Government

Snowden's Former Employer Under Criminal Investigation For Fraudulent Billing (boozallen.com) 43

McGruber writes: Booz Allen Hamilton, the contracting firm that was Edward Snowden's employer when he leaked classified information from the NSA has announced that it is under a federal civil and criminal investigation of its billing practices. The disclosure in a regulatory filing sent shares of parent company Booz Allen Hamilton Holding Corp. tumbling $7.33, or 18.6 percent, to $32 in Friday trading.
The Almighty Buck

Air Force Budget Reveals How Much SpaceX Undercuts Launch Prices (arstechnica.com) 95

An anonymous reader quotes a report from Ars Technica: In 2014, the U.S. Government Accountability Office issued a report on cost estimates for the U.S. Air Force's program to launch national security payloads, which at the time consisted of a fleet of rockets maintained and flown entirely by United Launch Alliance (ULA). The report was critical of the non-transparent nature of ULA's launch prices and noted that the government "lacked sufficient knowledge to negotiate fair and reasonable launch prices" with the monopoly. At around the same time, the new space rocket company SpaceX began to aggressively pursue the opportunity to launch national security payloads for the government. SpaceX claimed to offer a substantially lower price for delivering satellites into various orbits around Earth. But because of the lack of transparency, comparing prices was difficult. The Air Force recently released budget estimates for fiscal year 2018, and these include a run out into the early 2020s. For these years, the budget combines the fixed price rocket and ELC contract costs into a single budget line. (See page 109 of this document). They are strikingly high. According to the Air Force estimate, the "unit cost" of a single rocket launch in fiscal year 2020 is $422 million, and $424 million for a year later. SpaceX sells basic commercial launches of its Falcon 9 rocket for about $65 million. But, for military launches, there are additional range costs and service contracts that add tens of millions of dollars to the total price. It therefore seems possible that SpaceX is taking a loss or launching at little or no profit to undercut its rival and gain market share in the high-volume military launch market. Elon Musk retweeted the article, adding "$300M cost diff between SpaceX and Boeing/Lockheed exceeds avg value of satellite, so flying with SpaceX means satellite is basically free."
Security

Firm Responsible For Mirai-Infected Webcams Hires Software Firm To Make Its Products More Secure (securityledger.com) 18

chicksdaddy writes from a report via The Security Ledger: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." Dahua, based in Hangzhou, China said it will with Mountain View based Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." In a joint statement, the companies said Dahua will be adopting secure "software development life cycle (SDLC) and supply chain" practices using Synopsys technologies in an effort to reduce the number of "vulnerabilities that can jeopardize our products," according to a statement attributed to Fu Liquan, Dahua's Chairman, The Security Ledger reports. Dahua's cameras and digital video recorders (DVRs) figured prominently in the Mirai botnet, which launched massive denial of service attacks against websites in Europe and the U.S., including the French web hosting firm OVH, security news site Krebsonsecurity.com and the New Hampshire based managed DNS provider Dyn. Cybercriminals behind the botnet apparently exploited an overflow vulnerability in the web interface for cameras and DVRs to gain access to the underlying Linux operating system and install the Mirai software, according to research by the firm Level3. In March, Dahua was called out for another, serious vulnerability in eleven models of video recorders and IP cameras. Namely: a back door account that gave remote attackers full control of vulnerable devices without the need to authenticate to the device. The flaw was first disclosed on the Full Disclosure mailing list and described as "like a damn Hollywood hack, click on one button and you are in."
Piracy

Alleged KickassTorrents Owner Considers 'Voluntary Surrender' To the US (torrentfreak.com) 59

An anonymous reader quotes a report from TorrentFreak: Earlier this year a Polish court ruled that Artem Vaulin, the alleged owner of the defunct torrent site KickassTorrents, can be extradited to the United States. The decision came as a disappointment to the defense team, which quickly announced an appeal. Vaulin has since been released on bail and currently resides in a Warsaw apartment. His release has made it easier to communicate with his attorneys in the United States, who have started negotiations with the U.S. Government. While the extradition appeal is still ongoing, it now appears that under the right conditions Vaulin might consider traveling to the United States voluntarily, so he can "resolve" the pending charges. This is what the defense team states in a motion for a status conference (pdf), which was submitted earlier this week.
Australia

Movie Piracy Cost Australian Network 'Hundreds of Millions of Dollars' (theaustralian.com.au) 119

Film television piracy and illegal downloads are partly to blame for Australian broadcaster Ten Network's woes, according to Village Roadshow co-chief executive Graham Burke. From a report: He said piracy had cost Ten "hundreds of millions of dollars" in potential advertising revenue because of lower ratings resulting from pirated versions of films supplied by 21st Century Fox under an onerous output deal with the Hollywood studio. He said copies of Fox's Leonardo DiCaprio movie The Revenant and The Peanuts Movie were stolen last year and shared illegally via a piracy website. "Piracy is a much bigger channel and an illicit economy than the three main commercial networks combined. It is ripping off viewers from legitimate, taxpaying enterprises," Mr Burke said. "The product that Ten is buying from 21st Century Fox and is now arriving have been pirated out of sight."
Facebook

Facebook Exposes Employee Data To Terrorists (theguardian.com) 50

An anonymous reader writes: The Guardian is reporting that Facebook accidentally exposed the personal information of the moderators that remove terrorist content to the groups that posted that very content. From the article it looks like 6 of them actually had their profiles viewed. From the article, "The security lapse affected more than 1,000 workers across 22 departments at Facebook who used the company's moderation software to review and remove inappropriate content from the platform, including sexual material, hate speech and terrorist propaganda."

What are Facebook's responsibilities here?


Government

Putin Claims Russia Proposed a Cyber War Treaty In 2015 But the Obama Admin Ignored Them (qz.com) 193

An anonymous reader writes: Russian president Vladimir Putin (who denies any Russian part in the hacking) claims the Obama administration ignored a proposal in 2015 that might have avoided all of this. His administration suggested working out a cyber treaty with the US but was ignored by Obama officials, Putin told film director Oliver Stone in Showtime's four-part series broadcast this week. "A year and a half ago, in fall 2015, we made proposal to our American partners that we work through these issues and conclude a treaty on the rules of behavior in this sphere," he said in Stone's documentary The Putin Interviews. "The American side was silent, they didn't reply to us."
Google

EU Poised To Fine Google More Than $1 Billion in Antitrust Case (marketwatch.com) 102

Google is braced for a fine of potentially more than 1bn euro ($1.18 billion) as Brussels prepares to make the first of three antitrust decisions on the search group's practices, the first sanction by a leading competition regulator on the way it operates. From a report: The penalty, expected to be announced in the coming weeks, could exceed the record 1.1 billion euro bill slapped on Intel, in 2009 for anti-competitive behavior in the computer-chip market, the two people told The Times. The European Commission's antitrust body declined to comment to MarketWatch on the FT report, but referred to the latest steps taken in the case against Google. In July last year, the commission reiterated its conclusion that the search giant had "abused its dominant position by systematically favoring its comparison shopping service in its search result pages." Google and its parent company Alphabet were then given 10 weeks to respond to the findings. Reuters reported last month that Google had attempted to settle the dispute with the EU three times in the last six years, but the sides had failed to reach a compromise.
Patents

Amazon Granted a Patent That Prevents In-Store Shoppers From Online Price Checking (theverge.com) 465

An anonymous reader quotes a report from The Verge: Amazon's long been a go-to for people to online price compare while shopping at brick-and-mortars. Now, a new patent granted to the company could prevent people from doing just that inside Amazon's own stores. The patent, titled "Physical Store Online Shopping Control," details a mechanism where a retailer can intercept network requests like URLs and search terms that happen on its in-store Wi-Fi, then act upon them in various ways. The document details in great length how a retailer like Amazon would use this information to its benefit. If, for example, the retailer sees you're trying to access a competitor's website to price check an item, it could compare the requested content to what's offered in-store and then send price comparison information or a coupon to your browser instead. Or it could suggest a complementary item, or even block content outright. Amazon's patent also lets the retailer know your physical whereabouts, saying, "the location may be triangulated utilizing information received from a multitude of wireless access points." The retailer can then use this information to try and upsell you on items in your immediate area or direct a sales representative to your location.
Bug

Trump Orders Government To Stop Work On Y2K Bug, 17 Years Later (bloomberg.com) 460

The federal government will finally stop preparing for the Y2K bug, seventeen years after it came and went. Yes, you read that right. Bloomberg reports: The Trump administration announced Thursday that it would eliminate dozens of paperwork requirements for federal agencies, including an obscure rule that requires them to continue providing updates on their preparedness for a bug that afflicted some computers at the turn of the century. As another example, the Pentagon will be freed from a requirement that it file a report every time a small business vendor is paid, a task that consumed some 1,200 man-hours every year. Seven of the more than 50 paperwork requirements the White House eliminated on Thursday dealt with the Y2K bug, according to a memo OMB released. Officials at the agency estimate the changes could save tens of thousands of man-hours across the federal government. The agency didn't provide an estimate of how much time is currently spent on Y2K paperwork, but Linda Springer, an OMB senior adviser, acknowledged that it isn't a lot since those requirements are already often ignored in practice.
AMD

Six Companies Awarded $258 Million From US Government To Build Exascale Supercomputers (digitaltrends.com) 40

The U.S. Department of Energy will be investing $258 million to help six leading technology firms -- AMD, Cray Inc., Hewlett Packard Enterprise, IBM, Intel, and Nvidia -- research and build exascale supercomputers. Digital Trends reports: The funding will be allocated to them over the course of a three-year period, with each company providing 40 percent of the overall project cost, contributing to an overall investment of $430 million in the project. "Continued U.S. leadership in high performance computing is essential to our security, prosperity, and economic competitiveness as a nation," U.S. Secretary of Energy Rick Perry said. "These awards will enable leading U.S. technology firms to marshal their formidable skills, expertise, and resources in the global race for the next stage in supercomputing -- exascale-capable systems." The funding will finance research and development in three key areas; hardware technology, software technology, and application development. There are hopes that one of the companies involved in the initiative will be able to deliver an exascale-capable supercomputer by 2021.
Communications

CIA Created 'CherryBlossom' Toolkit For Hacking Hundreds of Routers Models (bleepingcomputer.com) 107

An anonymous reader writes: After a two-week hiatus, WikiLeaks dumped new files as part of the Vault 7 series -- documents about a CIA tool named CherryBlossom, a multi-purpose framework developed for hacking hundreds of home router models. The tool is by far one of the most sophisticated CIA malware frameworks in the CIA's possession. The purpose of CherryBlossom is to allow operatives to interact and control SOHO routers on the victim's network. The tool can sniff, log, and redirect the user's Internet traffic, open a VPN to the victim's local network, execute actions based on predefined rules, alert operators when the victim becomes active, and more. A 24-page document included with the CherryBlossom docs lists over 200 router models from 21 vendors that the CIA could hack. The biggest names on this list are Apple, D-Link, Belkin, Aironet (Cisco), Linksys, and Motorola.
Government

eBay Urges Customers To Oppose Washington Internet Tax (knkx.org) 71

An anonymous reader quotes a report from KNKX: If you live in Washington state, you might have gotten the email from eBay. It begins: "The Washington State Legislature is threatening to impose new Internet sales tax burdens on you." It goes on to urge the recipient to send a form letter to Washington lawmakers opposing "harmful tax laws." So what's this about? EBay's Brian Bieron said the company is alerting its customers to a proposal to require out-of-state retailers to collect sales tax from Washington residents. "It's the right of all of our users to know when new tax policies would impact their ability to sell online or shop online, we think that they want to know and they want to get involved," Bieron said. The fact eBay is emailing its customer base now indicates the company is concerned the internet tax bill will be part of a final budget deal in Olympia. Washington House Democrats and Senate Republicans are currently trying to hash out a compromise budget that fully fund schools. That agreement will likely include some additional sources of tax revenue. Of all the choices on the table, capturing sales tax from more online sales might prove the most palatable to tax-averse Republicans. House Democrats estimate the proposal could bring in an estimated $341 million over the next two years.
Privacy

Dubai Airport Will Use Biometric Scanning By 2020 To Replace Entry With Passport (gulfnews.com) 45

dryriver quotes a report from Gulf News: For visitors or residents coming in to Dubai, a new face-recognition software in the offing at the Dubai International Airport will enable them to walk straight to the baggage claim area after deplaning without having to stop at passport control. British start-up ObjectTech announced that they will work with the Dubai government to install biometric tunnels that scan people's faces as they walk to baggage reclaim. The "biometric border" walkway takes a 3D scan of people's faces as they enter the airport and checks it against a digital passport using face-recognition software. If this project is completed, passengers arriving at Dubai airport will be able to step off their flight and walk straight to baggage reclaim via biometric verification tunnels -- allowing them to be registered into the country using a pre-approved and entirely digitized passport.
Censorship

Japan Passes Controversial 'Anti-Conspiracy' Bill (privateinternetaccess.com) 93

An anonymous reader quotes a report from Virtual Privacy Network Blog, News: Earlier today, after an intentionally rushed consideration process, Japan's Prime Minister Shinzo Abe passed a new mass surveillance law conveniently called the "anti-conspiracy bill." With the vague wording of the bill, anyone suspected of planning any of [the 277 acts listed in the bill] could be put under targeted surveillance. Of course, the Japanese government has promised not to overstep their boundaries and emphasized that the new law is only meant to increase security before the 2020 Olympics. Among the noted crimes that would be punishable in Japan under the new anti-terrorism law is copyright violation, which is a criminal offense not a civil offense in Japan. Both the Japanese Bar Association and the United Nation's Special Rapporteur have spoken out against the law, saying that it will severely curtail civil liberties in Japan.

BBC laid out some of the most ridiculous things that someone in Japan can now catch a potentially terrorism-related charge for even planning or discussing on social media the acts of: Copying music; Conducting sit-ins to protest against the construction of apartment buildings; Using forged stamps; Competing in a motor boat race without a license; Mushroom picking in conservation forests; Avoiding paying consumption tax. The stated rationale of the government is that these now-illegal acts, such as copying music to CDs or foraging for mushrooms in conservation forests, could be used to fund terrorist activities. Hence, planning or thinking about them is bad. If this sounds like the Thought Police, that's because it is.

Businesses

Netflix Changes Course, Says It Will 'Never Outgrow' Fight For Net Neutrality (vice.com) 107

After a few months of wishy-washy statements on net neutrality indicating that the company had largely given up on it, Netflix is changing course. From a report: On July 12, the video streaming company will join Amazon, Reddit, Pornhub, Imgur, and more to incorporate slowed-down or disrupted service to raise awareness for the importance of strong net neutrality guidelines, giving visitors to its site a taste of what a future without a free and open internet could look like. The protest, organized by Fight for the Future, freepress, and Demand Progress, takes place five days before the first deadline for comments on the FCC's proposal to roll back net neutrality protections. The change in heart comes days after Netflix CEO Reed Hastings said, "[Net neutrality is] not narrowly important to us because we're big enough to get the deals we want."
EU

Pirate Bay Is Infringing Copyright, European Court of Justice Rules (theguardian.com) 108

The European court of justice (ECJ) has ruled that BitTorrent site The Pirate Bay is directly infringing copyright, in a move that could lead to ISPs and governments blocking access to other torrent sites across Europe. From a report: The ruling comes after a seven-year legal battle, which has seen the site, founded in Sweden in 2003, blocked and seized, its offices raided, and its three founders fined and jailed. At the heart of the case is the Pirate Bay's argument that, unlike the previous generation piracy sites like Napster, it doesn't host infringing files, nor link to them. Instead, it hosts "trackers," files which tell users of individual BitTorrent apps which other BitTorrent users to link to in order to download large files -- in the Pirate Bay's case, usually, but not exclusively, copyrighted material.
Government

US Intelligence Agencies Tried To Bribe Our Developers To Weaken Encryption, Says Telegram Founder (twitter.com) 135

In a series of tweets, Pavel Durov, the Russian founder of the popular secure messaging app Telegram has revealed that U.S. intelligence agencies tried twice to bribe his company's developers to weaken encryption in the app. The incident, Durov said, happened last year during the team's visit to the United States. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," he said. "And that was just 1 week. It would be naive to think you can run an independent/secure cryptoapp based in the US."

Telegram is one of the most secure messaging apps available today, though researchers have pointed flaws in it as well.
Businesses

Apple CEO Tim Cook Shares His Experience Of Working With President Donald Trump (bloomberg.com) 350

In a wide-ranging interview with Bloomberg, Apple CEO Tim Cook talked about his experience of working with Donald Trump. He said: I feel a great responsibility as an American, as a CEO, to try to influence things in areas where we have a level of expertise. I've pushed hard on immigration. We clearly have a very different view on things in that area. I've pushed on climate. We have a different view there. There are clearly areas where we're not nearly on the same page. We're dramatically different. I hope there's some areas where we're not. His focus on jobs is good. So we'll see. Pulling out of the Paris climate accord was very disappointing. I felt a responsibility to do every single thing I could for it not to happen. I think it's the wrong decision. If I see another opening on the Paris thing, I'm going to bring it up again. At the end of the day, I'm not a person who's going to walk away and say, "If you don't do what I want, I leave." I'm not on a council, so I don't have those kind of decisions. But I care deeply about America. I want America to do well. America's more important than bloody politics from my point of view. Let me give you an example of this. Veterans Affairs has struggled in providing health care to veterans. We have an expertise in some of the things at the base level that they're struggling with. So we're going to work with them. I could give a crap about the politics of it. I want to help veterans. My dad's a veteran. My brother served. We have so many military folks in Apple. These folks deserve great health care. So we're going to keep helping.
Security

NSA Links WannaCry To North Korea (washingtonpost.com) 99

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with "moderate confidence" to North Korea's spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that "cyber actors" suspected to be "sponsored by" the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called "the Lazarus Group," a name used by private-sector researchers.

Slashdot Top Deals