Security

Cyber Firms Warn on Suspected Russian Plan To Attack Ukraine (reuters.com) 28

Jim Finkle, reporting for Reuters: Cisco Systems on Wednesday warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine. Cisco's Talos cyber intelligence unit said it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow. Cisco said the malware could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories. Head of Ukraine's cyber police said on Wednesday that the agency is aware of new large malware campaign, and that it is working to protect Ukraine against possible new cyber threat.
AI

Microsoft Also Has An AI Bot That Makes Phone Calls To Humans (theverge.com) 36

An anonymous reader quotes a report from The Verge: At an AI event in London today, Microsoft CEO Satya Nadella showed off the company's Xiaoice (pronounced "SHAO-ICE") social chat bot. Microsoft has been testing Xiaoice in China, and Nadella revealed the bot has 500 million "friends" and more than 16 channels for Chinese users to interact with it through WeChat and other popular messaging services. Microsoft has turned Xiaoice, which is Chinese for "little Bing," into a friendly bot that has convinced some of its users that the bot is a friend or a human being. "Xiaoice has her own TV show, it writes poetry, and it does many interesting things," reveals Nadella. "It's a bit of a celebrity."

While most of Xiaoice's interactions have been in text conversations, Microsoft has started allowing the chat bot to call people on their phones. It's not exactly the same as Google Duplex, which uses the Assistant to make calls on your behalf, but instead it holds a phone conversation with you. "One of the things we started doing earlier this year is having full duplex conversations," explains Nadella. "So now Xiaoice can be conversing with you in WeChat and stop and call you. Then you can just talk to it using voice." (The term "full duplex" here refers to a conversation where both participants can speak at the same time; it's not a reference to Google's product, which was named after the same jargon.)

Communications

Senators Demand FCC Answer For Fake Comments After Realizing Their Identities Were Stolen (gizmodo.com) 155

Two US senators -- one Republican, one Democrat who both had their identities stolen and then used to post fake public comments on net neutrality -- are calling on FCC Chairman Ajit Pai to address how as many as two million fake comments were filed under stolen names. From a report: Senators Jeff Merkley, Democrat of Oregon, and Pat Toomey, Republican of Pennsylvania, are among the estimated "two million Americans" whose identities were used to file comments to the FCC without their consent. "The federal rulemaking process is an essential part of our democracy and allows Americans the opportunity to express their opinions on how government agencies decide important regulatory issues," the pair of lawmakers wrote [PDF].

"As such, we are concerned about the aforementioned fraudulent activity. We need to prevent the deliberate misuse of Americans' personal information and ensure that the FCC is working to protect against current and future vulnerabilities in its system. We encourage the FCC to determine who facilitated these fake comments," the letter continues. "While we understand and agree with the need to protect individuals' privacy, we request that the FCC share with the public the total number of fake comments that were filed."

United States

Trump Ignores 'Inconvenient' Security Rules To Keep Tweeting On His iPhone, Says Report (politico.com) 475

According to Politico, "President Donald Trump uses a White House cellphone that isn't equipped with sophisticated security features designed to shield his communications." The decision is "a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance." From the report: The president uses at least two iPhones, according to one of the officials. The phones -- one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites -- are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications. While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was "too inconvenient," the same administration official said. The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump's call-capable phones, which are essentially used as burner phones, are swapped out.
Communications

FCC is Hurting Consumers To Help Corporations, Mignon Clyburn Says On Exit (arstechnica.com) 91

Former Commissioner Mignon Clyburn, who left the agency this month, has taken aim at it in an interview, saying the agency has abandoned its mission to safeguard consumers and protect their privacy and speech. From her interview with ArsTechnica: "I'm an old Trekkie," Clyburn told Ars in a phone interview, while comparing the FCC's responsibility to the Star Trek fictional universe's Prime Directive. "I go back to my core, my prime directive of putting consumers first." If the FCC doesn't do all it can to bring affordable communications services to everyone in the US, "our mission will not be realized," she said. The FCC's top priority, as set out by the Communications Act, is to make sure all Americans have "affordable, efficient, and effective" access to communications services, Clyburn said. But too often, the FCC's Republican majority led by Chairman Ajit Pai is prioritizing the desires of corporations over consumers, Clyburn said. "I don't believe it's accidental that we are called regulators," she said. "Some people at the federal level try to shy away from that title. I embrace it."

Clyburn said that deregulation isn't bad in markets with robust competition, because competition itself can protect consumers. But "that is just not the case" in broadband, she said. "Let's just face it, [Internet service providers] are last-mile monopolies," she told Ars. "In an ideal world, we wouldn't need regulation. We don't live in an ideal world, all markets are not competitive, and when that is the case, that is why agencies like the FCC were constructed. We are here as a substitute for competition." Broadband regulators should strike a balance that protects consumers and promotes investment from large and small companies, she said. "If you don't regulate appropriately, things go too far one way or the other, and we either have prices that are too high or an insufficient amount of resources or applications or services to meet the needs of Americans," Clyburn said.

Privacy

Most GDPR Emails Unnecessary and Some Illegal, Say Experts (theguardian.com) 90

The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week. From a report: Many companies, acting based on poor legal advice, a fear of fines of up to $23.5 million and a lack of good examples to follow, have taken what they see as the safest option for hewing to the General Data Protection Regulation (GDPR): asking customers to renew their consent for marketing communications and data processing. But Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.
Businesses

Faster Flights Are Coming With New Satellite Tracking Technology (bloomberg.com) 34

An anonymous reader shares a report: The company that provides the U.K.'s air-traffic control service is taking a 10 percent stake in Aireon, a U.S. firm that's building a satellite-based tracking system and will offer commercial services to controllers starting next year. Aireon plans to use a constellation of 66 Iridium Communications. Next satellites in low Earth orbit to track aircraft. Iridium has 50 in orbit already, 47 of which are operational. Each carries equipment to offer aircraft position data to ground controllers.

Iridium plans to launch five additional satellites on May 22 from California, completing its full network later this year. Aireon said 70 percent of the world's airspace lacks satellite tracking or airline surveillance coverage, including most oceans and parts of Africa and Latin America.

Twitter

Twitter Will Start Hiding Tweets That 'Detract From the Conversation' (slate.com) 183

Yesterday, Twitter announced several new changes to quiet trolls and remove spam. According to Slate, the company "will begin hiding tweets from certain accounts in conversations and search results." In order to see them, you'll now have to scroll to the bottom of the conversation and click "Show more replies," or go into your search settings and choose "See everything." From the report: When Twitter's software decides that a certain user is "detract[ing] from the conversation," all of that user's tweets will be hidden from search results and public conversations until their reputation improves. And they won't know that they're being muted in this way; Twitter says it's still working on ways to notify people and help them get back into its good graces. In the meantime, their tweets will still be visible to their followers as usual and will still be able to be retweeted by others. They just won't show up in conversational threads or search results by default. The change will affect a very small fraction of users, explained Twitter's vice president of trust and safety, Del Harvey -- much less than 1 percent. Still, the company believes it could make a significant difference in the average user's experience. In early testing of the new feature, Twitter said it has seen a 4 percent drop in abuse reports in its search tool and an 8 percent drop in abuse reports in conversation threads.
Businesses

Senate Votes To Save Net Neutrality (gizmodo.com) 288

In a monumental decision that will resonate through election season, the U.S. Senate on Wednesday voted to reinstate the net neutrality protections the Federal Communications Commission decided to repeal late last year. From a report: For months, procedural red tape has delayed the full implementation of the FCC's decision to drop Title II protections that prevent internet service providers from blocking or throttling online content. Last week, FCC Chairman Ajit Pai confirmed that the repeal of the 2015 Open Internet Order would go into effect on June 11. But Democrats put forth a resolution to use its power under the Congressional Review Act (CRA) to review new regulations by federal agencies through an expedited legislative process. All 49 Democrats in the Senate supported the effort to undo the FCC's vote. Republicans, Sen. Susan Collins of Maine, John Kennedy of Louisiana and Lisa Murkowski of Alaska crossed party lines to support the measure. Further reading: ArsTechnica.
United States

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US (vice.com) 68

Securus, the company which tracks nearly any phone across the US for cops with minimal oversight, has been hacked, Motherboard reported Wednesday. From the report: The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus' law enforcement customers. Although it's not clear how many of these customers are using Securus's phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveill individuals. "Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.
The Almighty Buck

Ecuador Spent $5 Million Protecting and Spying On Julian Assange, Says Report (theverge.com) 165

Citing reports from The Guardian and Focus Ecuador, The Verge reports that Ecuador's intelligence program spent at least $5 million "on an elaborate security and surveillance network around WikiLeaks founder Julian Assange." The intelligence program was known as "Operator Hotel," which began as "Operation Guest" when Assange took refuge in Ecuador's UK embassy in 2012. From the report: Operation Hotel has allegedly covered expenses like installing CCTV cameras and hiring a security team to "secretly film and monitor all activity in the embassy," including Assange's daily activities, moods, and interactions with staff and visitors. The Guardian estimates Ecuadorian intelligence agency Senain has spent at least $5 million on Assange-related operations, based on documents they reviewed. The report details attempts to improve Assange's public image and potentially smuggle him out of the embassy if he was threatened. But it also writes that relations between Assange and Ecuador have badly deteriorated over the past several years. In 2014, Assange allegedly breached the embassy's network security, reading confidential diplomatic material and setting up his own secret communications network.
Communications

US Cell Carriers Are Selling Access To Your Real-Time Phone Location Data (zdnet.com) 146

Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.

Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said.
Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Communications

Wi-Fi Alliance's Wi-Fi EasyMesh Certification Aims To Standardize Mesh Networks (pcworld.com) 39

The Wi-Fi Certified EasyMesh program that the Wi-Fi Alliance announced today promises to do for mesh networks what the Alliance has long done for wireless networking gear in general: Assure consumers that they can build out wireless home networks without worrying if one brand of device will be compatible with another. From a report: The emergence of mesh networking somewhat undermined that effort, because every manufacturer pursued its own path. Wi-Fi is still Wi-Fi, so you don't need to worry that your smartphone, or media streamer, or home security camera will connect to your wireless router, regardless of brand. But if you buy a Linksys Velop router today, for example, you can buy only Linksys Velop access points if you want to expand your network to cover more areas of your home later. EasyMesh promises to bring to mesh networks the same interoperability assurances that conventional routers have long offered.
AI

AI Systems Should Debate Each Other To Prove Themselves, Says OpenAI (fastcompany.com) 56

tedlistens shares a report from Fast Company: To make AI easier for humans to understand and trust, researchers at the [Elon Musk-backed] nonprofit research organization OpenAI have proposed training algorithms to not only classify data or make decisions, but to justify their decisions in debates with other AI programs in front of a human or AI judge. In an experiment described in their paper (PDF), the researchers set up a debate where two software agents work with a standard set of handwritten numerals, attempting to convince an automated judge that a particular image is one digit rather than another digit, by taking turns revealing one pixel of the digit at a time. One bot is programmed to tell the truth, while another is programmed to lie about what number is in the image, and they reveal pixels to support their contentions that the digit is, say, a five rather than a six.

The image classification task, where most of the image is invisible to the judge, is a sort of stand-in for complex problems where it wouldn't be possible for a human judge to analyze the entire dataset to judge bot performance. The judge would have to rely on the facets of the data highlighted by debating robots, the researchers say. "The goal here is to model situations where we have something that's beyond human scale," says Geoffrey Irving, a member of the AI safety team at OpenAI. "The best we can do there is replace something a human couldn't possibly do with something a human can't do because they're not seeing an image."

The Internet

Russian Fake News Ecosystem Targets Syrian Human Rights Workers (securityledger.com) 259

chicksdaddy shares a report from The Security Ledger: Kremlin linked news sites like RT and Sputnik figure prominently in an online disinformation campaign portraying Syrian humanitarian workers ("White Helmets") as terrorists and crisis actors, according to an analysis (PDF) by researchers at University of Washington and Harvard. An online "echosystem" of propaganda websites including Russia backed news outlets Sputnik and RT is attacking the credibility of humanitarian workers on the ground in rebel occupied Syria, according to a new analysis by researchers at The University of Washington and Harvard University. Online rumors circulated through so called "alternative" media sites have attacked the Syrian Civil Defense (aka "White Helmets") as "crisis actors" and Western agents working on behalf of the U.S. and NATO. Statistical analysis of the online rumors reveal a tight network of websites sharing nearly identical content via Twitter and other social media platforms, wrote Kate Starbird. Starbird is an Assistant Professor of Human Centered Design & Engineering at University of Washington and a leading expert on so-called "crisis informatics."

In activity reminiscent of the disinformation campaigns that roiled the U.S. Presidential election in 2016, articles by what Starbird describes as "a few prominent journalists and bloggers" writing for self described "alternative" news sites like 21stCenturyWire, GlobalResearch, MintPressNews, and ActivistPost are picked up by other, smaller and more niche websites including both left- and right-leaning partisan news sites, "clickbait sites," and conspiracy theory websites. Government funded media outlets from Syria, Iran, Hezbollah and Russia figure prominently in the Syrian disinformation campaign, Starbird's team found. In particular, "Russian government-funded media outlets (i.e. SputnikNews and RT) play a prominent and multi-faceted role within this ecosystem," she wrote.

Privacy

The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too (thedailybeast.com) 35

An anonymous reader quotes a report from The Daily Beast: Securus Technologies' programs are used in thousands of prisons and detention centers nationwide to track calls to inmates, but the company's offerings are also capable of tracking and geolocating people's cellphones without any warrant or oversight, The New York Times reports. Securus obtains location information though data from major cellphone providers the same way marketers do. It also advertises the technology to law-enforcement agencies as a tool to find murder suspects, missing people, and those at-large -- but the feature can easily be abused for access to millions of cellphone users.

One Missouri sheriff used the service at least 11 times between 2014 and 2017, and secretly tracked state highway patrol members and a judge, prosecutors said. While the company said it "required customers to upload a legal document" to certify the location lookup, the Federal Communications Commission claims Securus did not "conduct any review of surveillance requests" -- giving law enforcement tracking power without verification of approval or oversight.

AI

Google's 'Duplex' System Will Identify Itself When Talking To People, Says Google (businessinsider.com) 77

Google's "Duplex" AI system was the most talked about product at Google I/O because it called into question the ethics of an AI that cannot easily be distinguished from a real person's voice. The service lets its voice-based digital assistant make phone calls and write emails for you, causing many to ask if the system should come with some sort of warning to let the other person on the line know they are talking to a computer. According to Business Insider, "a Google spokesperson confirmed [...] that the creators of Duplex will 'make sure the system is appropriately identified' and that they are 'designing this feature with disclosure built-in.'" From the report: Here's the full statement from Google: "We understand and value the discussion around Google Duplex -- as we've said from the beginning, transparency in the technology is important. We are designing this feature with disclosure built-in, and we'll make sure the system is appropriately identified. What we showed at I/O was an early technology demo, and we look forward to incorporating feedback as we develop this into a product."

Google CEO Sundar Pichai preemptively addressed ethics concerns in a blog post that corresponded with the announcement earlier this week, saying: "It's clear that technology can be a positive force and improve the quality of life for billions of people around the world. But it's equally clear that we can't just be wide-eyed about what we create. There are very real and important questions being raised about the impact of technology and the role it will play in our lives. We know the path ahead needs to be navigated carefully and deliberately -- and we feel a deep sense of responsibility to get this right." In addition, several Google insiders have told Business Insider that the software is still in the works, and the final version may not be as realistic (or as impressive) as the demonstration.

Space

SpaceX Successfully Launches Satellite With New Upgraded 'Block 5' Falcon 9 Rocket (theverge.com) 85

Thelasko shares a report from The Verge: This afternoon, SpaceX landed the most powerful version yet of its Falcon 9 rocket, after launching the vehicle from Cape Canaveral, Florida. The so-named Block 5 upgrade took off from the company's launchpad at Kennedy Space Center, sending a communications satellite into orbit for Bangladesh and then touched down on one of the company's drone ships in the Atlantic. It was the 25th successful rocket landing for SpaceX, and the 14th on one of the company's drone ships.

It also marks the first launch of the Block 5, the vehicle that will carry humans to space for NASA. The Block 5 is meant to be SpaceX's most reusable rocket yet, with many upgrades put in place that negate the need for extensive refurbishment between flights. In fact, the first Block 5 rockets will eventually be able to fly up to 10 times without the need for any maintenance after landings, SpaceX CEO Elon Musk said during a pre-launch press conference. Ideally, once one of these rocket lands, SpaceX will turn it horizontal, attach a new upper stage and nose cone on top, turn it vertical on the launchpad, fill it with propellant, and then launch it again. Musk noted that the vehicles would need some kind of moderate maintenance after the 10-flight mark, but it's possible that each rocket could fly up to 100 times in total.

Youtube

YouTube Rolls Out New Tools To Help You Stop Watching (techcrunch.com) 26

At its Google I/O conference this week, YouTube announced a series of new controls that will allow users to set limits on their viewing, and then receive reminders telling them to "take a break." "The feature is rolling out now in the latest version of YouTube's app, along with others that limit YouTube's ability to send notifications, and soon, one that gives users an overview of their binge behavior so they can make better-informed decisions about their viewing habits," reports TechCrunch. From the report: With "Take a Break," available from YouTube's mobile app Settings screen, users can set a reminder to appear every 15, 30, 60, 90 or 180 minutes, at which point the video will pause. You can then choose to dismiss the reminder and keep watching, or close the app.

Also new is a feature that lets you disable notification sounds during a specified time period each day -- say, for example, from bedtime until the next morning. When users turn on the setting to disable notifications, it will, by default, disable them from 10 PM to 8 AM local time, but this can be changed. Combined with this is an option to get a scheduled digest of notifications as an alternative. And YouTube is preparing to roll out a "time watched profile" that will appear in the Account menu and display your daily average watch time, and how long you've watched YouTube videos today, yesterday and over the past week, along with a set of tools to help you manage your viewing habits.

Businesses

Florida Man Behind 100 Million Robocalls Hit With $120 Million FCC Fine (chicagotribune.com) 145

In a massive strike, the Federal Communications Commission issued a $120 million fine on a massive robocall spoofing operation it deemed a threat to public safety. From a report: The FCC announced Thursday morning that it would leverage the fine against Adrian Abramovich, a Miami man who the commission said made almost 100 million spoofed robocalls over a three-month period at the end of 2016. The FCC argued that Abramovich's operation made the phony calls to trick consumers into answering them and listening to his advertising messages. The fine was based on 80,000 spoofed calls the commission had verified.

A complaint filed by the FCC against Abramovich in June 2017 alleged he had broken the Truth in Caller ID Act -- which prohibits callers from falsifying caller ID information to disguise their identity with intent to harm or defraud -- in perpetrating "one of the largest -- and most dangerous -- illegal robocalling campaigns that the commission has ever investigated."

Slashdot Top Deals