TOPIC:  LEAKS



Source: Mackenzie Weinger for thecipherbrief.com

In the three years since the news first broke of Edward Snowden’s trove of leaked National Security Agency documents, debates have raged in the public sphere and within the intelligence community over the contents of what he revealed and what they mean for privacy, transparency, and the future of surveillance.

The Cipher Brief spoke to half a dozen top former NSA officials, cybersecurity experts, and privacy advocates to assess the legacy of the Snowden leaks. As each year passes, Snowden personally becomes less and less relevant, according to the observers, but the issues raised by the leaks remain crucial to discussions revolving around privacy, intelligence, and national security.

For those once in the intelligence community, Snowden’s actions still rankle. Grave concerns remain over his stay in Russia, what may exist in the remaining documents he took, and how to try to breach the divide that has emerged between the government and the technology industry in the wake of the disclosures.

But the impact of the leaks on legislation and government reform has been decidedly lackluster, with most surveillance powers revealed by Snowden left largely intact. Critics also say the conversation Snowden accelerated — although a necessary one — was badly distorted by the disclosures. And intervening events with other actors, such as this year’s Apple-FBI debate over encryption, continue to push Snowden further and further from relevance.

“The Snowden affair seems to have really faded a lot in this last year,” David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said. “We are not resolving some of the deep underlying issues in a way to protect privacy and human rights. He didn’t really help move the political needle one way or another, and that fading effect is just going to continue.”

The legacy of the leaks

Three years on, what have been the biggest impacts of the Snowden leaks? Experts and former top officials point to the losses in intelligence collection and trust — between the IC and the

TOPIC:  TECHNOLOGY


 


Source:  Kris Holt for Technewsworld.com

Welcome to Gadget Dreams and Nightmares, where we gather up the latest gadget announcements, roll them in a burlap sack, and mosey on down to the beach for an afternoon. Yes, we're excited summer is finally here.

In this week's sunny ray of riches are Google's voice-activated at-home assistant, a gesture-controlled lamp, and headphones that analyze your ears for optimal sound.

As always, these are not reviews, and the ratings are less an indicator of quality than of how eager I am to have these things in my hands or discover how well they can understand my Scottish brogue.

Google Breaks In

Not quite content with Nest controlling how warm your domicile is and Chromecast taking charge of what you watch, Google is moving further into your physical world with its connected home hub, the creatively named "Home."

Taking a page or 10 out of Amazon Echo's book, Home is a blend of a smart speaker and a personal assistant, which you control using your voice. It can handle the types of queries Google Now (and its successor, Google Assistant) can take on -- from simple questions like what's on your schedule for the day to more complex ones about the history of your favorite sports team. Home apparently can hold a conversation, as it is able to answer follow-up questions without additional context.

TOPIC:  CYBER DEFENSE




Source:  Nathan Braschi for Wired.com

THE NEXT AMERICAN president will be tasked with deterring foreign government-sponsored cyber attacks against US citizens and companies. And under the current system, that task will be next to impossible. Cyber war is on the rise, from Russian cyber soldiers knocking out the power grid in Ukraine to Iranian hackers compromising American dams to Chinese agents stealing trade secrets from U.S. defense, technology, and pharmaceutical companies (to say nothing of the theft of millions of records from the Office of Personnel Management).

President Obama has threatened to retaliate against egregious cyber attacks with bombs and missiles, but as a former military man myself, I don’t think even a President Trump would have the gall to actually push the button.

Right now the government’s options for responding to cyber attacks are retaliation, sanctions, or, in very rare cases, individual indictments. These are insufficient for deterrence and ill-suited to the speed and reality of cyber warfare. Deterrence requires a credible threat. In the middle ages, kingdoms ensured the enforcement of peace treaties by exchanging their princes as hostages. In the Cold War, we had the doctrine of mutually assured destruction. Now we need something new. What if there was a way to deter cyber attacks by automatically hitting countries that launch them right where it hurts—in the wallet? What if Wall Street could solve a challenge that has confounded Silicon Valley and the NSA for years? Enter our unlikely hero: sophisticated financial instruments. Specifically, a kind of securitized cyber insurance that I will call Cyber Bonds.

The Idea

Securitized insurance began with catastrophe bonds engineered in the wake of Hurricane Andrew in 1992. Hurricanes, like cyber attacks, are expensive to insure conventionally given that claims are not independent and often catastrophic. Catastrophe bonds solve this problem by securitizing the risk and passing it on to a wide pool of investors. The bonds pay handsome coupons to investors in seasons when natural disasters don’t happen, and liquidate the investment principal to pay for damages in seasons when they do.

TOPIC:  HACKING/MALWARE



Source:  Pierluigi Paganani for Cyberdefense Magazine

Experts at the BAE security firms collected evidence that demonstrates the malware used in the recent cyberheists is linked to 2014 Sony Pictures hack.

A second bank was a victim of a malware-based attack, the news was recently confirmed by the SWIFT. The investigation conducted by the security researchers at BAE Systems are making the situation very intriguing because according to experts the cyberheist at the Bangladesh Bank, and at an unnamed commercial bank in Vietnam are linked could be linked to the clamorous Sony Pictures hack.

At the time of the Sony hack, the US authorities blamed the North Korea for the attack, the Obama administration decided to exacerbate the economic sanctions against 10 senior North Korean officials and three entities of the country.

At this point we have two options, the North Korea is targeting the global financial or we are in front of a false flag operation conducted by someone that is conducting a diversionary operation relying on the code used in the Sony hack.

Security experts Sergei Shevchenko and Adrian Nish from BAE Systems have collected evidence of the link between the malware used in the recent cyber attacks against the financial institutions and the malicious code used to compromise Sony Pictures systems in 2014.

The security duo has demonstrated that the malware used in the attacks against the banks relies on the same wiper component.

“The implementation of this function is very unique – it involves complete filling of the file with the random data in order to occupy all associated disk sectors, before the file is deleted. The file-delete function itself is also unique – the file is first renamed into a temporary file with a random name, and that temporary file is also deleted.” states the analysis published by the experts.