Cyber Saturday—Facebook Data Ownership, WhatsApp Phone Hack, 'Blockchain Week'

New York City’s just-concluded “blockchain week” was palpably more subdued than it has been in years past. (Or maybe I was just not invited back to the parties after my 2018 travelogue.)

In any case, I took a brief break from the madness of the Fortune 500 issue close to drop by the Consensus conference, the week’s marquee event, where I moderated a security-themed panel on Monday. My panelists were Tom Glocer, the lead board director of Morgan Stanley and former chief executive of Thomson Reuters, and Nadav Zafrir, the CEO of startup foundry Team8 and former head of the Israeli Defense Forces’ Cyber Command and Unit 8200, Israel’s equivalent of the U.S.’s National Security Agency. (For a recording, see video No. 15 here.)

Below are some soundbites from our conversation. I asked Glocer about a post he had published in the fall on his excellent personal blog in which he pondered who, or what, should own people’s data. His response imagined a world in which people might own their own information and where they would, using individual digital wallets, license the rights to corporations.

Since he brought it up, I asked Glocer for his thoughts on breaking up Facebook.

The audience tended to agree. When I asked them whether Facebook should get the Sherman Anti-Trust treatment, only about a third of the crowd raised their hands.

Facebook, through the malicious hijacking of its targeted marketing machinery, has greatly contributed to an erosion of faith in traditional institutions. Nadav Zafrir summed up the predicament well. When I asked him what is the most pressing, most frightening threat the world faces, he replied without hesitation.

Of course, retaking control of the situation is no simple task, even with the advent of blockchain technology. Zuckerberg is, for his part, exploring how he might reestablish the foundations of his media empire on the footing of blockchains, cryptography, and private messaging. With all the consumer backlash and heat from regulators, it will no doubt take expert jiu-jitsu to pull off.

May the groundwork commence.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

• THREATS

  Dial ‘W’ for ‘WhatsApp hack.’ A security hole in Facebook’s WhatsApp messenger allowed hackers to inject spyware onto mobile phones merely by ringing up targets, even if the receiver did not answer the call, the Financial Times reported. The spyware originated with NSO Group, an Israeli hacking tool maker, which vowed to curb misuse of its technology. WhatsApp engineers scrambled to release a patch for the vulnerability on Monday. For the technically curious, here’s a post by Israeli cybersecurity firm Check Point that describes how the hack worked. (Side note: cybersecurity Twitter bashed Bloomberg, rightfully, for tweeting that “WhatsApp’s hack shows end-to-end encryption is largely pointless.”)

  Speaking of Facebook and Israel… In addition to the WhatApp fiasco, Facebook gave the boot to an Israeli company, Archimedes Group, that ran disinformation campaigns and influence operations across the site. The offender had 65 accounts, 161 pages, dozens of groups, and four Instagram accounts that attempted to disrupt elections in countries across Africa, Latin America, and Southeast Asia, the Associated Press reported. Meanwhile, Facebook’s chief technology officer, Mike Schroepfer, recently teared up when a New York Times reporter asked him why it took the company an hour to remove a livestream video of the Christchurch massacre from the site.

  Knitting the patchwork. This was a big week for vulnerability disclosures. The researchers who last year warned the world about the “meltdown” and “spectre” computer chip vulnerabilities found a new set of hackable vulnerabilities in Intel chips. Microsoft took the unusual step of releasing updates for deprecated operating systems so as to patch “wormable” security holes. Researchers found holes in Cisco enterprise routers that allow for security bypasses. Adobe patched severe security issues in Flash, Reader and Acrobat. Google is replacing hardware security keys that have a Bluetooth hijacking bug. Stack Overflow announced a security breach which exposed some user data. And there’s some uncertainty about whether a few antivirus software vendors—including Symantec, Trend Micro, and McAfee—were breached.

  A face in the crowd. San Francisco has banned the use of facial recognition technology by the police and other agencies. The city’s board of supervisors passed the action in an 8-to-1 vote. Although the technology helped identify a mass shooter in Annapolis, Md., civil liberty advocates have objected to the spy tech, arguing that its potential for abuse by the government runs too high.

  Femme fatales. The latest issue of The Atlantic has a fascinating read about the history of female spies. The piece highlights a number of books on the subject: D-Day Girls, Madame Fourcade’s Secret War, Code Name: Lise, and A Woman of No Importance. (I just spotted someone tearing through that last one on the subway, so it must be good.) By the way, Fortune is adopting a “50-50” gender parity initiative that strives for equal representation between the sexes. You can read more about it in this recent Washington Post story.

  The wall we need?

  Share today’s Cyber Saturday with a friend:

  http://fortune.com/newsletter/cybersaturday/

  Looking for previous Data Sheets? Click here

• ACCESS GRANTED

  Mob rule. Democracy, like any marketplace, is only as good as the information that props it up. Using new technologies, attackers are muddying and manipulating public fora. “[T]he open forms of input and exchange that it relies on can be weaponized to inject falsehood and misinformation that erode democratic debate,” write Henry Farrell, a George Washington University professor of political science, and Bruce Schneier, a cryptographer and cybersecurity professional affiliated with Harvard Law School, for Boston Review. Here’s an excerpt:

  undefined

• FORTUNE RECON

  Exclusive: Scammed Porn Watchers Have Paid Nearly $1 Million in Bitcoin Blackmail by Jeff John Roberts

  ‘Zombieload’ Flaw Lets Hackers Crack Almost Every Intel Chip Back to 2011. Why’s It Being Downplayed? by Alyssa Newcomb

  Facebook, Twitter, and Alphabet Join Global Pledge to Combat Online Hate Speech by Helene Fouquet and Gregory Viscusi

  After Being Declared a National Security Risk, Grindr Must Find New Owners by 2020 by Chris Morris

  You’ve Got a WhatsApp Notification: You May Have Been Hacked by Natalia Drozdiak

  How a Cyber Crime Ring Stole $100 Million From Unsuspecting Companies by Don Reisinger

• ONE MORE THING

  “Yes, we negotiate with terrorists.” A cottage industry has sprouted up whose vendors purport to help victims of ransomware recover their data. Turns out many of these companies—including New York-based Proven Data Recovery and Florida-based MonsterCloud—mostly just pay the the Bitcoin fee demanded by the hackers, reports ProPublica. Oh, and these firms, dubbed “ransomware payment mills”by one executive, charge a premium on top for their oh-so-helpful services.