Cyber Saturday—Cybersecurity Gets Googley, NSA Releases Toolkit, RSA Conference 2019

This week the cybersecurity industry’s RSA Conference (perhaps I should say the RA Conference) took place in San Francisco. It’s a mega-marketing and deal-making affair at which vendors spend lavishly to persuade potential customers that their wares can protect them, even when they can’t.

While I did not attend the potlatch, I observed the proceedings from afar. And though I don’t usually cover product debuts, at least two releases merit ink.

First, Chronicle, the cybersecurity startup incubated within Google X—Alphabet’s so-called moonshot factory, now known just as X—unveiled its flagship product, Backstory. The service is designed to keep unlimited logs of network telemetry and security-related data for corporate security staff while managing alerts and providing real-time analytics. The product incorporates learnings and technology from Chronicle’s sister company Google, known for its unparalleled, storage, indexing, and artificial intelligence capabilities.

Perhaps just as important as Backstory’s technical underpinnings is the product’s business model, which does not penalize companies for storing more information. Instead of pricing licenses based on usage, Chronicle offers licenses that are priced based on customers’ employee count. In theory, this lets Chronicle’s customers keep their security-related records in perpetuity at no extra cost—a valuable proposition for hack investigators.

When I suggested on a call with Chronicle CEO Stephen Gillett that Backstory reminded me of Google Photos or Gmail except for cybersecurity, he was quick to point out that Chronicle is a separate company from Google, despite sharing a parent in Alphabet. “Google employees can’t even get into our building,” he said. I got the sense that Gillett wants no one to believe there might be any privacy concern in working with a Google-adjacent business in an area so rich with sensitive data—a challenge that Google Cloud has had to face in marketing its services as well.

Investors needed no persuading. Their response reminded me of the reaction they tend to have when Amazon announces it is entering a new industry. Share prices of incumbents—including IBM, Rapid7, and Splunk—all dropped.

The other product debut worth mentioning was the U.S. National Security Agency’s release of Ghidra, a formerly classified toolkit for reverse-engineering malware, as an open source project. Security researchers are, generally, elated. This free software will greatly benefit digital defenders, providing a powerful new tool to parse and understand hackers’ code—even if the initial version has bugs. (Hey, no one is perfect.)

For all the sales bluster of RSA Conference, these new tools are sure to prove valuable additions to guardians’ arsenals.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Facebook’s about-face. Mark Zuckerberg published a manifesto this week, seeking to persuade people that he has seen the light and will double down on private, secure messaging as the future of his media empire. Obviously, people have lots of questions about whether this seeming pivot is actually going to change anything.

The best defense is a good Hua-ffense. Huawei is suing the U.S. government, arguing that the government’s ban on federal agencies using the company’s equipment is unconstitutional. The extradition hearing for Meng Wanzhou, Huawei’s chief financial officer, who has been detained in Canada and charged with evading U.S. sanctions on Iran, looks to be set for May 8. Meanwhile, the U.S.’s European allies are skeptical of the U.S.’s warnings that the company poses a threat to national security. In an apparent attempt to win over Europe, Huawei is opening a cybersecurity center in Brussels, the effective capital of the European Union.

Hold the phone (logs). The U.S. National Security Agency has quietly ended a controversial surveillance program that collected phone call and text records, including those of Americans, says a senior Republican congressional aide. The program had been exposed by Edward Snowden, a former NSA contractor turned leaker, nearly six years ago. The agency is deliberating whether to end the program, which started under former President George W. Bush in the aftermath of the 2001 terrorist attacks, for good, according to the Wall Street Journal.

Insecticide. A Facebook Messenger bug could have allowed spies to tell who is chatting with whom through the chat service. Google’s Project Zero hacker team found bad vulnerabilities in Apple macOS as well as actively exploited one in Microsoft Windows and Google Chrome. Google’s guidance: Update your Chrome browser, pronto! Also, some IBM interns discovered 19 vulnerabilities in corporate check-in systems.

C’mon, Equifax—do better!

Share today’s Cyber Saturday with a friend:

http://fortune.com/newsletter/cybersaturday/

Looking for previous Data Sheets? Click here

ACCESS GRANTED

Satanic pitchfork. A year and a half ago, hackers burrowed deep inside the Petro Rabigh petrochemical and refinery complex in Saudi Arabia, a joint venture between the world’s biggest oil company, Saudi Aramco, and Tokyo’s Sumitomo Chemical. They gained entry through a poorly configured firewall, and then they planted dangerous—potentially deadly—malicious software across the plant’s systems. Investigators eventually discovered the intruders’ malware, which they dubbed “Triton.” In an excellent feature, Energy & Environment News bills the finding, not hyperbolically, as “the world’s most dangerous malware.”

On Aug. 4, 2017, at 7:43 p.m., two emergency shutdown systems sprang into action as darkness settled over the sprawling refinery along Saudi Arabia’s Red Sea coast.

The systems brought part of the Petro Rabigh complex offline in a last-gasp effort to prevent a gas release and deadly explosion. But as safety devices took extraordinary steps, control room engineers working the weekend shift spotted nothing out of the ordinary, either on their computer screens or out on the plant floor.

The reasons for the sudden shutdown were still buried under zeros and ones, nestled deep within the code of the compromised Schneider Electric safety equipment.

FORTUNE RECON

Would You Trade Gmail for This Personal Email Server? I Tried. by Jeff John Roberts

Chelsea Manning Is Back in Jail After She Refuses to Testify on Wikileaks by Natasha Bach

Applicant Data Hacked and Ransomed at 3 U.S. Colleges by Don Reisinger

Okta Says It Will Acquire Workflow Automation Startup for $52.5 Million by Robert Hackett

Federal Government Reportedly Tracked Immigration Activists, Lawyers, and Journalists in Secret Database by Erik Sherman

Russian Lawmakers Plan to Extend Their Online Crackdown With ‘Fake News’ and ‘Disrespect’ Laws by David Meyer

Former Cisco Employee Arrested, Charged With $9.3 Million Wire Fraud by Brittany Shoot

Chinese Hackers Targeted 27 Universities to Steal Maritime Research, Report Finds by Emily Price

The Internet Just Took a Big Step Toward Killing Passwords. Here’s What We’ll Use Instead by Alyssa Newcomb

ONE MORE THING

Pick your poison. It seems like everyone nowadays is recommending that consumers adopt a VPN, or virtual private network: an Internet traffic-encrypting tool ostensibly designed to enhance people’s security and privacy on the web. So choosing one should be a simple matter, right? Not quite. As Will Oremus learned while reporting this Slate article, picking a VPN is a complicated matter. Performance, data privacy, transparency—no one option seems to have it all.