China

German Intelligence Warns of Increased Chinese Cyberspying (apnews.com) 29

The head of Germany's domestic intelligence agency has warned that China allegedly is using social networks to try to cultivate lawmakers and other officials as sources. From a report: Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn. "This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies," Maassen said.
United States

FCC Refuses Records For Investigation Into Fake Net Neutrality Comments (variety.com) 153

"FCC general counsel Tom Johnson has told the New York State attorney general that the FCC is not providing information for his investigation into fake net-neutrality comments, saying those comments did not affect the review, and challenging the state's ability to investigate the feds." Variety has more: The FCC's general counsel, in a letter to New York Attorney General Eric Schneiderman, also dismissed his concerns that the volume of fake comments or those made with stolen identities have "corrupted" the rule-making process... He added that Schneiderman's request for logs of IP addresses would be "unduly burdensome" to the commission, and would "raise significant personal privacy concerns."

Amy Spitalnick, Schneiderman's press secretary, said in a statement that the FCC "made clear that it will continue to obstruct a law enforcement investigation. It's easy for the FCC to claim that there's no problem with the process, when they're hiding the very information that would allow us to determine if there was a problem. To be clear, impersonation is a violation of New York law," she said... "The only privacy jeopardized by the FCC's continued obstruction of this investigation is that of the perpetrators who impersonated real Americans."

One of the FCC's Democratic commissioners claimed that this response "shows the FCC's sheer contempt for public input and unreasonable failure to support integrity in its process... Moreover, the FCC refuses to look into how nearly half a million comments came from Russian sources."
Security

Touting Government/Industry 'Partnership' on Security Practices, NIST Drafts Cybersecurity Framework Update (scmagazine.com) 14

Remember NIST, the non-regulatory agency of the U.S. Department of Commerce? Their mission expanded over the years to protecting businesses from cyberthreats, including a "Cybersecurty Framework" first published in 2014. "The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation's critical infrastructure, such as bridges and the electric power grid," NIST wrote in January, "but the framework has been widely adopted by many types of organizations across the country and around the world." Now SC Media reports: The second draft of the update to the National Institute of Standards and Technology's cybersecurity framework, NIST 1.1, is meant "to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use," according to NIST. Specifically, it brings clarity to cybersecurity measurement language and tackles improving security of the supply chain. Calling the initial NIST CSF "a landmark effort" that delivered "important benefits, such as providing common language for different models" of standards and best practices already in use, Larry Clinton, president and CEO of the Internet Security Alliance, said "it fell short of some of the most critical demands of Presidential Executive Order 13636, which generated its development...

"To begin with, the new draft makes it clear that our goal is not some undefined metric for use of the Framework, but for effective use of the Framework. Moreover, this use-metric needs to be tied not to some generic standard, but to be calibrated to the unique threat picture, risk appetite and business objective of a particular organization"... Clinton praised the process used by NIST as "a model 'use case' for how government needs to engage with its industry partners to address the cybersecurity issue." The internet's inherent interconnectedness makes it impossible for sustainable security to be achieved through anything other than true partnership, he contended.

Slashdot reader Presto Vivace reminds you that public comments on the draft Framework and Roadmap are due to NIST by 11:59 p.m. EST on January 19, 2018. "If you have an opinion about this, NOW is the time to express it."
Government

Autocratic Governments Can Now 'Buy Their Own NSA' (wired.com) 108

Citizen Lab has been studying information controls since 2001, and this week their director -- a Toronto political science professor -- revealed how governments (including Ethiopia's) are using powerful commercial spyware. Slashdot reader mspohr shared their report: We monitored the command and control servers used in the campaign and in doing so discovered a public log file that the operators mistakenly left open... We were also able to identify the IP addresses of those who were targeted and successfully infected: a group that includes journalists, a lawyer, activists, and academics... Many of the countries in which the targets live -- the United States, Canada, and Germany, among others -- have strict wiretapping laws that make it illegal to eavesdrop without a warrant... Our team reverse-engineered the malware used in this instance, and over time this allowed us to positively identify the company whose spyware was being employed by Ethiopia: Cyberbit Solutions, a subsidiary of the Israel-based homeland security company Elbit Systems. Notably, Cyberbit is the fourth company we have identified, alongside Hacking Team, Finfisher, and NSO Group, whose products and services have been abused by autocratic regimes to target dissidents, journalists, and others...

Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit's products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan's National Security Service, Zambia's Financial Intelligence Centre, and the Philippine president's Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.... Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars, can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion.

Reached for comment, Cyberbit said they were not responsible with what others do with their software, arguing that "governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions."
Electronic Frontier Foundation

"The FCC Still Doesn't Know How the Internet Works" (eff.org) 276

An anonymous reader writes: The EFF describes the FCC's official plan to kill net neutrality as "riddled with technical errors and factual inaccuracies," including, for example, a false distinction between "Internet access service" and "a distinct transmission service" which the EFF calls "utterly ridiculous and completely ungrounded from reality."

"Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works -- even though hundreds of engineers tried to explain it to them this past summer... As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them." And in addition, "Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique."

"There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we've suggested, the FCC doesn't understand how the Internet works. The second is that it doesn't care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an 'information service,' (rather than a 'telecommunications service,' or common carrier) and the FCC needs to offer some basis for it. So, we fear, it's making one up, and hoping no one will notice."

"We noticed," their editorial ends, urging Americans "to tell your lawmakers: Don't let the FCC sell the Internet out."
Technology

Sexual Harassment In Tech Is As Old As the Computer Age (ieee.org) 367

Tekla Perry writes: Historian Marie Hicks, speaking at the Computer History Museum talks about how women computer operators and programmers were driven out of the industry, gives examples of sexual harassment dating back to the days of the Colossus era, and previews her next research. "It's all a matter of power, Hicks pointed out -- and women have never had their share of it," reports IEEE Spectrum. "Women dominated computer programming in its early days because the field wasn't seen as a career, just a something someone could do without a lot of training and would do for only a short period of time. Computer jobs had no room for advancement, so having women 'retire' in their 20s was not seen as a bad thing. And since women, of course, could never supervise men, Hicks said, women who were good at computing ended up training the men who ended up as their managers. But when it became clear that computers -- and computer work -- were important, women were suddenly pushed out of the field."

Hicks has also started looking at the bias baked into algorithms, specifically at when it first crossed from human to computer. The first example she turned up had "something to do with transgender people and the government's main pension computer." She says that when humans were in the loop, petitions to change gender on national insurance cards generally went through, but when the computer came in, the system was "specifically designed to no longer accommodate them, instead, to literally cause an error code to kick out of the processing chain any account of a 'known transsexual.'"

The Internet

Zimbabwe's Internet Went Down for About Five Hours. The Culprit Was Reportedly a Tractor. (slate.com) 63

Zimbabweans lost internet access en masse on Tuesday when a tractor reportedly cut through key fiber-optic cables in South Africa and another internet provider experienced simultaneous issues with its primary internet conduits. From a report: The outage began shortly before noon local time and persisted for more than five hours, affecting not only citizens' day-to-day internet usage but businesses that rely upon web access. And while five internet-free hours might sound unfathomable to those of us accustomed to having the web constantly at our fingertips, large-scale internet outages -- from inadvertent lapses caused by ship anchors to government-calculated blackouts designed to showcase political power -- do happen, and maybe more frequently than you'd thought. According to local news sources, a tractor in South Africa damaged cables belonging to Liquid Telecom, which has an 81.5 percent market share of Zimbabwe's international-equipped internet bandwidth as of the second quarter of 2017 and leases capacity to other internet providers. In a bad coincidence, city council employees in Kuwadzana, a suburb of Zimbabwe's capitol city of Harare, cut an additional TelOne cable around the same time. (According to NewsDay Zimbabwe, it was an accident. The company blamed "faults that occurred on our main links through South Africa and Botswana" in a statement.)
Government

Volkswagen Executive Sentenced To Maximum Prison Term For His Role In Dieselgate (arstechnica.com) 100

An anonymous reader quotes a report from Ars Technica: On Wednesday, a U.S. District judge in Detroit sentenced Oliver Schmidt, a former Volkswagen executive, to seven years in prison for his role in the Volkswagen diesel emissions scandal of 2015. Schmidt was also ordered to pay a criminal penalty of $400,000, according to a U.S. Department of Justice (DOJ) press release. The prison term and the fine together represent the maximum sentence that Schmidt could have received under the plea deal he signed in August. Schmidt, a German citizen who lived in Detroit as an emissions compliance executive for VW, was arrested in Miami on vacation last January. In August, he pleaded guilty to conspiracy and to making a false statement under the Clean Air Act. Schmidt's plea deal stated that the former executive could face up to seven years in prison and between $40,000 and $400,000 in fines.

Last week, Schmidt's attorneys made a last-minute bid requesting a lighter sentence for Schmidt: 40 months of supervised release and a $100,000 fine. Schmidt also wrote a letter to the judge, which surfaced over the weekend, in which the executive said he felt "misused" by his own company and claimed that higher-ranked VW executives coached him on a script to help him lie to a California Air Resources Board (CARB) official. Instead, Schmidt was sentenced to the maximum penalties outlined in the plea deal. Only one other VW employee has been sentenced in connection with the emissions scandal: former engineer James Liang, who received 40 months in prison and two years of supervised release as the result of his plea deal. Although six other VW Group executives have been indicted, none is in U.S. custody.

Businesses

Kaspersky To Close Washington Office But Expand Non-State Sales (bloomberg.com) 65

An anonymous reader shares a report: A Russian software-maker, whose products are banned for use in federal information systems by the U.S. government, is seeking to remain in the North American market and prove its products have no hidden capabilities. Kaspersky Lab Inc. will close its Washington D.C. office that was selling to the government and will keep working with non-federal customers in the U.S. via its remaining offices in the country, vice-president Anton Shingarev said in an interview in Moscow. The company also committed in October to open its product's source code to an independent third-party review and plans to open new offices in Chicago, Los Angeles and Toronto next year. "This allows independent experts to verify that our software has no hidden functionality, that it doesn't send your files to third parties, doesn't spy on you and fully complies with the end-user agreement," Shingarev said. The U.S. banned government use of Kaspersky software in September, citing founder Eugene Kaspersky's alleged ties to Russian intelligence and the possibility its products could function as "malicious actors" to compromise federal information systems. The move caused concern about the company's products in other markets, including the U.K.
The Almighty Buck

'We Could Fund a Universal Basic Income With the Data We Give Away To Facebook and Google' (thenextweb.com) 583

Tristan Greene reports via The Next Web: A universal basic income (UBI), wherein government provides a monthly stipend so citizens can afford a home and basic necessities, is something experts believe would directly address the issue of unemployment and poverty, and possibly even eliminate hundreds of other welfare programs. It may also be the only real solution to the impending automation bonanza. According to AI expert Steve Fuller, the problem is, giving people money when they lose jobs won't fix the issue, it's a temporary solution and we need permanent ones. Sounds fair, and he even has some ideas on how to accomplish this end: "We could hold Google and Facebook and all those big multinationals accountable; we could make sure that people, like those who are currently 'voluntarily' contributing their data to pump up companies' profits, are given something that is adequate to support their livelihoods in exchange."

It's an interesting idea, but difficult to imagine it's implementation. If the government isn't assigning a specific stipend value, we'll have to be compensated individually by companies. One way to do this, is by emulating the old coal mining company scrip scams of early last century. Employees working for companies would be paid in currency only redeemable at the company store. This basically created a system where a company could tax its own workers for profit. Google, for example, could use a system like that and say "opt-in for $10 worth of Google Play music for free," if they wanted to. Which doesn't help pay the bills when machines replace you at work, but at least you'll be able to voice search for your favorite songs. Another idea is to charge companies an automation tax, but again there's concerns as to how this would be implemented. A solution that combines government oversight with a tax on AI companies -- a UBI funded by the dividends of our data -- may be the best option. To be blunt: we should make Google, Microsoft, Facebook and other such AI companies pay for it with a simple data tax.

Encryption

US Says It Doesn't Need a Court Order To Ask Tech Companies To Build Encryption Backdoors (gizmodo.com) 248

schwit1 shares a report from Gizmodo: According to statements from July released this weekend, intelligence officials told members of the Senate Intelligence Committee that there's no need for them to approach courts before requesting a tech company help willfully -- though they can always resort to obtaining a Foreign Intelligence Surveillance Court order if the company refuses. The documents show officials testified they had never needed to obtain such an FISC order, though they declined to tell the committee whether they had "ever asked a company to add an encryption backdoor," per ZDNet. Other reporting has suggested the FISC has the power to authorize government personnel to compel such technical assistance without even notifying the FISC of what exactly is required. Section 702 of the Foreign Intelligence Surveillance Act gives authorities additional powers to compel service providers to build backdoors into their products.
Bitcoin

Feds Shut Down Allegedly Fraudulent Cryptocurrency Offering (arstechnica.com) 47

An anonymous reader quotes a report from Ars Technica: The Securities and Exchange Commission on Monday announced that it was taking action against an initial coin offering (ICO) that the SEC alleges is fraudulent. The announcement represents the first enforcement action by the SEC's recently created cyber fraud unit. In July, the agency fired a warning shot. It announced that a 2016 fundraising campaign had run afoul of securities law, but that the SEC would decline to prosecute those responsible. The hope was to get the cryptocurrency world to take securities laws more seriously without doing anything drastic. Now the SEC is taking the next step by prosecuting what it considers to be one of the most egregious scams in the ICO world. The SEC's complaint, filed in federal court in New York, is against Dominic Lacroix, whom the SEC describes as a "recidivist securities law violator." The SEC considers Lacroix's cryptocurrency project, PlexCoin, to be a "fast-moving Initial Coin Offering (ICO) fraud that raised up to $15 million from thousands of investors since August by falsely promising a 13-fold profit in less than a month." The PlexCoin website has a hilariously vague description of this supposedly revolutionary cryptocurrency. "The PlexCoin's new revolutionary operating structure is safer and much easier to use than any other current cryptocurrency," the site proclaims. "One of the many features of PlexBank will be to secure your cryptocurrency from market variation, which is highly volatile, and invest your money in a place where you can get interesting guaranteed returns." According to Ars, "The SEC isn't impressed and is arguing that PlexCoin has 'all of the characteristics of a full-fledged cyber scam.' The agency is seeking to freeze the assets of the PlexCoin project in hopes of getting investors' funds back to them."
Canada

ISPs and Movie Industry Prepare Canadian Pirate Site Blocking Deal (torrentfreak.com) 86

An anonymous reader quotes a report from TorrentFreak: A coalition of movie industry companies and ISPs, including Bell, Rogers, and Cineplex are discussing a proposal to implement a plan to allow for website blockades without judicial oversight. The Canadian blocklist would be maintained by a new non-profit organization called "Internet Piracy Review Agency" (IPRA) and enforced through the CTRC, Canadaland reports. The plan doesn't come as a total surprise as Bell alluded to a nationwide blocking mechanism during a recent Government hearing. What becomes clear from the new plans, however, is that the telco is not alone. The new proposal is being discussed by various stakeholders including ISPs and local movie companies. As in other countries, major American movie companies are also in the loop, but they will not be listed as official applicants when the plan is submitted to the CRTC. Canadian law professor Micheal Geist is very critical of the plans. Although the proposal would only cover sites that "blatantly, overwhelmingly or structurally" engage in or facilitate copyright infringement, this can be a blurry line.

"Recent history suggests that the list will quickly grow to cover tougher judgment calls. For example, Bell has targeted TVAddons, a site that contains considerable non-infringing content," Geist notes. "It can be expected that many other sites disliked by rights holders or broadcasters would find their way onto the block list," he adds. While the full list of applicants is not ready yet, it is expected that the coalition will file its proposal to the CRTC before the end of the month.

Facebook

Health Secretary Hits Out at Facebook's New App, Says 'Stay Away From My Kids' (theguardian.com) 113

Jeremy Hunt has publicly attacked Facebook for releasing a version of its Messenger app aimed at children, and called on the social media company to "stay away from my kids." From a report: The health secretary accused the company of "targeting younger children" after Facebook announced on Monday that it was conducting trials of an app called Messenger Kids in the US, which is designed to be used by pre-teens. He said the company was failing to act responsibly despite having assured the government that it would not target its service at children, who can only use the main social media website if they are over 13.
Privacy

Germany Preparing Law for Backdoors in Any Type of Modern Device (bleepingcomputer.com) 251

Catalin Cimpanu, writing for BleepingComputer: German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more. Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND). The man supporting this proposal is Thomas de Maiziere, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.
EU

Apple To Start Paying Ireland the Billions It Owes In Back Taxes (engadget.com) 124

Last year, Apple was ordered to pay a record sum of 13 billion euros ($14.5 billion) plus interest after the European Commission said Ireland illegally slashed the iPhone maker's tax bill. "But Ireland was rather slow to start collecting that cash, which led the Commission to refer the Irish government to the European Court of Justice in October due to Ireland's non-compliance with the 2016 ruling," reports Engadget. "However, the Wall Street Journal reports today that the country will finally start collecting those billions of dollars owed by Apple and it may start doing so early next year." From the report: Both Apple and Ireland have fought back against the ruling -- Ireland has said that the European Union overstepped its authority and got some of the country's laws wrong while Apple has maintained that the amount it's being told to repay was miscalculated. Both are continuing to appeal the decision and the money will sit in an escrow fund while they do so. Ireland has said that negotiating the terms of that fund is what has held up its collection of the money but the European Commission said that the action it has taken against Ireland for failing to follow the 2016 ruling will proceed until the money is collected in full.
Censorship

Apple, Google CEOs Bring Star Power as China Promotes Censorship (bloomberg.com) 38

An anonymous reader shares a Bloomberg report: Apple's Tim Cook and Google's Sundar Pichai made their first appearances at China's World Internet Conference, bringing star power to a gathering the Chinese government uses to promote its strategy of tight controls online. Apple's chief executive officer gave a surprise keynote at the opening ceremony on Sunday, calling for future internet and AI technologies to be infused with privacy, security and humanity. The same day, one of China's most-senior officials called for more aggressive government involvement online to combat terrorism and criminals. Wang Huning, one of seven men on China's top decision-making body, even called for a global response team to go well beyond its borders. It was Cook's second appearance in China in two months, following a meeting with President Xi Jinping in October. The iPhone maker has most of its products manufactured in the country and is trying to regain market share in smartphones against local competitors such as Huawei. "The theme of this conference -- developing a digital economy for openness and shared benefits -- is a vision we at Apple share," Cook said. "We are proud to have worked alongside many of our partners in China to help build a community that will join a common future in cyberspace."
Botnet

How 'Grinch Bots' Are Ruining Online Christmas Shopping (nypost.com) 283

Yes, U.S. Senator Chuck Schumer actually called them "Grinch bots." From the New York Post: The senator said as soon as a retailer puts a hard-to-get toy -- like Barbie's Dreamhouse or Nintendo game systems -- for sale on a website, a bot can snatch it up even before a kid's parents finish entering their credit card information... "Bots come in and buy up all the toys and then charge ludicrous prices amidst the holiday shopping bustle," the New York Democrat said on Sunday... For example, Schumer said, the popular Fingerlings -- a set of interactive baby monkey figurines that usually sell for around $15 -- are being snagged by the scalping software and resold on secondary websites for as much as $1,000 a pop...

In December 2016, Congress passed the Better Online Ticket Sales (BOTS) Act, which Schumer sponsored, to crack down on their use to buy concert tickets, but the measure doesn't apply to other consumer products. He wants that law expanded but knows that won't happen in time for this holiday season. In the meantime, Schumer wants the National Retail Federation and the Retail Industry Leaders Association to block the bots and lead the effort to stop them from buying toys at fair retail prices and then reselling them at outrageous markups.

The Almighty Buck

Nobel Prize-Winning Economist Says Bitcoin 'Ought to be Outlawed' (cnn.com) 461

Bitcoin "is drawing harsh criticism from Wall Street investment firms," writes Slashdot reader rmdingler -- and even from some prominent economists. CNN reports: The harshest assessment came from Nobel laureate Joseph Stiglitz, who said that bitcoin "ought to be outlawed. Bitcoin is successful only because of its potential for circumvention," he told Bloomberg TV. "It doesn't serve any socially useful function." Robert Shiller, who won a Nobel for his work on bubbles, said the currency appeals to some investors because it has an "anti-government, anti-regulation feel. It's such a wonderful story," he said at a conference in Lithuania, according to Bloomberg. "If it were only true."

Wall Street titans were getting in on the action, too. Goldman Sachs CEO Lloyd Blankfein told Bloomberg that the currency serves as "a vehicle for perpetrating fraud." Billionaire investor Carl Icahn said on CNBC that it "seems like a bubble." The digital currency previously attracted the derision of JPMorgan boss Jamie Dimon, who called it a "fraud" that would "eventually blow up." Warren Buffett has warned of a "real bubble."

Wednesday the price of bitcoin shot past $11,000 -- just ten days after rising past $8,000.
Businesses

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France (marketwatch.com) 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."

Slashdot Top Deals