Cyber Saturday—Massachusetts Gas Fires, Credit Freezes, Snowden Reassessment
Robert Hackett
Updated
On Thursday evening, 60 suspected gas fires broke out in three Massachusetts towns north of Boston. Naturally, people wondered about the cause.
Some accounts on Twitter began to speculate, baselessly, that the explosions were the result of hacking. One hacker-activist with a large following stoked the rumor mill by asking whether anyone else suspected the fires “might be some kinda of cyber attack targeting SCADA systems?” (SCADA systems, or supervisory control and data acquisition systems, refer to industrial control hardware often used in power plants.) Another Twitter account followed this up with an unsupported claim that U.S. agencies were “looking for traces of weaponzied stuxnet virus,” referring to a malware program, widely attributed to U.S. and Israeli intelligence agencies, that knocked out Iranian nuclear centrifuges in the aughts.
Industry professionals swiftly tamped down on the unsubstantiated gossip. Rob M. Lee, CEO and founder of Dragos, a startup that specializes in industrial cybersecurity, approached the incident with characteristic level-headedness. “[T]hese events sadly happen and cyber is often the least likely answer,” he wrote in a tweet. “[T]he folks involved will be focused and thorough to find the root cause. I.e. wait.”
Kudos to the cooler heads, like Lee, who urge caution while officials sort this mess out. I tend to agree with Kevin Mandia, CEO of cybersecurity firm FireEye, who told a Senate committee this week that frequent talk of an impending “cyber Pearl Harbor”—a theoretical attack that could cause national power outages—distracts from the real threat. As Mandia put it, “I believe that our nation is more likely to face an enduring, more protracted cyber campaign akin to ‘cyber trench-warfare.'”
Indeed, and so often that trench warfare takes the form of disinformation run amok online.
***
The ransacking of Equifax has had at least one positive outcome. Next week a federal law kicks in that will force the big three credit bureaus—Equifax, Experian, and TransUnion—to provide fee-less “security freezes,” hold orders on credit files that help prevent identity theft. Starting on Sept. 21, the credit bureaus will no longer be allowed to charge for the service—a long overdue reform. Brian Krebs, an investigative cybersecurity journalist, has a nice write-up of the upcoming policy change on his website.
Have a great weekend.
Robert Hackett
@rhhackett
robert.hackett@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
Baby, you can drive my car. Researchers at KU Leuven University in Belgium figured out how to clone the wireless key fobs of Tesla’s Model S luxury sedans. All that’s needed: about $600 in equipment and proximity to the fob to be impersonated. The devices intercept and decrypt cryptographic keys transmitted via radio, causing the cars’ doors to unlock and motors to start.
There’s a worm in my Apple.Motherboardinvestigated Apple’s bug bounty program and found that some security researchers are beginning to submit vulnerabilities in iOS software to the company. Other security researchers reported that they had not yet received payment for their submitted findings. (Apple declined to comment to Motherboard.)
I want you for the U.S. Army. After Stanford University professor Fei-Fei Li stepped aside as Google Cloud’s head of AI earlier this month, Google hired Andrew Moore, dean of computer science at Carnegie Mellon University, to fill the role. Li had objected to Google’s plan to supply image processing technology to military drone programs for the U.S. Business Insidernotes that Moore co-chairs an AI task force for the Center for a New American Security think tank, a group with strong military ties.
Cold War redux. Sergei Skripal, a Russian intelligence officer recruited by the British in the ’90s, was recently poisoned along with her daughter. The UK believes they have identified the foreign agents who are alleged to have carried out the attack: two supposed military intelligence officers from Russia. The suspects have denied the charge, claiming to be tourists. On the heels of the attack, U.S. officials are now rushing to secure former Russian informants living in America.
This summer, the fifth anniversary of Edward Snowden’s revelations about NSA surveillance passed quietly, adrift on a tide of news that now daily sweeps the ground from under our feet. It has been a long five years, and not a period marked by increased understanding, transparency, or control of our personal data. In these years, we’ve learned much more about how Big Tech was not only sharing data with the NSA but collecting vast troves of information about us for its own purposes. And we’ve started to see the strategic ends to which Big Data can be put. In that sense, we’re only beginning to comprehend the full significance of Snowden’s disclosures.
Cryptoanarachy, a history. In the Bay Area during the ’90s, a philosophical system originated that sought to elevate the rights of the individual above all else, law included. Proponents of this techno-libertarianism dreamed of breaking free from the oversight of governments and corporations by using new technologies, such as encryption and peer-to-peer networking. Breaker, a newly launched digital magazine, recounts the strange history of this political strain.
