Security This Week: Obama Failed to Punish Russian Hacking

Every Saturday we round up the biggest cybersecurity news of the week.
Image may contain Tie Accessories Accessory Face Human Person Head Coat Suit Clothing Overcoat and Apparel
Isa Foltin/Getty Images

Before state-sponsored Russian hackers set their sights on the US election, they targeted a whole country: the Ukraine. In our cover story this month, WIRED's own Andy Greenberg dives into the cyber war Russia has been fighting with its neighbor, and how the tactics it honed there--how to take down a power grid, for instance--are a blueprint for what it could do to the United States. You should read it, and you should watch this video of what it looked like when hackers took over the actual mouse movements a power-grid computer.

Additionally, this week WIRED Security wrote about how Facebook is finally being transparent about its playbook for counterterrorism. We wrote about the frighteningly common screw up that left 198 million records exposed on the open website, for anyone (cough Russian hackers perhaps cough) to see. We also explained how worried you should be about that. We highlighted a new way for hackers to get into processors that involves, well, just the wave of a hand. And finally, 19 lawmakers sent President Trump a letter this week demanding he look into the Ukrainian power grid attack.

But that's not all. Each Saturday we round up the important security stories that WIRED didn't break or cover in-depth this week. As usual, click on the headlines to read the full story, and stay safe out there.

The Washington Post has by far the most detailed account yet of the Obama administration's attempt---and ultimate failure---to effectively respond to Russia's meddling in the US election. That failure resulted from a mix of delicate politics, denialism about the extent of Russia's meddling, and the sheer unprecedented nature of Russia's election hacking. The Obama administration considered retaliatory cyberattacks, sanctions designed to "cripple" the Russian economy. Officials even considered plans as specific as sanctions against Putin himself, leaks of damaging information about the Russian president, sanctions against the Russian security firm Kaspersky, and even went so far as to authorize American government hackers to lay the groundwork for disruptive attacks on Russian infrastructure. But ultimately those measures' potential for collateral damage and fears of reprisal hemmed in America's response, which was ultimately limited to sanctions against a small group of known Russian intelligence officials and companies believed to be involved in the election hack, the expelling of 35 diplomats from the US, and the seizure of two Russian compounds on US soil. "I feel like we sort of choked," one former senior White House official told the Post.

In Censorship News, China Has Banned Livestreaming on Some Sites

Livestreaming presents an especially tricky problem for moderators tasked with keeping websites clean of violence and explicit material. As we've written about at length, artificial intelligence can't monitor streams in real-time to augment moderators, and it's not feasible for human employees of social media sites to watch every live stream as it's happening. This week, according to a report in the Financial Times, China decided the way it would deal with that was to ban live streaming altogether on its major social sites. China has long history of censorship; WIRED dubbed its approach to keeping the web government-sanctioned the "Great Chinese Firewall" all the way back in 1997. Now that firewall has come for streaming, too.

Rarely---if ever!---is cybersecurity news adorable or heartwarming. The news that the Girls Scouts of America will now let girls earn cybersecurity badges is both. According to Sylvia Acevedo, the CEO of Girl Scouts, it was scouts themselves who asked for such a badge. To make it possible, the scouts are partnering with cybersecurity firm Palo Alto Networks, to teach the scouts about privacy, identity theft, and hacking, according to ABC News. Now if only congress would set up a badge system like this...

Hackers released stolen episodes of the Netflix original series Orange Is the New Black online in April before the show had officially aired, and in doing so appeared to follow through on a ransomware threat against Larsen Studios, which did the audio post-production on the show. Now it turns out, according to Variety, that the Larsen executives had already paid the hackers the ransom they'd asked for when they decided to release the episodes anyway--not that it really had much affect on Netflix's bottom line. How did those hackers get the show in the first place? Good old Windows 7 running on a computer at Larsen Studios.