This Week’s [in]Security – Issue 53 - Anniversary Edition
Welcome to the first anniversary edition of This Week’s [in]Security. This week we take a look back at the last year in security, the big stories,...
4 min read
David Gamey : Mar 20, 2018 10:07:00 PM
We've been following security and breaches for a long time and they have been getting unquestionably worse. While mega-credit card breaches seem to have been falling off lately, other industries like healthcare, research analytics, and financial services have quickly taken their place. Last year was a record breaker for vulnerabilities and data breaches. We thought that Equifax was about as bad as it could get short of an all-out cyber-war. In light of recent events, that opinion now looks optimistic.
The big news that has emerged over the weekend and on Monday, March 19th is a breach or theft of data from Facebook by Strategic Communications Laboratories and Cambridge Analytica. It's not so much the scale of the breaches as Equifax is currently about 3 times larger. It is the very nature and exploitation of the breach/theft. If the reporting on this is accurate, this is far more disturbing than the neglect and apparent incompetence that led to the Equifax breach. The reporting not only hints at neglect and disinterest but carries strong suggestions of criminal activity. Currently, Facebook is aggressively investigating the incident and Cambridge have denied these claims.
What is certain at this point is that both Facebook and Cambridge need to do some serious explaining. It's not just that Cambridge took the data but also that Facebook appears to have known and been less than forthcoming about what they knew. There will be multiple inquiries and investigations in many countries. There will also be lawsuits and possibly criminal trials; as well as calls to put limits on tech companies or possibly break them up. Lastly, even if Facebook naively trusted a researcher who lied and cheated, there will be demands for changes.
Another thing that is certain is that Cambridge Analytica's role in the Brexit vote will raise questions in the UK. Their association with the Trump campaign in the 2016 US elections and connections to political figures like Steve Bannon, a one-time VP with Cambridge, and Donald Trump will further intrigue and add fuel to the already fragmented US political scene. Reporting indicates the Muller investigation will also be looking into Cambridge.
Finally, investigative journalists in the UK went undercover and have video of Cambridge executives talking about setting up opponents to look like they're corrupt or involved with prostitutes and leaking videos on the Internet. Cambridge is denying it, claiming it was a setup and that they were lured into a "hypothetical discussion."
Taken together and if accurate, Cambridge may have gone far beyond just targeting election ads. They may have actively manipulated and deceived the public. They may possibly be real "fake news."
Based on what has been reported to date, if accurate, we'd be surprised if Cambridge Analytica can survive as a company. Facebook too may be wounded even if it is too large to be killed. Even if the US doesn't take action against Facebook, other jurisdictions can. Several states with breach disclosure laws may act and the EU already has a tense relationship with Facebook.
One thing that is certain is that there is a lot more to this story and we will be hearing about it for a long time to come. What follows is a summary of news articles which should get you started. Keeping up on this will surely challenge everyone given the rate of new articles that keep appearing.
Cambridge Analytica, Strategic Communications Laboratories, and SCL Elections (all related) used a personality app to profile approximately 270K Facebook Users, using a further "loophole" they were able to gather information on another 50M users without asking for any consent, these were in turn used to generate over 30M psychographic profiles. The company has further been denying this for years.
Facebook denies this was a breach, confirms that Cambridge stole it's data, and shuts out the whistle-blower, Strategic Communication Laboratories, and Cambridge Analytica
Cambridge Executives, including CEO Alexander Nix, caught on video discussing extortion, entrapment, and fake news
Several investigations are in progress including Massachusetts, UK prime minister's office, the EU,
Welcome to the first anniversary edition of This Week’s [in]Security. This week we take a look back at the last year in security, the big stories,...
Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news, opinions, and research. Quickly skim...
In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below: