Tech Friday


  • Senators push a bipartisan bill to force technology companies to put a price on your data:
    • Technology companies are making big money from user data, but most people don't understand what data is collected or how much that data is worth
    • If you're not paying with money, you're paying with data. You're the product, not the customer
    • The term surveillance capitalism was coined to describe this business model
    • New bipartisan legislation seeks to compel these companies to assign a dollar value to your information, disclose the value, and disclose what they are collecting
    • "For years, social media companies have told consumers that their products are free to the user. But that's not true – you are paying with your data instead of your wallet" - Senator Warner
    • The "Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (Dashboard) Act" was recently introduced by Senator Josh Hawley (R) and Senator Mark Warner (D)
    • According to the bill, companies with more than 100 million monthly active users must file an annual report on the value of the data collected as well as any deals they have with third parties
    • They would also have to disclose the types of data gathered, how much it's worth, and allow users to delete all or parts of their data
    • The bill makes the Securities and Exchange Commission (SEC) responsible for designing the methodology calculate the the value of the data
    • Facebook is one of the tech titans that has had several privacy issues and has been facing heat since the Cambridge Analytica scandal
    • In a recent interview regarding the bill, Warner targeted Facebook, saying the social media platform knows more about its users than the government does
    • When asked about this bill, Facebook said "We look forward to continuing our ongoing conversations with the bill's sponsors"
    • Here's a video of Senator Warner discussing this topic:https://www.youtube.com/watch?time_continue=15&v=AkyMgn4MYgs
  • Researchers show that Presidential warnings are "easy" to spoof:
    • Spoofing: "A fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security." - Technopedia
    • The US Wireless Emergency Alert (WEA) system was launched in 2006
    • WEA is typically used at a local level to warn about bad weather and missing children
    • Last year the system was used to test a "presidential alert" and security experts raised concerns about the possibility of hacking the system
    • 8 University of Colorado (UoC) researchers have demonstrated sending spoofed WEA messages using portable mobile phone base stations and specially crafted software
    • The researchers said "Fixing this problem will require a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers"
    • The attack exploits the WEA protocol, and researchers said "The spoofing attack is easy to perform but is challenging to defend in practice"
    • UoC researchers demonstrated the ability to use 4 low-power base stations that could reach all the phones in a large stadium seating 50,000 people
    • "Fake alerts in crowded cities or stadiums could potentially result in cascades of panic" wrote the UoC team
    • The UoC research team has contacted phone manufacturers, telecommunication industry groups and federal agencies to warn them about the issue and to help seek a fix for it
  • US and Iranian hackers skirmish in Cyberspace:
    • Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), issued a statement on June 22 about increasing cyberattacks led by Iran and it's proxies
    • CISA is responsible for protecting critical US infrastructure
    • Hackers believed to be working for the Iranian government have targeted US government agencies and a wide variety of industry sectors according to representatives of cybersecurity companies CrowdStrike and FireEye
    • Many of these attacks are based on spear-phishing emails
    • The warning from Krebs followed close on the heels of similar warnings from private US cybersecurity companies
    • Krebs said CISA is "aware of a recent rise in malicious cyber activity” by Iranian actors against US companies and government agencies
    • CISA specifically warned about "wiper" attacks that steal data and then destroy it
    • Iran has increased its cyberattacks against US targets including critical infrastructure as tensions have grown between the two nations
    • So far it, it is not known if Iranian hackers have managed to gain access to targeted networks
    • Since President Trump lifted Presidential Policy Directive 20 from the Obama administration, US operators have the green light to attack
    • US operators are also attacking Iranian targets. Iranian officials have said the attacks were unsuccessful, while US officials have called the attacks "very" effective
    • US operators say they have hacked Iranian spies involved in recent oil tanker attacks in the Persian Gulf
    • Technology is changing war because hacking tends to level the playing field. In the real world, Iran can't compete with US military superiority, in cyberspace, Iran can inflict damage inside the US.
    • Countries that are more connected and technology dependent are more vulnerable
    • You can read CISA Director Christopher Kreb's statement here on Twitter:https://twitter.com/CISAKrebs/status/1142520000135278594