are Mexico, Brazil, Japan, India and the United Kingdom. Interestingly, the report not only examines Google’s own traffic but also surveys the use of HTTPS in the top 100 sites on the web that, according to Google, account for 25 percent of all web traffic. Of the 100, only about 33 use modern HTTPS and encrypt their traffic by default. Want to see if your favorite websites offer encryption? Check out the full list here.

4. A new type of commercial attaché. The Department of Commerce announced that it is piloting a "Digital Attachés" program, with the aim of helping U.S. companies navigate "digital policy and regulatory issues in foreign markets and expand exports through global e-commerce channels." The program seems targeted at small and medium enterprises that are less likely to have in-house regulatory affairs and compliance officers to help them navigate potential trade barriers, such as data localization and lawful access requirements.

Up
Close