United States

Is Russia Conducting A Social Media War On America? (time.com) 460

An anonymous reader writes: Time magazine ran a cover story about "a dangerous new route for antidemocratic forces" -- social media. "Using these technologies, it is possible to undermine democratic government, and it's becoming easier every day," says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology." The article cites current and former FBI and CIA officials who now believe Russia's phishing emails against politicians were "just the most visible battle in an ongoing information war against global democracy." They cite, for example, a March report by U.S. counterintelligence which found "Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department." Each message contained links tailored to the interests of the recipient, but "When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow's hackers to take control of the victim's phone or computer -- and Twitter account...

"In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States?" The article also notes how algorithms now can identify hot-button issues and people susceptible to suggestion, so "Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior. That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia's influence operations tell Time."

The article describes a Russian soldier in the Ukraine pretending to be a 42-year-old American housewife. Meanwhile, this week Time's cover shows America's White House halfway-covered with Kremlin-esque spires -- drawing a complaint from the humorists at Mad magazine, who say Time copied the cover of Mad's December issue.
United States

Aftermath From The Net Neutrality Vote: A Mass Movement To Protect The Open Internet? (mashable.com) 128

After Thursday's net neutrality vote, two security guards pinned a reporter against a wall until FCC Commissioner Michael O'Rielly had left the room, the Los Angeles Times reports. The Writers Guild of America calls the FCC's 2-to-1 vote to initiate a repeal of net neutrality rules a "war on the open internet," according to The Guardian. But the newspaper now predicts that online activists will continue their massive campaign "as the month's long process of reviewing the rules begins." The Hill points out that Mozilla is already hiring a high-profile tech lobbyist to press for both cybersecurity and an open internet, and in a blog post earlier this week the Mozilla Foundation's executive director sees a larger movement emerging from the engagement of millions of internet users. Today's support for net neutrality isn't the start of the Internet health movement. People have been standing up for an open web since its inception -- by advocating for browser choice, for open source practices, for mass surveillance reform. But net neutrality is an opportunity to propel this movement into the mainstream... If we make Internet health a mainstream issue, we can cement the web as a public resource. If we don't, mass surveillance, exclusion and insecurity can creep into every aspect of society. Hospitals held hostage by rogue hackers can become the status quo.
Meanwhile, The Guardian reports that it's not till the end of the FCC's review process that "a final FCC vote will decide the future of internet regulation," adding that however they vote, "court challenges are inevitable."
Transportation

Delta Airlines Tests Facial Recognition To Speed Up Baggage Check-In (cnn.com) 57

Would you let Delta airlines scan your face if it meant you could skip the line to check-in your baggage? An anonymous reader quotes CNN: Delta is testing a face-scanning kiosk for baggage check... It uses facial recognition technology to match your identity to your passport photo. You tag your own bags, pay the fee and drop your luggage on a conveyor belt... Delta will test four of the machines at Minneapolis-St. Paul International Airport this summer. The airline spent $600,000 on the four kiosks.
A senior staff attorney at the EFF warns this could be a slippery slope -- at what point this morphs into airline surveillance? But a Delta spokerspeson insists the images won't be stored, that they're complying with privacy laws, and that the kiosks could double the number of passengers whisking through their check-in procedures.
Government

UK Conservatives Pledge To Create Government-Controlled Internet (independent.co.uk) 186

Martin S. writes: Theresa May, the leader of the UK Conservative Party has pledged to create new internet that would be controlled and regulated by government on re-election. An early lead in the polls appears to be slipping but not slowly enough to change the result. Social Media has rapidly become an intense political battlefield. Known as #Mayhem in some circles, but seemingly able to command significant support from new and old media. Also, applying new social media analytics. According to the manifesto, the plans will allow Britain to become "the global leader in the regulation of the use of personal data and the internet." It states, "Some people say that it is not for government to regulate when it comes to technology and the internet... We disagree."
Blackberry

BlackBerry Working With Automakers On Antivirus Tool For Your Car (reuters.com) 45

An anonymous reader quotes a report from Reuters: BlackBerry is working with at least two automakers to develop a security service that would remotely scan vehicles for computer viruses and tell drivers to pull over if they were in critical danger, according to a financial analyst. The service, which would also be able to install security patches to an idle car, is being tested by luxury automakers Aston Martin and Range Rover. The service could be launched as early as next year, generating about $10 a month per vehicle for BlackBerry, according to Papageorgiou, who has followed BlackBerry for more than 15 years. Vehicles increasingly rely on dozens of computers that connect to each other as well as the internet, mobile networks and Bluetooth communications systems that make them vulnerable to remote hacks.
Crime

Sweden Drops Julian Assange Rape Investigation (cnn.com) 187

rmdingler writes: "Sweden is dropping its investigation into WikiLeaks founder Julian Assange on rape allegations, according to a prosecution statement released Friday," reports CNN. "Assange, who has always denied wrongdoing, has been holed up at the Ecuadorian Embassy in London since 2012, in an effort to avoid a Swedish arrest warrant." Despite Friday's announcement, he's unlikely to walk out of the embassy imminently. There is no apparent change in the risk of being detained in the west, particularly in the U.S., but it's definitely a win for Assange. Joshua.Niland adds: The pressure on Julian Assange may have lifted ever so slightly with Swedish prosecutors dropping their investigation into the allegations of rape. A brief statement ahead of a press conference by the prosecutor later on Friday said: "Director of Public Prosecution, Ms Marianne Ny, has today decided to discontinue the investigation regarding suspected rape (lesser degree) by Julian Assange." This will not likely deter the United States from pursuing their own charges against him for publishing tens of thousands of military documents leaked by Army whistleblower Chelsea Manning. After describing the development as "an important victory," Assange said, "[...] it by no means erases seven years of detention without charge under house arrest and almost five years here in this embassy without sunlight. Seven years without charge while my children grow up without me. That is not something I can forgive. It is not something I can forget."
Businesses

Uber Threatens To Fire Engineer Accused of Stealing Trade Secrets From Waymo (gizmodo.com) 39

Uber's general counsel Salle Yoo has warned Anthony Levandowski that if he doesn't return the files he's accused of stealing from Google's self-driving car unit and using them to develop similar technology at Uber, or open deny taking them, he could be fired. Gizmodo reports: Uber's general counsel Salle Yoo warned Levandowski in a letter sent Monday and made public last night that, if he didn't return the stolen files or openly deny taking them, he could be fired. The letter is a result of a court order issued Monday, and Levandowski has until the end of the month to comply. "We understand that this letter requires you to turn over information wherever located, including but not limited to, your personal devices, and to waive any Fifth Amendment protection you may have," Yoo wrote. "While we have respected your personal liberties, it is our view that the Court's Order requires us to make these demands of you." Despite the allegations against him, Levandowski's job at Uber has been protected so far by his reputation as a rising star in the self-driving industry and his close friendship with CEO Travis Kalanick, who called Levandowski his brother from another mother. However, Yoo's letter hints that the tide at Uber may be turning against Levandowsk -- in addition to demanding he return Waymo's documents, Yoo also asks Levandowski to return any Uber files he may have and to only use Uber-issued devices for work, where his actions will be monitored. "If you have not fully complied with our prior request to return all Uber-owned documents in your possession, custody, or control, you must immediately return all such documents to us," Yoo wrote.
Windows

Almost All WannaCry Victims Were Running Windows 7 (theverge.com) 123

An anonymous reader quotes a report from The Verge: According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide. Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system. The new figures also bear on the debate over Microsoft's patching practices, which generated significant criticism in the wake of the attack. Microsoft had released a public patch for Windows 7 months before the attack, but the patch for Windows XP was only released as an emergency measure after the worst of the damage had been done. The patch was available earlier to paying Custom Support customers, but most XP users were left vulnerable, each unpatched computer a potential vector to spread the ransomware further. Still, Kaspersky's figures suggest that unpatched XP devices played a relatively small role in the spread of the ransomware.
United States

Federal Agents Used a Stingray To Track an Immigrant's Phone (detroitnews.com) 103

An anonymous reader shares a report: Investigators from Immigration and Custom Enforcement as well as the FBI have been using controversial cell-spoofing devices to secretly track down undocumented immigrants, court records show. According to a report the Detroit News, which obtained an unsealed federal search warrant affidavit, FBI and ICE agents in Michigan used a Stingray device to ensnare a restaurant worker from El Salvador in March. The devices, which were originally intended for counter-terrorism use, have come under fire because there are currently no clear rules governing when law enforcement is allowed to deploy them. Even in cases where authorities have a clear target in mind, they run the risk of exposing personal information of other innocent people in range. Until 2015, Federal investigators were free to deploy the devices without a search warrant. At that point the Justice Department laid out a policy requiring investigators get approval to use the devices first.
Twitter

A Bug in Twitter's Old Vine App May Have Exposed Your Email (cnet.com) 6

An anonymous reader shares a report: If you had a Vine account, there's an alert you may want to know about. The video app, which Twitter bought in 2012 and shut down last year after its six-second videos failed to take off, sent out emails to some users Friday alerting them to a vulnerability in its service. Yeah, that's right, Vine is dead, but your account may have been compromised anyway. Apparently, the "bug" potentially exposed email addresses to hackers or other "third parties under certain circumstances." The vulnerability apparently existed for less than 24 hours, or 14,400 Vine videos. "We take these incidents very seriously, and we're sorry this occurred," Vine wrote in its email. It also said the information exposed could not be used to access accounts, and there were no indications any of the data had been misused.
Government

CIA Co-Developed 'Athena' Windows Malware With US Cyber Security Company, WikiLeaks Reveals (bleepingcomputer.com) 103

An anonymous reader writes: Today, WikiLeaks leaked documentation about a tool called Athena. According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant -- a CIA technical term for "malware" -- that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version. Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS. [...] The documents reveal that CIA had received help from a non-government contractor in developing the malware. The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.
Security

French Researchers Find Last-ditch Cure To Unlock WannaCry Files (reuters.com) 36

French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago. From a report: WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed. The researchers warned that their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently. Also see: Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom.
Government

Apple Is Lobbying Against Your Right To Repair iPhones, New York State Records Confirm (vice.com) 235

An anonymous reader quotes a report from Motherboard: Lobbying records in New York state show that Apple, Verizon, and the tech industry's largest trade organizations are opposing a bill that would make it easier for consumers and independent companies to repair your electronics. The bill, called the "Fair Repair Act," would require electronics companies to sell replacement parts and tools to the general public, would prohibit "software locks" that restrict repairs, and in many cases would require companies to make repair guides available to the public. Apple and other tech giants have been suspected of opposing the legislation in many of the 11 states where similar bills have been introduced, but New York's robust lobbying disclosure laws have made information about which companies are hiring lobbyists and what bills they're spending money on public record. According to New York State's Joint Commission on Public Ethics, Apple, Verizon, Toyota, the printer company Lexmark, heavy machinery company Caterpillar, phone insurance company Asurion, and medical device company Medtronic have spent money lobbying against the Fair Repair Act this year. The Consumer Technology Association, which represents thousands of electronics manufacturers, is also lobbying against the bill. The records show that companies and organizations lobbying against right to repair legislation spent $366,634 to retain lobbyists in the state between January and April of this year. Thus far, the Digital Right to Repair Coalition -- which is generally made up of independent repair shops with several employees -- is the only organization publicly lobbying for the legislation. It has spent $5,042 on the effort, according to the records.
Education

Elsevier Wants $15 Million In 'Piracy' Damages From Sci-Hub and Libgen (torrentfreak.com) 158

lbalbalba writes: Elsevier, one of the largest academic publishers, is demanding $15 million in damages from Sci-Hub and LibGen, who make paywalled scientific research papers freely available to the public [without permission]. A good chunk of these papers are copyrighted, many by Elsevier. Elsevier has requested a default judgment of $15 million against the defendants for their "truly egregious conduct" and "staggering" infringement. Sci-Hub's efforts are backed by many prominent scholars, who argue that tax-funded research should be accessible to everyone. Others counter that the site doesn't necessarily help the "open access" movement move forward. Sci-Hub's founder Alexandra Elbakyan defends her position and believes that what she does is helping millions of less privileged researchers to do their work properly by providing free access to research results.
Security

Hacker Steals 17 Million Zomato Users' Data, Briefly Puts It On Dark Web (hackread.com) 32

Waqas reports via Hack Read: Recently, HackRead found out a vendor going by the online handle of âoenclayâ is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace. The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here's a screenshot of the sample data publicly shared by "nclay." Upon testing the sample data on Zomato.com's login page, it was discovered that each and every account mentioned in the list exists on Zomato. Although Zomato didn't reply to our email but in their latest blog post the company has acknowledged the breach. Here's a full preview of the blog post published by Zomato 7hours ago: "Over 120 million users visit Zomato every month. What binds all of these varied individuals is the desire to enjoy the best a city has to offer, in terms of food. When Zomato users trust us with their personal information, they naturally expect the information to be safeguarded. And that's something we do diligently, without fail. We take cyber security very seriously -- if you've been a regular at Zomato for years, you'd agree."
Databases

Font Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts (zdnet.com) 17

A popular font sharing site DaFont.com has been hacked, resulting in usernames, email addresses, and hashed passwords of 699,464 user accounts being stolen. ZDNet reports: The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site's main database also contains the site's forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site's forums. The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site's database. "I heard the database was getting traded around so I decided to dump it myself -- like I always do," the hacker told me. Asked about his motivations, he said it was "mainly just for the challenge [and] training my pentest skills." He told me that he exploited a union-based SQL injection vulnerability in the site's software, a flaw he said was "easy to find." The hacker provided the database to ZDNet for verification.
Windows

Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom (arstechnica.com) 60

An anonymous reader quotes a report from Ars Technica: Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. "This software has only been tested and known to work under Windows XP," he wrote in a readme note accompanying his app, which he calls Wannakey. "In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!"
Businesses

'WannaCry Makes an Easy Case For Linux' (techrepublic.com) 408

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.
Communications

Net Neutrality Goes Down in Flames as FCC Votes To Kill Title II Rules (arstechnica.com) 420

As we feared yesterday, the rollback of net neutrality rules officially began today. The FCC voted along party lines today to formally consider Chairman Ajit Pai's plan to scrap the legal foundation for the rules and to ask the public for comments on the future of prohibitions on blocking, throttling and paid prioritization. ArsTechnica adds: The Federal Communications Commission voted 2-1 today to start the process of eliminating net neutrality rules and the classification of home and mobile Internet service providers as common carriers under Title II of the Communications Act. The Notice of Proposed Rulemaking (NPRM) proposes eliminating the Title II classification and seeks comment on what, if anything, should replace the current net neutrality rules. But Chairman Ajit Pai is making no promises about reinstating the two-year-old net neutrality rules that forbid ISPs from blocking or throttling lawful Internet content, or prioritizing content in exchange for payment. Pai's proposal argues that throttling websites and applications might somehow help Internet users.
Facebook

EU Fines Facebook $122 Million Over Misleading Information On WhatsApp Deal (siliconrepublic.com) 31

On Thursday, the European Union's powerful antitrust chief fined Facebook 110 million euros, or about $122 million, for giving misleading statements during the company's $19 billion acquisition of the internet messaging service WhatsApp in 2014. From a report: During the review process, the EC discussed the possibility of Facebook matching its users' accounts with WhatsApp users' accounts, to which Facebook replied that it "would be unable to establish reliable automated matching" between the two. Since then, though, the company has found a way, and it seems pretty straightforward. Unhappy with this, the EC today revealed a "proportionate and deterrent fine." How it acts as a deterrent, however, is unclear. Facebook was at risk of a fine totalling 1 percent of its turnover, which would have been closer to 200 million euros, but the figure was lower due to its compliance during the investigation. "The commission has found that, contrary to Facebook's statements in the 2014 merger review process, the technical possibility of automatically matching Facebook and WhatsApp users' identities already existed in 2014, and that Facebook staff were aware of such a possibility," the EC said.

Slashdot Top Deals