Cyber Week in Review: August 12, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. New advanced malware platform found in the wild. Computer security researchers announced the discovery of a complex and stealthy cyber espionage platform active since 2011. Russian firm Kaspersky has baptized it Project Sauron (after a Lord of the Rings reference was found in its code), U.S. firm Symantec is calling it Strider, and Chinese anti-virus company Qihoo 360 is calling it APT-C-16. The platform is notable given that is capable of collecting information from air-gapped computers, uses a modular structure that allows attackers to customize their exploit method based on the selected target and to avoid detection, and its operators are very discriminate in the targets they compromise (only thirty targets over the last five years). As usual, none of the security companies are speculating on Sauron’s authors. Nevertheless, the smart money says the United States may be behind it given Sauron’s choice of targets (entities in Russia, Iran, the Caucasus, and China) and the similarity between the newly discovered platform and other espionage platforms believed to be the National Security Agency’s handiwork such as Duqu, Flame, and Equation.

2. Facebook tries again to provide cheap internet access in India and wants to bypass your ad-blocker.  Several months after India blocked Facebook’s Free Basics program, which was a controversial plan to give the poorest users free access to only limited parts of the internet, also known as zero-rated internet services, the company is moving ahead with a plan to provide inexpensive wi-fi in rural parts of the country. A pilot version of the program, which is called “Express WiFi,” has been rolled out in 125 locations, in partnership with local internet service providers. While Facebook plans to offer Free Basics through the wi-fi, it’s unlikely the service will be zero-rated, as that would bring the same regulatory challenges that shot down the program earlier this year. Facebook also announced this week that it will circumvent ad-blocking tools on Facebook so that it can serve advertisements to all users. The company says that it intends to make ads less intrusive and irritating, which it believes are the primary factors driving people to use ad-blockers. Adblock Plus, one of the most widely-used ad-blockers, quickly released a statement condemning the move, and by Thursday had updated their service to circumvent Facebook’s circumvention tool. But just as fast, Facebook rolled out new code circumventing Adblock Plus’s circumvention of Facebook’s circumvention.

3. I see your bug bounty and raise you. Last week, Apple joined the increasing number of tech companies offering financial compensation to security researchers that inform the Cupertino company of flaws, also known as bugs or vulnerabilities, in its software. The logic behind such bug bounty programs is that they incentivize researchers to sell their discovered bugs and exploits to Apple instead of selling them on the black market, where government agencies and criminal groups buy them up for offensive or defensive purposes. Apple said that it would pay a maximum of $200,000 per vulnerability. Not to be outdone, this week Exodus Intelligence, a vulnerability broker that sells to governments, announced it would pay up to $500,000 for a vulnerability in iOS 9.3, the latest operating software for Apple’s mobile devices.

4. Courts rejects internet-related terrorism case. On Wednesday, a U.S. district court dismissed a lawsuit filed against Twitter by Tamara Fields, whose husband was killed by a terrorist in Jordan in November 2015. The case, filed in January, accused Twitter of providing “material support” to terrorists by giving them a platform for spreading propaganda that radicalized the man who shot Fields’ husband and another U.S. citizen. The judge ruled that there was no clear link between “Twitter’s provision of accounts to ISIS and the deaths of Fields and Creach [the other man killed in the attack].” While social media platforms in the United States are exempt from liability for terrorist content under Communications Decency Act, there are a number of legal challenges facing platforms in their fight against terrorist propaganda and recruiting online, an issue CFR Adjunct Senior Fellow David Fidler looked at in a Cyber Brief last year.