FBI: Foreign Hackers Have Compromised Home Router Devices

All, News, Technology

The FBI warned on Friday that foreign cybercriminals had compromised “hundreds of thousands” of home and small-office router devices around the world which direct traffic on the internet by forwarding data packets between computer networks.

In a public service announcement, the FBI has discovered that the foreign cybercriminals used a VPNFilter malware that can collect peoples’ information, exploit their devices and block network traffic.

The announcement did not provide any details about where the criminals might be based, or what their motivations could be.

“The size and scope of the infrastructure by VPNFilter malware is significant,” the FBI said, adding that it is capable of rendering people’s routers “inoperable.”

It said the malware is hard to detect, due to encryption and other tactics.

The FBI urged people to reboot their devices to temporarily disrupt the malware and help identify infected devices.

People should also consider disabling remote management settings, changing passwords to replace them with more secure ones, and upgrading to the latest firmware.

Amazon’s Alexa Accidentally Tapes, Shares Family Chat With Contact

All, News, Technology

A Portland, Oregon, family has learned what happens when Amazon.com Inc’s popular voice assistant Alexa is lost in translation.

Amazon on Thursday described an “unlikely … string of events” that made Alexa send an audio recording of the family to one of their contacts randomly. The episode underscored how Alexa can misinterpret conversation as a wake-up call and command.

A local news outlet, KIRO 7, reported that a woman with Amazon devices across her home received a call two weeks ago from her husband’s employee, who said Alexa had recorded the family’s conversation about hardwood floors and sent it to him.

“I felt invaded,” the woman, only identified as Danielle, said in the report. “A total privacy invasion. Immediately I said, ‘I’m never plugging that device in again, because I can’t trust it.'”

Alexa, which comes with Echo speakers and other gadgets, starts recording after it hears its name or another “wake word” selected by users. This means that an utterance quite like Alexa, even from a TV commercial, can activate a device.

That’s what happened in the incident, Amazon said. “Subsequent conversation was heard as a ‘send message’ request,” the company said in a statement. “At which point,

Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list.”

Amazon added, “We are evaluating options to make this case even less likely.”

Assuring customers of Alexa’s security is crucial to Amazon, which has ambitions for Alexa to be ubiquitous — whether dimming the lights for customers or placing orders for them with the world’s largest online retailer.

University researchers from Berkeley and Georgetown found in a 2016 paper that sounds unintelligible to humans can set off voice assistants in general, which raised concerns of exploitation by attackers. Amazon did not immediately comment on the matter, but it previously told The New York Times that it has taken steps to keep its devices secure.

Millions of Amazon customers have shopped with Alexa. Customers bought tens of millions of Alexa devices last holiday season alone, the company has said. That makes the incident reported Thursday a rare one. But faulty hearing is not.

“Background noise from our television is making it think we said Alexa,” Wedbush Securities analyst Michael Pachter said of his personal experience. “It happens all the time.”

Jury: Samsung Owes Apple $539M for Copying iPhone

All, News, Technology

A jury has decided Samsung must pay Apple $539 million in damages for illegally copying some of the iPhone’s features to lure people into buying its competing products.

The verdict reached Thursday is the latest twist in a legal battle that began in 2011. Apple contends Samsung wouldn’t have emerged as the world’s leading seller of smartphones if it hadn’t ripped off the technology powering the pioneering iPhone in developing a line of similar devices running on Google’s Android software.

Patents infringed

Previous rulings had determined that Samsung infringed on some of Apple’s patents, but the amount of damages owed has been in legal limbo. Another jury convened for a 2012 trial had determined Samsung should pay Apple $1.05 billion, but U.S. District Judge Lucy Koh reduced that amount to $548 million.

The issue escalated to the U.S. Supreme Court , which determined in 2016 that a lower court needed to re-examine $399 million of the $548 million. That ruling was based on the concept that the damages shouldn’t be based on all the profits that the South Korean electronics giant rung up from products that copied the iPhone because its infringement may only have violated a few patents.

$1 billion or $28 million?

Apple had argued it was owed more than $1 billon while Samsung contended the $399 million should be slashed to $28 million. The revised damages figure represents a victory for Apple, even though it isn’t as much as the Cupertino, California, company had sought.

“Today’s decision flies in the face of a unanimous Supreme Court ruling in favor of Samsung on the scope of design patent damages,” Samsung said in a statement. “We will consider all options to obtain an outcome that does not hinder creativity and fair competition for all companies and consumers.”

An eight-person jury came up with the new amount following a one-week trial and four days of deliberation in a San Jose, California, federal courthouse.

Apple expressed gratitude to the jury for agreeing “that Samsung should pay for copying our products.”

“This case has always been about more than money,” a company statement said. “Apple ignited the smartphone revolution with iPhone and it is a fact that Samsung blatantly copied our design.”

FBI Taps Private Industry to Bring Down Hacker Clearinghouse

All, News, Technology

When a federal jury in Alexandria, Virginia, convicted a Latvian software developer last week of running an underground clearinghouse for computer hackers, U.S. prosecutors highlighted it as an example of their commitment to combating cybercrime.

“This verdict demonstrates our commitment to holding such actors accountable,” said acting U.S. Attorney Tracey Doherty-McCormick. “I commend the work of the agents and prosecutors both in the United States and in Latvia, who worked together to bring him to justice.”

Not mentioned was the role played by Trend Micro, a Japanese cybersecurity firm that collaborated with the FBI to hunt down the developer, Ruslans Bondars, and an accomplice, Jurijs Martisevs, who jointly operated Scan4You, a site that helped hackers test their malware.

In a report released after the verdict, Trend Micro offered an inside look at how it identified Scan4You in 2012, took a trove of data about the site to the FBI in 2014, and then worked closely with agents as they built a case against the two men.

Trend Micro says it has supported nearly 20 law enforcement cases around the world.

“In this case, our global threat intelligence network and team of researchers provided an invaluable resource for the FBI as it homed in on this notorious [counter antivirus] service,” said Ed Cabrera, chief security officer for Trend Micro.

The case highlights how the FBI and private cybersecurity firms, once wary of working together, have in recent years started teaming up to combat cybercrime, a problem that costs the world an estimated $600 billion a year. 

“The value that the private sector brings to law enforcement investigations is almost incalculable,” said John Boles, a director at consulting firm Navigant who previously worked as an assistant FBI director and led the bureau’s global cyberoperations.

A decade ago “there was almost hesitation on both sides of the fence to cooperate, but somewhere along the line as the scales have tipped, everybody realized it’s a global issue,” Boles said.

In 2011, the FBI created the Office of the Private Sector within the Cyber Division, making private-sector collaboration a key pillar of its cybercrime-fighting strategy.

Since then, the bureau has made more than a dozen major arrests in cybercrime cases, many with help from the private sector, according to Boles. While cybercrime investigations are often initiated by the bureau, some start with a tip from the private sector.

Unusual activity

That was the case with the Scan4You investigation.

In 2012, Trend Micro researchers, while investigating a hacker group, noticed a flurry of unusual activity on their threat radar: Somebody using Latvia IP addresses kept checking the company’s web reputation system, a program that blocks malicious websites.

That led them to another discovery: regular checks of Scan4You URLs against Trend Micro’s web reputation system emanating from Latvia. The goal: to determine whether Scan4You’s scanning scripts could detect malware.

“By 2014, we had a deeper understanding [of Scan4You] and began that relationship with the FBI,” Cabrera said.

The collaboration would continue for the next three years as Trend Micro researchers and FBI agents gathered evidence about Scan4You, its operators and its users.

Scan4You was an underground service that allowed hackers to upload their malware to see whether it could be detected by more than 35 antivirus engines. At its peak in 2016, Scan4You was the largest service of its kind, boasting more than 30,000 customers.

The service allowed cyber scofflaws to test all manner of malicious software, ranging from so-called crypters, a type of software used to conceal malicious files, to remote access trojans, programs that allow a remote operator backdoor access to a computer.

‘World’s most destructive hackers’

Among Scan4You’s customers were “some of the world’s most destructive hackers,” according Doherty-McCormick, the Virginia prosecutor.

One customer used Scan4You to test malware that was later used to steal about 40 million credit card and debit card numbers, costing one U.S. retailer $292 million, according to court documents.

A Russian hacker used Scan4You to develop Citadel, an infamous botnet used by cybercriminals to steal $500 million from bank accounts. The FBI worked with Microsoft to break up the network.

But Scan4You was not a very lucrative operation. As researchers dug deeper, they discovered that Bondars and Martisevs were affiliated with “some of the longest-running cybercriminal businesses” and “involved with one of the largest and oldest pharmaceutical spam gangs known as Eva Pharmacy,” according to Trend Micro.

Bondars, a longtime Latvian resident of Ukrainian citizenship, designed and maintained the site.

Martisevs, a Russian national living in Latvia, provided customer service and promoted the site on cybercriminal forums.

The pair’s deep involvement in an assortment of criminal activities gave them something that helped with their scanning service: cyber-cred.

“These threat actors gained the respect of many other cybercriminals who trusted them and used their malware scanning service,” the report says.

The end for Scan4You came with the 2017 arrests and extradition of Bondars and Martisevs to the United States. Shortly after their arrest, Scan4You went dark.

In March, Martisevs pleaded guilty and agreed to testify against Bondars. Last week, Bondars was convicted of three counts related to his role in Scan4You.

Scan4You’s downfall has taken the biggest service of its kind out of commission, but just how big a blow to cybercrime it represents remains to be seen.

Typically, when a site like Scan4You goes offline, its users flee to copycat sites. That has yet to happen, Cabrera said.

“This is a big blow to cybercrime, helping to disrupt countless threat actors and prove there are consequences to their actions,” he said.

Africa in Spotlight at Paris Tech Fair

All, News, Technology

French President Emmanuel Macron says his country will invest $76 million in African startups, saying innovation on the continent is key to meeting challenges ranging from climate change to terrorism. He spoke Thursday at a technology fair in Paris showcasing African talent this year.

It is hard to miss the African section of Viva Tech. There are gigantic signs pointing to stands from South Africa, Morocco and Rwanda. And there are lots of African entrepreneurs.

Omar Cisse heads a Senegalese startup called InTouch, which has developed an app making it easier to conduct financial transactions by mobile phone.

“Globally, you have more than $1 billion per day of transactions on mobile money, and more than 50 percent are done in sub-Saharan Africa,” he said.

Cisse says the challenges for African startups are tremendous, but so are the opportunities.

“In Africa, you have very huge potential. Everything needs to be done now, and with local people who know the realities,” he said.

Like Cisse, Cameroonian engineer Alain Nteff is breaking new ground. He and a doctor co-founded a startup called Gifted Mom, which provides health information to pregnant and nursing women via text messaging.

“I think the biggest problems today in Africa are going to be solved by business, and not by development and nonprofits,” he said.

Nteff gets some support from the United Nations and other big donors. But funding is a challenge for many. African startups reportedly raised $560 million last year, compared with more than $22 billion raised by European ventures.

Now they are getting a $76 million windfall, announced by President Emmanuel Macron here at the tech fair.

“When the startups decide to work together to deploy ad accelerate equipment in Africa, it is good for the whole continent, because that is how to accelerate everything and provide opportunities — which by the way, is the best way to fight against terrorism, jihadism … to provide another model to these young people,” he said.

The funding comes from the Digital Africa Initiative, run by France’s AFD development agency (Agence Francaise de Developpement).

“I think the main challenge is access to funding, and the second is the coaching to grow. AFD wants them to find solutions,” said Jean-Marc Kadjo, who heads the project team.

There are plenty of exciting projects here. Reine Imanishimwe is a wood innovator from Rwanda.

“I try to use my wood in high technology. As you can see, my business card is wood, but I print it using a computer,” said Imanishimwe.

Abdou Salam Nizeyimana is also from Rwanda. He works for Zipline, an American startup that uses drones to fly blood to people and hospitals in Rwanda, cutting delivery times from hours to minutes.

“Now doctors can plan surgery right away and just say, ‘We need this type of blood,’ ” and it can be delivered in about a half hour or less, he said.

Rwandan President Paul Kagame toured the tech fair with Macron. Relations between Rwanda and France are warming, after years of tension over Rwanda’s 1994 genocide.

Entrepreneur Nizeyimana is happy about that. When politics are good, he says, it is good for technology transfer and Africa’s development.

Mapping the Oceans’ Floors by 2030

All, News, Technology

Oceanographers often say we know much more about the surface of the Moon and Mars than we do about nearly 70 percent of our own planet. That is because most of the Earth is covered in water, most of it deeper than 200 meters. There are several initiatives to map the oceans’ floors and the latest comes from Japan. VOA’s George Putic reports.

Twitter to Add Special Labels to Political Candidates in US

All, News, Technology

Twitter says it’s adding special labels to tweets from some U.S. political candidates ahead of this year’s midterm elections.

Twitter says the move is to provide users with “authentic information” and prevent spoofed and fake accounts from fooling users. The labels will include what office a person is running for and where. The labels will appear on retweets as well as tweets off of Twitter, such as when they are embedded in a news story.

Twitter, along with Facebook and other social media companies, has been under heavy scrutiny for allowing their platforms to be misused by malicious actors trying to influence elections around the world.

The labels will start to appear next week for candidates for governor and Congress.

France’s Macron Takes on Facebook’s Zuckerberg in Tech Push

All, News, Technology

French President Emmanuel Macron is taking on Facebook CEO Mark Zuckerberg and other internet giants at a Paris meeting to discuss tax and data protection and how they could use their global influence for the public good.

Macron on Wednesday welcomed Zuckerberg and the leaders of dozens of other tech companies, including Microsoft, Uber, and IBM, at a conference named “Tech for Good” meant to address things like workers’ rights, data privacy and tech literacy.

 

The meeting comes as Facebook, Google and other online giants are increasingly seen by the public as predators that abuse personal data, avoid taxes and stifle competition.

 

“There is no free lunch!” Macron joked to express his expectations of “frank and direct” discussions.

 

He said tech giants could not just be “free riding” without taking into account the common good. He called on them to help improve “social situations, inequalities, climate change.”

Zuckerberg came to Paris after facing tough questions Tuesday from European Union lawmakers in Brussels, where he apologized for the way the social network has been used to produce fake news and interfere in elections. But the Facebook founder also frustrated the lawmakers as the testimony’s setup allowed him to respond to a list of questions as he sought fit.

 

Macron sees himself as uniquely placed to both understand and influence the tech world. France’s youngest president, Macron has championed startups and aggressively wooed technology investors.

 

But Macron is also one of Europe’s most vocal critics of tax schemes used by companies like Facebook that deprive governments of billions of euros a year in potential revenue. And Macron has defended an aggressive new European data protection law that comes into effect this week. The so-called GDPR regulation will give Europeans more control over what companies can do with what they post, search and click.

 

Several companies took advantage of the meeting to announce new initiatives.

 

Microsoft said it would extend the EU principles to its clients worldwide. Google committed $100 million over the next five years to support nonprofit projects, like training in digital technologies. Uber said it will finance insurance to better protect its European drivers in case of accidents at work, serious illness, hospitalization and maternity leave. And IBM announced the creation of 1,400 new jobs by 2020 in France.

 

Aides to Macron acknowledged companies like Facebook have become more influential than governments. The aides insisted that Macron isn’t trying to kiss up to such companies or let them whitewash their reputations through philanthropic gifts.

 

The aides spoke only on condition of anonymity as they were not authorized to be publicly named.

 

 Privacy and taxes are among issues Macron was raising with Zuckerberg and the other tech executives in one-on-one meetings and a mass lunch Wednesday in the presidential palace with philanthropists and politicians.

 

Macron, Zuckerberg and others are then expected to attend the Vivatech gadget show in Paris on Thursday.

 

At Tuesday’s hearing in the European Parliament in Brussels, Zuckerberg said Facebook “didn’t take a broad enough view of our responsibilities,” adding: “That was a mistake, and I’m sorry for it.”

 

But lawmakers left frustrated. Liberal leader Guy Verhofstadt asked whether Zuckerberg wanted to be remembered as “a genius who created a digital monster that is destroying our democracies and our societies.”

 

 

Advocacy Groups Want Facebook ‘Monopoly’ to End

All, News, Technology

Facebook CEO Mark Zuckerberg told EU lawmakers Tuesday that the social media network will always be in “an arms race” with those who want to spread fake news, but that the company will be working to stay ahead and protect the network’s users. The social media giant has been under scrutiny since April when it became known that the Cambridge Analytica company harvested information on Facebook users to help Donald Trump during his 2016 U.S. presidential campaign. VOA’s Zlatica Hoke reports.

Amazon Is Warned About Government Use of Facial Recognition

All, News, Technology

U.S. civil liberties groups on Tuesday called on Amazon.com Inc. to stop offering facial recognition services to governments, warning that the software

could be used to target immigrants and people of color unfairly.

More than 40 groups sent a letter to Amazon Chief Executive Officer Jeff Bezos saying technology from the company’s cloud computing unit was ripe for abuse. The letter underscores how new tools for identifying and tracking people could be used to empower surveillance states.

Amazon has marketed a range of uses for its Rekognition service, unveiled in late 2016. These include detecting offensive content, identifying celebrities and securing public safety.

In a blog post last year, Amazon said a new feature let customers “identify people of interest against a collection of millions of faces in near real-time, enabling use cases such as timely and accurate crime prevention.”

Customers provide the data for Amazon’s tool to search.

“Seconds saved in the field can make the difference in saving a life,” Chris Adzima, an analyst in the Washington County Sheriff’s Office in Oregon, said in the blog post.

Freedom from being watched

But rights groups say the powerful tool raises concerns.

“People should be free to walk down the street without being watched by the government,” said the letter to Bezos. “Facial recognition in American communities threatens this freedom. In overpoliced communities of color, it could effectively eliminate it.”

Amazon has helped various U.S. jurisdictions use Rekognition, said the letter, citing public records obtained by affiliates of the American Civil Liberties Union.

In Oregon, law enforcement uploaded 300,000 mug shots dating to 2001 into Amazon’s cloud and indexed them in Rekognition, according to another Amazon blog post.

Rekognition identified four faces with more than 80 percent similarity to an image of an unidentified hardware store thief; a Facebook search subsequently helped with the case, the post said.

The City of Orlando Police Department has also used Rekognition, according to Amazon’s website.

In a statement, Amazon Web Services said, “Our quality of life would be much worse today if we outlawed new technology because some people could choose to abuse the technology.”

Amazon requires customers to abide by the law and be responsible when using Rekognition, it added.

The world’s largest online retailer is not alone: Microsoft Corp and Alphabet Inc.’s Google offer recognition services as well.

Identifying faces has become a common feature in consumer products from Apple Inc. and Facebook Inc.