Trump’s election denialism saw him retaliate in a way that isn’t just putting the remainder of his presidency in jeopardy, it’s already putting the next administration in harm’s way.
In a stunning display of retaliation, Trump fired CISA director Chris Krebs last week after declaring that there was “no evidence that any voting system deleted or lost votes, changed votes or was in any way compromised,” a direct contradiction to the conspiracy-fueled fever dreams of the president who repeatedly claimed, without evidence, that the election had been hijacked by the Democrats. CISA is left distracted by disarray, with multiple senior leaders leaving their posts — some walked, some were pushed — only for the next likely chief to stumble before he even starts because of concerns with his security clearance.
Until yesterday, Biden’s presidential transition team was stuck in cybersecurity purgatory because the incumbent administration refused to trigger the law that grants the incoming team access to government resources, including cybersecurity protections. That’s left the incoming president exposed to ongoing cyber threats, all while being shut out from classified briefings that describe those threats in detail.
As Biden builds his team, Silicon Valley is also gearing up for a change in government — and temperament. But don’t expect too much of the backlash to change. Much of the antitrust allegations, privacy violations and net neutrality remain hot button issues, and the tech titans resorting to cheap “charm offenses” are likely to face the music under the Biden administration — whether they like it or not.
Here’s more from the week.
THE BIG PICTURE
Apple and Facebook spar over privacy — again
Apple and Facebook are back in the ring, fighting over which company is a bigger existential threat to privacy. In a letter to a privacy rights group, Apple said its new anti-tracking feature will launch next year, which will give users the choice of blocking in-app tracking, a move that’s largely expected to cause havoc to the online advertising industry and data brokers.
Given an explicit option between being tracked and not, as the feature will do, most are expected to decline.
Apple’s letter specifically called out Facebook for showing a “disregard for user privacy.” Facebook, which made more than 98% of its global revenue last year from advertising, took its own potshot back at Apple, claiming the iPhone maker was “using their dominant market position to self-preference their own data collection, while making it nearly impossible for their competitors to use the same data.”
Here’s the difference: one company’s dominance protects consumers, the other’s exploits them.
🍎🍊
— Melanie Ensign (@iMeluny) November 20, 2020
Facebook isn’t wrong, per se. Apple is expected to make $11 billion from advertising by 2025. But the company had been lauded over its rivals for being better than most on its privacy practices. Granted, Apple’s business model relies on hardware sales and not the sale of data — like Facebook and Google. That’s where Apple has its own problems — like standing up to China’s human rights abuses.
Apple’s latest letter comes two years after chief executive Tim Cook first called out Facebook over its data collection.
Google found seven bugs under active attack, but won’t say why
In the past month, Google’s elite group of security researchers Project Zero have found a number of vulnerabilities never seen before — known as “zero-day” bugs, since companies have no time to push out a patch. These bugs targeted Windows PCs, iPhones, Android decides, Windows and Chrome browser users. The flaws are being actively used by hackers, and Vice reported the flaws are linked, suggesting the attacks are part of the same campaign or used by the same hackers.
And yet, Google won’t say anything more about the attacks. We don’t know who these hackers are, what they’re targeting or even who they’re targeting. That information could help victims protect themselves. All we know is that the attacks are hitting victims in a “targeted” way and that they were not related to the election.
The kinds of attacks that are able to traverse different apps and platforms shows a level of skill higher than most. But although rare, these cross-platform attacks are not unheard of. Last year, hackers used two Firefox zero-day bugs against Coinbase employees, likely in an effort to steal cryptocurrency. Another set of zero-days were used to target Uighur Muslims, likely under orders of the Chinese government. The attacks had entirely different motivations, leaving experts scratching their heads.
MOVERS AND SHAKERS
Twitter has hired Peiter Zatko, a.k.a. Mudge, to head up cybersecurity at Twitter. As the company’s new head of security, Zatko will report directly to chief executive Jack Dorsey. His hiring comes after a number of high-profile security incidents at the company, including a breach that saw hackers hijack high-profile accounts to spread a cryptocurrency scam, a handful of separate security lapses and Saudi spies siphoning off account information of the kingdom’s biggest critics.
According to Reuters, Zatko will examine “information security, site integrity, physical security, platform integrity — which starts to touch on abuse and manipulation of the platform — and engineering.” So that’s basically everything. Zatko previously worked at Stripe, Google and DARPA, the U.S. government’s research and development agency, but he is best known for his work as a member of Cult of the Dead Cow, a prominent hacking group during the 1990s that released Windows hacking tools that contributed to Microsoft taking security more seriously than it had been.
Zatko is the latest cybersecurity hire, following Rinki Sethi, who joined Twitter in September as its chief information security officer.
$ECURITY $TARTUPS
Security giant Cisco has bought container security startup Banzai Cloud for an undisclosed sum. The company, founded in Budapest in 2017, developed a Kubernetes-based platform that helps companies and enterprises build and deploy cloud-native applications. Cisco said in a blog post that the acquisition will help its cloud efforts.
And, Abnormal Security has raised $50 million in a Series B round to combat business email scams. The company, founded by Evan Reiser and Sanjay Jeyakumar, curiously has no women on its leadership page, except for a stock photo. When asked, Abnormal’s Ted Liao said about one-third of the company’s employees are women, and is “actively focused on carrying this diversity forward to our leadership team.” That’s barely acceptable for a seed-round startup, let alone one that’s been around for two years.
Send tips securely over Signal and WhatsApp to +1 646-755-8849.
Comment