National Consumers League

The #DataInsecurity Digest | Issue 70

The FCC 'hack' that never was; U.S. thought to be nation most vulnerable to hacking

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Concern that John Bolton’s decision to eliminate the White House’s cyber coordinator position continued to grow this week, with more experts speaking out that the move could leave the United States more vulnerable to hacks. The FCC continues to face questions over the alleged hack of its complaint database after internal emails revealed that Commission staff purposely mislead the media to think that the database was hacked (rather than reveal it had simply crashed from the overwhelming number of net neutrality comments submitted by the public).

Facebook remained in hot water after news came to light that it potentially violated its FTC consent decree by sharing users’ personal data with device manufacturers--even after users opted out of having their data shared.

And now, on to the clips!

-----------------

Cyber experts and lawmakers worry that Bolton’s decision to fire cyber coordinator will hurt U.S. cyber efforts. @ericgeller reports that “Both Republicans and Democrats are expressing concern that the White House is rudderless on cybersecurity at a time when hostile nations’ hackers are moving aggressively, inspiring fears about disruptive attacks on local governments, power plants, hospitals and other critical systems.” The consensus among lawmakers, former officials from the White House, the intelligence community, and the departments of Justice, Homeland Security, Defense and State “is that Bolton’s moves are a major step backward for the increasingly critical and still-evolving world of cyber policy.” (Source: Politico)

The FCC 'hack' that never was. In May of 2017, when the FCC was accepting comments on its plan to roll back net neutrality protections, Americans responded by flooding the FCC with comments in support of net neutrality. The deluge of comments was so large that the FCC’s comment collection system crashed. In the days that followed, the FCC would blame its inability to accept comments on hackers. @dellcam has now learned from internal FCC emails that senior FCC officials “purposely misled several news organizations, choosing to feed journalists false information, while at the same time discouraging them from challenging the agency’s official story...the agency conducted a quiet campaign to bolster its cyberattack story with the aid of friendly and easily duped reporters, chiefly by spreading word of an earlier cyberattack that its own security staff say never happened.” @dellcam reports that to sell their story, agency staff even spread misinformation about former Chairman Wheeler stating that he supposedly covered up a similar breach back in 2014. (Source: Gizmodo)

Facebook shares personal data with at least 60 device makers. “Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data.” In addition, @nytimes found that “Facebook allows the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing.” This revelation raises “concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission.” (Source: New York Times)

United States is the world’s most vulnerable-to-a-massive-cyber-attack nation. The report, conducted by Rapid 7 concluded that "The United States leads all other countries in the 2018 exposure rankings, scoring the highest in nearly every exposure metric we measure.” (Source: Rapid 7)

Only 23 percent of people understand that wearable devices and connected toys for children need to have security protection. This is problematic as the “data collected by cybercriminals paints a picture of the children’s lives, making them vulnerable to all kinds of cybercrime and potential attacks.” (Source: Forbes)

Breach du jour: 26 million Ticketfly users. The online ticket marketplace has been taken down by hackers, and 26 million of Ticketfly users have had their email address, home addresses, and phone numbers compromised. (Source: Motherboard)

Trump/Kim summit tests journalists’ cybersecurity IQ. Every journalist that was covering the historic summit received a goodie bag that included “a blue, innocent-looking mini USB fan. ... Not so hot about it was the information security community,” which warned that “the device could be a covert method of installing malware onto the computers of journalists covering the summit.” (Source: Mashable)

Events

August 9-12, 2018 - DEF CON 26 - Las Vegas, NV
DEF CON is the world's longest-running and largest underground hacking conference. Each summer, hackers, corporate IT professionals, and three-letter government agencies all converge on Las Vegas to absorb cutting-edge hacking research from the most brilliant minds in the world. (Source: DEF CON)

National Consumers League
Published June 14, 2018