Cybersecurity and Cyberwarfare

Apple ruled that Facebook's data-security app violated Apple's data-collection policies designed to limit data collection by app developers. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising. The app, called Onavo Protect, has been available as a free download through Apple’s app store for years, with updates regularly approved by Apple’s app-review board.

[Commentary] US officials have often said that the United States has unrivaled offensive cybercapabilities. Why hasn’t that deterred anyone? It’s simple. The United States is so reliant on computer networks that we’re afraid to launch a tit-for-tat exchange in cyberspace. We need to get tougher and more inventive. In the hope of inspiring others’ imagination, here are a few options that belong in the US toolkit:

The Russian military intelligence unit that sought to influence the 2016 election appears to have a new target: conservative American think tanks that have broken with President Trump and are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights. Microsoft detected and seized websites that were created in recent weeks by hackers linked to the Russian unit formerly known as the G.R.U.

Privacy and security online continue to be major issues for Americans, according to a National Telecommunications and Information Administration survey conducted by the US Census Bureau. Nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks in 2017, while a third said these worries caused them to hold back from some online activities. About 20 percent said they had experienced an online security breach, identity theft, or a similar crime during the past year.

The Trump administration has moved to give the military more latitude to conduct offensive cyber operations against American adversaries, continuing an effort begun in 2017 to grant commanders more leeway to make battlefield decisions. President Donald Trump on Aug 15 signed an order delegating authority to the defense secretary to use cyber tools and techniques to disrupt or degrade an adversary’s network or choke off attacks underway, loosening rules established under the Obama administration.

Four Democratic representatives are pressing Federal Communications Commission Chairman Ajit Pai for answers about the FCC's misidentification of a flood of network neutrality comments as a distributed denial of service (DDoS) attack, specifically when he and others at the FCC found out about the inaccurate diagnosis. The Reps suggested that there were only two options: that Chairman Pai already knew it was not a DDoS attack but had not shared that information, or that he was ignorant of it, which they suggested would be "dereliction of duty."

The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors’ physical movements as they use websites and apps. Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices. The data collection is invisible to those being watched.

President Donald Trump has made it official: Government contractors can't buy equipment from Chinese telecoms ZTE or Huawei as part of those contracts, and must submit a plan for phasing out the use of that equipment from its systems. That came with President Trump's signature of the John S. McCain National Defense Authorization Act and after the companies were called out by top US intelligence officials as tied to the Chinese government and thus a national security threat.

Democratic lawmakers weren’t happy with the Federal Communications Commission inspector general concluded that the agency "misrepresented facts and provided misleading responses to Congressional inquiries" regarding an outage of the FCC’s online commenting system.