Jump to content

Alex Stamos: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Isec wonk (talk | contribs)
29 edits
No edit summary
Preimage (talk | contribs)
318 edits
m Fix typo (from last edit)
(79 intermediate revisions by 45 users not shown)
Line 1: Line 1:
{{Short description|Greek American computer scientist}}
{{Infobox person
{{Infobox person
| name = Alex Stamos
| name = Alex Stamos
| image = Alex Stamos at Web Summit 2015 - Dublin, Ireland.jpg
| image = Alex Stamos at Web Summit 2015 - Dublin, Ireland.jpg
| alt = Alex Stamos at Web Summit 2015 in Dublin, Ireland.
| alt =
| caption = Stamos at Web Summit 2015 in Dublin, Ireland
| caption = Alex Stamos at Web Summit 2015 in Dublin, Ireland.
| birth_date = {{birth year and age|1979}}
| birth_place = [[Los Angeles County, California]]{{cn|date=September 2021}}
| birth_date = {{Birth year and age|1979}}
| occupation = [[Chief security officer]], [[computer scientist]]
| birth_place = [[Los Angeles County]]
| spouse = Katie Stamos
| occupation = [[Chief security officer]], [[computer scientist]]
| children = 3
}}
}}


'''Alex Stamos''' is a computer security researcher who quietly exited his first chief information security officer (CISO) role at Yahoo to take the position at [[Facebook]]. His slow and public departure from the Facebook follows widely reported mishandling of Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, and precipitous stock value decline.<ref name=nyt20180319>{{cite news|url=https://www.nytimes.com/2018/03/19/technology/facebook-alex-stamos.html|title=Facebook Security Chief Said to Leave After Clashes Over Disinformation|last1=Perlroth|first1=Nicole|date=19 March 2018|work=The New York Times|accessdate=19 March 2018|archive-url=|archive-date=|dead-url=|last2=Frenkel|first2=Sheera|others=|last3=Shane|first3=Scott}}</ref>
'''Alex Stamos''' (born 1979) is an American<ref>{{cite web |title=Greek-American Alex Stamos to Appear on Niall Ferguson's Networld on PBS |url=https://www.thenationalherald.com/archive_general_news_community/arthro/greek_american_alex_stamos_to_appear_on_niall_ferguson_s_networld_on_pbs_vid-255635/ |publisher=The National Herald |access-date=6 September 2021 |archive-date=6 September 2021 |archive-url=https://web.archive.org/web/20210906085348/https://www.thenationalherald.com/archive_general_news_community/arthro/greek_american_alex_stamos_to_appear_on_niall_ferguson_s_networld_on_pbs_vid-255635/ |url-status=dead }}</ref> computer scientist{{Citation needed|reason=The basis for classifying Alex Stamos as a computer scientist is unclear. Stamos holds a BS in electrical engineering and computer science, no research computer science degree, and has not published any computer science research or papers. Further, his career seems overwhelmingly focused either on business or computing and society.|date=May 2024}} and [[adjunct professor]] at [[Stanford University]]'s [[Center for International Security and Cooperation]].<ref name="cisacbio">{{cite web|url=https://cisac.fsi.stanford.edu/people/alex-stamos-0|title=FSI - CISAC - Alex Stamos|access-date=5 August 2019|publisher=[[Center for International Security and Cooperation]]|archive-date=11 September 2019|archive-url=https://web.archive.org/web/20190911050720/https://cisac.fsi.stanford.edu/people/alex-stamos-0|url-status=dead}}</ref> He is the former [[chief security officer]] (CSO) at [[Facebook]]. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.<ref name=nyt20180319>{{cite news|url=https://www.nytimes.com/2018/03/19/technology/facebook-alex-stamos.html|title=Facebook Security Chief Said to Leave After Clashes Over Disinformation|last1=Perlroth|first1=Nicole|date=19 March 2018|work=The New York Times|accessdate=19 March 2018|last2=Frenkel|first2=Sheera|last3=Shane|first3=Scott}}</ref>


== Early Life ==
== Early life and education ==
Stamos was raised in [[Fair Oaks, California]] and in 1997 graduated from [[Bella Vista High School]]. Stamos then attended the [[University of California, Berkeley]] and graduated in 2001 with a degree in [[Computer Science and Engineering|EECS]].<ref>{{Cite news|url=http://scet.berkeley.edu/newton-lecture-series-alex-stamos/|title=Newton Lecture Series: Alex Stamos - UC Berkeley Sutardja Center|date=2015-09-24|work=UC Berkeley Sutardja Center|access-date=2018-03-20|language=en-US}}</ref>
Born in 1979, Stamos grew up in [[Fair Oaks, California]] and graduated from [[Bella Vista High School]] in 1997. Stamos attended the [[University of California, Berkeley]], where he graduated in 2001 with a degree in [[Computer Science and Engineering|EECS]].<ref>{{Cite news|url=http://scet.berkeley.edu/newton-lecture-series-alex-stamos/|title=Newton Lecture Series: Alex Stamos - UC Berkeley Sutardja Center|date=2015-09-24|work=UC Berkeley Sutardja Center|access-date=2018-03-20}}</ref>


== Career ==
== Career ==
Stamos began his career serving about a year as junior engineer at [[Opsware|Loudcloud]] before taking a role for a short time as consultant at [[@stake]]<ref>{{Cite news|url=https://www.entrepreneur.com/article/232124|title=4 Things to Know About Yahoo's New Information Security VP Alex Stamos|last=Shandrow|first=Kim Lachance|date=2014-03-11|work=Entrepreneur|access-date=2018-07-16|language=en}}</ref>.
Stamos began his career at [[Opsware|Loudcloud]] and, later, as a security consultant at [[@stake]].<ref>{{Cite news|url=https://www.entrepreneur.com/article/232124|title=4 Things to Know About Yahoo's New Information Security VP Alex Stamos|last=Shandrow|first=Kim Lachance|date=2014-03-11|work=Entrepreneur|access-date=2018-07-16}}</ref>


=== iSEC Partners ===
In 2004, given three years of experience, Stamos joined Joel Wallenstrom, Himanshu Dwivedi, Jesse Burns and Scott Stender who started together a boutique security firm called iSEC Partners. Stamos spent time as a researcher and published a few vulnerabilities in [[List of digital forensics tools|forensics software]]<ref>{{Cite web|url=https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/isec-breaking_forensics_software-paper.v1_1.bh2007.pdf|title=Breaking Forensics Software: Weaknesses in Critical Evidence Collection|last=Stamos|first=Alexander|date=July 16, 2018}}</ref> and [[MacOS]]<ref>{{Cite web|url=https://www.nccgroup.trust/globalassets/newsroom/us/news/documents/2011/isec_bh2011_mac_apt.pdf|title=Macs in the Age of APT|last=Stamos|first=Alexander|date=July 16, 2018}}</ref>, [[Operation Aurora]]<ref>{{Cite web|url=https://www.qualys.com/docs/iSEC_Partners_-_Aurora_Response_Recommendations_-_Public_-_QUALYS.pdf|title=Aurora Response Recommendations|last=Stamos|first=Alexander|date=July 16, 2018}}</ref>, and a libertarian-leaning [[open letter]] based on his fondness for Edward Snowden<ref>{{Citation|last=DEFCONConference|title=DEF CON 21 - Alex Stamos - An Open Letter The White Hat's Dilemma|date=2013-12-21|url=https://www.youtube.com/watch?v=eEeHTQHTSgE|access-date=2018-07-16}}</ref>.
In 2004, Stamos co-founded iSEC Partners, a security consulting firm, with Joel Wallenstrom, Himanshu Dwivedi, Jesse Burns and Scott Stender. During his time at iSEC Partners, Stamos was well known for his research publications on vulnerabilities in [[List of digital forensics tools|forensics software]]<ref>{{Cite web|url=https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/isec-breaking_forensics_software-paper.v1_1.bh2007.pdf|title=Breaking Forensics Software: Weaknesses in Critical Evidence Collection|last=Stamos|first=Alexander|date=July 16, 2018}}</ref> and [[MacOS]],<ref>{{Cite web|url=https://www.nccgroup.trust/globalassets/newsroom/us/news/documents/2011/isec_bh2011_mac_apt.pdf|title=Macs in the Age of APT|last=Stamos|first=Alexander|date=July 16, 2018|access-date=July 16, 2018|archive-date=May 28, 2018|archive-url=https://web.archive.org/web/20180528070312/https://www.nccgroup.trust/globalassets/newsroom/us/news/documents/2011/isec_bh2011_mac_apt.pdf|url-status=dead}}</ref> [[Operation Aurora]],<ref>{{Cite web|url=https://www.qualys.com/docs/iSEC_Partners_-_Aurora_Response_Recommendations_-_Public_-_QUALYS.pdf|title=Aurora Response Recommendations|last=Stamos|first=Alexander|date=July 16, 2018}}</ref> and [[Computer ethics|security ethics]] in the post-Snowden era.<ref>{{Citation|last=DEFCONConference|title=DEF CON 21 - Alex Stamos - An Open Letter The White Hat's Dilemma|date=2013-12-21|url=https://www.youtube.com/watch?v=eEeHTQHTSgE|access-date=2018-07-16}}</ref>


Stamos also worked with [[Electronic Frontier Foundation|EFF]] as well as Silicon Valley clients as their expert witness for a number of cases involving digital privacy, encryption, and free speech:
Stamos was an expert witness for a number of cases involving digital privacy, encryption, and free speech:


* EFF lawsuit against [[Sony BMG copy protection rootkit scandal|Sony BMG]]<ref>{{Cite web|url=https://jhalderm.com/pub/papers/rootkit-sec06.pdf|title=Lessons from the Sony CD DRM Episode|last=Halderman|first=J.|date=July 16, 2018}}</ref>
* [[Electronic Frontier Foundation|EFF]] for their lawsuit against [[Sony BMG copy protection rootkit scandal|Sony BMG]]<ref>{{Cite web|url=https://jhalderm.com/pub/papers/rootkit-sec06.pdf|title=Lessons from the Sony CD DRM Episode|last=Halderman|first=J.|date=July 16, 2018}}</ref>
* [[Google]] for their [[Google Street View]] case<ref>{{Cite web|url=https://www.wired.com/images_blogs/threatlevel/2010/06/locknkey.pdf|title=Declaration of Alexander Stamos|last=Stamos|first=Alexander|date=July 16, 2018}}</ref>
* [[George Hotz]]<ref>{{Cite web|url=https://docs.justia.com/cases/federal/district-courts/california/candce/3:2011cv00167/235965/114/|title=Declaration of Alexander Stamos in Reply of Defendant Hotz to 103 SCEA's Opposition Brief filed byGeorge Hotz for Sony Computer Entertainment America LLC v. Hotz et al :: Justia Dockets & Filings|website=Justia Dockets & Filings|access-date=2018-07-16}}</ref>
* [[Aaron Swartz]]<ref>{{Cite news|url=https://unhandled.com/2013/01/12/the-truth-about-aaron-swartzs-crime/|title=The Truth about Aaron Swartz's "Crime"|date=2013-01-12|work=Unhandled Exception|access-date=2018-07-16}}</ref>


* [[Google Street View]] case<ref>{{Cite web|url=https://www.wired.com/images_blogs/threatlevel/2010/06/locknkey.pdf|title=Declaration of Alexander Stamos|last=Stamos|first=Alexander|date=July 16, 2018}}</ref>
iSEC Partners was acquired by [[NCC Group]] in 2010.<ref>{{Cite news|url=https://www.reuters.com/article/ncc-isec/update-1-ncc-group-buys-u-s-security-testing-firm-idUSLDE69D1QG20101014|title=UPDATE 1-NCC Group buys U.S. security testing firm|date=14 October 2010|work=Reuters|access-date=2018-03-20}}</ref>


=== Artemis Internet ===
* [[Aaron Swartz]]<ref>{{Cite news|url=https://unhandled.com/2013/01/12/the-truth-about-aaron-swartzs-crime/|title=The Truth about Aaron Swartz’s “Crime”|date=2013-01-12|work=Unhandled Exception|access-date=2018-07-16|language=en-US}}</ref>
Following the acquisition of iSEC Partners by NCC Group, Stamos became the [[Chief technology officer|CTO]] of Artemis Internet, an internal startup at NCC Group. Artemis Internet petitioned [[ICANN]] to host a '.secure' [[Generic top-level domain|gTLD]] on which all services would be required to meet minimum security standards<ref>.{{Cite news|url=https://arstechnica.com/information-technology/2012/05/my-own-private-internet-secure-tld-floated-as-bad-guy-free-zone/|title=My own private Internet: .secure TLD floated as bad-guy-free zone|work=Ars Technica|access-date=2018-07-16}}</ref> Artemis ultimately acquired the right to operate the '.trust' gTLD from [[Deutsche Post]] to launch its services.<ref>{{Cite web|url=https://icannwiki.org/.trust|title=.trust - ICANNWiki|website=icannwiki.org|access-date=2018-07-16}}</ref>


Stamos filed and received five patents for his work at Artemis Internet.<ref>{{Cite web|url=https://patents.google.com/?inventor=alexander+charles+stamos&oq=alexander+charles+stamos|title=Google Patents|website=patents.google.com|access-date=2018-07-16}}</ref>
* [[George Hotz]]<ref>{{Cite web|url=https://docs.justia.com/cases/federal/district-courts/california/candce/3:2011cv00167/235965/114/|title=Declaration of Alexander Stamos in Reply of Defendant Hotz to 103 SCEA's Opposition Brief filed byGeorge Hotz for Sony Computer Entertainment America LLC v. Hotz et al :: Justia Dockets & Filings|website=Justia Dockets & Filings|language=en|access-date=2018-07-16}}</ref>


=== Artemis Internet ===
=== {{anchor|Yahoo}} Yahoo! ===
In 2014, Stamos joined Yahoo! as CSO.<ref name="recodeprofile">{{cite news|url=https://www.recode.net/2017/10/3/16379724/facebook-alex-stamos-russia-ads-election-donald-trump|title=Who is Alex Stamos, the man hunting down Russian political ads on Facebook?|last1=Wagner|first1=Kurt|date=3 October 2017|work=Recode|accessdate=19 March 2018}}</ref> While at Yahoo!, he testified to Congress on online advertising and its impact on computer security and data privacy.<ref>{{Cite web|url=https://www.c-span.org/video/?319399-1/online-advertising-consumer-security|title=Online Advertising and Consumer Security|website=C-SPAN.org|access-date=2018-07-16}}</ref> He publicly challenged [[National Security Agency|NSA]] Director [[Michael S. Rogers]] on the subject of encryption backdoors in February 2015 at a cybersecurity conference hosted by [[New America (organization)|New America]].<ref>{{Citation|last=CNBC|title=Yahoo Security Officer Confronts NSA Director {{!}} CNBC|date=2015-02-28|url=https://www.youtube.com/watch?v=jJZNvEPyjlw|access-date=2018-07-16}}</ref><ref>{{Cite news|url=https://www.washingtonpost.com/news/the-switch/wp/2015/02/23/heres-how-the-clash-between-the-nsa-director-and-a-senior-yahoo-executive-went-down/|title=Here's how the clash between the NSA Director and a senior Yahoo executive went down.|newspaper=Washington Post|access-date=2018-07-16}}</ref>
Following the acquisition of iSEC Partners by NCC Group, Stamos re-fashioned himself as the CTO of small group within the NCC Group called Artemis Internet. Stamos petitioned [[ICANN]] to host a RICO-like system of .secure [[Generic top-level domain|gTLD]] on which all services would be required to be scanned by Artemis based on a proprietary compliance system (using a Qualys scanner with a thin skin to disguise it, developed by contractors)<ref>{{Cite news|url=https://arstechnica.com/information-technology/2012/05/my-own-private-internet-secure-tld-floated-as-bad-guy-free-zone/|title=My own private Internet: .secure TLD floated as bad-guy-free zone|work=Ars Technica|access-date=2018-07-16|language=en-us}}</ref>. As CTO the Artemis idea to corner the Internet and force payments to him for protection flopped. Soon after it purchased the .trust gTLD from [[Deutsche Post]] to launch its services<ref>{{Cite web|url=https://icannwiki.org/.trust|title=.trust - ICANNWiki|website=icannwiki.org|language=en|access-date=2018-07-16}}</ref> it ran out of funds with Stamos exiting abruptly.


=== Facebook ===
Stamos filed and received five patents for his concept of making compliance standards proprietary and owned by Artemis Internet<ref>{{Cite web|url=https://patents.google.com/?inventor=alexander+charles+stamos&oq=alexander+charles+stamos|title=Google Patents|website=patents.google.com|access-date=2018-07-16}}</ref>.
In 2015, Stamos joined Facebook as CSO. During his time at Facebook, Stamos co-authored a whitepaper (with Jen Weedon and Will Nuland) on the use of social media to attack elections.<ref name="fb-whitepaper">{{Cite news|url=https://newsroom.fb.com/news/2017/09/information-operations-update/|title=An Update On Information Operations On Facebook {{!}} Facebook Newsroom|access-date=2018-07-16}}</ref> He later delivered a keynote address at the [[Black Hat Briefings]] in 2017 on the need to broaden the definition of security and diversify the cybersecurity industry.<ref>{{Citation|last=Black Hat|title=Black Hat USA 2017 Keynote|date=2017-09-13|url=https://www.youtube.com/watch?v=YJOMTAREFtY|access-date=2018-07-16}}</ref>


{{Quote|text=In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 — associated with roughly 3,000 ads — that was connected to about 470 inauthentic accounts and Pages in violation of our policies. Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia.|sign=Alex Stamos, September 6, 2017 |source=<ref>{{cite magazine |title=Facebook Says Russian Accounts Bought $100,000 in Ads During the 2016 Election |url=http://time.com/4930532/facebook-russian-accounts-2016-election/ |magazine=Time |date=6 September 2017}}</ref>}}
=== Yahoo! ===
In 2014, with twelve years of experience in security engineering and zero years of experience in security organization or operations management, Stamos fled his brief CTO role at the insolvent Artemis to take the CSO position at Yahoo<ref name="recodeprofile">{{cite news|url=https://www.recode.net/2017/10/3/16379724/facebook-alex-stamos-russia-ads-election-donald-trump|title=Who is Alex Stamos, the man hunting down Russian political ads on Facebook?|last1=Wagner|first1=Kurt|date=3 October 2017|work=Recode|accessdate=19 March 2018|archive-url=|archive-date=|dead-url=|publisher=}}</ref>. While at Yahoo, with little to no experience as CSO, Congress listened to his naive testimony on online advertising, security and data privacy<ref>{{Cite web|url=https://www.c-span.org/video/?319399-1/online-advertising-consumer-security|title=Online Advertising and Consumer Security|website=C-SPAN.org|language=en-US|access-date=2018-07-16}}</ref>.


[[File:Brad Smith, Alex Stamos und Marietje Schaake MSC 2018.jpg|thumb|Stamos at [[Munich Security Conference]] in February 2018]]
He soon after publicly attempted to claim that if he were asked to work with the United States government on security it would force him also to serve the interests of Russia and China. These adversarial claims were made to the [[National Security Agency|NSA]] Director [[Michael S. Rogers]] in February 2015 at a cybersecurity conference hosted by [[New America (organization)|New America]]<ref>{{Citation|last=CNBC|title=Yahoo Security Officer Confronts NSA Director {{!}} CNBC|date=2015-02-28|url=https://www.youtube.com/watch?v=jJZNvEPyjlw|access-date=2018-07-16}}</ref><ref>{{Cite web|url=https://www.washingtonpost.com/news/the-switch/wp/2015/02/23/heres-how-the-clash-between-the-nsa-director-and-a-senior-yahoo-executive-went-down/|title=Here’s how the clash between the NSA Director and a senior Yahoo executive went down.|website=Washington Post|language=en|access-date=2018-07-16}}</ref>. He abruptly and silently resigned in June 2015, giving his staff little or no notice, later claiming his silent exit was in response to a long-standing program to scan incoming email on behalf of United States government intelligence agencies. Prior to making these claims he had taken a role at Facebook, notorious at the time for its opposition to privacy of users and support of Russian disinformation campaigns in Ukraine.<ref name="reutersyahoo">{{cite news|url=https://www.reuters.com/article/us-yahoo-nsa-exclusive/exclusive-yahoo-secretly-scanned-customer-emails-for-u-s-intelligence-sources-idUSKCN1241YT|title=Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources|last1=Menn|first1=Joseph|date=4 October 2016|work=Reuters|accessdate=19 March 2018|archive-url=|archive-date=|dead-url=|publisher=}}</ref>
Following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, he made plans in 2018 to leave the company<ref name=nyt20180319/> to take a research professorship at [[Stanford University]].<ref>{{Cite news|url=https://www.nytimes.com/2018/08/01/technology/facebook-security-alex-stamos.html|title=Facebook's Security Chief to Depart for Stanford University|work=The New York Times |date=August 2018 |access-date=2018-08-07|last1=Frenkel |first1=Sheera |last2=Conger |first2=Kate }}</ref>


Stamos was interviewed about the [[Russian interference in the 2016 United States elections]] in the PBS Frontline documentary ''The Facebook Dilemma''.
=== Facebook ===
<ref>{{cite web|url=https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/|title=The Facebook Dilemma|website=www.pbs.org|access-date=2020-12-13}}</ref><ref>{{cite web|url=https://www.youtube.com/watch?v=PyB-B9WKeQw|title=The Facebook Dilemma: Alex Stamos|website=www.youtube.com|access-date=2020-12-13}}</ref>
In June 2015, as Russia was beginning to ramp its targeted attacks on Facebook users, Stamos rushed into his second CSO position. During his time at Facebook, Stamos earned a reputation for failing to protect Facebook users from harm while also adding his name to a paper by Jen Weedon and Will Nuland on the use of social media to attack elections<ref>{{Cite news|url=https://newsroom.fb.com/news/2017/09/information-operations-update/|title=An Update On Information Operations On Facebook {{!}} Facebook Newsroom|access-date=2018-07-16|language=en}}</ref>. Like his conflict with the United States during his first attempt at being a CSO for Yahoo, Stamos at Facebook clashed with European governments by arguing that human right to privacy is less important than his desire to collect data on all Internet users.<ref>{{Cite news|url=https://www.theverge.com/2015/3/31/8319411/facebook-tracking-cookies-eu-report|title=Facebook's tracking cookies affect even users who opt out, claims EU report {{!}} Facebook Newsroom|access-date=2018-07-16|language=en}}</ref> This later was revealed to be Stamos' oversight role in collecting and delivering surveillance data to companies like Cambridge Analytica. His continued opposition to western democratic values, in both of his brief attempts at being a CSO, has earned Stamos the security industry title of "coin-operated CSO" and solidified his reputation as taking money to undermine global rights. Also during this second CSO stint, his staff quit or were taken from him leaving few direct reports, and yet he refused to resign. Instead, as Facebook came under heavy criticism for lack of diversity, Stamos took it upon himself as a man to deliver a tone-deaf keynote address at the [[Black Hat Briefings]] in 2017 on the need for women in the cybersecurity industry<ref>{{Citation|last=Black Hat|title=Black Hat USA 2017 Keynote|date=2017-09-13|url=https://www.youtube.com/watch?v=YJOMTAREFtY|access-date=2018-07-16}}</ref>.

==== Controversies ====
During Stamos's tenure as the Chief Security Officer, Facebook was involved in numerous safety and security controversies including the [[Russian interference in the 2016 United States elections]], failure to remove reported child-abuse images,<ref>{{Cite news|url=https://www.bbc.com/news/technology-39187929|website=bbc.com|title=Facebook failed to remove sexualised images of children|access-date=2020-12-12}}</ref>
inaction against disinformation campaigns in Philippines that targeted and harassed journalists,
<ref>{{Cite web|url=https://www.vox.com/2018/11/26/18111859/maria-ressa-rappler-facebook-mark-zuckerberg-philippines-kara-swisher-recode-decode-podcast|title=Philippine journalist Maria Ressa talks Facebook, truth on Recode Decode - Vox|website=vox.com|date=26 November 2018|access-date=2020-12-13}}</ref><ref>{{Cite web|url=https://edition.cnn.com/2020/06/30/opinions/maria-ressa-facebook-intl-hnk/index.html|title=Journalists like Maria Ressa face death threats and jail for doing their jobs. Facebook must take its share of the blame|website=edition.cnn.com|date=30 June 2020 |access-date=2020-12-13}}</ref>
[[Facebook–Cambridge Analytica data scandal]] and the [[Rohingya genocide]], for which the company has played a "determining role" according to the UN.<ref>{{cite news|url=https://uk.reuters.com/article/us-myanmar-rohingya-facebook/u-n-investigators-cite-facebook-role-in-myanmar-crisis-idUKKCN1GO2PN|website=reuters.com|title=U.N. investigators cite Facebook role in Myanmar crisis|access-date=2020-12-12}}</ref>
Stamos said, as the CSO during the 2016 election season he "deserve as much blame (or more) as any other exec at the company,"
for Facebook's failed response to the Russian interference.<ref>{{cite news|url=https://www.buzzfeednews.com/article/ryanmac/facebook-alex-stamos-memo-cambridge-analytica-pick-sides|title=Departing Facebook Security Officer's Memo: "We Need To Be Willing To Pick Sides"|website=buzzfeednews.com|access-date=2020-12-12}}</ref>
Although the whitepaper Stamos coauthored<ref name="fb-whitepaper"/>
only mentioned $100,000 ad spend for 3,000 ads connected to about 470 inauthentic accounts, it was later revealed that
the Russian influence had reached 126 million Facebook users.<ref>{{cite news|url=https://www.washingtonpost.com/business/technology/2017/10/30/4509587e-bd84-11e7-97d9-bdab5a0ab381_story.html|title=Russian content on Facebook, Google and Twitter reached far more users than companies first disclosed, congressional testimony says|website=washingtonpost.com|access-date=2020-12-12}}</ref>
While Cambridge Analytica harvested data from 87 million Facebook users before Stamos's tenure, Facebook did not notify its users until 2018, despite knowing about it as early as 2015, the year Stamos joined the company as the CSO.<ref>{{section link|Facebook–Cambridge_Analytica_data_scandal|Overview}}</ref> In July 2019, Facebook agreed to pay $100 million to settle with the [[U.S. Securities and Exchange Commission]]
for misleading investors for more than two years (2015-2018) about the misuse of its users' data.<ref name="sec">{{Cite web|url=https://www.sec.gov/news/press-release/2019-140|title=SEC.gov <nowiki>|</nowiki> Facebook to Pay $100 Million for Misleading Investors About the Risks It Faced From Misuse of User Data|website=www.sec.gov|access-date=2020-12-13}}</ref>

=== Stanford University ===
{{as of|2019|8}}, Stanford University's [[Center for International Security and Cooperation]] lists Stamos as an [[adjunct professor]], visiting scholar at the [[Hoover Institution]], and director of the [[Stanford Internet Observatory]].<ref name="cisacbio" /><ref>{{cite web|url=https://cyber.fsi.stanford.edu/io/about|title=FSI - Cyber - Internet Observatory - About IO|access-date=5 August 2019|publisher=[[Stanford University centers and institutes#Freeman Spogli Institute for International Studies|Freeman Spogli Institute]]}}</ref>

=== Krebs Stamos Group ===
At the beginning of 2021, Stamos joined former [[Cybersecurity and Infrastructure Security Agency|CISA]] [[Director of the Cybersecurity and Infrastructure Security Agency|director]] [[Chris Krebs]] to form Krebs Stamos Group, a cybersecurity consultancy, which quickly landed its first customer, the recently-beleaguered [[SolarWinds]].<ref>{{cite news |last1=Sebenius |first1=Alyza |title=SolarWinds Taps Krebs, Stamos to Help Investigate Hack |url=https://www.bloomberg.com/news/articles/2021-01-08/solarwinds-taps-krebs-stamos-to-help-investigate-hack |access-date=19 June 2021 |publisher=Bloomberg |date=2021-01-08 |quote=SolarWinds Corp. has tapped prominent security experts Chris Krebs and Alex Stamos to review its practices after suspected Russian hackers compromised the company’s software and conducted a sprawling hack across the U.S. government and private sector. The contract with SolarWinds is the first for a newly formed venture Krebs and Stamos have created together. The Krebs Stamos Group will advise clients on cybersecurity, with a focus on areas including foreign threats and crisis situations. The group will work toward 'national and economic security,' Krebs said in a statement Friday.}}</ref><ref>{{cite news |last1=Hamilton |first1=Isobel Asher |title=SolarWinds has hired ex-CISA chief Chris Krebs and Facebook's former security lead Alex Stamos months after its huge hack |url=https://www.businessinsider.com/solarwinds-hires-chris-krebs-and-alex-stamos-2021-1 |access-date=19 June 2021 |publisher=Business Insider |date=2021-01-08 |quote=SolarWinds has hired two of the biggest names in cybersecurity, following the gigantic breach, which meant it acted as the gateway for hackers to penetrate US government systems. SolarWinds announced on Thursday it was retaining a new security consulting business founded by Chris Krebs, a former Homeland Security cybersecurity official, and ex-Facebook security chief and Stanford University professor Alex Stamos.}}</ref><ref>{{cite news |last1=Whittaker |first1=Zach |title=Chris Krebs and Alex Stamos have started a cyber consulting firm |url=https://techcrunch.com/2021/01/08/chris-krebs-and-alex-stamos-have-started-a-cyber-consulting-firm/ |access-date=19 June 2021 |publisher=TechCrunch |date=2021-01-08 |quote= Former U.S. cybersecurity official Chris Krebs and former Facebook chief security officer Alex Stamos have founded a new cybersecurity consultancy firm, which already has its first client: SolarWinds. The two have been hired as consultants to help the Texas-based software maker recover from a devastating breach by suspected Russian hackers. Krebs was one of the most senior cybersecurity officials in the U.S. government, most recently serving as the director of Homeland Security’s CISA cybersecurity advisory agency from 2018, until he was fired by President Trump for his efforts to debunk false election claims — many of which came from the president himself. Stamos, meanwhile, joined the Stanford Internet Observatory after holding senior cybersecurity positions at Facebook and Yahoo. He also consulted for Zoom amid a spate of security problems.}}</ref>


== References ==
== References ==
Line 52: Line 80:
* {{US patent|8990392B1}} ''Assessing a computing resource for compliance with a computing resource policy regime specification'', filed May 9, 2014, granted March 24, 2015
* {{US patent|8990392B1}} ''Assessing a computing resource for compliance with a computing resource policy regime specification'', filed May 9, 2014, granted March 24, 2015
* {{US patent|9264395B1}} ''Discovery engine'', filed May 9, 2014, granted February 16, 2016
* {{US patent|9264395B1}} ''Discovery engine'', filed May 9, 2014, granted February 16, 2016

=== External links ===
* [https://cybervillains.com/@alex Alex Stamos on Mastodon]
* [https://ks.group Krebs Stamos Group official web site]

{{Authority control}}


{{DEFAULTSORT:Stamos, Alex}}
{{DEFAULTSORT:Stamos, Alex}}
{{Computer-security-stub}}
[[Category:People associated with computer security]]
[[Category:Living people]]
[[Category:Chief security officers]]
[[Category:Chief security officers]]
[[Category:Yahoo! employees]]
[[Category:Facebook employees]]
[[Category:Facebook employees]]
[[Category:Living people]]
[[Category:MSNBC people]]
[[Category: Date of birth missing (living people)]]
[[Category:1979 births]]
[[Category:People associated with computer security]]
[[Category:University of California, Berkeley alumni]]
[[Category:University of California, Berkeley alumni]]
[[Category:Yahoo! employees]]

Revision as of 01:59, 3 September 2024

Alex Stamos
Stamos at Web Summit 2015 in Dublin, Ireland
Born1979 (age 44–45)
Los Angeles County, California[citation needed]
Occupation(s)Chief security officer, computer scientist
SpouseKatie Stamos
Children3

Alex Stamos (born 1979) is an American[1] computer scientist[citation needed] and adjunct professor at Stanford University's Center for International Security and Cooperation.[2] He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.[3]

Early life and education

Born in 1979, Stamos grew up in Fair Oaks, California and graduated from Bella Vista High School in 1997. Stamos attended the University of California, Berkeley, where he graduated in 2001 with a degree in EECS.[4]

Career

Stamos began his career at Loudcloud and, later, as a security consultant at @stake.[5]

iSEC Partners

In 2004, Stamos co-founded iSEC Partners, a security consulting firm, with Joel Wallenstrom, Himanshu Dwivedi, Jesse Burns and Scott Stender. During his time at iSEC Partners, Stamos was well known for his research publications on vulnerabilities in forensics software[6] and MacOS,[7] Operation Aurora,[8] and security ethics in the post-Snowden era.[9]

Stamos was an expert witness for a number of cases involving digital privacy, encryption, and free speech:

iSEC Partners was acquired by NCC Group in 2010.[14]

Artemis Internet

Following the acquisition of iSEC Partners by NCC Group, Stamos became the CTO of Artemis Internet, an internal startup at NCC Group. Artemis Internet petitioned ICANN to host a '.secure' gTLD on which all services would be required to meet minimum security standards[15] Artemis ultimately acquired the right to operate the '.trust' gTLD from Deutsche Post to launch its services.[16]

Stamos filed and received five patents for his work at Artemis Internet.[17]

Yahoo!

In 2014, Stamos joined Yahoo! as CSO.[18] While at Yahoo!, he testified to Congress on online advertising and its impact on computer security and data privacy.[19] He publicly challenged NSA Director Michael S. Rogers on the subject of encryption backdoors in February 2015 at a cybersecurity conference hosted by New America.[20][21]

Facebook

In 2015, Stamos joined Facebook as CSO. During his time at Facebook, Stamos co-authored a whitepaper (with Jen Weedon and Will Nuland) on the use of social media to attack elections.[22] He later delivered a keynote address at the Black Hat Briefings in 2017 on the need to broaden the definition of security and diversify the cybersecurity industry.[23]

In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 — associated with roughly 3,000 ads — that was connected to about 470 inauthentic accounts and Pages in violation of our policies. Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia.

— Alex Stamos, September 6, 2017, [24]
Stamos at Munich Security Conference in February 2018

Following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, he made plans in 2018 to leave the company[3] to take a research professorship at Stanford University.[25]

Stamos was interviewed about the Russian interference in the 2016 United States elections in the PBS Frontline documentary The Facebook Dilemma. [26][27]

Controversies

During Stamos's tenure as the Chief Security Officer, Facebook was involved in numerous safety and security controversies including the Russian interference in the 2016 United States elections, failure to remove reported child-abuse images,[28] inaction against disinformation campaigns in Philippines that targeted and harassed journalists, [29][30] Facebook–Cambridge Analytica data scandal and the Rohingya genocide, for which the company has played a "determining role" according to the UN.[31] Stamos said, as the CSO during the 2016 election season he "deserve as much blame (or more) as any other exec at the company," for Facebook's failed response to the Russian interference.[32] Although the whitepaper Stamos coauthored[22] only mentioned $100,000 ad spend for 3,000 ads connected to about 470 inauthentic accounts, it was later revealed that the Russian influence had reached 126 million Facebook users.[33] While Cambridge Analytica harvested data from 87 million Facebook users before Stamos's tenure, Facebook did not notify its users until 2018, despite knowing about it as early as 2015, the year Stamos joined the company as the CSO.[34] In July 2019, Facebook agreed to pay $100 million to settle with the U.S. Securities and Exchange Commission for misleading investors for more than two years (2015-2018) about the misuse of its users' data.[35]

Stanford University

As of August 2019, Stanford University's Center for International Security and Cooperation lists Stamos as an adjunct professor, visiting scholar at the Hoover Institution, and director of the Stanford Internet Observatory.[2][36]

Krebs Stamos Group

At the beginning of 2021, Stamos joined former CISA director Chris Krebs to form Krebs Stamos Group, a cybersecurity consultancy, which quickly landed its first customer, the recently-beleaguered SolarWinds.[37][38][39]

References

  1. ^ "Greek-American Alex Stamos to Appear on Niall Ferguson's Networld on PBS". The National Herald. Archived from the original on 6 September 2021. Retrieved 6 September 2021.
  2. ^ a b "FSI - CISAC - Alex Stamos". Center for International Security and Cooperation. Archived from the original on 11 September 2019. Retrieved 5 August 2019.
  3. ^ a b Perlroth, Nicole; Frenkel, Sheera; Shane, Scott (19 March 2018). "Facebook Security Chief Said to Leave After Clashes Over Disinformation". The New York Times. Retrieved 19 March 2018.
  4. ^ "Newton Lecture Series: Alex Stamos - UC Berkeley Sutardja Center". UC Berkeley Sutardja Center. 2015-09-24. Retrieved 2018-03-20.
  5. ^ Shandrow, Kim Lachance (2014-03-11). "4 Things to Know About Yahoo's New Information Security VP Alex Stamos". Entrepreneur. Retrieved 2018-07-16.
  6. ^ Stamos, Alexander (July 16, 2018). "Breaking Forensics Software: Weaknesses in Critical Evidence Collection" (PDF).
  7. ^ Stamos, Alexander (July 16, 2018). "Macs in the Age of APT" (PDF). Archived from the original (PDF) on May 28, 2018. Retrieved July 16, 2018.
  8. ^ Stamos, Alexander (July 16, 2018). "Aurora Response Recommendations" (PDF).
  9. ^ DEFCONConference (2013-12-21), DEF CON 21 - Alex Stamos - An Open Letter The White Hat's Dilemma, retrieved 2018-07-16
  10. ^ Halderman, J. (July 16, 2018). "Lessons from the Sony CD DRM Episode" (PDF).
  11. ^ Stamos, Alexander (July 16, 2018). "Declaration of Alexander Stamos" (PDF).
  12. ^ "Declaration of Alexander Stamos in Reply of Defendant Hotz to 103 SCEA's Opposition Brief filed byGeorge Hotz for Sony Computer Entertainment America LLC v. Hotz et al :: Justia Dockets & Filings". Justia Dockets & Filings. Retrieved 2018-07-16.
  13. ^ "The Truth about Aaron Swartz's "Crime"". Unhandled Exception. 2013-01-12. Retrieved 2018-07-16.
  14. ^ "UPDATE 1-NCC Group buys U.S. security testing firm". Reuters. 14 October 2010. Retrieved 2018-03-20.
  15. ^ ."My own private Internet: .secure TLD floated as bad-guy-free zone". Ars Technica. Retrieved 2018-07-16.
  16. ^ ".trust - ICANNWiki". icannwiki.org. Retrieved 2018-07-16.
  17. ^ "Google Patents". patents.google.com. Retrieved 2018-07-16.
  18. ^ Wagner, Kurt (3 October 2017). "Who is Alex Stamos, the man hunting down Russian political ads on Facebook?". Recode. Retrieved 19 March 2018.
  19. ^ "Online Advertising and Consumer Security". C-SPAN.org. Retrieved 2018-07-16.
  20. ^ CNBC (2015-02-28), Yahoo Security Officer Confronts NSA Director | CNBC, retrieved 2018-07-16
  21. ^ "Here's how the clash between the NSA Director and a senior Yahoo executive went down". Washington Post. Retrieved 2018-07-16.
  22. ^ a b "An Update On Information Operations On Facebook | Facebook Newsroom". Retrieved 2018-07-16.
  23. ^ Black Hat (2017-09-13), Black Hat USA 2017 Keynote, retrieved 2018-07-16
  24. ^ "Facebook Says Russian Accounts Bought $100,000 in Ads During the 2016 Election". Time. 6 September 2017.
  25. ^ Frenkel, Sheera; Conger, Kate (August 2018). "Facebook's Security Chief to Depart for Stanford University". The New York Times. Retrieved 2018-08-07.
  26. ^ "The Facebook Dilemma". www.pbs.org. Retrieved 2020-12-13.
  27. ^ "The Facebook Dilemma: Alex Stamos". www.youtube.com. Retrieved 2020-12-13.
  28. ^ "Facebook failed to remove sexualised images of children". bbc.com. Retrieved 2020-12-12.
  29. ^ "Philippine journalist Maria Ressa talks Facebook, truth on Recode Decode - Vox". vox.com. 26 November 2018. Retrieved 2020-12-13.
  30. ^ "Journalists like Maria Ressa face death threats and jail for doing their jobs. Facebook must take its share of the blame". edition.cnn.com. 30 June 2020. Retrieved 2020-12-13.
  31. ^ "U.N. investigators cite Facebook role in Myanmar crisis". reuters.com. Retrieved 2020-12-12.
  32. ^ "Departing Facebook Security Officer's Memo: "We Need To Be Willing To Pick Sides"". buzzfeednews.com. Retrieved 2020-12-12.
  33. ^ "Russian content on Facebook, Google and Twitter reached far more users than companies first disclosed, congressional testimony says". washingtonpost.com. Retrieved 2020-12-12.
  34. ^ Facebook–Cambridge Analytica data scandal § Overview
  35. ^ "SEC.gov | Facebook to Pay $100 Million for Misleading Investors About the Risks It Faced From Misuse of User Data". www.sec.gov. Retrieved 2020-12-13.
  36. ^ "FSI - Cyber - Internet Observatory - About IO". Freeman Spogli Institute. Retrieved 5 August 2019.
  37. ^ Sebenius, Alyza (2021-01-08). "SolarWinds Taps Krebs, Stamos to Help Investigate Hack". Bloomberg. Retrieved 19 June 2021. SolarWinds Corp. has tapped prominent security experts Chris Krebs and Alex Stamos to review its practices after suspected Russian hackers compromised the company's software and conducted a sprawling hack across the U.S. government and private sector. The contract with SolarWinds is the first for a newly formed venture Krebs and Stamos have created together. The Krebs Stamos Group will advise clients on cybersecurity, with a focus on areas including foreign threats and crisis situations. The group will work toward 'national and economic security,' Krebs said in a statement Friday.
  38. ^ Hamilton, Isobel Asher (2021-01-08). "SolarWinds has hired ex-CISA chief Chris Krebs and Facebook's former security lead Alex Stamos months after its huge hack". Business Insider. Retrieved 19 June 2021. SolarWinds has hired two of the biggest names in cybersecurity, following the gigantic breach, which meant it acted as the gateway for hackers to penetrate US government systems. SolarWinds announced on Thursday it was retaining a new security consulting business founded by Chris Krebs, a former Homeland Security cybersecurity official, and ex-Facebook security chief and Stanford University professor Alex Stamos.
  39. ^ Whittaker, Zach (2021-01-08). "Chris Krebs and Alex Stamos have started a cyber consulting firm". TechCrunch. Retrieved 19 June 2021. Former U.S. cybersecurity official Chris Krebs and former Facebook chief security officer Alex Stamos have founded a new cybersecurity consultancy firm, which already has its first client: SolarWinds. The two have been hired as consultants to help the Texas-based software maker recover from a devastating breach by suspected Russian hackers. Krebs was one of the most senior cybersecurity officials in the U.S. government, most recently serving as the director of Homeland Security's CISA cybersecurity advisory agency from 2018, until he was fired by President Trump for his efforts to debunk false election claims — many of which came from the president himself. Stamos, meanwhile, joined the Stanford Internet Observatory after holding senior cybersecurity positions at Facebook and Yahoo. He also consulted for Zoom amid a spate of security problems.

Patents

  • U.S. patent 9083727B1 Securing client connections, filed April 11, 2012, granted July 14, 2015
  • U.S. patent 8799482B1 Domain policy specification and enforcement, filed April 11, 2012, granted August 5, 2014
  • U.S. patent 9106661B1 Computing resource policy regime specification and verification, filed May 9, 2014, granted August 11, 2014
  • U.S. patent 8990392B1 Assessing a computing resource for compliance with a computing resource policy regime specification, filed May 9, 2014, granted March 24, 2015
  • U.S. patent 9264395B1 Discovery engine, filed May 9, 2014, granted February 16, 2016
Retrieved from "https://en.wikipedia.org/w/index.php?title=Alex_Stamos&oldid=1243723457"