Cyber Week in Review: May 25, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Rogue Cyber State? In recent weeks, cybersecurity researchers following the digital breadcrumb trail have concluded that the WannaCry ransomware attack’s code and infrastructure share many similarities with previous cyberattacks linked to the Lazarus Group, a North Korean affiliated criminal hacking syndicate. The group is responsible for the 2014 attack on Sony Pictures and stealing $101 million from Bangladesh’s central bank in a cyber heist earlier year. However, the link is inconclusive: researchers analyzing WannaCry’s ransom messages in different languages found that the hackers were most  likely native-Chinese speakers (the Korean-language message, on the other hand, appears to be copied from Google Translator).

No matter who is behind WannaCry, and whether they’re affiliated with North Korea, the WannaCry attack has renewed international focus on North Korea’s cyber activity. A Reuter’s investigative report this week found that a special cell of the country’s spy agency called Unit 180 is likely behind a number of the country’s successful cyber operations, which includes infiltrating South Korean government networks, hacking financial institutions, and targeting companies. According to a defector, North Korean hackers go abroad to utilize better internet connection and increase plausible deniability when launching cyber operations.

2. Hacking Back Legislation Under Consideration. In the wake of WannaCry, a new bipartisan bill would allow companies and individuals to retaliate against hackers. “Hacking back” or active defense is currently illegal in the United States, though proponents have been pushing the idea for some time. According to the bill’s co-sponsor, Rep. Tom Graves, “hacking back” would’ve prevented WannaCry from hitting hospitals and companies by giving people the means to “to defend themselves online, just as they have the legal authority to do during a physical assault.” However, cybersecurity experts worry that “hacking back” gives cyber victims the wrong tools. The bill would be like  “putting more gunfighters out in the street in the Wild West,” NSA Director Michael Rogers said on Thursday. In general, retaliation in cyberspace is difficult given the challenge of attribution and finding a proportional response. Writing in Harvard Business Review, Cory E. Thomas called active defense “akin to lobbing grenades from your front yard, hoping to get lucky and hit an attacker you haven’t seen as they flee the scene of the crime.”

If the legislation is passed, companies and individuals will be empowered to strike back against the next WannaCry-style attack, or they could just stop using outdated operating systems.

3. EU Moves Against Hate Speech on Social Media. European Union ministers approved a plan on Tuesday that would obligate social media companies curb hate speech on their platform. The law, if approved by the European Parliament, would be the first time companies like YouTube, Twitter, and Facebook would be liable for incendiary and hateful content. While social media giants have been resistant to censoring content online, growing concern about fake news and hate speech have made the companies more receptive to action. Last year, Facebook, Twitter, YouTube, and Microsoft signed a EU commitment to removing hate speech within 24 hours (though the EU Justice Commissioner found that they have failed to live up to their promise). In the lead-up to the French election, Facebook took an active approach towards fake news in the country, deleting 30,000 fake accounts purveying misinformation.

4. Google’s Go-Diplomacy: Ever since AlphaGo, an algorithm created by Google’s artificial intelligence (AI) arm, defeated South Korea’s top Go player earlier this year, the Chinese internet has been abuzz about a showdown between China’s top Go players and their AI nemesis. This week Chinese players finally got a chance to size themselves up against AlphaGo. At the three-day summit in Wuzhen, AlphaGo bested Ke Jie, the world’s reigning Go champion, three times in row, before making quick work of a team of China’s top five players.

Go, or the “encircling game” in Chinese, is a strategy-based board game created during the Zhou dynasty, which remains popular in Asia. Researchers had previously thought that Go’s complexity meant that mastery of the game was outside the reach of AI for the foreseeable future. After Google’s AlphaGo rolled onto the scene earlier this year, Chinese players have been slow to accept that a computer could beat them.  Ke Jie notably dissed AlphaGo last month, claiming he’d outmatch the computer if they ever met.

More than just a game of Go, Google’s summit was a deliberate overture to China. The search-engine giant has had a fraught relationship with China. Google pulled out of the country in 2010 after it refused to censor search results, effectively shutting itself out of the world’s most populous market. Despite signaling interest in returning to China, Google has faced an frosty response from China’s internet regulators. While Google Go-diplomacy probably won’t win over regulators, it could help raise the company’s profile among China’s young engineering talent. Indeed, although regulators blocked organizers from live-streaming the Go summit, AlphaGo has received much attention online.