“The Human Factor of Cybersecurity” with Sherrod DeGrippo (Ep. 215)

The Human Factor of Cybersecurity with Sherrod DeGrippo (Ep. 215)

“The ‘Human Factor‘ of Cybersecurity” with Sherrod DeGrippo (Ep. 215)

Proofpoint’s Sherrod DeGrippo joined Joe Miller on the WashingTECH Podcast to discuss malware, the Emotet threat, and the human factor of cybersecurity.

News Roundup

Bio

Sherrod DeGrippo (@sherrod_im) is the Sr. Director of Threat Research and Detection for Proofpoint, Inc. She leads a worldwide malware research team to advance Proofpoint threat intelligence and keep organizations safe from cyberattacks. With more than 15 years of information security experience, Sherrod successfully directs her 24/7 team to investigate advanced threats, release multiple daily security updates and create scalable threat intelligence solutions that integrate directly into Proofpoint products.

Resources

Human Factor Report (Proofpoint, 2019)

Russia hacked the Ukrainian company at center of impeachment

The New York Times reported Monday that Russia’s infamous Main Intelligence Unit formerly known as G.R.U, which is accused of working closely with Cambridge Analytica to interfere with the 2016 presidential election, hacked into the emails of Burisma, Ukraine’s largest natural gas producer which is at the center of president Trump’s impeachment. Former Vice President Joseph Biden’s son, Hunter Biden, served on Burisma’s board from 2014, until his term expired last year, a position for which Biden was compensated up to $50,000 per month. The articles of impeachment against Trump allege that Trump bribed Ukrainian President Vloymyr Zelensky by conditioning the $391 million in military aid already earmarked for Ukraine on Ukraine’s investigation into Trump’s unsubstantiated claim that Hunter Biden engaged in malfeasance during his time on Burisma’s board. Both the Ukrainian prosecutor who said that he saw no wrongdoing by Biden and the Ukrainian prosecutor who replaced him issued a joint statement in October of last year stating that they did not find any evidence of wrongdoing by Biden.

The security firm Area 1 reports that Russian hackers conducted a phishing operation in which they created pages that appeared to be Burisma internal pages and tricked employees into entering their usernames and passwords, which gave the Russian’s access to Burisma’s network. It is not clear what information they obtained, but officials believe the hack was intended to find embarrassing information about Hunter Biden, given its timing amidst the impeachment investigation, as well as reports by the New York Times that Russian spies are conducting operations on the ground to gain access to Burisma in the physical world in order to achieve the same goal.  Most Republicans in Congress currently deny that Trump should be removed from office, and zero republicans in the House voted for the articles of impeachment to move forward.

Facebook holds forth on political misinformation policy

Facebook persists in maintaining its corrosive political advertising policies, including the policy which allows politicians to microtarget false statements in their political ads. The company says it will soon allow users to limit the political ads they see and offer more details about the ads. The company has announced a ban on deepfake videos. Federal Election Commission Chairwoman Ellen Weintraub called the response weak.

Twitter has banned political advertisements altogether and Google is allowing political ads but not microtargeting.

White House recommends hands-off approach for discrimination in AI

Despite concerns raised by major civil rights groups over the last few years about the discriminatory effects of AI bias, and research showing the discriminatory effects of AI in determining things like creditworthiness, making hiring decisions, and many other areas, the White House released a set of AI Regulatory Guidelines during the Consumer Electronic Show last week, which take a relatively hands-off approach to addressing discrimination in AI.

Overall, the guidelines discourage regulations. Consider this phrase on page 5 of the guidelines:  “When considering regulations or non-regulatory approaches related to AI applications, agencies should consider, in accordance with law, issues of fairness and non-discrimination with respect to outcomes and decisions produced by the AI application at issue.” What the White House is saying here is that agencies “should” consider – it’s optional – the outcomes and decisions produced—so not what goes into making the applications or addressing the fact that most of the people developing AI applications are not African-American, Hispanic, Latino, Southeast Asian, or Native American – but only the outcomes. This recommendation therefore means … let’s take a hands-off approach—let’s not develop standards for how AI applications are developed—let’s just take a wait and see approach—if they have harmful effects, we’ll go ahead and wait until someone spots those effects before we do anything about it.

And it’s not like the guidelines don’t make strong recommendations in other areas … Agencies “MUST”, for example, report on the outcomes of stakeholder engagements and  “identify existing regulatory barriers to AI applications …” So we’ve got a double-standard of a set of guidelines that mandate pre-emptive approaches to address regulatory barriers to the development of applications, but not barriers to say, you finding a job, or getting a mortgage, or getting Tinder matches who aren’t Ayn Rand enthusiasts. And the guidelines make no mention of civil rights at all.

Barr asks Apple to unlock the Pensacola shooters iPhone

U.S. Attorney General Bill Barr has asked Apple to unlock the iPhone belonging to Mohammed Saeed Alshamrani, the Saudi air force member who shot and killed 3 American sailors in Pensacola last month.  Apple has refused. The dispute is the latest chapter in an ongoing saga between Apple and law enforcement officials that began when the FBI sought to compel Apple to unlock the iPhone belonging to Syed Farook, terrorist who murdered 14 people in San Bernadino in 2015. Federal law enforcement officials abandoned that effort after finding an alternative way to gain access.

Ivanka Trump speaks at the Consumer Electronics Show, met with resistance

Despite a warm reception from the crowd at the Consumer Electronics Show last week, White House adviser and daughter to the president Ivanka Trump was met with scorn and criticism, under the hashtag #BoycottCES from women and tech workers who said she didn’t belong there. The Hill reported for example that game developer and Congressional candidate Brianna Wu took exception to the fact that Ms. Trump is not a woman in tech and criticized the Consumer Electronics Show’s “lazy” attempt to achieve speaker diversity by selecting her as a speaker.

House passes 5G bills to ensure U.S. dominance over China

Finally, The House of Representatives passed 3 bills last Wednesday which would allow data speeds of up to 100x of what we currently have. The bills will also give the United States more say in how 5G is developed internationally by, for one, requiring the Secretary of State to hire a telecom adviser. Both parties signed on to the bills nearly unanimously.