Friday Five: 2/09 Edition



Olympic hacking, bug bounties, and data regulation -- catch up on the week's infosec news with this roundup!

1. Should Data Scientists Adhere to a Hippocratic Oath? by Tom Simonite

Another thought piece from Wired on data regulation. Last week an author contended data should be treated like a commodity, like oil or grain. This week Tom Simonite wonders whether an ethics code, something like a Hippocratic Oath, for data scientists should be implemented. The idea behind the concept is that it would keep machine learning systems honest, or at least within ethical bounds. “We have to empower the people working on technology to say ‘Hold on, this isn’t right,’” DJ Patil, chief data scientist for the United States under President Obama, told Simonite this week.

2. US, International Law Enforcement Shut Down Massive Cybercrime Marketplace by Jai Vijayan

A big win for the DOJ this week following the shuttering of Infraud, an online forum Deputy Assistant Attorney David Rybicki called "the premier one-stop shop for cybercriminals worldwide." It wasn't hyperbole; the collective behind the forum was responsible for $500 million in losses. Over the course of seven years the forum’s members targeted more than 4.3 million credit cards and bank accounts too. Krebs, per usual, has a thorough breakdown of the site, including screenshots, for those looking to learn more.

3. Report: Over 90% Of Domains Are Prone To Domain Name Fraud by Lucian Armasu

Some troubling news when it comes to email security this week. At least according to one study carried out by two companies, Agari and Farsight, which discovered 99 percent of the sites they looked at didn't use DMARC. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email authentication protocol. Without it, it's easier for attackers to spoof companies in spam emails, something which could trick victims into logging into sites, opening malicious attachments, or surrendering sensitive data.

4. Winter Olympics’ Security on Alert, but Hackers Have a Head Start by Nicole Perlroth

Naturally the New York Times has the Winter Olympic Games - which kicked off this week in Pyeongchang - covered from all angles, even the cyber angle. Nicole Perlroth digs into how many computer systems have already been targeted by attackers and which ones might be next. There’s no breaking news here; hackers gonna hack, but it's a good read that recaps where things stand geopolitically with some key insight from FireEye's John Hultquist added in for good measure.

5. PSA: If Your Security Starts and Ends With Bug Bounties, You're Gonna Have a Bad Time by Thomas Claburn

Props to The Register for distilling this week's Senate's subcommittee on consumer protection, product safety, insurance, and data security down to one concise idea: Bug bounty programs are all well and good but they're no silver bullet. "Everyone has gotten so enamored of bug bounties that they maybe have forgotten other investments in security that they should do first or alongside bounty programs,” one of the panelists, Katie Moussouris, the founder/CEO of Luta Security said at the hearing. "They're not a cost effective replacement for penetration testing,” she added. Those looking for more on this should check out this excellent Twitter thread from Katie. Her statement is a good read too.

Chris Brook

ANALYST REPORTS

KLAS DLP 2017 Performance Report

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with nearly a decade of experience writing about information security, hackers, and privacy. Prior to joining Digital Guardian he helped launch Threatpost.