The Weekly Newsletter of The George Washington University Cyber Security and Privacy Research Institute
Quick Links
Contact Us
CSPRI in the News
Trey Herr, Senior Research Associate, sat down with NBC News this week to discuss the latest coordinated cyber attacks on US infrastructure. Watch here
Follow Us
Follow us on Twitter:
@gwCSPRI
 
Follow CSPRI co-Director, Lance Hoffman:
@lancehoffman1

Follow CSPRI co-Director, Costis Toregas:
@DrCostisToregas  
March 28 , 2016
EVENT RECAP: 
Cybersecurity, Encryption, "Going Dark",
and the Broader Issues 

Phone with eye behind it from NYT
Andrew Sondern, 
The New York Times

Last Thursday, we hosted experts in law, policy and academia to discuss the implications of the ongoing Apple v. FBI  battle over iPhone encryption. Speakers weighed the risks of creating national security blind-spots, infringing upon constitutional rights, and paving a way for hackers to access 
and control citizens' devices. Here is the recording:



S peakers also argued about ways to safeguard data privacy concerns. The next day, the Christian Science Monitor Passcode  reported that the FBI claimed to be working with an anonymous "third party" to gain access to the San Bernardino shooter's iPhone. Sources identified Cellebrite, a major player in the growing mobile forensics market, as the FBI's key to unlocking Apple devices. Does Cellebrite really have the answers the FBI has been looking for? Will this new development cool off a growing debate between the tech community and the US government? See Cellebrite's user-friendly data extraction demo here:
 
 
For more technical detail on how the forensic analysis might be done (and effectively bypass Apple's 10-strikes-and-you're-out safeguard) click here.  
Cyber Security and Privacy News
  • The Justice Department said last week that it might no longer need Apple's assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year, The New York Times reported. "The disclosure led a judge to postpone a court hearing over the issue and temporarily sidesteps what has become a bitter clash with the world's most valuable publicly traded company," Katie Benner and Matt Apuzzo wrote. "In a new court filing, the government said an outside party had demonstrated a way for the F.B.I. to possibly unlock the phone used by the gunman, Syed Rizwan Farook. The hearing in the contentious case - Apple has loudly opposed opening the iPhone, citing privacy concerns and igniting a heated debate."
  • The Justice Department has unsealed indictments against seven Iranians - allegedly working on behalf of the Iranian government, including the Iranian Revolutionary Guard Corps, a branch of Iran's armed forces - who are suspected of conducting distributed denial-of-service attacks against dozens of American banks as well as attempting to seize control of Bowman Dam outside New York City, reports GovInfoSecurity.
The DoJ also brought criminal charges against three alleged members of the Syrian Electronic Army - a hacking group that supports embattled Syrian President Bashar al-Assad - for a years-long campaign of digital attacks, The Washington Post reports. "The charges against 22-year-old Ahmad Umar Agha, also known as 'The Pro' online; 27-year-old Firas Dardar, whose online name is 'The Shadow'; and 36-year-old Peter Romar, known by the alias Pierre Romar, were unsealed Tuesday," wrote Ellen Nakashima and Andrea Peterson. "Agha and Dardar were charged with a criminal conspiracy in relation to a string of attacks targeting media companies, as well as various government agencies.
  • The Federal Trade Commission has issued warnings to 12 Android app developers that use audio beacons to track consumers across their devices and monitor TV viewing habits, according to the Electronic Privacy Information Center (EPIC). "The smartphone apps contain Silverpush software that constantly listens for inaudible signals emitted by TV commercials and secretly collects and transmits viewing data," EPIC notes. The organization says the announcement appears to be a response to two earlier complaints filed by EPIC with the Commission. EPIC previously urged the FTC to limit cross-device tracking technology that links consumers' smartphone activity with what they see on their laptop or television.
  • Verizon's latest Data Breach Digest includes an interesting anecdote about an unnamed water utility that experienced a cyber attack that reportedly altered the chemical settings on a water treatment plant. Softpedia reports that the water utility "noticed that, for a couple of weeks, its water treatment center was behaving erratically, with chemical values being modified out of the blue." Read more here. The Verizon Breach Digest is downloadable here.
Ironically, while the Verizon unit that published that breach digest is responsible for helping organizations respond to and clean up the mess from cybersecurity breaches, Verizon was forced to acknowledge its own breach last week. Investigative reporter Brian Krebs contacted Verizon Enterprise after reportedly encountering someone on a cybercrime forum selling the entire customer contact database for 1.5 million Verizon Enterprise customers. Verizon confirmed that intruders had used a vulnerability in the Verizon Enterprise portal to steal the customer data. Read Krebs's full story here.

The Cyber Security and Privacy Research Institute (CSPRI) is a center for GW and the Washington area to promote technical research and policy analysis of problems that have a significant computer security and information assurance component. More information is available at our website, http://www.cspri.seas.gwu.edu.

Heading
Heading
Heading
Heading
Heading
Upcoming 
Cyber Security & Privacy Events
Click  here for detailed descriptions

- Mar. 29, 8:00 a.m. - 4:30 p.m. ,
Insider Threat Development Training  

- Mar. 29, 1:00 p.m. - 4:00 p.m.
Meeting of the Privacy Multi-stakeholder Process on Facial Recognition 
Technology

-
Mar. 30, 8:30 a.m. - 11:15 p.m. , 
Public Policy Briefing on Privacy Regulation After Net Neutrality
 


Mar. 31, 9:00 a.m. -
10:30 p.m.
,
Decoding the Encryption Dilemma: A Conversation on Backdoors, Going Dark, and Cybersecurity
 

Mar. 31, 4:00 p.m. -  5
:30p.m
,  
Cyber Risk Thursday: Smart Designs for Smart Homes
 
 

Apr. 1, 10:00 a.m. - 12 noon
,
The Emerging Law of 21st Century War 
 
 
- 
A
pr. 5, 
Billington Cybersecurity International Summit


About this Newsletter
 
This newsletter is a weekly summary of events related to cyber security policy and research, with a special focus on developments and events in the Washington, DC area. It is published by the Cyber Security and Privacy Research Institute (CSPRI) of the George Washington University. CSPRI is a center for GW and the Washington area that promotes technical research and policy analysis of topics in or related to cybersecurity and privacy. More information is available at our website, http://www.cspri.seas.gwu.edu
 
CSPRI 
202 994 5613. cspri@gwu.edu
Tompkins Hall,  Suite 106
725 23rd Street NW
Washington DC, DC 20052