×
Government

Justice Department Charging Russian Spies and Criminal Hackers in Yahoo Intrusion (washingtonpost.com) 57

The Justice Department is set to announce Wednesday, reports the Washington Post, the indictments of two Russian spies and two criminal hackers in connection with the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials (Editor's note: the link could be paywalled; alternate source). From the report: The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians. The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on the condition of anonymity because the charges have not yet been announced. The indictments are part of the largest hacking case brought by the United States.
Government

FBI Says It Can't Release iPhone Hacking Tool Because It Might Still Be Useful (zdnet.com) 70

Justice Dept. officials say that details of a hacking tool used to access a terrorist's iPhone should not be released because it may still be "useful" to federal investigators. From a report: The government is fighting a case against three news organizations, including the Associated Press, which are fighting to release details of the hacking tool that FBI agents used to unlock a passcode-protected phone used by San Bernardino shooter Syed Farook. Details of the hacking tool have remained classified, not least because the Justice Dept. believes the tool may could still be used by the FBI in similar cases. "Disclosure of this information could reasonably be expected to cause serious damage to national security as it would allow hostile entities to discover the current intelligence gathering methods used, as well as the capabilities and limitations of these methods," said David Hardy, section chief of the FBI's records management division, in a court filing released late Monday.
Government

The Most Striking Thing About the WikiLeaks CIA Data Dump Is How Little Most People Cared (qz.com) 308

Last week, WikiLeaks released a trove of web pages describing sophisticated software tools and techniques used by the C.I.A to break into smartphones, computers, and IoT devices including smart TVs. Despite the initial media coverage, it appears normal people don't really care much about it, reports Quartz. An anonymous reader shares the report: There's also one other big difference between now and 2013. Snowden's NSA revelations sent shockwaves around the world. Despite WikiLeaks' best efforts at theatrics -- distributing an encrypted folder and tweeting the password "SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds" -- the Vault 7 leak has elicited little more than a shrug from the media and the public, even if the spooks are seriously worried. Maybe it's because we already assume the government can listen to everything.
The Media

Nick Denton Predicts 'The Good Internet' Will Rise Again (pcworld.com) 135

Gawker founder Nick Denton argued today that the future will be rooted in sites like Reddit which involve their reader community -- even if there's only a handful of subtopics each user is interested in. "There's a vitality to it and there's a model for what [media] could be," he told an audience at the South by Southwest festival.

But when it comes to other social media sites, "Facebook makes me despise many of my friends and Twitter makes me hate the rest of the world," Denton said. And he attempted to address America's politically-charged atmosphere where professional news organizations struggled to pay their bills while still producing quality journalism. An anonymous reader quotes PCWorld: The internet played a huge role in this crisis, but despite it all, Denton thinks the web can be the solution to the problems it created. "On Google Hangouts chats or iMessage you can exchange quotes, links, stories, media," he said. "That's a delightful, engaging media experience. The next phase of media is going to come out of the idea of authentic, chill conversation about things that matter. Even if we're full of despair over what the internet has become, it's good to remind yourself when you're falling down some Wikipedia hole or having a great conversation with somebody online -- it's an amazing thing. In the habits that we enjoy, there are the seeds for the future. That's where the good internet will rise up again."
To show his support for news institutions, Denton has also purchased a paid subscription to the New York Times' site.
Government

New Bill Would Allow Employers To Demand Genetic Testing From Workers (businessinsider.com) 397

capedgirardeau quotes a report from Business Insider: A little-noticed bill moving through the U.S. Congress would allow companies to require employees to undergo genetic testing or risk paying a penalty of thousands of dollars, and would let employers see that genetic and other health information. Giving employers such power is now prohibited by U.S. law, including the 2008 genetic privacy and nondiscrimination law known as GINA. The new bill gets around that landmark law by stating explicitly that GINA and other protections do not apply when genetic tests are part of a "workplace wellness" program. The bill, HR 1313, was approved by a House committee on Wednesday, with all 22 Republicans supporting it and all 17 Democrats opposed. The 2008 genetic law prohibits a group health plan -- the kind employers have -- from asking, let alone requiring, someone to undergo a genetic test. It also prohibits that specifically for "underwriting purposes," which is where wellness programs come in. "Underwriting purposes" includes basing insurance deductibles, rebates, rewards, or other financial incentives on completing a health risk assessment or health screenings. In addition, any genetic information can be provided to the employer only in a de-identified, aggregated form, rather than in a way that reveals which individual has which genetic profile. There is a big exception, however: As long as employers make providing genetic information "voluntary," they can ask employees for it. Under the House bill, none of the protections for health and genetic information provided by GINA or the disabilities law would apply to workplace wellness programs as long as they complied with the ACA's very limited requirements for the programs. As a result, employers could demand that employees undergo genetic testing and health screenings.
Businesses

U.S. Jobs, Pay Show Solid Gains in Trump's First Full Month (bloomberg.com) 398

Two anonymous reader share a Bloomberg report: U.S. employers added jobs at an above-average pace for a second month on outsized gains in construction and manufacturing while wage growth picked up, as the labor market continued its steady improvement in the new year. The 235,000 increase followed a 238,000 rise in January that was more than previously estimated, the best back-to-back rise since July, a Labor Department report showed Friday in Washington. The unemployment rate fell to 4.7 percent, and wages grew 2.8 percent from February 2016. While unseasonably warm weather may have boosted the payrolls count, the data represent President Donald Trump's first full month in office and coincide with a surge in economic optimism following his election victory.
China

China Expresses Concern at Revelations in Wikileaks Dump of Hacked CIA Data (reuters.com) 122

China has expressed concern over revelations in a trove of data released by Wikileaks purporting to show that the CIA can hack all manner of devices, including those made by Chinese companies. From a report on Reuters: Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organization's revelations, although some said they needed more details of what the U.S. intelligence agency was up to. Widely-used routers from Silicon Valley-based Cisco were listed as targets, as were those supplied by Chinese vendors Huawei and ZTE and Taiwan supplier Zyxel for their devices used in China and Pakistan. "We urge the U.S. side to stop listening in, monitoring, stealing secrets and internet hacking against China and other countries," Chinese Foreign Ministry spokesman Geng Shuang told a daily news briefing.
Republicans

GOP Senators' New Bill Would Let ISPs Sell Your Web Browsing Data (arstechnica.com) 300

Yesterday, Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors introduced a resolution that would overturn new privacy rules for internet service providers. "If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers' explicit consent before selling or sharing web browsing data and other privacy information with advertisers and other third parties," reports Ars Technica. "The measure would use lawmakers' power under the Congressional Review Act to ensure that the FCC rulemaking 'shall have no force or effect.' The resolution would also prevent the FCC from issuing similar regulations in the future." From the report: Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that. The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017. The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2. Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs.
Crime

Federal Criminal Probe Being Opened Into WikiLeaks' Publication of CIA Documents (cnn.com) 236

A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.
Businesses

Big Tech Lobbying Is On the Verge of Killing Right To Repair Legislation In Minnesota (vice.com) 136

Jason Koebler, writing for Motherboard: Statehouse employees in Minnesota say that lobbying efforts by big tech companies and John Deere are on the verge of killing right to repair legislation in the state that would have made it easier for consumers and small businesses to fix their electronics. According to two of the bill's sponsors, the bill, which would have introduced "fair repair" requirements for manufacturers in the state, will not get a hearing that's necessary to move the legislation forward. Minnesota Senate rules automatically kills any bills that do not have a hearing scheduled by a certain date (this year, it's March 10). Last year, tech industry lobbying killed a similar bill in New York. "Unfortunately, it's not going to make deadline this session," Republican Sen. David Osmek, one of the sponsors, told me in an email. Osmek would not give additional specifics about his colleagues' concerns with the bill, but a legislative assistant for the bill's other sponsor told me that electronic manufacturer lobbying is likely to blame, while another source close to the legislature told me that tractor manufacturer John Deere -- a long time enemy of fair repair -- helped kill the bill as well.
Communications

Trump Renominates Ajit Pai For Five More Years at the FCC (theverge.com) 57

According to Axios, Bloomberg, and several other publications, President Trump has nominated FCC chairman Ajit Pai for a second five-year term at the commission. "Pai's current term ended last June, though he's been able to stick around through the end of the year even without reconfirmation," reports The Verge. From the report: The nomination comes just days after Pai sat down with the president for a meeting, during which they're said to have "reconnected" but without actually discussing anything the commission is actively considering. Pai will need confirmation from the Senate for the nomination to be approved. He was first nominated in 2012 to fill the slot of a commissioner. With approval, he'll be able to stick around through at least the entirety of Trump's current term. The question now is when Trump will nominate people to fill the two slots still vacant at the commission. The FCC remains short staffed, with only three out of five seated leaders, which somewhat limits how quickly Pai is able to get through his agenda.
Businesses

Sprint 'Betting Big On Trump,' Could Merge With T-Mobile Or Comcast (arstechnica.com) 89

An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.
Government

US Suspends 'Expedited' H-1B Visas (sfgate.com) 295

"Starting April 3, 2017, U.S. Citizenship and Immigration Services will temporarily suspend premium processing for all H-1B petitions," read Friday's announcement, which says the suspension "may last up to 6 months." Slashdot reader elrous0 sees it as part of the "ongoing efforts to curb abuses in the controversial H-1B program." The San Francisco Chronicle reports: While it could be difficult to divorce the move Friday from the Trump administration's broader immigration crackdown, some experts believed the agency's decision to be apolitical. "It has everything to do with an understaffed, overworked, U.S. Citizenship and Immigration Services," said Jason Finkelman, an Austin, Texas, immigration attorney, adding that the wait time for an H-1B visa in California is currently about eight months. However, Vivek Wadhwa, an adjunct professor at Carnegie Mellon University's Silicon Valley campus in NASA Ames Research Center at Moffett Field, said the suspension seems like a message from the government that you "can't buy your way into America."
Whatever the motivation, Engadget believes this will impact large tech companies. "Financial Times quotes a lawyer saying that 'close to 100 percent' of applications from companies like Microsoft utilize the option."
America Online

Mike Pence Used His AOL Email For Indiana State Business -- and It Got Hacked (theverge.com) 445

An anonymous reader quotes a report from The Verge: Vice President Mike Pence used a personal AOL email account to conduct sensitive state business -- including issues related to homeland security -- as the governor of Indiana, according to a report from The Indianapolis Star. Not only that, but Pence's email account was also compromised last year, the report reveals. Because personal email accounts are not subject to same types of public transparency laws, it's up to the official and his or her transition staff to hand over any sensitive state-related messages for archiving. Emails from a state account are automatically stored on state servers and subject to public records requests. Pence's office claims the contents of his personal AOL account used for state business are in fact in the process of being archived. A larger concern, however, is security. By using a private AOL account to conduct sensitive state matters, Pence could have exposed sensitive state business. In the hacking incident last year, Pence's email account was compromised by a scammer who used it to try and extort money from members of his contact list by claiming Pence and his wife were stranded in the Philippines, The Indianapolis Star reports. This hack didn't appear to have had been designed specifically to breach Pence's office, which made clear that his AOL account could be compromised by relatively benign breaching techniques designed by spammers and low-level hackers. It is not illegal in Indiana to own and use a personal account while in office, nor is it against the law to handle work-related matters from a personal account -- so long as those emails are in some way archived. However, the Star reports that Pence made no efforts to preserve his AOL emails under after he left office and is only just now doing months after public records requests were first made. "Similar to previous governors, during his time as governor of Indiana, Mike Pence maintained a state email account and a personal email account," reads a statement given to the The Indianapolis Star. "As governor, Mr. Pence fully complied with Indiana law regarding email use and retention. Government emails involving his state and personal accounts are being archived by the state consistent with Indiana law, and are being managed according to Indiana's Access to Public Records Act."
Privacy

White House Supports Renewal of Spy Law Without Reforms (reuters.com) 61

An anonymous reader quotes a report from Reuters: The Trump administration does not want to reform an internet surveillance law to address privacy concerns, a White House official told Reuters on Wednesday, saying it is needed to protect national security. The announcement could put President Donald Trump on a collision course with Congress, where some Republicans and Democrats have advocated curtailing the Foreign Intelligence Surveillance Act, or FISA, parts of which are due to expire at the end of the year. The FISA law has been criticized by privacy and civil liberties advocates as allowing broad, intrusive spying. It gained renewed attention following the 2013 disclosures by former National Security Agency contractor Edward Snowden that the agency carried out widespread monitoring of emails and other electronic communications. Portions of the law, including a provision known as Section 702, will expire on Dec. 31 unless Congress reauthorizes them. Section 702 enables two internet surveillance programs called Prism and Upstream, classified details of which were revealed by Snowden. Democratic and Republican lawmakers have said reforms to Section 702 are needed, in part to ensure the privacy protections on Americans are not violated. The U.S. House of Representatives' Judiciary Committee met Wednesday to discuss possible changes to the law.
Businesses

NSA Risks Talent Exodus Amid Morale Slump, Trump Fears (reuters.com) 251

Dustin Volz and Warren Strobel, writing for Reuters: The National Security Agency risks a brain-drain of hackers and cyber spies due to a tumultuous reorganization and worries about the acrimonious relationship between the intelligence community and President Donald Trump, according to current and former NSA officials and cybersecurity industry sources. Half-a-dozen cybersecurity executives told Reuters they had witnessed a marked increase in the number of U.S. intelligence officers and government contractors seeking employment in the private sector since Trump took office on Jan. 20. One of the executives, who would speak only on condition of anonymity, said he was stunned by the caliber of the would-be recruits. They are coming from a variety of government intelligence and law enforcement agencies, multiple executives said, and their interest stems in part from concerns about the direction of U.S intelligence agencies under Trump. Retaining and recruiting talented technical personnel has become a top national security priority in recent years as Russia, China, Iran and other nation states and criminal groups have sharpened their cyber offensive abilities. NSA and other intelligence agencies have long struggled to deter some of their best employees from leaving for higher-paying jobs in Silicon Valley and elsewhere.
Businesses

Samsung Chief Charged With Bribery and Embezzlement (npr.org) 22

After a three-month investigation, the acting head of Samsung, Lee Jae-yong, has been charged with bribery and embezzlement in connection with the corruption scandal that led to the impeachment of South Korea's president Park Geun-hye. NPR reports: NPR's Elise Hu reported from Seoul that prosecutors announced the indictment after a three-month investigation: "Samsung acting head Lee Jae-Yong got ensnared after documents showed Samsung funneled some $36 million to the president's close confidant. Prosecutors say the money was paid to win government support of a controversial 2015 company merger. The merger did go through, after a vote of support from the government. In a statement, Samsung says it has not paid bribes or made improper requests to the government. Lee is currently in jail awaiting further proceedings in his case." Lee was arrested on Feb. 17, two months after President Park Geun-hye was impeached over allegations of corruption, influence-peddling and cult ties, as we reported. Those corruption allegations were directly tied to the charges brought against Lee, who also goes by the name Jay Y. Lee.
AT&T

FCC Chairman Says His Agency Won't Review AT&T's Time Warner Purchase (engadget.com) 104

Today, FCC commissioner Ajit Pai confirmed that his agency would not review AT&T's Time Warner purchase, clearing the way for the Justice Department to likely approve the deal. Engadget reports: Last month, AT&T revealed how it might structure its deal to acquire Time Warner without having to go through FCC review. The communications giant noted that it "anticipated that Time Warner will not need to transfer any of its FCC licenses ... after the closing of the transaction." That means that the FCC wouldn't need to review the transaction. "That is the regulatory hook for FCC review," Pai said in an interview with The Wall Street Journal. "My understanding is that the deal won't be presented to the commission." The WSJ notes that this would leave the Justice Department as the only governmental agency reviewing the potential deal. Time Warner has said that it has "dozens" of FCC licenses, but the company believes those won't need to be transferred to AT&T as part of the merger, thus keeping the FCC out of the deal. The report notes that the deal still might not go through even if the FCC won't review the transaction. There's a lot of opposition to it from consumer advocacy groups, and President Donald Trump has said he opposes the deal.
Canada

Canada's Top Mountie Issues Blistering Memo On IT Failures (www.cbc.ca) 116

Reader Freshly Exhumed writes: RCMP Commissioner Bob Paulson has levelled a blistering memo obtained by the CBC on how critical IT failures have increased by 129 per cent since Shared Services Canada took over tech support for the entire government five years ago. Not only that, the memo says, the duration of each outage has increased by 98 per cent. "Its 'one size fits all' IT shared services model has negatively impacted police operations, public and officer safety and the integrity of the criminal justice system," reads the memo. A list of specific incidents includes an 11-hour network computer outage on Jan. 18 that downed every Mountie's BlackBerry, affected dispatching, and prevented the RCMP and 240 other police forces from accessing the Canadian Police Information Centre database.
Government

FCC To Halt Rule That Protects Your Private Data From Security Breaches (arstechnica.com) 119

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."

Slashdot Top Deals