• +598 29008192
  • info@servinfo.com.uy

Archivo del Autor: Belen De Leon

Cybersecurity and human rights

A cyberattack has the power to paralyze cellular communications; alter or erase information in computerized systems; prevent access to computer servers; and directly harm a country’s economy and security by attacking its electricity networks or banking system.

The necessity is clear for any country, but especially Israel with its unique security considerations, to maintain a cyber defense system. The creation of the unified Israel National Cyber Directorate (INCD), which includes the Israel Cyber Event Readiness Team (CERT-IL), side by side with other security agencies such as the Israeli NSA and Mossad within the Prime Minister’s Office, addresses this need. This is an important institution, and it therefore must have clearly defined legislative powers, goals and organizational structures.

What is interesting, though, is that although Israel is Startup Nation when it comes to innovation and development, it is sorely behind in legislation that deals with the growing dilemmas regarding the intersection between technology, human rights and democratic values. Most technological innovations in security and tracking systems used in social networks are developed out of the public eye. The unified INCD was established before legislation to regulate its activities was put in place.

To this end, the recent publishing of the first draft of a cyber law for Israel, designed to provide a legal framework for the activities of Israel’s cyber defense system, is welcomed. However, the content of the draft shows that the State is seeking to assume far wider powers than are needed to protect the public from cyberattacks. Part of the reason for this is that it is difficult at present to assess what cyberattacks could look like in the future, but another part is what seems to be a somewhat hidden policy of the government to use technology in order to increase their control over citizens’ activities.

According to the draft, the INCD, a division within the Prime Minister’s Office, will be able to routinely collect data from internet and cellular providers, government ministries, local authorities and government corporations in order to identify and thwart cyberattacks in real time. Yet the definition of “security relevant data” remains ambiguous, and is certainly much broader than the definitions laid out in IOC (Cyber Threat Indicator) in the American Cybersecurity Information Sharing Act (CISA) passed in 2015.

The question is whether there is truly a need for all of this information — a record of all online activities and personal details we’ve shared with governmental agencies — to be collected in this way, and whether this is information that could potentially be used to create behavioral profiles that could be used against citizens. What, in effect, is the difference between gathering this data and wide-scale, unrestricted wiretapping? For the State to have access to such far-reaching information constitutes a real threat to citizens’ privacy and human rights on a larger scale.

In addition, should the drafted bill pass, INCD will have access to computers and the authority to collect and process information, all in the name of identifying cybersecurity infiltrators. This could include almost any information held by any private citizen or business. While the law mentions the need to respect the right to privacy, it also permits activities that do not infringe upon this right “more than is necessary” — a frighteningly vague limitation. In addition, there do not seem to be sufficient limits on the use of the information collected. How long can it be stored? Can it be passed from INCD to the police, or to other agencies?

We would not be global leaders in cyber and technology without simultaneously protecting fundamental human rights.

This bill endows the INCD with supreme regulatory powers that supersede those of the police, the Privacy Protection Authorities and others. The INCD even has the capacity to withdraw licenses awarded to commercial institutions. One obvious outcome of this is that it will lead to a lack of cooperation between the different authorities. The million-dollar question is, of course, when do these powers come into play? And the answer, again, is worrying: “Whenever necessary in order to defend a ‘vital interest.’”

This might mean protecting the country’s security or saving human life, but according to the draft, it also includes “the proper functioning of organizations that provide services on a significant scale.” Does this also mean a cyberattack on a large clothing chain? And if so, is this justified?

Classic cybersecurity, as we know it, deals mainly with potential damage to tangible infrastructure. However, the proposed bill allows the prime minister to add more cyberthreats to this list at his will. Which begs the question: What will happen when a prime minister adds something along the lines of “harming the public consciousness by presenting arguments on social networks”? or “disseminating fake news”? Do we really want the INCD to be empowered to deal with such cases in addition to the Israeli NSA?

Moreover, the draft makes scant mention of oversight bodies to regulate the use of such broad powers, and grants the head of INCD the power to maintain a veil of secrecy when attacks are being discovered. It certainly makes sense not to publicize the existence of a cyberattack until it is under control — in order to prevent additional damage — but assume that you are a patient in a hospital in which a cyberattack has created confusion in the administration of medicines. How long would you want this to be kept secret? And what of bank account holders, or people who have registered for a dating site, whose details have been compromised?

The proposed bill endows the INCD with unchecked power, especially when compared with other democracies. The abuse of such power and Edward Snowden’s exposure of PRISM (the NSA’s intrusive surveillance program) should serve as a warning to us all, especially here in Israel. Today, the right to privacy can no longer be seen as the right to control one’s personal data as laid out in the General Data Protection Regulation (GDPR). Rather, the right to privacy is understood as a prerequisite condition for other human rights. While the bill is important, one cannot help but think that it may be the first stage in an unprecedented “big brother” scenario.

Legislators have to take the time to study cyber issues and the threats and opportunities that they pose. It is crucial that those who decide whether or not to pass the bill gain a deep understanding of the meaning of the right to privacy in a digital world. This knowledge will allow them to create a more balanced piece of legislation and in turn protect the rights of Israeli citizens.

The law states that one of its primary goals is to “advance Israel as a global leader in the field of cyber security.” Yet let us not forget that in a small country like Israel, driven by creativity, independence and thinking out-of-the-box, we would not be global leaders in cyber and technology without simultaneously protecting fundamental human rights.

Source: TechCrunch

An inside look at Rivian’s EV ambitions from AI batteries to electric jet skis

For a CEO who insists his electric vehicle startup doesn’t want to be Tesla, Rivian founder RJ Scaringe can sound a lot like Elon Musk.

Just weeks before unveiling Rivian’s first vehicles — an all-electric pickup and a seven-seater SUV — at the LA Auto Show last month, Scaringe promised an impressive new battery technology and speculated about an electric jet-ski. He’s made other bold claims à la Musk, including that his company had developed an artificial intelligence charging system that “allows the battery to last … about three times longer than a traditional battery.”

There’s a method to, and a reason for, Scaringe’s promotional madness.

It’s a tough time to launch an EV startup. With a recession lurking around the corner and mainstream automakers promising to accelerate into the space, Rivian needs to show more than just a stylish brand and a half-empty bank account. TechCrunch has learned that Scaringe has a technology roadmap that includes regular reveals of new features, vehicles and partners, to lure in new business and keep pre-order customers happy while they wait for delivery in 2020.

Rivian automaker badge

For a start, Rivian’s AI will observe how new owners of its vehicles drive and charge their cars, and then adjust various parameters to maximize battery longevity. This might include not fully charging the battery for people who tend to drive only short distances in a day, although it would never reduce the total range available, Scaringe later told TechCrunch.

“We don’t make drastic adjustments over time,” he said. “We do this slowly as we learn more about you.”

Although Rivian could not provide evidence of a tripling of battery life, an EV battery expert contacted by TechCrunch confirmed that smart charging strategies could slow the deterioration of lithium-ion packs to some extent.

Rivian’s “AI batteries” could be integrated into other applications, such as electric jet-skis, snowmobiles and tractors built by partners, Scaringe said recently at an Economic Development Council meeting near the startup’s assembly plant in Normal, Ill.

“A significant part of our business is leveraging the technology we built around batteries and battery control systems to help electrify the things that move on our planet,” he said.

Scaringe told TechCrunch that Rivian is in the process of negotiating strategic partnerships with companies that might take a stake in the startup, as well as use its batteries and powertrain in their products.

Trademark applications filed by Rivian in October suggest the company is also planning to expand its own vehicle line-up. As well as the R1T pickup and R1S SUV announced in LA, Rivian has reserved the vehicle names R1A, R1C, R2A, R2C, R2R and R2S.

Scaringe admitted that Rivian has four additional “adventure” vehicles on its immediate roadmap, all using the same battery and powertrain system (dubbed a “skateboard”) as its pickup and SUV. The next two vehicles would be quite a bit smaller than the launch duo, and possibly includes a rally car.  Rivian is not working on a sedan to compete with Tesla’s Model 3, Scaringe said.

Rivian chassis

Rivian also trademarked the terms “tank turn” and “tank steer,” referring to independently moving wheels that can enable extremely tight turns. Scaringe confirmed that this feature would be available on the R1S, the R1T, and future quad-drive vehicles.

All of these plans — from the multiple models and AI batteries to the strategic partnerships and triple battery life — are ambitious for a company that has yet to demonstrate a moving vehicle, and still about two years from producing its first vehicles.

A history of grand plans

But ambition has never been a problem for Scaringe. In 2010, he persuaded the state of Florida and Space Florida, the state’s aerospace economic development agency, to hand over $3.5 million to develop and produce a 60 miles per gallon sports car using advanced manufacturing techniques. Rivian even signed an agreement with NASA to test the high-speed car on the Shuttle Landing Facility at Kennedy Space Center.

Scaringe promised a factory in Florida that would employ 1,200 people by 2015, with a new automotive engineering course at the Florida Institute of Technology to produce the skilled workers required. Rivian did complete an initial technology demonstrator vehicle but neither the factory nor the jobs materialized.

“Although we did not get the manufacturing, we’re still very excited about the technology,” Dale Ketchum, VP of Space Florida, told TechCrunch. “We remain optimistic that some of their operations and technology and job generation will eventually occur in Florida.”

Space Florida continues to hold stock warrants in Rivian, issued as part of its grant.

By 2013, Rivian had pivoted to developing electric vehicles in Michigan, California, the UK, and, following the purchase of an ex-Mitsubishi plant in Normal in 2017, Illinois. Rivian has sought public funds there, too. It negotiated nearly $50 million in state tax credits by promising to create 1000 new full-time jobs in Illinois in 2024, and a package of around $4m in local credits.

These include the city of Normal handing over $1 million in cash after Rivian invests $20 million of its own money to refurbish the factory. The town will also provide security and landscaping services for the plant, and even remove snow from its driveways and parking lots for two years.

A bet on job growth

But while the economic benefits of Rivian’s promised jobs lie in the future, Normal is having to tighten its belt today. In February, the town noted that property tax abatements granted to Rivian would reduce its 2018-2019 operating fund by $74,900 and its library fund by $32,200. In March, Normal postponed plans for a new library indefinitely. Scaringe says Rivian currently has just 65 Rivian employees at the Normal facility.

The company says that it has also raised $450 million in capital and debt financing from investors, including Sumitomo Corporation of Americas. Its largest shareholder is Saudi conglomerate Abdul Latif Jameel, whose initial investment Scaringe secured while working on a Master’s degree at MIT.

Following a generally positive reception of its electric pickup and SUV at the LA Auto Show, and a subsequent flurry of $1,000 pre-orders, Rivian now faces the trickier task of bringing them into production in just two years.

Scaringe has promised that both vehicles will be capable of Level 3 autonomous highway driving – something that Tesla also has promised, but has yet to deliver. Although Rivian’s self-driving team is based in Silicon Valley, the company has yet to apply for an autonomous vehicle testing permit from the California DMV.

Scaringe said the company is testing on public roads in California, but in a way that does not require a permit. “We took the decision to be very quiet in stealth and stay below the radar,” he said. “But we will probably have to file for a permit, possibly in the next year.”

Developing and integrating such advanced technology so quickly will put even more pressure on Rivian’s aggressive development cycle. The first big adventure for Rivian’s innovative vehicles won’t be muddy tracks or forest roads, but in factories that are still worryingly empty.

Source: TechCrunch

WhatsApp has an encrypted child porn problem

WhatsApp chat groups are being used to spread illegal child pornography, cloaked by the app’s end-to-end encryption. Without the necessary number of human moderators, the disturbing content is slipping by WhatsApp’s automated systems. A report reviewed by TechCrunch from two Israeli NGOs details how third-party apps for discovering WhatsApp groups include “Adult” sections that offer invite links to join rings of users trading images of child exploitation. TechCrunch has reviewed materials showing many of these groups are currently active.

TechCrunch’s investigation shows that Facebook could do more to police WhatsApp and remove this kind of content. Even without technical solutions that would require a weakening of encryption, WhatsApp’s moderators should have been able to find these groups and put a stop to them. Groups with names like “child porn only no adv” and “child porn xvideos” found on the group discovery app “Group Links For Whats” by Lisa Studio don’t even attempt to hide their nature. And a screenshot provided by anti-exploitation startup AntiToxin reveals active WhatsApp groups with names like “Children 💋👙👙” or “videos cp” — a known abbreviation for ‘child pornography’.

A screenshot from today of active child exploitation groups on WhatsApp. Phone numbers and photos redacted. Provided by AntiToxin.

Better manual investigation of these group discovery apps and WhatsApp itself should have immediately led these groups to be deleted and their members banned. While Facebook doubled its moderation staff from 10,000 to 20,000 in 2018 to crack down on election interference, bullying, and other policy violations, that staff does not moderate WhatsApp content. With just 300 employees, WhatsApp runs semi-independently, and the company confirms it handles its own moderation efforts. That’s proving inadequate for policing at 1.5 billion user community.

The findings from the NGOs Screen Savers and Netivei Reshe were written about today by The Financial Times, but TechCrunch is publishing the full report, their translated letter to Facebook translated emails with Facebook, their police report, plus the names of child pornography groups on WhatsApp and group discovery apps the lead to them listed above. A startup called AntiToxin Technologies that researches the topic has backed up the report, providing the screenshot above and saying it’s identified more than 1300 videos and photographs of minors involved in sexual acts on WhatsApp groups. Given that Tumblr’s app was recently temporarily removed from the Apple App Store for allegedly harboring child pornography, we’ve asked Apple if it will temporarily suspend WhatsApp but have not heard back. 

Uncovering A Nightmare

In July 2018, the NGOs became aware of the issue after a man reported to one of their hotlines that he’d seen hardcore pornography on WhatsApp. In October, they spent 20 days cataloging over 10 of the child pornography groups, their content, and the apps that allow people to find them.

The NGOs began contacting Facebook’s head of policy Jordana Cutler starting September 4th. They requested a meeting four times to discuss their findings. Cutler asked for email evidence but did not agree to a meeting, instead following Israeli law enforcement’s guidance to instruct researchers to contact the authorities. The NGO reported their findings to Israeli police but declined to provide Facebook with their research. WhatsApp only received their report and the screenshot of active child pornography groups today from TechCrunch.

Listings from a group discovery app of child exploitation groups on WhatsApp. URLs and photos have been redacted.

WhatsApp tells me it’s now investigating the groups visible from the research we provided. A Facebook spokesperson tells TechCrunch “Keeping people safe on Facebook is fundamental to the work of our teams around the world. We offered to work together with police in Israel to launch an investigation to stop this abuse.” A statement from the Israeli Police’s Head of the Child Online Protection Bureau Meir Hayoun notes that: “In past meetings with Jordana, I instructed her to always tell anyone who wanted to report any pedophile content to contact the Israeli police to report a complaint.”

A WhatsApp spokesperson tells me that while legal adult pornography is allowed on WhatsApp, it banned 130,000 accounts in a recent 10-day period for violating its policies against child exploitation. In a statement, WhatsApp wrote that:

WhatsApp has a zero-tolerance policy around child sexual abuse. We deploy our most advanced technology, including artificial intelligence, to scan profile photos and images in reported content, and actively ban accounts suspected of sharing this vile content. We also respond to law enforcement requests around the world and immediately report abuse to the National Center for Missing and Exploited Children. Sadly, because both app stores and communications services are being misused to spread abusive content, technology companies must work together to stop it.”

But it’s that over-reliance on technology and subsequent under-staffing that seems to have allowed the problem to fester. AntiToxin’s CEO Zohar Levkovitz tells me “Can it be argued that Facebook has unwittingly growth-hacked pedophilia? Yes. As parents and tech executives we cannot remain complacent to that.”

Automated Moderation Doesn’t Cut It

WhatsApp introduced an invite link feature for groups in late 2016, making it much easier to discover and join groups without knowing any members. Competitors like Telegram had benefited as engagement in their public group chats rose. WhatsApp likely saw group invite links as an opportunity for growth, but didn’t allocate enough resources to monitor groups of strangers assembling around different topics. Apps sprung up to allow people to browse different groups by category. Some usage of these apps is legitimate, as people seek communities to discuss sports or entertainment. But many of these apps now feature “Adult” sections that can include invite links to both legal pornography sharing groups as well as illegal child exploitation content.

A WhatsApp spokesperson tells me that it scans all unencrypted information on its network — basically anything outside of chat threads themselves — including user profile photos, group profile photos, and group information. It seeks to match content against the PhotoDNA banks of indexed child pornography that many tech companies use to identify previously reported inappropriate imagery. If it find a match, that account, or that group and all of its members receive a lifetime ban from WhatsApp.

A WhatsApp group discovery app’s listings of child exploitation groups on WhatsApp

If imagery doesn’t match the database but is suspected of showing child exploitation, it’s manually reviewed. If found to be illegal, WhatsApp bans the accounts and/or groups, prevents it from being uploaded in the future, and reports the content and accounts to the National Center For Missing And Exploited Children. The one example group reported to WhatsApp by the Financial Times was already flagged for human review by its automated system, and was then banned along with all 256 members.

To discourage abuse, WhatsApp says it limits groups to 256 members and purposefully does not provide a search function for people or groups within its app. It does not encourage the publication of group invite links and the vast majority of groups have six or fewer members. It’s already working with Google and Apple to enforce its terms of service against apps like the child exploitation group discovery apps that abuse WhatsApp. Those kind of groups already can’t be found in Apple’s App Store, but remain available on Google Play. We’ve contacted Google Play to ask how it addresses illegal content discovery apps and whether Group Links For Whats by Lisa Studio will remain available, and will update if we hear back.

But the larger question is that if WhatsApp was already aware of these group discovery apps, why wasn’t it using them to track down and ban groups that violate its policies. A spokesperson claimed that group names with “CP” or other indicators of child exploitation are some of the signals it uses to hunt these groups, and that names in group discovery apps don’t necessarily correlate to the group names on WhatsApp. But TechCrunch then provided a screenshot showing active groups within WhatsApp as of this morning with names like “Children 💋👙👙” or “videos cp”. That shows that WhatsApp’s automated systems and lean staff are not enough to prevent the spread of illegal imagery.

The situation also raises questions about the tradeoffs of encryption as some governments like Australia seek to prevent its usage by messaging apps. The technology can protect free speech, improve the safety of political dissidents, and prevent censorship by both governments and tech platforms. However, it can also make detecting crime more difficult, exacerbating the harm caused to victims.

WhatsApp’s spokesperson tells me that it stands behind strong end-to-end encryption that protects conversations with loved ones, doctors, and more. They said there are plenty of good reasons for end-to-end encryption and it will continue to support it. Changing that in any way, even to aid catching those that exploit children, would be require a significant change to the privacy guarantees it’s given users. They suggested that on-device scanning for illegal content would have to be implemented by phone makers to prevent its spread without hampering encryption.

But for now, WhatsApp needs more human moderators willing to use proactive and unscalable manual investigation to address its child pornography problem. With Facebook earning billions in profit per quarter and staffing up its own moderation ranks, there’s no reason WhatsApp’s supposed autonomy should prevent it from applying adequate resources to the issue. WhatsApp sought to grow through big public groups, but failed to implement the necessary precautions to ensure they didn’t become havens for child exploitation. Tech companies like WhatsApp need to stop assuming cheap and efficient technological solutions are sufficient. If they want to make money off of huge user bases, they must be willing to pay to protect and police them.

Source: TechCrunch

Lin-Manuel Miranda shares touching text exchange from fans – CNET

Source: CNET

Subaru teases hotter STI for 2019 Detroit Auto Show – Roadshow

This is likely related to the S209 trademark Subaru filed in the US.
Source: CNET

Hackers find a way to bypass Gmail two-factor authentication

Two-factor authentication might be a great way to protect your online accounts, but it isn’t foolproof. A new report by Amnesty International has found that hackers using automated tools to pish both a user’s password and authentication code.

The post Hackers find a way to bypass Gmail two-factor authentication appeared first on Digital Trends.

Source: Digital trends

Corel confirms it has acquired virtualization specialist Parallels

Last month, we broke the news that Corel was buying Parallels, a pioneer in virtualization, to expand its footprint in the world of business software. Now that deal is official: today Canada-based Corel confirmed that it has acquired the company. Now products like CorelDraw and productivity apps like WordPerfect will sit alongside Parallels Desktop for Mac, Parallels Toolbox for Windows and Mac, Parallels Access, Parallels Mac Management for Microsoft SCCM, and Parallels Remote Application Server (RAS) — key products for businesses that run networks of computers that are not all uniformly running one OS, and across multiple locations.

“We’re excited to welcome our new Parallels employees to Corel’s global organization,” said Patrick Nichols, CEO of Corel, in a statement. “From our highly complementary product portfolios to our shared business models and strategies, Corel and Parallels are a great fit. Thanks to the combined power of our technologies and teams, we see tremendous opportunities to drive continued growth and success for our businesses and most importantly, our customers.”

Terms of the deal are not being disclosed but understand from sources close to the company that it was an all-cash deal, and that it was not a big exit.

Shifting practices in the business world — the rise of cloud-based services, increasingly common bring-your-own-device hardware policies, and a wider variety of work environments outside of traditional, single offices — has created a demand for better software management practices, covering not just important things like security but also usability. That presents an opportunity for virtualization companies. Corel said it expects to make “significant investment into the Parallels business” because it believes it has “exceptional opportunities for growth”. In its case that will likely include closer integration between its existing products and those of Parallels.

“Parallels and Corel share a common vision, market leadership, and passion for innovation. We look to forward to continuing to serve our customers and partners with best-in-class software as part of Corel,” said Jack Zubarev, CEO of Parallels, in a statement.

Corel has changed ownership and gone in and out of being listed publicly a number of times since being founded in the 1980s in Ottawa. It’s now owned by Vector Capital, which is essentially the one buying Parallels and setting the investment strategy.

Parallels was originally founded in 1999 with roots in Russia and is currently headquartered in Bellevue, Washington.

It has never made much of a fanfare around its financing or valuation. According to PitchBook, its last funding round was in 2015, an undisclosed amount from Endeavour Vision, KG Investments, Maxfield Capital, Savano Capital Partners and others. It raised $300 million from Ingram Micro the year before that.

As we have written before, it’s not fully clear what the rationale was for the sale, except we had heard that its investors were longstanding and looking to exit, while Corel has slowly been consolidating a number of smaller software businesses, and this fits well with its bigger strategy there. Another recent acquisition was Gravit Designer from Germany, acquired earlier this year.

Source: TechCrunch

Nvidia says you can supercharge GeForce Now game streaming with these routers

Gamers looking to jump into Nivida’s GeForce game streaming service may want to pay attention to a new list of routers officially recommended by the company with an eye toward decreasing latency and improving your overall experience.

The post Nvidia says you can supercharge GeForce Now game streaming with these routers appeared first on Digital Trends.

Source: Digital trends

Justice Department accuses Chinese spies of hacking into dozens of US tech and industry giants

The Justice Department has unsealed a damning indictment that links an aggressive campaign to hack into U.S. tech and industry giants to spies working for the Chinese government.

The indictment, out Thursday, accuses China’s main intelligence agency — the Ministry of State Security — of hacking into dozens of tech companies and government departments, largely in an effort to steal intellectual property. Prosecutors said that the hackers were part of a Beijing-backed group, dubbed APT10, which various security companies had previously linked to China.

Zhu Hua and Zhang Shilong, both nationals and residents of China, were charged with three counts each of computer hacking, conspiracy to commit wire fraud and aggravated identity theft.

None of the companies were named, but noted that the hackers targeted and “stole hundreds of gigabytes of sensitive data” in aviation, space and satellite technology, manufacturing, pharmaceutical, oil and gas exploration, as well as communications and computer processor firms, and maritime technology companies.

Only the NASA Goddard Space Center and the space agency’s Jet Propulsion Lab were named in the filing.

The indictment also said that the hackers also stole personally identifiable information — including names, dates of birth, email addresses, salary information, and Social Security numbers — on more than 100,000 U.S. Navy personnel.

The hackers used spearphishing — or highly targeted phishing campaigns — to install malware using malicious Microsoft Word documents and steal data from targeted computers, the indictment reads. Others used keyloggers to steal usernames and passwords to break into employees’ accounts.

“We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises.” said U.S. deputy attorney general Rod Rosenstein, in remarks at the Justice Department in Washington DC.

The latest indictments come as tensions between the U.S. and China increased, following the arrest of Huawei’s chief financial officer Meng Wanzhou in Canada, after being accused of fraud by the U.S. She faces up to 30 years in prison if found guilty.

Prosecutors said that China was conducting its “extensive” hacking campaign over the last three years, With this indictment, the Trump administration has effectively scrubbed an Obama-era bilateral agreement, signed by President Obama and China’s premier Xi Jinping in 2015, under which the two countries agreed not to launch hostile cyberattacks and espionage.

Dmitri Alperovitch, chief technology officer at CrowdStrike, which has tracked APT10 in recent years, called the Justice Department’s move “unprecedented and encouraging” to take action against China.

“Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated,” he said. “While this action alone will not likely solve the issue and companies in US, Canada, Europe, Australia and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.”

The UK government also said in a statement that it is “holding responsible elements of the Chinese government for an extensive cyber campaign.”

“The National Cyber Security Centre assesses with the highest level of probability that the group widely known as APT10 is responsible for this sustained cyber campaign focused on large-scale service providers,” said a statement from the U.K.’s Foreign Office. “The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.”

U.K. Foreign Secretary Jeremy Hunt called the hacking campaign “one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date.”

Several other allied nations, including Japan and Australia are expected to release statements to support the U.S. indictment.

Prosecutors conceded that prosecutions are unlikely, given that the named hackers are Chinese residents and extraditions are rare. Thursday’s indictment represents the department’s latest in “name and shame” charges, designed to instead restrict the international travels of those named in the filing but also to send a warning to others.

“We hope the day will come when the defendants face justice under the rule of law in a federal courtroom,” said Rosenstein.

China has long rebuffed complaints from other nations accusing it of cyberattacks and espionage, but didn’t immediately comment on Thursday’s indictment.

Source: TechCrunch

Drones ground flights at UK’s second largest airport

Mystery drone operator/s have grounded flights at the UK’s second largest airport, disrupting the travel plans of hundreds of thousands of people hoping to get away over the festive period.

The BBC reports that Gatwick Airport’s runway has been shut since Wednesday night on safety grounds, after drones were spotted being flown repeatedly over the airfield.

It says airlines have been advised to cancel all flights up to at least 16:00 GMT, with the airport saying the runway would not open “until it was safe to do so”.

More than 20 police units are reported to be searching for the drone operator/s.

The UK made amendments to existing legislation this year to make flying a drone within 1km of an airport illegal, after a planned drone bill got delayed.

The safety-focused tweak to the law five months ago also restricted drone flight height to 400ft. A registration scheme for drone owners is also set to be introduced next year.

Under current UK law, a drone operator who is charged with recklessly or negligently acting in a manner likely to endanger an aircraft or a person in an aircraft can face a penalty of up to five years in prison or an unlimited fine, or both.

Although, in the Gatwick incident case, it’s not clear whether simply flying a drone near a runway would constitute an attempt to endanger an aircraft under the law. Even though the incident has clearly caused major disruption to travellers as the safety-conscious airport takes no chances.

Further adding to the misery of disrupted passengers today, the Civil Aviation Authority told the BBC it considered the event to be an “extraordinary circumstance” — meaning airlines aren’t obligated to pay financial compensation.

There’s been a marked rise in UK aircraft incidents involving drones over the past five years, with more than 100 recorded so far this year, according to data from the UK Airprox Board.

Aviation minister Baroness Sugg faced a barrage of questions about the Gatwick disruption in the House of Lords today, including accusations the government has dragged its feet on bringing in technical specifications that might have avoided the disruption.

“These drones are being operated illegally… It seems that the drones are being used intentionally to disrupt the airport, but, as I said, this is an ongoing investigation,” she told peers, adding: “We changed the law earlier this year, bringing in an exclusion zone around airports. We are working with manufactures and retailers to ensure that the new rules are communicated to those who purchase drones.

“From November next year, people will need to register their drone and take an online safety test. We have also recently consulted on extending police powers and will make an announcement on next steps shortly.”

The minister was also pressed on what the government had done to explore counterdrone technology which could be used to disable drones, with one peer noting they’d raised the very issue two years ago.

“My Lords, technology is rapidly advancing in this area,” responded Sugg. “That is absolutely something that we are looking at. As I said, part of the consultation we did earlier this year was on counterdrone technology and we will be announcing our next steps on that very soon.”

Another peer wondered whether techniques he said had been developed by the UK military and spy agency, GCHQ — to rapidly identify the frequency a drone is operating on, and either jam it or take control and land it — will be “given more broadly to various airports”?

“All relevant parts of the Government, including the Ministry of Defence, are working on this issue today to try to resolve it as quickly as possible,” the minister replied. “We are working on the new technology that is available to ensure that such an incident does not happen again. It is not acceptable that passengers have faced such disruption ahead of Christmas and we are doing all we can to resolve it as quickly as possible.”

Source: TechCrunch