from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: October 27, 2017

This week: Twitter blocks RT and Sputnik ads, debate at ICANN over WHOIS, and Bad Rabbit.

October 26, 2017

The Twitter application is seen on a phone screen. Thomas White/Reuters
Blog Post

More on:

Cybersecurity

Digital Policy

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. You can keep tweeting, you just can't pay us to spread your message. Twitter announced that it is banning advertising content from RT and Sputnik, two Kremlin-backed news outlets, which together spent a total of $1.9 million on ads on the site since they became advertisers in 2011. Twitter also announced that it will start labeling political ads by placing a purple marker next to the paid content and include the name of the sponsor. Twitter’s move could be seen as preemptive given that two Democratic Senators recently introduced legislation that would require digital platforms to keep a public record of political ad spending and their sponsors. For its part, the Russian foreign ministry was not amused by Twitter singling out Russian news outlets. A spokesman said that the blocking of RT and Sputnik was a “flagrant" violation of "both international and domestic legislation guaranteeing freedom of expression.” It is unlikely that the ad ban will make much of a difference in the way Russian propagandists use Twitter to spread their messaging given that most of their efforts leverage bots and troll accounts, not advertising.

2. ICANN, GDPR, and WHOIS walk into a bar. ICANN and its constituents are having a hard time reconciling their operations and fulfilling the requirements of the European Union's new privacy law, the General Data Protection Regulation (GDPR), according to the Register. Under ICANN rules, all domain registries must collect basic information on those who buy domain names, including the purchaser's name, address, and contact details, which is then put in the WHOIS system and makes the information public. At least two Dutch registries that manage the .amsterdam and .frl domain names argue that their WHOIS obligations are incompatible with the GDPR, and will no longer make domain registration information public. Law enforcement and intellectual property owners like the public WHOIS system as it allows them to access registration data of a domain used for criminal or infringing activity. The issue is likely to come up at ICANN's next meeting, which starts next week in Abu Dhabi.

3. We’ve seen this before… Organizations in Russia and former Soviet republics, including Ukraine, were hit with ransomware, similar to the WannaCry and NotPetya incidents that occurred in May and June. The new malware is dubbed Bad Rabbit and uses code leaked from the National Security Agency (NSA) to spread according to Cisco. The Shadow Brokers, a group responsible for leaking a number of NSA tools since 2016, dumped the exploit used in Bad Rabbit, known as EternalRomance, back in April. This is the third time this year that leaked NSA exploits have wound up in ransomware.

Up
Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close