The FCC’s Christmas Gift to Internet Users

No doubt your Christmas would be troubled and anxiety ridden if not for this column assuring you that the Trump administration decision last week to “repeal net neutrality” does no such thing.

Net neutrality long ago became the expectation of broadband customers. It was an expectation that internet service providers routinely met during the two decades before the Obama rules were enacted. It’s an expectation they will continue to meet after the Obama rules have been withdrawn.

Net neutrality means unfiltered, unhindered access to what the web offers. Net neutrality is the business that broadband suppliers are in.

What is being repealed is a decision to recategorize broadband from a Title I to a Title II service under the 1934 Communications Act. This decision had little to do with net neutrality but meant that lobbyists and petitioners and courts would be able to pressure Washington steadily in the direction of regulating the internet the way it did the railroads in the early 1900s.

Title II is what many groups militating in the name of net neutrality really wanted. They conflated net neutrality with Title II regulation because they thought it politically expedient to do so.

Does this mean you should run screaming to the nearest cliff and throw yourself off because now the internet will be taken over by “fast lanes”?I, for one, will pass. The whole idea of fast lanes reflects a faulty, obsolete metaphor for how the internet works. The internet is more like a giant computer providing a diverse array of services to a billion-plus users simultaneously.

It delivers you a webpage, me a video. In the future, it will help your driverless car navigate traffic, a doctor examine and treat an injury remotely. It will make sure your refrigerator is full of beer.

The businesses supplying each of these services care only that their own customers are happy. Their customers care only that their own service is satisfactory. They won’t care or even notice that the computer is constantly optimizing its performance so its diverse users are all kept simultaneously happy.

The whole “fast lane” nonsense is even more nonsense when we realize how much it’s the efforts of so-called edge providers that determine service quality. If a static webpage doesn’t load as quickly as you might wish, today it’s because of slow servers among the dozens that nowadays contribute pieces of a webpage. Not to blame usually is the last-mile carrier, who’s moving these elements to you as fast as content suppliers make them available.

Or take Netflix: It spends millions to place servers containing its shows inside the systems of last-mile providers to improve delivery and reduce transport costs.

Laws against fraud and anticompetitive behavior apply to broadband suppliers as they do to other companies in the economy. If a supermarket sells you a can of dirt labeled “peas,” it would not long stay in business. But, wait, aren’t we in a uniquely bad position because so many of us have only one or two choices for broadband at home?

All businesses would like to charge an infinitely high price for infinitely chintzy service, but not even Comcast can get away with this, even when competition is inadequate, because customers have voices and politicians and regulators listen to those voices. And competition can only improve matters.

Ironically, what consistently outrages the net-neut freaks is the wireless sector, where competition is fierce, and where rivals dangle offers of uncapped streaming from certain video services, and even free Netflix or Sling TV. This offends sacred principle, never mind that it increasingly turns wireless into a plausible substitute for the local fixed-line monopolist.

Verizon, AT&T, Sprint and T-Mobile—all have made announcements, and put money behind them, promising that 5G wireless will render the local cable oligopoly a thing of the past. Repealing Title II not only makes such investment attractive. It will enable wireless to support a whole slew of advanced services while keeping customers maximally happy.

Disney last week announced it would spend $52.4 billion to acquire certain Fox assets to replicate Netflix’s business model. Notice that Netflix’s business model is premised entirely on the existence of ubiquitous, affordable, unhindered broadband.

Ajit Pai, chairman of the Federal Communications Commission, is the Santa, not the Grinch, of this holiday season. Repeal of Title II is what will make the future internet possible. It’s just too bad those net-neutrality obsessives piling up lifelessly at the bottom of the nearest cliff won’t be around to enjoy it.

Read More >>

Read More

Government-forced 'net neutrality': Putting future inventors between a rock and a hard place

One of my favorite Greek Myths is Sisyphus, an arrogant king who earned a terrible punishment by trying to cheat death: he was forced to roll a rock pointlessly up a hill, only to watch it roll back down every time, for all of time.

Fast forward to modern times, and the debate surrounding “net neutrality” very much feels like my rock. We make a move in the right direction — taking a hands-off regulatory approach to the Internet — but then leftist activists swoop in, and try to throw shackles on the Internet.

Armed with their good old playbook, these activists have declared war and are unapologetic in their efforts to spread mistruths that will hopefully trick enough people into believing that burdensome overregulation of the Internet is our only choice. Instead of commonsense and transparency, they opt for radical ideological warfare.

One point to clarify is that these pretend consumer advocates are not on their white horses, brandishing their swords and shields, to save your “free and open Internet.” That is what they desperately want you to believe.

The activists are supporters of the deceptively titled “net neutrality," which treats Internet service providers as public utilities, like electric companies. Net neutrality is not neutral at all. It would appoint a bureaucrat to play referee over the Internet, which it doesn’t need, but even worse, that referee would only call fouls on one team. That means that it is nearly impossible (Greek mythology-type impossible) for net neutrality to bring down costs.

Their efforts now focus on protecting a set of 2015 rules put in place by former President Barack Obama and his Federal Communications Commission known as Title II, which classifies Internet service providers as public utilities, like electricity, gas, and water. That is the contentious point in this debate, not the issue of a free and open Internet.

These groups are raising an all-out policy war and kicking dust in the air because of the current FCC’s intent to reverse this crippling 2015 rule, which not only prioritizes certain companies over others but it also manipulates the very foundation of how our nation’s markets work.

The irrefutable economic truth is that more regulation like Title II equals more costs and less innovation.

A market doesn’t become more efficient when a bureaucrat tries to step in and dictate how decisions are to be made and how a market/service/transaction is going to run. That kind of meddling always slows things down, both Internet speeds and innovation, because even if a better solution is found, old regulations can stifle the marketplace and hurt consumers. Think of the way taxi unions have tried to stop ride-share programs like Uber and Lyft.

For example, this trend can be seen in markets from TVs to college, as this Bureau of Labor Statistics chart wonderfully illustrates.

Armed with their good old playbook, these activists have declared war and are unapologetic in their efforts to spread mistruths that will hopefully trick enough people into believing that burdensome overregulation of the Internet is our only choice. Instead of commonsense and transparency, they opt for radical ideological warfare.

One point to clarify is that these pretend consumer advocates are not on their white horses, brandishing their swords and shields, to save your “free and open Internet.” That is what they desperately want you to believe.

The activists are supporters of the deceptively titled “net neutrality," which treats Internet service providers as public utilities, like electric companies. Net neutrality is not neutral at all. It would appoint a bureaucrat to play referee over the Internet, which it doesn’t need, but even worse, that referee would only call fouls on one team. That means that it is nearly impossible (Greek mythology-type impossible) for net neutrality to bring down costs.

Their efforts now focus on protecting a set of 2015 rules put in place by former President Barack Obama and his Federal Communications Commission known as Title II, which classifies Internet service providers as public utilities, like electricity, gas, and water. That is the contentious point in this debate, not the issue of a free and open Internet.

These groups are raising an all-out policy war and kicking dust in the air because of the current FCC’s intent to reverse this crippling 2015 rule, which not only prioritizes certain companies over others but it also manipulates the very foundation of how our nation’s markets work.

The irrefutable economic truth is that more regulation like Title II equals more costs and less innovation.

A market doesn’t become more efficient when a bureaucrat tries to step in and dictate how decisions are to be made and how a market/service/transaction is going to run. That kind of meddling always slows things down, both Internet speeds and innovation, because even if a better solution is found, old regulations can stifle the marketplace and hurt consumers. Think of the way taxi unions have tried to stop ride-share programs like Uber and Lyft.

For example, this trend can be seen in markets from TVs to college, as this Bureau of Labor Statistics chart wonderfully illustrates.

The trend is obvious, but many on the left still think they can regulate an industry into submission. They can use the stick instead of the carrot to encourage innovation and competition. Markets just don’t work that way.

Regulation is an extra constraint, and the way to create more innovation is to eliminate constraints. In a lot of ways, that is the way that the Internet currently functions. The Internet catapulted us into the future because Internet providers and Silicon Valley were not hamstrung by excessive extortion: taxes, regulation, and unionization. Silicon Valley exploded because its barons followed Atlas Shrugged, not Haight-Ashbury.

In the lead up to a potential December vote on restoring Internet freedom at the FCC’s open meeting, there has been an uptick in events, congressional hearings, and commentary. While it’s no surprise that debate continues on the merits of Title II, the FCC needs to look one step further. If it really wants to restore and preserve Internet freedom, it needs a national framework to pre-empt a patchwork framework in the states, which is where the leftist activists will go next to try to get wins.

Sisyphus’s action of rolling his rock make sense, at least in the context of Greek Mythology. It’s his punishment. But this isn’t ancient Greece, and U.S. tech innovators shouldn’t be punished in similar fashion.

The leftist activist support of slow government bureaucracy to foster innovation from the Internet doesn’t make any sense. I guess, unless, they are trying to cheat the laws of economics. That might not be as punishable as cheating death, but maybe they should be “punished” by being forced to read Ludwig Von Mises' Human Action only to return to the riveting beginning of the economic page-turner when they are done.

A punishment for sure, but one which will likely lead to something greater: a faster, cheaper, less-regulated Internet.

Charles Sauer (@CharlesSauer) is a contributor to the Washington Examiner's Beltway Confidential blog. He is president of the Market Institute and previously worked on Capitol Hill, for a governor, and for an academic think tank.
Read More >>

Read More

The $300 Million Contract Awarded to the Interior Secretary's Friend's Company Is Exempt from Government Audits

The federal government has awarded a tiny Montana company a $300 million no-bid contract to repair Puerto Rico's hurricane-wrecked electrical grid. The company, Whitefish Energy, has close ties to Interior Secretary Ryan Zinke. A copy of that contract leaked last night, and it seems to prohibit the federal government from auditing Whitefish's work and to shield other details of the company's efforts from being disclosed via open records laws.

"In no event," the contract says, will the Puerto Rico Electric Power Authority, the Federal Emergency Management Agency, the Comptroller General of the United States, "or any of their authorized representatives have the right to audit or review the cost and profit elements" of the deal.

The contract was posted online by Ken Klippenstein, a contributor to The Daily Beast, the first publication to report on the connections between the company and the secretary of the interior.

The leaked document seems to confirm concerns—voiced by lawmakers, pundits, and reform groups—that the Whitefish contract is a lucrative special deal for a friend of a top administration official, and that it places politics ahead of what's in the best interest of Puerto Ricans, many of whom are still without electricity.

Andy Techmanski, owner of Whitefish Energy, is a neighbor and friend of Secretary Zinke, according to multiple news reports. The two men have publicly disclosed their acquaintance. The company has only a handful of employees and is relying almost entirely on subcontractors to do the actual work of restoring power in Peurto Rico.

Members of Congress have called for an investigation into the Whitefish contract. Yesterday members of the House Committee on Energy and Commerce sent a letter to Techmanski seeking copies of all contracts and subcontracts signed by Whitefish as part of its work in Puerto Rico. Meanwhile, members of the House Natural Resources Committee wrote to the Puerto Rico Electric Power Authority (PREPA) requesting more information about how and why Whitefish was selected for this work.

Separately, Sens. Maria Cantwell (D-Wash.) and Ron Wyden (D-Ore.) have requested a Government Accountability Office review of the "use of public money to reimburse work completed by Whitefish Energy," according to Reuters.

Prior to landing the contract for repair work in Puerto Rico, Whitefish's largest project had been a $1.3 million deal to rebuild less than 5 miles of electrical lines in Arizona, The Washington Post reported this week. By comparison, there are more than 2,400 miles of transmission lines and 30,000 of distribution electrical lines in Puerto Rico.

The Trump administration and the company itself have offered only the barest of explanations for how a small electrical firm from Montana managed to land a lucrative contract for work in the Caribbean. Both have claimed that the company has experience working in mountain ranges and on rugged terrain and have denied that cronyism played a role in awarding the contract.

"There was no federal involvement," Chris Chiames, a spokesman for Whitefish Energy, told BuzzFeed this week. "There was never any special favors asked, nor would there have been."

The Federal Emergency Management Agency (FEMA), which is no stranger to fiscal malfeasance, said Friday that it had "significant concerns" about the Whitefish contract. According to The Hill, FEMA denied having signed off on the contract and said details of the contract suggesting as much were inaccurate.

Whether Whitefish gets the job done is supposed to be shrouded in secrecy. The copy of the contract posted by Klippenstein includes a provision prohibiting the government from auditing its work. Another part of the contract says the Puerto Rican government "waives any claim against [Whitefish Energy] related to delayed completion of work."

Until the Trump administration can offer a better explanation for the decision to award a multi-million no-bid contract to a company with close ties to a top administration official, this whole thing smells really bad. The administration sure looks like it's been swallowed by the very swamp it promised to drain.

Read More >>

Read More

6 Reasons to Use a VPN

A Virtual Private Network, or VPN, allows you to browse the Internet without fear of being spied on by neighbors, hackers, or the government, as the case may be. While you might think that only those with something to hide would be interested in using a VPN, that’s definitely not the case. Think of all the information you put out there on a daily basis without even thinking about it: Your Facebook status, your credit card numbers, your passwords…the list goes on. You might think that the websites you’re using are secure, and while that may be the case, it’s the security of your network that you need to worry about.

There are also some ways you can benefit from using a VPN while utilizing WiFi connections other than your own, as well as if you were to travel abroad. Choosing the right VPN allows you to essentially view the Internet as if you’re in your home country, without any restrictions that may affect local ISPs. Bear in mind that you utilize a VPN in this manner at your own risk, as many countries can be extremely strict when enforcing their Internet censorship policies.
If you’re still on the fence about whether or not to use a VPN, decide for yourself after reading up on the following benefits of a Virtual Private Network:


Access restricted content abroad

So you took a trip to another country, but it’s raining and you’re jet-lagged. You go to load up some Breaking Bad on Netflix, only to realize that Netflix is completely blocked in the country you’re currently staying in. And so are a ton of your favorite websites. With a VPN, you can use your American IP address anywhere in the world, thus tricking Netflix and other websites into thinking your actually in the States. Hey, it’s not like you’re downloading movies illegally.


Access restricted content at school or work

How many times have you tried to visit a legitimate site for work- or school-related research only to find it’s been blocked by your organization’s “Acceptable Use” policy? I can recall a time when I worked in a high school in which Khan Academy was blocked. I’m not advocating for you to circumvent your school or company’s gateway for illicit or immoral means, but using a VPN can allow you to access important information that is completely necessary to your current task.


Use public WiFi

Public WiFi is about as unsecure as you can get. If you’ve ever logged into the free WiFi at Starbucks, you ran a huge risk of having all of your information stolen by some guy sitting in his car in the parking lot. Not only that, but if you really weren’t careful, you may have logged into a different WiFi network altogether, inadvertently handing your information directly over to a spoofer without him having to do any work at all. With a VPN, your information is encrypted, so it is indecipherable to anyone trying to eavesdrop.

Private file sharing

Again, I’m not saying you should be downloading and uploading stolen files such as copyrighted music and movies, but a VPN allows you to send and receive files to friends without anyone else seeing what you’re doing. Surely there times you need to share files that you don’t want others seeing. By using a VPN, sending private documents or personal photo albums can be done without the thought crossing your mind of your information being leaked to the world for all to see.


Browsing isn’t logged

Once again, this sounds a little shady, but think about it. Imagine you were accused of a drug-related crime, but weren’t able to prove your innocence. The authorities subpoena your Internet browsing history, and find that you had previously looked up the recipe for crack cocaine. It’s not going to matter that this was for a research project in chemistry class; it’s only going to make you look worse in front of a judge. If you had used a VPN, your browsing history would be completely untraceable, and you’d have a much better chance at convincing the court of your innocence.
Right to privacy

Above all else, privacy is (or at least, should be) a basic human right. Everything discussed above should be private in the first place. But unfortunately, in this day and age, it’s not. Even those who have nothing to hide should be wary about how their Internet browsing habits may appear when viewed out of context by outsiders. Remember: Nothing you do online is private, but with a VPN you can minimize the chances of your private information becoming public knowledge.

Read More >>

Read More

Massive iOS 11 leak reveals key iPhone 8 secrets ahead of launch

Oh, Apple, you just can’t keep leaking unreleased software, can you? After the massive HomePod leaks that practically confirmed many of the iPhone 8 rumors that we kept bumping into, we have a similar blunder from the Cupertino-based company. This time around, someone close to Apple leaked iOS 11 GM, the final iOS 11 version that’s actually be installed on the iOS devices launching soon. And iOS 11 GM is full of iPhone 8 details.

The software was obtained by 9to5Mac, which inspected it for iPhone 8 clues. It turns out there are plenty of secrets that were not spilled in the previous HomePod dump.

iPad Pro display
The iPhone is finally getting the True Tone Display that Apple first launched on the iPad Pro for white balancing. iOS 11 GM beta also indicates the resolution of the phone will be at 2436 x 1125, which seems to match previous leaks and estimates.

iPhone 8 design
More references to the new iPhone 8 are found in iOS 11, which confirm the phone’s top notch. An animation that shows instructions for enabling the SOS mode also highlights the design changes, including the top bezel and bigger on/off button on the side.

Read More >>

Read More

FTC settles with Lenovo over a built-in snooping software, $3.5 million fine

SAN FRANCISCO —  Lenovo, the world’s second largest computer manufacturer, has settled with the Federal Trade Commission over charges it shipped some of its laptops preloaded with software that compromised security protections in order to deliver ads to consumers. The company will also pay $3.5 million to 32 states that were part of the settlement.

The VisualDiscovery program caused pop-up ads to appear on the user's screen whenever his or her cursor hovered over a similar-looking product on a website. While only information about websites the user visited was transmitted, the program had the ability to access all of a consumer’s sensitive personal information transmitted over the Internet, including login credentials, Social Security numbers, medical information, and financial and payment information, the FTC alleged.

Consumers are frequently shown ads the correspond to their search or viewing history, but it's done via ad tracking software or cookies, which can be turned off on Facebook and Google or by deleting cookies. In the case of the VisualDiscovery software, the software hijacked encrypted web sessions.

“It’s the online equivalent of someone intercepting your mail, opening it, reading it, closing it back up and then putting it back in your mailbox,” said FTC acting chair Maureen Ohlhausen.

The program was created by an third-party advertising software company Superfish that was founded in Israel but headquartered in Palo Alto, Calif. It has since shut its doors.

As many as 750,000 laptops sold in the United States had the program installed from 2014 through 2015, the FTC says.

The FTC alleges that beginning in August of 2014, China-based Lenovo began selling laptops in the United States that came pre-installed with the software program. Consumers weren’t told the software was on their systems.

Beijing-based Lenovo made headlines in 2005 when it purchased IBM’s personal computing division for $1.75 billion, an acquisition that at the time was controversial as many feared it was a beachhead for other Chinese businesses. Today it is the world’s second-largest PC maker, with 20.4% of the global market, very close behind HP which has 21.8%, according to research firm IDC. In 2016 Lenovo's revenue was $43 billion.

Lenovo has published a list of computers that came with the software installed. Its popular ThinkPad laptops were not affected.
“Egregious does describe it,” said Eugene Spafford, founder of the Center for Education and Research in Information Assurance and Security at Purdue University.

“Sadly, other vendors may be doing something similar as the competition for ad revenue is huge, and the mechanisms are not that difficult to build in (or get prepackaged),” he said.

The snooping software was first discovered by and reported by Chris Palmer from the Google Chrome security team.

As part of the settlement, Lenovo must now get consumers' permission before pre-installing any software that injects advertising into consumers' Internet browsing sessions or that transmits sensitive information from their systems to third parties. Lenovo must also implement a comprehensive software security program to test all software the comes preloaded onto its laptops, and that security program will be subject to third-party audits.

In a statement, Lenovo said it "disagrees" with allegations contained in these complaints but is pleased to bring the matter to a close.
In order to be able to show pop-up ads on encrypted websites, the VisualDiscovery program used an insecure method to replace the digital certificates for the websites with its own certificates. VisualDiscovery did not adequately verify that the websites’ digital certificates were valid before replacing them, and used the same, easy-to-crack password on all affected laptops rather than using unique passwords for each laptop, the FTC said.

That meant that even if a consumer went to a website that began with https://, which would lead them to believe they were on a secure and encrypted site, in fact the security had been breached.
“The harm was consumers were buying computers whose basic security features were undermined without their knowledge or consent,” said Ohlhausen.
Lenovo stopped installing the software over a year ago, and many antivirus programs were updated to identify the program and remove it was news about the insecurity broke.

Still, it’s possible that it still exists on some laptops, the FTC said. Lenovo has published instructions on how to remove the Superfish software on its website.

Neither Lenovo nor the FTC are aware of any actual instances of a third party exploiting the vulnerabilities the VisualDiscovery software created to steal user’s communications.

Read More >>

Read More

Apple's Real Reason for Finally Joining the Net Neutrality Fight

OVER THE PAST few months, as the Federal Communications Commission has moved closer to weakening net neutrality protections, countless tech companies have signaled their support for a strong and open internet. The lone voice missing through the debate: Apple. Yesterday, the final day to comment on the FCC's current net neutrality proceedings, the company finally broke its silence with a comment filed in support of strong rules to protect the open internet. But why, at the 11th hour and well after other tech giants joined the fight, is Apple speaking up now? And why, for that matter, is it speaking up at all?

Apple's filing outlines several key principles it sees as important for protecting the open internet: consumer choice, transparency, competition, investment and innovation, and a ban on paid fast lanes. "These key principles are reflected in the FCC’s current rules and should form the foundation of any net neutrality framework going forward," the filing says. "Apple remains open to alternative sources of legal authority, but only if they provide for strong, enforceable, and legally sustainable protections, like those in place today."

Apple hasn't always stood up for these principles. In 2009, the company was caught blocking Skype calls from iPhones at the request of AT&T, a textbook example of violating net neutrality. Apple was conspicuously missing from a 2014 open letter signed by 100 different tech companies–including Amazon, Google, Facebook, and Microsoft–in support of net neutrality. It didn't join the Internet Association, a coalition of internet heavyweights that has lobbied in support of open internet rules, nor did it participate in this year's Day of Action.

The first sign that Apple was rethinking its position came earlier this year, when CEO Tim Cook voiced support for net neutrality regulations during a shareholder meeting earlier this year. "We stay out of politics but stay in policy," Cook said during the meeting, according to 9to5Mac. "If net neutrality became a top thing, we would definitely engage in it."
So what made Cook and co. decide that net neutrality was "a top thing?" Apple didn't respond to a request for comment on why the company held off for so long. And given that its fellow tech giants have already thrown their lobbying weight behind net neutrality, Apple's support for net neutrality probably won't do much to sway the FCC at this point. (It might motivate the company's cult following to start paying attention to the issue, which could make a difference as the fight shifts from the FCC to courts and Congress.)

The real significance of Apple's filing is what it says about the company's future. The company has long aspired to be more than just a hardware company, and now that Apple is in the streaming video business, net neutrality will become increasingly important to the company's bottom line. Apple's first two original shows Carpool Karaoke and Planet of the Apps debuted this year, and it reportedly plans to spend $1 billion to produce even more content. If companies like AT&T and Verizon can hobble Apple's streams while boosting their own, it could be a real problem for Cupertino's video (and revenue) ambitions.

Yes, Apple's interest in net neutrality is likely driven by its business agenda. The same goes for the other tech giants lobbying to preserve the FCC regulations. But as the FCC moves forward with its plan to gut net neutrality, the open internet will need all the support it can get.

Why You Should Care About Net Neutrality?

A world without net neutrality might end up meaning that you have to pay more to access the internet content that you want. But it also might crush innovation.

Read More >>

Read More

Saros Cycle Solar Eclipses (Astronomy)

"Eclipse Countdown Until First Contact in Oregon August 21, 2017 UT"

On Monday, August 21, 2017, all of North America will be treated to an eclipse of the sun. Anyone within the path of totality can see one of nature’s most awe inspiring sights - a total solar eclipse. This path, where the moon will completely cover the sun and the sun's tenuous atmosphere - the corona - can be seen, will stretch from Salem, Oregon to Charleston, South Carolina. Observers outside this path will still see a partial solar eclipse where the moon covers part of the sun's disk. NASA created this website to provide a guide to this amazing event. Here you will find activities, events, broadcasts, and resources from NASA and our partners across the nation.

Read More >>

Read More

Google Will Launch Android O After The Total Solar Eclipse On Aug. 21: Rumors Say It's Android Oreo

Google announced that it will launch Android O on Aug. 21, and rumors claim that the next major version of the mobile operating system will indeed be named Android Oreo.

Android O will be unveiled right after the total solar eclipse, a phenomenon that will sweep across the entire country for the first time since 1918.

Android O To Launch Aug. 21
Google created a webpage dedicated to the upcoming total solar eclipse, which includes important information on the phenomenon, such as its expected time and ways to watch it for users outside the United States. Google also revealed details about the Eclipse Megamovie Project, which will gather videos from more than 1,000 volunteers across the United States to create a movie of a continuous view of the total solar eclipse.

The main news on the Android Eclipse page, however, is the announcement that Google will officially reveal Android O at 2:40 p.m. ET. The total solar eclipse is expected to end at 2:37 p.m. ET, and Google will jump into the trail left behind by the phenomenon to unveil the next major version of Android.

The Aug. 21 Android O release date partially confirms a report from last week, wherein Android Police managing editor David Ruddock and prolific leaker Evan Blass both claimed that the operating system will be rolled out on that day. The partial confirmation is because it is unclear if Google will also be rolling out Android O after its official unveiling.

The report also claimed that the official name of Android O will be revealed on Aug. 21.

Android O Name: Android Oreo?
Android Oreo has long been theorized as the official name of Android O, as Google names the major versions of the mobile operating system after sweets. Tying up with a brand for the name is not unprecedented, as Google already did it before with Android KitKat.

Two new clues have increased the likelihood that Android O will indeed be named Android Oreo. The first hint comes from Blass, who simply tweeted "Happy Eclipse" alongside a picture of an Oreo cookie. The connection is easy to make, considering the planned Android O launch after the total solar eclipse.

The second clue is much more definitive, and comes from Google itself. Google uploaded a video on Google+, and its filename was "GoogleOreo_Teaser_0817_noDroids (1).mp4". While this is not complete confirmation of the Android Oreo name, the fact that the post containing the video was taken down and replaced with a video named "Octopus Teaser.mp4" means that uploading the first one was a mistake, and spoiled the operating system's name.

How To Watch The Total Solar Eclipse
Google's Android Eclipse page contains a link to the NASA livestream of the total solar eclipse, though users can also watch the phenomemon on Twitter, in partnership with The Weather Channel.

For those who will be watching the total solar eclipse not on their computer monitors but outside, you will need to exercise proper safety precautions, including making sure the eclipse glasses you purchased will really protect you.

Read More >>

Read More

China pledges neutrality unless US strikes North Korea first

China’s government says it would remain neutral if North Korea attacks the United States, but warned it would defend its Asian neighbor if the U.S. strikes first and tries to overthrow Kim Jong Un’s regime, Chinese state media said Friday.

“If the U.S. and South Korea carry out strikes and try to overthrow the North Korean regime, and change the political pattern of the Korean Peninsula, China will prevent them from doing so,” reported the Global Times, a daily Chinese newspaper controlled by the Communist Party.

Meanwhile, other Asia-Pacific countries have come out in support of the United States in the event of a North Korean nuclear attack.

Japan’s defense minister, Itsunori Onodera, said this week that his nation’s military was ready to shoot down North Korean nuclear missiles, if necessary.

In Australia, Prime Minister Malcolm Turnbull described his country and the U.S. as being “joined at the hip,” the South China Morning Post reported.

“If there is an attack on the U.S., the Anzus Treaty would be invoked,” and Australia would aid the U.S., Turnbull told Australia’s 3AW radio Friday morning. Turnbull was referring to a collective security agreement between the United States, Australia and New Zealand.

The Chinese response to the heightened tensions between the U.S. and North Korea followed a number of hot-headed proclamations.

North Korea has threatened the U.S. with a nuclear attack on Guam, a U.S. territory south of Japan, after President Donald Trump said additional threats against the country or its allies would be met with “fire and fury.”

On Thursday, the president doubled-down on the remarks, saying his original comment possibly “wasn’t tough enough.”

In a separate appearance, Trump added: “Let’s see what [Kim Jong Un] does with Guam. He does something in Guam, it will be an event the likes of which nobody has seen before – what will happen in North Korea.”

One North Korean government official, meanwhile, accused Trump of “going senile,” Fox News reported.

Read More >>

Read More

Donald Trump prepares supporters for worst as Robert Mueller's Russia investigation closes in

Embattled President tells fanbase election hacking conspiracy an establishment fabrication invented to deprive them of their leader of choice

President Donald Trump is again attacking the media on Monday, and his broadsides carry a newly ominous edge: He is both faulting the media for allegedly downplaying the size and intensity of support from his base and accusing them of trying to deliberately weaken that support for him.

7 Aug
Donald J. Trump  ✔ @realDonaldTrump
The Trump base is far bigger & stronger than ever before (despite some phony Fake News polling). Look at rallies in Penn, Iowa, Ohio.......

Donald J. Trump ✔ @realDonaldTrump
Hard to believe that with 24/7 #Fake News on CNN, ABC, NBC, CBS, NYTIMES & WAPO, the Trump base is getting stronger!
7:18 AM - Aug 7, 2017
 25,742 25,742 Replies   16,584 16,584 Retweets   69,173 69,173 likes

This comes some 24 hours after Deputy Attorney General Rod J. Rosenstein made big news by telling Fox News Sunday that if the special counsel finds evidence of crimes in the course of his probe into Russian sabotage of our election, it may be within the scope of his investigation to pursue them.

In these seemingly disparate developments, it is hard not to discern the potential for a volatile, combustible combination.

Because Trump is undermining our democratic norms and processes in so many ways, it is often easy to focus on each of them in isolation, rather than as part of the same larger story. But, taken together, they point to a possible climax in which Trump, cornered by revelations unearthed by Robert S. Mueller III's probe and by ongoing media scrutiny, seeks to rally his supporters behind the idea that this outcome represents not the imposition of accountability by functioning civic institutions, but rather an effort to steal the election from him - and from them.

On ABC's This Week, Trump counsellor Kellyanne Conway on Sunday dismissed the “entire Russia investigation” as a “total fabrication” to “excuse” Hillary Clinton's loss. This echoed Trump himself, who recently told a rally that the probe is an effort to “cheat” his supporters out of their legitimately elected leadership (i.e., him) with a “fake story” that is “demeaning to our country and demeaning to our Constitution.”

It bears repeating that Mueller's investigation is looking at how a hostile foreign power may have sabotaged our democracy, and at whether the Trump campaign colluded with it, and at conduct by Trump himself that came after the election: Whether the firing of former FBI Director James Comey after a demand for his loyalty was part of a pattern of obstruction of justice. The first of these has been attested to by our intelligence services, and evidence of the second (at least in the form of a willingness to collude) and the third of these has been unearthed by dogged scrutiny by news outlets. It is hardly an accident that Trump continues to cast doubt on the credibility of both those institutions, even as he and his spokespeople continue to cast the entire affair as an effort to reverse the election by illegitimate means.

This threatens damage on multiple levels. By casting the entire Russia story as fiction, Trump seeks to undermine the credibility of efforts to determine how our electoral system might be vulnerable to further attacks, separate and irrespective of what is learned about the Trump campaign's conduct, possibly making it less likely that we secure our system against any such future sabotage.

We don't know what all the ongoing scrutiny will produce in the way of revelations. But if it does produce any serious wrongdoing by Trump and/or his campaign - or even evidence of serious misconduct that is not criminal - it's not difficult to imagine what might happen next. Trump's advisers regularly tell us he will cooperate with Mueller's probe and play down the possibility of any effort to remove the special counsel. But Trump has confirmed that he is furious with his own attorney general, Jeff Sessions, for failing to protect him from Mueller's probe. That Trump confirmed this publicly only further underscores that he has zero sense of any obligation to the public to follow any rules of conduct, and plainly views any efforts to hold him accountable to those rules as illegitimate.

Conservative writer Matt Lewis floats a scenario in which Mueller, under pressure to produce results, slips into prosecutorial overreach, giving Trump voters legitimate reasons to feel that the presidency is being stolen from them. It is fair to worry about such an outcome, and we must remember that we are far from knowing the full truth about what happened in 2016. But it's also easy to envision the flip side: Trump demagoguing his supporters into a frenzy of rage, at rallies that are exactly like the ones we've seen in recent days, in the face of legitimate revelations.

To be sure, there are new signs that Republicans in Congress are taking steps to set up safeguards, should Trump try to remove Mueller. There is reassuring evidence that our institutions are holding - for now, anyway - and as Brian Beutler notes in The New Republic, it's likely that more future revelations about Trump's unfitness for the presidency will further undercut his efforts to cast institutions holding him accountable as illegitimate. But Trump is already giving every indication that he will go all out in trying. And how much damage that will cause is anyone's guess.

Read More >>

Read More

No more ransomware: How one website is stopping the crypto-locking crooks in their tracks

No More Ransom launched a year ago: here's the story of how cybersecurity firms and law enforcement are working together to bring down ransomware.

Law enforcement organisations and cybersecurity companies around the world have attempted to do what they can to disrupt ransomware -- whether through takedowns of cybercriminal gangs by the authorities or security companies finding and providing decryption keys.
But this disjointed approach can only get so far in the modern hyper-connected world in which criminals cooperate across international borders and time zones.

It's why the No More Ransom initiative was launched a year ago, with the idea of bringing together law enforcement and private industry to combine efforts in the fight against cybercrime.
"It's the idea of everyone bringing what they're best at to the table to jointly try and tackle the biggest threat that we see out there," says Steve Wilson, head of Europol's Cybercrime Centre (EC3).

Launched jointly by Europol, the Dutch National Police, McAfee (then Intel Security), and Kaspersky Lab on July 25 2016, No More Ransom provided keys to unlocking encrypted files, as well as information on how to avoid succumbing to ransomware in the first place.

The portal initially provided decryption tools for four ransomware families: Shade, Rannoh, Rakhn, and CoinVault. It was collaborative work on decrypting CoinVault that led to the creation of a precursor to No More Ransom.
"We were working on CoinVault and did a lot of work with the Dutch police, and we were able to identify the command and control servers the cybercriminals were using," says David Emm, principal security researcher, Kaspersky Lab.

The operation led to Kaspersky uploading free-to-use decryption keys to a website and it took off from there. "It was really successful and this was just one and part of a wider trend, so we wanted to establish wider involvement," he says.

McAfee agreed that this collaboration -- both between competing private firms and the authorities -- was the way forward in the fight against the escalation of ransomware.

"There was just a sense that what would be nice would be to have an initiative to collaborate and work together on. But also to have a single point that people could go to when we create free decryption tools," says Raj Samani, chief scientist at McAfee.

That single place was the No More Ransom portal, which since its launch has been hosted by Amazon Web Services and Barracuda Networks -- and if it wasn't for cloud-hosting, the website would have been overwhelmed on its first day.

"Part of my responsibility was to find a hosting provider and I remember at the time I was asked how many HTTPs requests do you think you'll get a day and I thought 12,000 a day would be reasonable," says Samani.

"On day one we had 2.7 million -- then during one day, the weekend of WannaCry, we had eight million hits in a single day, so it's much bigger than we ever thought."

Following the initial success of the initiative, seven more cybersecurity firms have since joined as associate partners -- Bitdefender, Check Point, Trend Micro, Emisoft, ElevenPaths, Avast and Cert.PL -- each contributing to the development of decryption keys.

Dozens of law enforcement agencies -- including Interpol, Enisa and the NCA -- have also become actively involved in the scheme, which also receives additional support from dozens of security firms. There's now 109 partners in total and for Wilson, the more involved, the merrier: "The more people we get to contribute, the better this resource is going to be," he says.

Cybercrime is a global problem, but while there is more international cooperation between law enforcement agencies than there's been before, rules and regulations mean that sometimes the authorities can't act as quickly as they'd like.

That's a disadvantage against global crime gangs, but private cybersecurity firms can be more flexible, enabling the No More Ransom operation to take the fight to cybercriminals at a faster pace by releasing decryption tools as and when they're developed.

"Law enforcement agencies have restrictions that criminals don't -- they have the logistics of paperwork. Whereas at least under the umbrella of a project like this, there's nothing to slow it down," says Emm.

It's difficult to quantify the exact number of decryptions which have occurred thanks to downloads from No More Ransom -- the portal just provides links, it doesn't monitor what happens next -- but it's thought that over 28,000 decryptions have taken place using the tools, saving millions from being paid to cybercriminals in the process.

"It really strongly justified a single response to this rather than over each country trying to develop something themselves," says EC3's Wilson.

No More Ransom doesn't discriminate about what decryption tools are added to the portal -- sometimes these come in batches, sometimes individual decryptors are uploaded as and when they're made available -- but how does this happen?

There are a number of ways. The first is if encryption keys simply get leaked. Indeed, an example of this occurred just hours after the launch of No More Ransom when the cybercriminal gang behind the Petya ransomware -- long before it caused a global incident -- leaked 3,500 decryption keys for a competing form of ransomware, Chimera. "We were able to grab them and create a tool," says Samani.

But most of the time, decrypting ransomware comes down to hard work, with cybersecurity firms and the authorities working together in order to identify ransomware variants and crack codes.

"Working with law enforcement, we identify the infrastructure, go through the proper legal process to seize the key server and extract the decryption keys," says Samani. That's how Shade ransomware was decrypted, resulting in 165,000 decryption keys being made available.

That's where the aid of law enforcement especially comes in -- a cybersecurity firm can't walk in and seize a botnet, but they can aid in its takedown, as was the case with Operation Avalanche, which took down a prominent malware botnet.

"On the offensive side from us, tackling the actual business model of ransomware-as-a-service and very much going after the large scale perpetrators of cybercrime is very much what we're trying to do," says Wilson.

Naturally, the very existence of No More Ransom has irked malicious actors. "Analysis of the chatter on underground forums shows how angry they are," says McAfee's Samani. "We even had a ransomware variant named after us -- there's an extension that had been encrypted as NoMoreRansom."

So the portal is required to have the best defences possible in order to prevent attacks against it.

"We've got to do all the normal housekeeping things to keep it secure. We've got to pen test it to ensure that it's as secure as we can make it. People are going to want to stop it, we need to make it as resilient as we can," says David Emm.

That's where Barracuda Networks and Amazon Web Services come in -- both powering the portal and keeping it safe from attackers -- in the spirit of cooperation on which No More Ransom is based.

"I'm blown away by how open and collaborative we've been. AWS, for example, hosting it for free, it's incredible, it's probably the most targeted website in the world and they've said OK, no arguments," says Samani.

A year on from the launch of No More Ransom, what's the project's future? An anniversary update includes more decryption tools and the website translated into even more languages to reflect the global interest in the project and to help users and businesses around the world.

The platform is now available in 26 languages, with the most recent additions Bulgarian, Chinese, Czech, Greek, Hungarian, Indonesian, Malay, Norwegian, Romanian, Swedish, Tamil and Thai.

Ransomware is a major problem and while no one is under any illusion that the project is going to eliminate the problem, those behind it are doing all they can to educate against the dangers of ransomware and provide aid against it.

"We totally accept that this isn't a panacea; there's always going to be a lag time between us being able to assist, but we're trying to make that difference," says Wilson.

That's no small task, given ransomware is ever-evolving - and things are likely to get worse before they get better.

Read More >>

Read More

The Petya ransomware is starting to look like a cyberattack in disguise

The ransomware that wasn’t

The haze of yesterday’s massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hack’s reach touched some of the country’s most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual.

The ostensible purpose of all that damage was to make money — and yet there’s very little money to be found. Most ransomware flies under the radar, quietly collecting payouts from companies eager to get their data back and decrypting systems as payments come in. But Petya seems to have been incapable of decrypting infected machines, and its payout method was bizarrely complex, hinging on a single email address that was shut down almost as soon as the malware made headlines. As of this morning, the Bitcoin wallet associated with the attack had received just $10,000, a relatively meager payout by ransomware standards.

“THERE’S NO FUCKING WAY THIS WAS CRIMINALS.”
It leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to Ukraine? It’s not the first time the country has come under cyberattack. (These attacks have typically been attributed to Russia.) But it would be the first time such an attack has come in the guise of ransomware, and has spilled over so heavily onto other countries and corporations.

Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program’s decryption failure in a post today, Comae’s Matthieu Suiche concluded a nation state attack was the only plausible explanation. “Pretending to be a ransomware while being in fact a nation state attack,” Suiche wrote, “ is in our opinion a very subtle way from the attacker to control the narrative of the attack.”

Another prominent infosec figure put it more bluntly: “There’s no fucking way this was criminals.”


There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

THE INFECTIONS SEEM TO TARGET UKRAINE’S MOST VITAL INSTITUTIONS
In each case, the infections seem to specifically target Ukraine’s most vital institutions, rather than making a broader attempt to find lucrative ransomware targets. These initial infections are particularly telling because they were directly chosen by whoever set the malware in motion. Computer viruses often spread farther than their creators intended, but once Petya was on the loose, the attackers would have had no control over how far it reached. But the attackers had complete control over where they planted Petya initially, and they chose to plant it by some of the most central institutions in Ukraine.

The broader political context makes Russia a viable suspect. Russia has been engaged in active military interventions in Ukraine since former president Viktor Yanukovych was removed from power in 2014. That has included the annexation of Crimea and the active movement of troops and equipment in the eastern region of the country, but also a number of more subtle activities. Ukraine’s power grid came under cyberattack in December 2015, an attack many interpreted as part of a hybrid attack by Russia against the country’s infrastructure. That hybrid-warfare theory extends to more conventional guerrilla attacks: the same day that Petya ripped through online infrastructure, Ukrainian colonel Maksim Shapoval was killed by a car bomb attack in Kiev.

“I THINK ULTIMATELY IT’S ABOUT MONEY.”
All that evidence is still circumstantial, and there’s no hard link between yesterday’s attacks and any nation state. It could be Ukraine simply presented a soft target, and the attackers screwed up their payment and decryption systems out of simple carelessness. Functional or not, the software involved still has strong ties to traditional ransomware systems, and even if the attackers didn’t make much money off ransom payments, Petya was still collecting credentials and other data from infected machines, which could be valuable fodder for future attacks. That has led researchers like F-Secure’s Sean Sullivan to hold off on nation-state suspicions. “Maybe there’s multiple ways they’re working the money angle, but I think ultimately it’s about money,” Sullivan told me. “Tigers don’t change their stripes.”

Still, the line between common criminals and state agents can be difficult to parse. A recent indictment in the Yahoo hacking case charged Russian officials alongside freelance hackers, and the division of labor was often unclear. Criminals can be enlisted as privateers, or agents can adopt criminal tactics as a way of disguising themselves. If the suspicions around Petya are correct, that line may be growing even thinner, as globe-spanning attacks get lost in the fog of war. With no clear path to a firm attribution, we may never be able to prove who was responsible for this week’s attacks, or what they hoped to achieve. For anyone digging out a Petya-bricked computer system, that clean getaway is adding insult to injury.The haze of yesterday’s massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hack’s reach touched some of the country’s most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual.

The ostensible purpose of all that damage was to make money — and yet there’s very little money to be found. Most ransomware flies under the radar, quietly collecting payouts from companies eager to get their data back and decrypting systems as payments come in. But Petya seems to have been incapable of decrypting infected machines, and its payout method was bizarrely complex, hinging on a single email address that was shut down almost as soon as the malware made headlines. As of this morning, the Bitcoin wallet associated with the attack had received just $10,000, a relatively meager payout by ransomware standards.

“THERE’S NO FUCKING WAY THIS WAS CRIMINALS.”
It leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to Ukraine? It’s not the first time the country has come under cyberattack. (These attacks have typically been attributed to Russia.) But it would be the first time such an attack has come in the guise of ransomware, and has spilled over so heavily onto other countries and corporations.

Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program’s decryption failure in a post today, Comae’s Matthieu Suiche concluded a nation state attack was the only plausible explanation. “Pretending to be a ransomware while being in fact a nation state attack,” Suiche wrote, “ is in our opinion a very subtle way from the attacker to control the narrative of the attack.”

Another prominent infosec figure put it more bluntly: “There’s no fucking way this was criminals.”


There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

THE INFECTIONS SEEM TO TARGET UKRAINE’S MOST VITAL INSTITUTIONS
In each case, the infections seem to specifically target Ukraine’s most vital institutions, rather than making a broader attempt to find lucrative ransomware targets. These initial infections are particularly telling because they were directly chosen by whoever set the malware in motion. Computer viruses often spread farther than their creators intended, but once Petya was on the loose, the attackers would have had no control over how far it reached. But the attackers had complete control over where they planted Petya initially, and they chose to plant it by some of the most central institutions in Ukraine.

The broader political context makes Russia a viable suspect. Russia has been engaged in active military interventions in Ukraine since former president Viktor Yanukovych was removed from power in 2014. That has included the annexation of Crimea and the active movement of troops and equipment in the eastern region of the country, but also a number of more subtle activities. Ukraine’s power grid came under cyberattack in December 2015, an attack many interpreted as part of a hybrid attack by Russia against the country’s infrastructure. That hybrid-warfare theory extends to more conventional guerrilla attacks: the same day that Petya ripped through online infrastructure, Ukrainian colonel Maksim Shapoval was killed by a car bomb attack in Kiev.

“I THINK ULTIMATELY IT’S ABOUT MONEY.”
All that evidence is still circumstantial, and there’s no hard link between yesterday’s attacks and any nation state. It could be Ukraine simply presented a soft target, and the attackers screwed up their payment and decryption systems out of simple carelessness. Functional or not, the software involved still has strong ties to traditional ransomware systems, and even if the attackers didn’t make much money off ransom payments, Petya was still collecting credentials and other data from infected machines, which could be valuable fodder for future attacks. That has led researchers like F-Secure’s Sean Sullivan to hold off on nation-state suspicions. “Maybe there’s multiple ways they’re working the money angle, but I think ultimately it’s about money,” Sullivan told me. “Tigers don’t change their stripes.”


Still, the line between common criminals and state agents can be difficult to parse. A recent indictment in the Yahoo hacking case charged Russian officials alongside freelance hackers, and the division of labor was often unclear. Criminals can be enlisted as privateers, or agents can adopt criminal tactics as a way of disguising themselves. If the suspicions around Petya are correct, that line may be growing even thinner, as globe-spanning attacks get lost in the fog of war. With no clear path to a firm attribution, we may never be able to prove who was responsible for this week’s attacks, or what they hoped to achieve. For anyone digging out a Petya-bricked computer system, that clean getaway is adding insult to injury.

Read More >>

Read More

Cyberattack Hits Ukraine Then Spreads Internationally

Several companies have been affected by the Petya cyberattack, including, from left, Rosneft, the Russian energy giant; Merck, a pharmaceutical company; and Maersk, a shipping company. Credit Left, Sergei Karpukhin/Reuters; center, Matt Rourke/Associated Press; right, Enrique Castro Sanchez/Agence France-Presse — Getty Images

Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was like a recent assault that crippled tens of thousands of machines worldwide.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world, from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States, were scrambling to respond.

It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after breaking away from the Soviet Union. It spread from there, causing collateral damage around the world.

This outbreak is the latest and perhaps the most sophisticated in a series of attacks that make use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.

Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same N.S.A. hacking tool, Eternal Blue, that was used in the WannaCry incident, and two other methods to promote its spread, according to researchers at the computer security company Symantec.

The N.S.A. has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.

”The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used N.S.A. hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.

The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of organizations around the world failed to properly install the fix.

“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president of security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”

Because the ransomware used at least two other ways to spread on Tuesday, even those who used the Microsoft patch could be vulnerable, according to researchers at F-Secure, the Finnish cybersecurity firm.

A Microsoft spokesman said the company’s latest antivirus software should protect against the attack.

The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.

Ukrainian officials pointed a finger at Russia on Tuesday, though Russian companies were also affected. Home Credit bank, one of Russia’s top 50 lenders, was paralyzed, with all of its offices closed, according to the RBC news website. The attack also affected Evraz, a steel manufacturing and mining company that employs about 80,000 people, the RBC website reported.

In the United States, DLA Piper, the multinational law firm, also reported being hit. Hospitals in Pennsylvania were being forced to cancel surgeries after the attack hit computers at Heritage Valley Health Systems, a Pennsylvania health care provider, and its hospitals in Beaver and Sewickley, Penn., and satellite locations across the state.

A spokesman for the N.S.A. referred questions about the attack to the Department of Homeland Security. “The Department of Homeland Security is monitoring reports of cyber attacks affecting multiple global entities and is coordinating with our international and domestic cyber partners,” Scott McConnell, spokesman for D.H.S., said in a statement.

Computer specialists said the ransomware was very similar to a virus that first emerged last year called Petya. Petya means “Little Peter,” in Russian, leading some to speculate the name referred to Sergei Prokofiev’s 1936 symphony “Peter and the Wolf,” about a boy who captures a wolf.

Reports that the computer virus was a variant of Petya suggest the attackers will be hard to trace. Petya was for sale on the so-called dark web, where its creators made the ransomware available as “ransomware as a service” — a play on Silicon Valley terminology for delivering software over the internet, according to the security firm Avast Threat Labs.

That means anyone could launch the ransomware with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the payment.

That distribution method means that pinning down the people responsible for Tuesday’s attack could be difficult.

The attack is “an improved and more lethal version of WannaCry,” according to Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware when he created a kill switch that stopped the attacks.

In just the last seven days, Mr. Suiche noted that WannaCry had tried to hit an additional 80,000 organizations, but was prevented from executing attack code because of the kill switch. Petya does not have a kill switch.

A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.

Petya also encrypts and locks entire hard drives, while the earlier ransomware attacks locked only individual files, said Chris Hinkley, a researcher at Armor, the security firm.

The hackers behind Petya demanded $300 worth of the cybercurrency Bitcoin to unlock victims’ machines. By Tuesday afternoon, online records showed that 30 victims had paid the ransom, though it was not clear whether they regained access to their files. Other victims may be out of luck, after Posteo, the German email service provider, shut down the hackers’ email account.

In Ukraine, people turned up at post offices, A.T.M.s and airports to find blank computer screens, or signs about closures. At Kiev’s central post office, a few bewildered customers milled about, holding parcels and letters, looking at a sign that said, “closed for technical reasons.”

The hackers compromised Ukrainian accounting software mandated to be used in various industries in the country, including government agencies and banks, according to researchers at Cisco Talos, the security division of the computer networking company. That allowed them to unleash their ransomware when the software, which is also used in other countries, was updated.

The ransomware spread for five days across Ukraine, and around the world, before activating Tuesday evening.

“If I had to guess, I would think this was done to send a political message,” said Craig Williams, the senior technical researcher at Talos.

One Kiev resident, Tetiana Vasylieva, was forced to borrow money from a relative after failing to withdraw money at four automated teller machines. At one A.T.M. in Kiev belonging to the Ukrainian branch of the Austrian bank Raiffeisen, a message on the screen said the machine was not functioning.

Ukraine’s Infrastructure Ministry, the postal service, the national railway company, and one of the country’s largest communications companies, Ukrtelecom, had been affected, Volodymyr Omelyan, the country’s infrastructure minister, said in a Facebook post.

Officials for the metro system in Kiev said card payments could not be accepted. The national power grid company Kievenergo had to switch off all of its computers, but the situation was under control, according to the Interfax-Ukraine news agency. Metro Group, a German company that runs wholesale food stores, said its operations in Ukraine had been affected.

At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, though all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually.

Cybersecurity researchers questioned whether collecting ransom was the true objective of the attack.

“It’s entirely possible that this attack could have been a smoke screen,” said Justin Harvey, the chief security officer for the Fidelis cybersecurity company. “If you are an evil doer and you wanted to cause mayhem, why wouldn’t you try to first mask it as something else?”

Read More >>

Read More

Global Cyberattack: What We Know and Don’t Know

A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.

A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry.

What We Know

• Several private companies have confirmed that they were hit by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, the French multinational Saint-Gobain and the Russian steel, mining and oil companies Evraz and Rosneft.

• Photographs and videos of computers affected by the attack show a message of red text on a black screen. The message read: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

• Kaspersky Lab, a cybersecurity firm based in Moscow, reported that about 2,000 computer systems had been affected by the new ransomware.

• Cybersecurity researchers first called the new ransomware attack Petya, as it bore similarities to a ransomware strain known by that name, which was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before.

• ESET, a Slovakia-based cybersecurity company, said the first known infection occurred early on June 27, through a Ukrainian software company called MeDoc. MeDoc denied that its program was the initial infection point. In a Facebook post, the firm wrote, “At the time of updating the program, the system could not be infected with the virus directly from the update file,” though an earlier message confirmed that its systems had been compromised.

• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.

• Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries.

• ESET and several other cybersecurity companies have identified at least one other exploit used in the attack known as PsExec, which takes advantage of a single computer that has not been updated with the latest software in a network to spread infections by looking for — and using — administrative credentials. By using PsExec, the ransomware continued spreading across systems that had been updated, or patched, after the WannaCry outbreak last month.

• Several cybersecurity researchers have identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some of the victims appear to be paying the ransom, even though the email address used by the attackers has been shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid.

What We Don’t Know

• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.

• The motives for the attack. Cybersecurity researchers ask why, if the goal of the attack was to force victims to pay ransom, more care was not taken to protect the email address through which attackers could communicate with their victims, or to provide multiple avenues for payment.

• How much bigger this attack will get. Cybersecurity researchers say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again.

What Is Ransomware?

• Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims email that includes a link or a file that appears innocuous but contains dangerous malware.

• Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders and drives on that computer. In some cases, the entire network the computer is connected to can become infected.

• The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency.

Read More >>

Read More