The Yahoo! Data Breach Post

Yahoo! had a data breach in 2014, it declared the breach to consumers on September 22. This isn’t the first large data breach breach that Yahoo! has had over the past few years just the largest.

In 2012, there was a breach of 450,000+ identities back in 2012. Millions of identity records were apparently being sold by hackers in August 2016 that the media initially linked to the 2012 breach. It would be speculative to assume that the records for sale in August was part of the 2014 raid.

The facts so far:

  • 500 million records were stolen by the hackers. Based on the latest active email account numbers disclosed for Yahoo! many of these accounts are inactive or forgotten
  • Some of the data was stored unencrypted
  • Yahoo! believes that it was a state sponsored actor, but it has offered no evidence to support this hypothesis. It would be a bigger reputational issue if it was ‘normal’ hackers or an organised crime group
  • There are wider security implications because the data included personal security questions

The questions

Vermont senator asked the following questions in a letter to Yahoo!:

  • When and how did Yahoo first learn that its users’ information may have been compromised?
  • Please provide a timeline detailing the nature of the breach, when and how it was discovered, when Yahoo notified law enforcement or other government authorities about the breach, and when Yahoo notified its customers. Press reports indicate the breach first occurred in 2014, but was not discovered until August of this year. If this is accurate, how could such a large intrusion of Yahoo’s systems have gone undetected?
  • What Yahoo accounts, services, or sister sites have been affected?
  • How many total users are affected? How were these users notified? What protection is Yahoo providing the 500 million Yahoo customers whose identities and personal information are now compromised?
  • What steps can consumers take to best protect the information that may have been compromised in the Yahoo breach?
  • What is Yahoo doing to prevent another breach in the future?
  • Has Yahoo changed its security protocols, and in what manner?
  • Did anyone in the U.S. government warn Yahoo of a possible hacking attempt by state-sponsored hackers or other bad actors? When was this warning issued?

Added to this, shareholders and Verizon are likely to want to know:

  • Chain of events / timing on the discovery on the hack?
  • Has Yahoo! declared what it knew at the appropriate time?
  • Could Yahoo! be found negligent in their security precautions?
  • How will this impact the ongoing attrition in Yahoo! user numbers?

Additional questions:

  • How does Yahoo! know that it was a state sponsored actor?
  • Was there really Yahoo! web being sold on the dark web in August?
  • Was that data from the 2014 cache?
  • How did they get in?

More information
An Important Message About Yahoo User Security | Yahoo – Yahoo!’s official announcement
UK Man Involved in 2012 Yahoo Hack Sentenced to Prison | Security Week
Congressional Leaders Demand Answers on Yahoo Breach | Threat Post

Links of the day | 在网上找到

Microsoft’s Internet Business Gets a New Kind of Processor | WIRED – FPGA computing – interesting move

Imagination 2.0 Update Ships | EE Times – interesting turnaround plans

Deloitte Mobile Consumer 2016 – peak smartphone

Why Samsung’s recall of Galaxy smartphones threatens its universe | SCMP – it marks cultural shift, less sure about it threatening Samsung in the smartphone business yet

Google Car: Sense and Money Impasse | MondayNote – ins and outs of autonimous driving

Is this the creepiest use of facial recognition tech yet? | TechCrunch – feels like a law suit ready to happen

Palmer Luckey’s politics were hiding in plain sight | Fusion – is it just me or does all feel a bit ‘Ready Player One’

Modern PR impact and consequences

Jessica Lessin wrote a great piece in The Information about her perspective as a journalist on how the practice of (tech) PR had changed (at least in Silicon Valley). The New PR Reality and What it Means outlines a number of traits emblematic of modern PR:

  • Press release as op ed piece on corporate or executive blog to promote one “story of record” about whatever you want to announce
  • Lessin considered exclusives with a friendly publication to be another variant of the same strategy
  • Lessin laments the demise of the press conference and the access that it brings to corporate executives for journalists.

Lessin also warns that the lack of information and dialogue reduces the variations and reflections on would see on the story in terms of analysis. The audience needs to have a greater capacity for critical thinking and a certain amount of cynicism to ask why?

The silicon valley bubble

Lessin and peers like Kara Swisher got to see an industry mature over time. They were in the right part of the world to build face-to-face relationships with the people that mattered.

The reality for journalists outside the Silicon Valley area was generally less access. 80 percent of the time when I arranged media access to my clients it was a ‘down-the-line’ telephone interview.

As an outsider who has had the opportunity observe public relations and media relationships in silicon valley I was surprised by the cordial differential aspect of it. There generally aren’t that many challenges, dissenting voices are usually shrill and stifled through a lack of access. The classic examples of this are Apple’s relationship with The Register, the 2009 blacklist of CNet by Google over Eric Schmidt’s opinions on privacy or Peter Thiel’s role in putting Gawker Media out of business.

This constriction of debate and access the Lessin cared about is in keeping with wider trend of silicon valley hubris and ego.

The reasons why public relations has changed

In the late 1990s through to the early 2000s the mass media was the best way to talk to the end consumer. Through advertising and PR. PR had a relatively low cost barrier to entry, but was relatively inefficient from a cost-per-reach and campaign impact point of view.

Online advertising offered new dynamics that changed the way marketing money was spent. This meant that you had to do more with  a static or declining marketing spend, this had a number of follow on factors:

  • Less budget for out-of-pocket expenses. The first agency I worked in launched Hitachi Data System’s Skyline Trillium range of IBM-compatiable mainframes. (I know, I know you want to sleep). We took a whole pile of journalists on a helicopter flight over London’s financial district as part of the launch, so they could see the iconic skyline (I know, groan at the crushingly twee creative concept). You just wouldn’t do that now.  There isn’t the money for decent gift bags or cleverly presented press packs either
  • Mid-and-senior agency staff salaries have been static for at least the past decade, which affects the quality of the thinking and the work done

There was also a corresponding change in the way PR was done in order to improve campaign impact. It used to be that you made a big bang  and hoped that the deluge of coverage would provide a 360 experience of sufficient reach, frequency and impact that client commercial goals would be achieved.

That theory fell down. Not only had PR spend changed but publication advertising spend had changed as well. There were less publications and less journalists writing for them. Those that wrote for the publications had to write more content.

That mean’t more time writing, less time research, thinking and networking. Less time to turn up at press conferences. Press conferences became a relatively high risk tactic for the agency PR to recommend; unless you had a landmark event.

What if you throw a press conference and few people show up or don’t stick around. Angela Eagle’s disastrous launch of her campaign to become leader of the UK Labour Party is a case in point.

Through little fault of Eagle’s campaign team, the Conservative leadership competition collapsed leaving Teresa May as prime minster. Eagle ended up with a poorly attended press conference with few questions from the media. Now imagine if a similar scenario happened to a Silicon Valley leader like Larry Ellison.

From an agency perspective this ‘journalist scarcity’ became a catalyst to change the approach to try and drive greater impact of coverage generated. It’s what agencies call ‘story-telling’; you work with a publication to craft all the right conditions including executive access – so that a story will run.

Working with a large corporate means that this takes a lot of time:

  • Building the story first of all, this is your product that you then reverse-engineer the journalist ‘journey’ through. It takes into account areas of interest that they journalist has previously written about, the publication style. The likely word count (a bigger canvas is better)
  • You pitch this to the client. This would include a complete plan including what you hope to get from the publication (likely headlines and synopsis), how this rolls up to business objectives
  • The pitching process to the journalist is a high touch process. The journey that they are taken on might take months based on executive and resource availability (such as lab tours)

With one agency client I worked with, my back-of-a-cigarette-packet maths had some disturbing numbers. Placing a story in the Wall Street Journal cost roughly the same as buying a full page of ad space.

Secondly stories need heroes: people. Bill Gates was framed as a superman – which was torn to shreds in the Judge Jackson anti-trust trial testimonial videos. A more cynical interpretation of the Bill and Melinda Gates Foundation would be having at least some role in rehabilitating Gates’ profile as a statesman of the technology sector.

Many of the heroes are drawn from the bench below the CEO; Microsoft used former research head Rick Rashid in that role for a number of years. Google had highlighted Marissa Mayer in a similar role – neither executive now work for those employers.

So how do you make the storytelling process develop greater agility and  become more  scaleable to improve campaign impact and frequency? Social media offered part of the answer for prominent technology companies. Corporate channels became de rigour and new media channels like The Verge and Buzzfeed news sprang up.  The technology sector even bankrolled some of these titles, notably Sarah Lacy’s Pando.

Hubspot have turned this into an industry as this approach is emblematic of the content marketing methods and tools they sell to businesses around the world. Codifying the PR techniques of silicon valley for a wider audience.

More information
The New PR Reality and What it Means | The Information (paywall)
Hitachi (finally) releases Skyline Trinium Nine high-end mainframe | ComputerWorld

Oprah Time: The Dark Forest by Cixin Liu

The Dark Forest is the second book in Cixin Liu’s Three Body Problem trilogy. I reviewed the first book here. In the second book the tone changes from being a hard bitten conspiracy story to a fully-blown space opera.

The Dark Forest of the title is a metaphor for a philosophical thought experiment. The universe is thought to be teaming with life. Each civilisation is like a hunter in a dark forest. Revealing oneself, leaves one open to being killed by another hunter. Since you don’t know a hunter’s intention it seems better to be quiet. Conversely if you become aware of another civilisation there is a strong incentive to get them before they get you.

Unlike the first book, The Dark Forest takes place over centuries as the protagonist is put into cryogenic hibernation and then woken centuries later. Living in the future provides a warning for readers against the perils of having all parts of our life automated and connected – it delves into similar themes as Michael Crichton’s Runaway.

Liu deals with complex arguments and grand societal change in a masterful way. I am waiting to read the last book in the trilogy Death’s End.

Links of the day | 在网上找到

Snapchat’s 10 second video glasses are real and cost $130 – TechCrunch – Feels like something they picked in the Brando catalog but not quite as douchey as Google Glass, more sad hipster

iOS 10: Security Weakness Discovered, Backup Passwords Much Easier to Break « Advanced Password Cracking – Insight – I wonder if this was added as a US legal requirement, a la the San Bernardino case?

Facebook Overestimated Key Video Metric For Two Years – WSJ – Ad buying agency Publicis Media was told by Facebook that the earlier counting method likely overestimated average time spent watching videos by between 60% and 80%, according to a late August letter Publicis Media sent to clients that was reviewed by The Wall Street Journal

Britain’s MI6 intelligence agency to get 40 percent more spies: BBC says | Reuters – probably for Brexit trade negotiations as well as terrorism

Everyone in Europe is getting free roaming—except Brits | Quartz – Europeans will be able to make calls, use data, and send texts without any additional roaming charges anywhere in the European Union once new rules come into force next June

Apple in talks with luxury carmaker McLaren – FT.com – could be interesting from a wider manufacturing and systems point-of-view. Less convinced about complete cars, hence the McLaren denial

The Fantastic World of Professor Tolkien | New Republic – great review of Tolkien and his works

Burberry goes digital | The Economist – good read despite being four years old

Bot wars – Marginal REVOLUTION – fascinating, maybe there won’t be the production uplift that one would have thought of

Anime girls will keep you company as you eat your instant ramen with new AR promotion | RocketNews24 – interesting augmented reality technology,  creepy execution but shows the way for bots and virtual friends

macOS 10.12 Sierra: The Ars Technica review | Ars Technica – great review and detailed write up