aggregator

Law Banning 'Rental' Fees For Customer-Owned Routers Takes Effect Sunday

Slashdot - Your Rights Online - So, 2020-12-19 00:10
An anonymous reader quotes a report from Ars Technica: Broadband and TV providers will finally be required to stop charging "rental" fees for equipment that customers own themselves, thanks to a new US law that takes effect on Sunday. The bogus fees were outlawed by the Television Viewer Protection Act (TVPA), which was approved by Congress and signed by President Trump in December 2019. The law was originally scheduled to take effect on June 20, but Congress gave the Federal Communications Commission leeway to delay enforcement by six months if the FCC "finds that good cause exists for such an additional extension." The FCC in April granted the six-month delay to ISPs, claiming that providers needed more time to comply because of the coronavirus pandemic. That decision delayed implementation of the new requirements until December 20, 2020. The law's implementation will "put an end to the unconscionable business practice of charging consumers a rental fee for cable modem routers even if consumers do not use them!" consumer-advocacy group Public Knowledge said in a blog post. "This common-sense correction will permit consumers to continue to use their own equipment, and not be forced to pay for something they neither asked for nor needed." [...] The new law, passed as part of a budget bill, creates a "consumer right to accurate equipment charges" that prohibits TV and broadband providers from charging for "covered equipment provided by the consumer." Covered equipment is defined as "equipment (such as a router) employed on the premises of a person... to provide [TV service] or to provide fixed broadband Internet access service." The companies may not charge rental or lease fees in cases when "the provider has not provided the equipment to the consumer; or the consumer has returned the equipment to the provider." The law also includes a right to transparency that requires TV providers to inform customers of the total monthly charges, including all company-imposed fees and a good-faith estimate of all government-imposed fees and taxes, before they enter into a contract. This notice must specify the amount of promotional discounts and when those discounts will expire. The law also gives customers a 24-hour period in which they can cancel new TV service without penalty. The new rule won't prevent TV providers from raising prices on existing customers, even when they're under contract. But the new transparency requirement is a step in the right direction.

Read more of this story at Slashdot.

'Evil Mobile Emulator Farms' Used To Steal Millions From US and EU Banks

Slashdot - Your Rights Online - Pt, 2020-12-18 00:10
An anonymous reader quotes a report from Ars Technica: Researchers from IBM Trusteer say they've uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days. The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. In a separate case, a single emulator was able to spoof more than 8,100 devices. The thieves then entered usernames and passwords into banking apps running on the emulators and initiated fraudulent money orders that siphoned funds out of the compromised accounts. Emulators are used by legitimate developers and researchers to test how apps run on a variety of different mobile devices. To bypass protections banks use to block such attacks, the crooks used device identifiers corresponding to each compromised account holder and spoofed GPS locations the device was known to use. The device IDs were likely obtained from the holders' hacked devices, although in some cases, the fraudsters gave the appearance they were customers who were accessing their accounts from new phones. The attackers were also able to bypass multi-factor authentication by accessing SMS messages.

Read more of this story at Slashdot.

Judge Orders Tim Cook and Craig Federighi To Testify in Epic Case

Slashdot - Your Rights Online - Cz, 2020-12-17 22:10
A judge has ordered Apple to produce Tim Cook and Craig Federighi to testify for the Apple versus Epic lawsuit, and they must produce required documents before the next hearing. From a report: The Apple versus Epic lawsuit continues as publicly filed court documents tell us a bit more about the upcoming trial. Epic wants Apple to produce extensive documentation surrounding the App Store and its operations, but there has been some deliberation as to how extensive this data needs to be, and who will present it. The document filed states that Apple will have a large burden placed on them to gather much of what Epic is asking for. The court sides with Apple here stating that Epic need not ask for more amplifying data unless absolutely necessary. The most important part of the court filing is who's going to be made available to represent Apple. Epic has requested that Tim Cook and Craig Federighi be made available for the hearing. Apple says that Tim Cook will be available, but requests his deposition be limited to four hours. Apple also requested that Eric Neuenshwander, who runs the App Store and reports to Craig Federighi, be present instead.

Read more of this story at Slashdot.

Facebook Hits Back at Apple With Second Critical Newspaper Ad

Slashdot - Your Rights Online - Cz, 2020-12-17 16:41
Facebook is stepping up its campaign against Apple's privacy changes with a second full-page newspaper ad today. This new ad claims Apple's iOS 14 privacy changes "will change the internet as we know it," and force websites and blogs "to start charging you subscription fees" or add in-app purchases due to a lack of personalized ads. From a report: It follows a similar full-page newspaper ad in the The Wall Street Journal, New York Times, and the Washington Post yesterday. Apple is planning to make changes to iOS 14 early next year that will require developers to ask for permission to gather data and track users across mobile apps and websites on an iPhone or iPad. Apple revealed how iOS 14 users will be prompted to opt into tracking in apps this week, noting that developers like Facebook can explain to users why they should allow tracking within the prompt. These changes will impact Facebook's lucrative ad business, but the social networking giant is framing them as something far larger that could impact small businesses. Unsurprisingly, Apple doesn't agree. "We believe that this is a simple matter of standing up for our users," said an Apple spokesperson in response to Facebook's first full-page newspaper ad yesterday. "Users should know when their data is being collected and shared across other apps and websites -- and they should have the choice to allow that or not."

Read more of this story at Slashdot.

Trump Considers Clemency For Silk Road 'Kingpin' Ross Ulbricht

Slashdot - Your Rights Online - Cz, 2020-12-17 15:00
An anonymous reader quotes a report from The Daily Beast: In his final weeks in office before Joe Biden's inauguration, President Donald Trump is weighing granting clemency to Ross Ulbricht, the founder and former administrator of the world's most famous darknet drug market, Silk Road, The Daily Beast has learned. According to three people familiar with the matter, the White House counsel's office has had documents related to Ulbricht's case under review, and Trump was recently made aware of the situation and the pleas of the Silk Road founder's allies. Two of these sources say the president has at times privately expressed some sympathy for Ulbricht's situation and has been considering his name, among others, for his next round of commutations and pardons before the Jan. 20 inauguration of his 2020 Democratic opponent. It is unclear if Trump has arrived at a final decision yet, but Ulbricht has gained some influential backers in the president's political and social orbit. Behind the scenes, he has the support of some presidential advisers, as well as criminal justice reform advocates with close ties to the administration and Trump family, including Alice Johnson, according to people with knowledge of the matter. "I've had documents forwarded to my contacts in the White House as early as February," activist Weldon Angelos, a former music producer and ex-federal inmate, said in a brief interview on Tuesday evening. "In the beginning of the year, [Ulbricht's] family had reached out to us for our support, and my organization and I have endorsed his full commutation, and I am hopeful that President Trump will commute his sentence in its entirety. This case has perhaps more support than I've seen in any case of this kind."

Read more of this story at Slashdot.

Amazon Wants To Scan Your Body To Make Perfectly Fitting Shirts

Slashdot - Your Rights Online - Cz, 2020-12-17 04:10
An anonymous reader quotes a report from Fast Company: For just $25, Amazon wants to make you a custom T-shirt. And a virtual body double. This week, the company unveiled a brand called "Made for You" that creates made-to-measure clothes. The initial product, a T-shirt, can be personalized to your taste and measurements, and more products are coming. This is Amazon's latest bid to make itself a fashion destination, and if the company chooses to double down on this made-to-measure technology, it could have significant impacts throughout the industry. It took me five minutes to design a pink, long-sleeved cotton T-shirt. The process began with creating a virtual body double, which involves inputting details -- such as my height, weight, and skin tone -- then taking two photos on my phone using the 3D body scanner in the app. (Amazon has been incorporating body scanners into a number of its products lately, from its fitness band to its smart mirror.) The final 3D representation that appeared on the app looked uncannily like me. In the final step, I chose the color, sleeve length, and neckline of the tee. Then boom! I added it to my cart, and the custom shirt is set to arrive on Christmas Eve.

Read more of this story at Slashdot.

UK Politicians Call For 'Making the Resale of Goods Purchased Using An Automated Bot an Illegal Activity'

Slashdot - Your Rights Online - Cz, 2020-12-17 01:30
Six Scottish National Party (SNP) politicians have put forward a motion for consideration in the UK parliament to prohibit the resale of games consoles and PC components at prices "greatly above" MSRP, and the resale of goods purchased using automated bots to be made illegal in these fair isles. PC Gamer reports: A motion on the "Resale of gaming consoles and computer components purchases by automated bots" has been tabled with UK Parliament, and it aims to outlaw resellers' usage of automated bots and make it difficult to sell in-demand tech at prices far exceeding the manufacturer's recommend retail price. The motion has no set date for debate in the Commons, and is what is known as an 'Early Day Motion.' These don't often receive much love in Parliament, often due to the sheer number of Early Day Motions going at any one time, but they are used to highlight specific issues present in society. That's hardly indicative of sweeping change in the near-future, but it's better than nothing.

Read more of this story at Slashdot.

Texas Plans To Sue Google for Alleged Anticompetitive Behavior

Slashdot - Your Rights Online - Śr, 2020-12-16 23:25
Texas Attorney General Ken Paxton announced Wednesday that he will soon file a multistate antitrust lawsuit against Google and its advertising business, alleging that the company has stifled competition and enjoys "monopolistic power." From a report: In a tweet, Paxton said the lawsuit will be filed on Wednesday. "This goliath of a company is using its power to manipulate the market, destroy competition and harm you, the consumer," Paxton said in a video accompanying the tweet. The text of the complaint was not immediately available. But a court record shows that nine other states are participating in the suit, including Kentucky, South Dakota, Arkansas, Idaho, Indiana, Mississippi, Missouri, North Dakota and Utah. The lawsuit marks the second antitrust suit by government officials to hit Google in the US this year. The Justice Department took the search giant to court over similar allegations in October. Eleven states joined the suit at the time. It also follows a lawsuit by more than 40 attorneys general against Facebook alleging it has abused a monopoly in social media.

Read more of this story at Slashdot.

Nigeria Orders Mobile Users To Link Phones To National ID Numbers

Slashdot - Your Rights Online - Śr, 2020-12-16 20:10
Nigeria's telecommunications regulator ordered mobile-phone users to link their devices to their national identity numbers, raising the prospect of millions of lines being blocked. From a report: Subscribers have until Dec. 31 to comply with the requirement, the Nigerian Communications Commission said in a statement Tuesday on its website. Failure to do so will result in their phone lines being cut off in January, it said. Africa's largest economy had about 196 million active phone lines as of June 2020, NCC data shows. At the same time, only 41.5 million Nigerians had the required identity numbers, according to information on the website of the National Identity Management Commission, which is in charge of registrations. MTN Group's local unit is the biggest wireless operator in the West African country. Airtel Africa, which listed in Lagos and London last year, vies with local operator Globacom to be the country's second-biggest carrier.

Read more of this story at Slashdot.

Australia Sues Facebook Over Its Use of Onavo To Snoop

Slashdot - Your Rights Online - Śr, 2020-12-16 18:52
Australia's Competition and Consumer Commission (ACCC) is suing Facebook over its use, in 2016 and 2017, of the Onavo VPN app to spy on users for commercial purposes. From a report: The ACCC's case accuses Facebook of false, misleading or deceptive conduct toward thousands of Australian consumers, after it had promoted the Onavo Protect app -- saying it would keep users personal activity data private, protected and secret and not use it for any other purpose, when it was being used to gather data to help Facebook's business. "Through Onavo Protect, Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook's promotion of this app," said ACCC chair Rod Sims in a statement. "Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo Protect channelled significant volumes of their personal activity data straight back to Facebook."

Read more of this story at Slashdot.

40 Girls Do Porn Victims Are Suing Pornhub For $1 Million Each

Slashdot - Your Rights Online - Śr, 2020-12-16 15:00
samleecole shares a report from Motherbard: Forty victims of sex trafficking operation Girls Do Porn have filed a lawsuit against Mindgeek, Pornhub's parent company, for a litany of accusations, including knowingly benefiting from Girls Do Porn videos on Pornhub and failing to moderate the images circulating rampantly on its network of tube sites. >In total, the lawsuit is demanding more than $40 million in damages -- at least $1 million per plaintiff -- as well as the money Mindgeek earned from hosting and promoting their videos and legal fees. "As a proximate result of MindGeek's knowing financial benefit and participation in GirlsDoPorn's sex trafficking venture, Plaintiffs have suffered damages, including, but not limited to, severe emotional distress, significant trauma, attempted suicide, and social and familial ostracization," the complaint states. Filed with the United States District Court for the Southern District of California on December 15 by attorneys Brian Holm and John O'Brien, the 43-page complaint details the suffering of these alleged victims of Girls Do Porn, and claims that each of the 40 plaintiffs became suicidal because of the harassment they endured when their videos spread non-consensually across the internet, including across Mindgeek's network of porn sites. Girls Do Porn was a sex trafficking operation that forced and coerced dozens of women as young as 18 into sex on camera, and lied to them about where and how the videos would be distributed. The women were told by everyone involved, from cast and crew to the owner, that the videos would not appear online. After filming, their videos were uploaded to Girls Do Porn's own site, as well as Pornhub, where the Girls Do Porn monetized its videos as a Pornhub "content partner." Pornhub also promoted Girls Do Porn as a content partner even after women in Girls Do Porn videos came forward about abuse and sued it. Last week, following a report from The New York Times about allegations of child sexual abuse imagery on the site, Pornhub changed its police to only allow verified uploads and downloads. Soon after, Mastercard and Visa stopped processing payments for Pornhub.

Read more of this story at Slashdot.

SolarWinds Hides List of High-Profile Customers After Devastating Hack

Slashdot - Your Rights Online - Śr, 2020-12-16 11:00
SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach, "suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity," reports The Verge. From the report: The list of vulnerable companies is much smaller than SolarWinds' overall client list, so simply appearing on the list doesn't mean a company has been affected. SolarWinds claims that only 33,000 companies use the Orion product, compared to its total client base of 330,000. Out of that 33,000, the company estimates that fewer than 18,000 were directly impacted by a malicious update, and the list of directly targeted companies is likely even smaller. Still, there is much about the attack that remains unknown, and it is possible that additional compromises have yet to be discovered. SolarWinds' overall client list includes a broad range of sensitive organizations. Before its removal, the page boasted a broad range of clients, including more than 425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States. In an article on Monday, The New York Times cited a number of organizations as vulnerable that are not cited on the public client page, including Boeing and Los Alamos National Laboratory. Other organizations have been cagey about their own exposure, even within the federal government. Several news outlets have reported that the breach affected the Department of Homeland Security, but the department has not made any official statement regarding its exposure.

Read more of this story at Slashdot.

Senator Tries To Block Frontier's FCC Funding, Citing ISP's Various Failures

Slashdot - Your Rights Online - Śr, 2020-12-16 01:00
An anonymous reader quotes a report from Ars Technica: A Republican US senator from West Virginia has asked the government to block broadband funding earmarked for Frontier Communications, saying that the ISP is not capable of delivering gigabit-speed Internet service to all required locations. Sen. Shelley Moore Capito (R-W.Va.) outlined her concerns in a letter to Federal Communications Commission Chairman Ajit Pai last week. Capito told Pai that Frontier has mismanaged previous government funding and seems to lack both the technological capabilities and financial ability to deliver on its new obligations. Frontier, which filed for bankruptcy in April, is one of 180 ISPs that won funding in the FCC's Rural Digital Opportunity Fund (RDOF) reverse-auction results announced last week. Frontier is due to receive $370.9 million over 10 years to bring broadband to 127,188 homes and businesses in eight states. Frontier's biggest payout is in West Virginia, where it is due to receive $247.6 million over 10 years to expand its broadband network to 79,391 locations. Frontier won over two-thirds of the funding that the FCC allocated to West Virginia despite failing to hit FCC deadlines for a previous round of subsidized broadband deployment in West Virginia and other states. Under the previous funding allocated in 2015 via the FCC's Connect America Fund, Frontier was originally required to meet the build deadlines by the end of 2020. Frontier told Ars today that it will now meet that deadline "by the end of 2021." Capito urged Pai to block Frontier's new funding by rejecting the ISP's long-form application, which must be completed by winning bidders in order to receive the allocated money. "The stakes are simply too high to provide nearly $250 million to a company that does not have the capability to deliver on the commitments made to the FCC," she wrote. Under FCC rules, winning bidders must deploy broadband to 40 percent of required locations in each state within three calendar years, to 60 percent within four years, 80 percent within five years, and 100 percent within six years. Because Frontier won funding in the gigabit tier, it is required to offer download speeds of 1Gbps and upload speeds of 500Mbps along with monthly usage allowances of at least 2TB.

Read more of this story at Slashdot.

Facebook To Move UK Users To California Terms, Avoiding EU Privacy Rules

Slashdot - Your Rights Online - Wt, 2020-12-15 20:50
Facebook will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook's Irish unit and out of reach of Europe's privacy laws. From a report: The change takes effect next year and follows a similar move announced in February by Google here. Those companies and others have European head offices in Dublin, and the UK's exit from the EU will change its legal relationship with Ireland, which remains in the Union. Initially, sources briefed on the matter told Reuters about the move. Facebook later confirmed it. "Like other companies, Facebook has had to make changes to respond to Brexit and will be transferring legal responsibilities and obligations for UK users from Facebook Ireland to Facebook. There will be no change to the privacy controls or the services Facebook offers to people in the UK," the company's UK arm said.

Read more of this story at Slashdot.

Israeli Spy Tech Firm Says It Can Break Into Signal App

Slashdot - Your Rights Online - Wt, 2020-12-15 02:45
Last Thursday, Israeli phone-hacking firm Cellebrite said in a blog post that it can now break into Signal, an encrypted app considered safe from external snooping. Haaretz reports: Cellebrite's flagship product is the UFED (Universal Forensic Extraction Device), a system that allows authorities to unlock and access the data of any phone in their possession. Another product it offers is the Physical Analyzer, which helps organize and process data lifted from the phone. Last Thursday, the company announced that the analyzer has now been updated with a new capability, developed by the firm, that allows clients to decode information and data from Signal. Signal, owned by the Signal Technology Foundation, uses a special open source encryption system called Signal Protocol, which was thought to make it nigh-on impossible for a third party to break into a conversation or access data being shared on the platform. It does so by employing what's called "end-to-end encryption." According to Cellebrite's announcement last week, "Law enforcement agencies are seeing a rapid rise in the adoption of highly encrypted apps like Signal, which incorporate capabilities like image blurring to stop police from reviewing data. "Criminals are using this application to communicate, send attachments, and making [sic] illegal deals that they want to keep discrete [sic] and out of sight from law enforcement," the blog post added. Despite support for the app's encryption capabilities, Cellebrite noted that "Signal is an encrypted communication application designed to keep sent messages and attachments as safe as possible from 3rd-party programs. "Cellebrite Physical Analyzer now allows lawful access to Signal app data. At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives." In an earlier, now deleted, version of the blog post, the company went as far as to say: "Decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch. At Cellebrite, however, finding new ways to help those who make our world a safer place is what we're dedicated to doing every day." The initial post, which was stored on the Internet Archive, also included a detailed explanation of how Cellebrite "cracked the code" by reviewing Signal's own open source protocol and using it against it. The company noted in the deleted blog post that "because [Signal] encrypts virtually all its metadata to protect its users, efforts have been put forward by legal authorities to require developers of encrypted software to enable a 'backdoor' that makes it possible for them to access people's data. Until such agreements are reached, Cellebrite continues to work diligently with law enforcement to enable agencies to decrypt and decode data from the Signal app."

Read more of this story at Slashdot.

Electoral College Certifies Biden's Victory, As Trump Still Refuses To Concede

Slashdot - Your Rights Online - Wt, 2020-12-15 01:01
The Electoral College gave Joe Biden a majority of its votes Monday, confirming his victory in last month's election in state-by-state voting that took on added importance this year because of President Donald Trump's refusal to concede he lost. The Associated Press reports: California's 55 electoral votes put Biden over the top, clearing the 270-vote mark that affirmed he will be the nation's next president. Heightened security was in place in some states as electors met on the day by federal law. Electors cast paper ballots in gatherings that took place in all 50 states and the District of Columbia, with masks, social distancing and other virus precautions the order of the day. The results will be sent to Washington and tallied in a Jan. 6 joint session of Congress over which Vice President Mike Pence will preside. There was little suspense and no surprises as all the electoral votes allocated to Biden and Trump in last month's popular vote went to each man. In Arizona, Georgia, Michigan, Nevada, Pennsylvania and Wisconsin -- the six battleground states that Biden won and Trump contested -- electors gave Biden and Vice President-elect Kamala Harris their votes Monday in low-key proceedings. Nevada's electors met via Zoom because of the coronavirus pandemic. When all the votes are in, Biden was expected to have 306 electoral votes to 232 for Trump. Hawaii was the only state that had yet to vote. Biden topped Trump by more than 7 million votes nationwide. Biden is expected to address the nation Monday night, after the electors have voted. Trump, meanwhile, is refusing to concede.

Read more of this story at Slashdot.

Apple Launches New App Store Privacy Labels So You Can See How iOS Apps Use Your Data

Slashdot - Your Rights Online - Wt, 2020-12-15 00:40
Apple is officially launching its so-called "nutrition label" privacy disclosures for all iOS device owners running the latest version of iOS 14. The Verge reports: Apple says the new labels will be required for apps on all of its platforms -- that includes iOS, iPadOS, macOS, watchOS, and tvOS -- and they will have to be up to date and accurate every time a developer submits a new update. Apple is also holding itself to the same standard, something the company clarified last week when Facebook-owned WhatsApp criticized the company for an apparent inconsistency in its requirements, before Apple said it, too, will provide labels for all its own software. The company's own first-party apps will all have the same disclosures on their App Store product pages. In the event an app doesn't have an App Store product page because it cannot be removed, like the Messages app, Apple says it will be providing privacy label information on the web. Every piece of software on the App Store will also have its privacy label viewable on the web, too. As for how the labels are structured, Apple has broken down data collection into three categories: "data used to track you," "data linked to you," and "data not linked to you." Tracking in this context means the app developer is linking data from the app -- like personal information, or data collected from your device, such as location data -- with other data from other companies' apps or websites for the purpose of targeted advertising or some other ad-related metric. Apple says it's also using the term tracking here to mean sharing user or device information with companies that sell it, like data brokers. The "data linked to you" portion of the label is any data that can be used to identify you. That means data gleaned from using the app or having an account with the service or platform, and any data pulled from the device itself that could be used to create a profile for advertising purposes. "Data not linked to you" is the portion of the privacy label that clarifies when certain data types, like location data or browsing history, are not being linked to you in any identifiable fashion. Apple has specific, developer-focused information on the new labels at its developer portal page, with more general information available on the consumer-facing page.

Read more of this story at Slashdot.

Suspected Russian Hackers Breached Department of Homeland Security

Slashdot - Your Rights Online - Pn, 2020-12-14 22:05
Reuters: A team of sophisticated hackers believed to be working for the Russian government won access to internal communications at the U.S. Department of Homeland Security, according to people familiar with the matter. The breach was part of the campaign reported Sunday that penetrated the U.S. departments of Treasury and Commerce.

Read more of this story at Slashdot.

FTC Launches Sweeping Privacy Study of Top Tech Platforms

Slashdot - Your Rights Online - Pn, 2020-12-14 20:45
The Federal Trade Commission will announce Monday that it's launching a new inquiry into the privacy and data collection practices of major tech firms including Amazon, TikTok owner ByteDance, Twitter, YouTube and Facebook as well as its subsidiary WhatsApp, Axios reported Monday. From the report: The move comes amid broader scrutiny for the industry and appears to be a wide-reaching inquiry into everything major tech companies know about their users and what they do with that data, as well as their broader business plans. The FTC is asking for a large trove of information and documents from the above platforms, plus Discord, Reddit and Snap. The agency wants much of the usage and engagement data the platforms collect on their users, the metrics they use for measuring such things and short- and long-term business strategies, among many other areas of inquiry. In launching the study, the FTC is using its authority to do wide-ranging studies for no specific law enforcement purpose.

Read more of this story at Slashdot.

Russia Breached Update Server Used by 300,000 Organizations, Including the NSA

Slashdot - Your Rights Online - Pn, 2020-12-14 06:51
Sunday Reuters reported that "a sophisticated hacking group" backed by "a foreign government" has stolen information from America's Treasury Department, and also from "a U.S. agency responsible for deciding policy around the internet and telecommunications." The Washington Post has since attributed the breach to "Russian government hackers," and discovered it's "part of a global espionage campaign that stretches back months, according to people familiar with the matter." Officials were scrambling over the weekend to assess the extent of the intrusions and implement effective countermeasures, but initial signs suggested the breach was long-running and significant, the people familiar with the matter said. The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation's foreign intelligence service and breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration... [The Washington Post has also reported this is the group responsible for the FireEye breach. -Ed] All of the organizations were breached through the update server of a network management system called SolarWinds, according to four people familiar with the matter. The company said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized with in a "highly-sophisticated, targeted...attack by a nation state." The scale of the Russian espionage operation is potentially vast and appears to be large, said several individuals familiar with the matter. "This is looking very, very bad," said one person. SolarWinds products are used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world's top electronic spy agency, according to the firm's website. SolarWinds is also used by the top 10 U.S. telecommunications companies... APT29 compromised the SolarWinds server that sends updates so that any time a customer checks in to request an update, the Russians could hitch a ride on that update to get into a victim's system, according to a person familiar with the matter. "Monday may be a bad day for lots of security teams," tweeted Dmitri Alperovitch, a cybersecurity expert and founder of the Silverado Policy Accelerator think tank. Reuters described the breach as "so serious it led to a National Security Council meeting at the White House."

Read more of this story at Slashdot.