AT&T

AT&T, Verizon Under US Investigation For Collusion To Lock In Customers (nytimes.com) 9

bongey writes: AT&T and Verizon are currently under investigation for colluding with the GSMA standards group to thwart eSIM technology and hinder consumers from easily switching wireless carriers. eSIM technology lets people remotely switch wireless providers without having to insert a new SIM card into a device. According to The New York Times, the two companies "face accusations that they colluded with the GSMA to try to establish standards that would allow them to lock a device to their network even if it had eSIM technology." The Justice Department opened the investigation roughly five months ago after at least one device maker and one wireless carrier filed formal complaints.
Social Networks

Kaspersky Lab Banned From Advertising on Twitter Because of Its Alleged Ties With Russian Intelligence Agencies (cyberscoop.com) 42

An anonymous reader shares a report: Russian cybersecurity company Kaspersky Lab has been banned from advertising on Twitter due to its allegedly close and active ties between the company and Russian intelligence agencies, according to the social network. The ban is the latest blow in an ongoing saga for Kaspersky, which includes two ongoing legal battles with the U.S. government. Eugene Kaspersky, CEO of Kaspersky Lab, took to Twitter on Friday to condemn the ban. A Twitter spokesperson reiterated that the "decision is based on our determination that Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices."
United States

Democratic Party Files Suit Alleging Russia, the Trump Campaign, and WikiLeaks Conspired To Disrupt the 2016 Election (cnbc.com) 480

The Democratic Party is suing Russia, the Trump campaign and the whistle-blowing website Wikileaks for conspiring to disrupt the 2016 presidential election. From a report: The multi-million-dollar lawsuit filed in Manhattan federal court says that "In the Trump campaign, Russia found a willing and active partner in this effort" to mount "a brazen attack on American Democracy," which included Russian infiltration of the Democratic Party computer network. The Trump campaign, according to the lawsuit, "gleefully welcomed Russia's help." The suit says that "preexisting relationships with Russia and Russian oligarchs" with Trump and Trump associates "provided fertile ground for [the] Russia-Trump conspiracy." The common purpose of the scheme, according to the Democratic National Committee, was to "bolster Trump and denigrate the Democratic Party nominee," Hillary Clinton, while boosting the candidacy of Trump, "whose policies would benefit the Kremlin." Tom Perez, chairman of the Democratic National Committee, said the party's suit "is not partisan, it's patriotic."
Communications

End of the Landline: BT Aims To Move All UK Customers To VoIP by 2025 (siliconrepublic.com) 86

BT aims to move its UK customers to IP telephony by 2025. From a report: BT is shutting its traditional telephone network in the UK, according to an email seen by The Register. The public switched telephone network (PSTN) closure is part of the company's plans to move in a fibre network direction in terms of its infrastructure. All phonecalls will eventually be made over broadband using VoIP systems, which means the company's existing wholesale line rental products, which are reliant on the PSTN, will need to be removed. BT Openreach runs the network used by all but one of the telecoms providers in the UK.
The Internet

Cloudflare: FOSTA Was a 'Very Bad Bill' That's Left the Internet's Infrastructure Hanging (vice.com) 185

Last week, President Donald Trump signed the Fight Online Sex Trafficking Act (FOSTA) into law. It's a bill that penalizes any platform found "facilitating prostitution," and has caused many advocacy groups to come out against the bill, saying that it undermines essential internet freedoms. The most recent entity to decry FOSTA is Cloudflare, which recently decided to terminate its content delivery network services for an alternative, decentralized social media platform called Switter. Motherboard talked to Cloudflare's general counsel, Doug Kramer, about the bill and he said that FOSTA was an ill-consider bill that's now become a dangerous law: "[Terminating service to Switter] is related to our attempts to understand FOSTA, which is a very bad law and a very dangerous precedent," he told me in a phone conversation. "We have been traditionally very open about what we do and our roles as an internet infrastructure company, and the steps we take to both comply with the law and our legal obligations -- but also provide security and protection, let the internet flourish and support our goals of building a better internet." Cloudflare lobbied against FOSTA, Kramer said, urging lawmakers to be more specific about how infrastructure companies like internet service providers, registrars and hosting and security companies like Cloudflare would be impacted. Now, he said, they're trying to figure out how customers like Switter will be affected, and how Cloudflare will be held accountable for them.

"We don't deny at all that we have an obligation to comply with the law," he said. "We tried in this circumstance to get a law that would make sense for infrastructure companies... Congress didn't do the hard work of understanding how the internet works and how this law should be crafted to pursue its goals without unintended consequences. We talked to them about this. A lot of groups did. And it was hard work that they decided not do." He said the company hopes, going forward, that there will be more clarity from lawmakers on how FOSTA is applied to internet infrastructure. But until then, he and others there are having to figure it out along with law enforcement and customers. "Listen, we've been saying this all along and I think people are saying now, this is a very bad law," Kramer said. "We think, for now, it makes the internet a different place and a little less free today as a result. And there's a real-world implication of this that people are just starting to grapple with."

EU

Facebook To Put 1.5 Billion Users Out of Reach of New EU Privacy Law (reuters.com) 95

An anonymous reader quotes a report from Facebook: If a new European law restricting what companies can do with people's online data went into effect tomorrow, almost 1.9 billion Facebook users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company's international headquarters in Ireland. Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union's General Data Protection Regulation (GDPR), which takes effect on May 25. That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook's case could mean billions of dollars.
Censorship

Google Is Shuttering Domain Fronting, Creating a Big Problem For Anti-Censorship Tools (theverge.com) 59

"The Google App Engine is discontinuing a practice called domain fronting, which lets services use Google's network to get around state-level internet blocks," reports The Verge. While the move makes sense from a cybersecurity perspective as domain fronting is widely used by malware to evade network-based detection, it will likely frustrate app developers who use it to get around internet censorship. From the report: First spotted by Tor developers on April 13th, the change has been rolling out across Google services and threatens to disrupt services for a number of anti-censorship tools, including Signal, GreatFire.org and Psiphon's VPN services. Reached by The Verge, Google said the changes were the result of a long-planned network update. "Domain fronting has never been a supported feature at Google," a company representative said, "but until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature."

Domain-fronting allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important for evading state-level censorship, which might try to block all the traffic sent to a given service. As long as the service was using domain-fronting, all the in-country data requests would appear as if they were headed for Google.com, with encryption preventing censors from digging any deeper.
We do not yet know exactly why and when Google is shutting down the practice, but will update this post once we learn more.
Education

100 Top Colleges Vow To Enroll More Low-Income Students (npr.org) 96

Research shows that just 3 percent of high-achieving, low-income students attend America's most selective colleges. And, it's not that these students just aren't there -- every year tens of thousands of top students who don't come from wealthy families never even apply to elite colleges. Universities are taking note -- and banding together under something called the American Talent Initiative -- a network backed by Bloomberg Philanthropies, the Aspen Institute and the research firm Ithaka S+R. To join the club, schools have to graduate 70 percent of their students in six years -- a qualification that leaves just under 300 schools in the U.S. eligible. Nearly a third of those schools -- exactly 100 -- have signed on. Their goal? Enroll 50,000 additional low- and moderate-income students by 2025. From a report: Each school has its own goals, too -- many want to increase the number of Pell Grant students on campus, others aim to improve graduation rates -- but they're all on board to share strategies, learn from each other's missteps and provide data to monitor their progress.
United States

Facebook Must Face Class-Action Lawsuit Over Facial Recognition, Says Judge (kfgo.com) 79

U.S. District Judge James Donato ruled on Monday that Facebook must face a class-action lawsuit alleging that the social network unlawfully used a facial recognition process on photos without user permission. Donato ruled that a class-action was the most efficient way to resolve the dispute over facial templates. KFGO reports: Facebook said it was reviewing the ruling. "We continue to believe the case has no merit and will defend ourselves vigorously," the company said in a statement. Lawyers for the plaintiffs could not immediately be reached for comment. Facebook users sued in 2015, alleging violations of an Illinois state law about the privacy of biometric information. The class will consist of Facebook users in Illinois for whom Facebook created and stored facial recognition algorithms after June 7, 2011, Donato ruled. That is the date when Facebook launched "Tag Suggestions," a feature that suggests people to tag after a Facebook user uploads a photo. In the U.S. court system, certification of a class is typically a major hurdle that plaintiffs in proposed class actions need to overcome before reaching a possible settlement or trial.
Wireless Networking

Planet Fitness Evacuated After WiFi Network Named 'Remote Detonator' Causes Scare (windsorstar.com) 168

An anonymous reader quotes a report from Windsor Star: A Michigan gym patron looking for a Wi-Fi connection found one named "remote detonator," prompting an evacuation and precautionary search of the facility by a bomb-sniffing dog. The Saginaw News reports nothing was found in the search Sunday at Planet Fitness in Saginaw Township, about 85 miles (140 kilometers) northwest of Detroit. Saginaw Township police Chief Donald Pussehl says the patron brought the Wi-Fi connection's name to the attention of a manager, who evacuated the building and called police. The gym was closed for about three hours as police responded. Pussehl says there's "no crime or threat," so no charges are expected. He notes people often have odd names for WiFi connections. Planet Fitness says the manager was following company procedure for when there's suspicion about a safety issue.
Transportation

Why New York City Stopped Building Subways (citylab.com) 219

New York City, which once saw an unprecedented infrastructure boom -- putting together iconic bridges, opulent railway terminals to build the then world's largest underground and rapid transit network in just 20 years -- has not built a single new subway line in more than seven decades. As New York's rapid transit system froze, cities across the globe expanded their networks. A closer inspection reveals that things have actually moved backward -- New York's rapid transit network is actually considerably smaller than it was during the Second World War, and due to this, today's six million daily riders are facing constant delays, infrastructure failures, and alarmingly crowded cars and platforms. This raises two questions: Why did New York abruptly stop building subways after the 1940s? And how did a construction standstill that started nearly 80 years ago lead to the present moment of transit crisis? The Atlantic's CityLab explores: Three broad lines of history provide an explanation. The first is the postwar lure of the suburbs and the automobile -- the embodiment of modernity in its day. The second is the interminable battles of control between the city and the private transit companies, and between the city and the state government. The third is the treadmill created by rising costs and the buildup of deferred maintenance -- an ever-expanding maintenance backlog that eventually consumed any funds made available for expansion.

To see exactly how and why New York's subway went off the rails requires going all the way back to the beginning. What follows is a 113-year timeline of the subway's history, organized by these three narratives (with the caveat that no history is fully complete).

United Kingdom

State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware, US and UK Intelligence Agencies Say (bbc.com) 170

State-sponsored Russian hackers are actively seeking to hijack essential internet hardware, US and UK intelligence agencies say. BBC reports: The UK's National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security issued a joint alert warning of a global campaign. The alert details methods used to take over essential network hardware. The attacks could be an attempt by Russia to gain a foothold for use in a future offensive, it said. "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," said Ciaran Martin, head of the NCSC in a statement. The alert said attacks were aimed at routers and switches that directed traffic around the net. Compromised devices were used to look at data passing through them, so Russia could scoop up valuable intellectual property, business information and other intelligence.
United States

US Bans American Companies From Selling To Chinese Electronics Maker ZTE (reuters.com) 71

An anonymous reader shares a report: The U.S. Department of Commerce is banning American companies from selling components to leading Chinese telecom equipment maker ZTE Corp for seven years for violating the terms of a sanctions violation case, U.S. officials said on Monday. The Chinese company, which sells smartphones in the United States, pleaded guilty last year in federal court in Texas for conspiring to violate U.S. sanctions by illegally shipping U.S. goods and technology to Iran. It paid $890 million in fines and penalties, with an additional penalty of $300 million that could be imposed. As part of the agreement, Shenzhen-based ZTE Corp promised to dismiss four senior employees and discipline 35 others by either reducing their bonuses or reprimanding them, senior Commerce Department officials told Reuters. Update: The UK's cyber security watchdog has warned the UK telecoms sector not to use network equipment or services from Chinese supplier ZTE as it would have a "long term negative effect on the security of the UK."
Security

Hackers Stole a Casino's High-Roller Database Through a Thermometer in the Lobby Fish Tank (businessinsider.com) 245

From a report: Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."

Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium. "The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," she said.

Microsoft

Microsoft Engineer Charged In Reveton Ransomware Case (bleepingcomputer.com) 24

An anonymous reader writes: A Microsoft network engineer is facing federal charges in Florida for allegedly helping launder money obtained from victims of the Reventon ransomware. Florida investigators say that between October 2012 and March 2013, Uadiale worked with a UK citizen going online by the moniker K!NG. The latter would distribute and infect victims with the Reveton ransomware, while Uadiale would collect payments and send the money to K!NG, in the UK. Investigators tracked down Uadiale because this happened before Bitcoin became popular with ransomware authors and they used the now-defunct Liberty Reserve digital currency to move funds. Authorities from 18 countries seized and shut down Liberty Reserve servers in May 2013.
Facebook

Facebook Competitor Orkut Relaunches as 'Hello' (bloombergquint.com) 103

An anonymous reader quotes Bloomberg: In 2004, one of the world's most popular social networks, Orkut, was founded by a former Google employee named Orkut Buyukkokten... Orkut was shut down by Google in 2014, but in its heyday, the network had hit 300 million users around the world... "Hello.com is a spiritual successor of Orkut.com," Buyukkokten told BloombergQuint... "People have lost trust in social networks and the main reason is social media services today don't put the users first. They put advertisers, brands, third parties, shareholders before the users," Buyukkokten said. "They are also not transparent about practices. The privacy policy and terms of services are more like black boxes. How many users actually read them?"

Buyukkokten said users need to be educated about these things and user consent is imperative in such situations when data is shared by such platforms. "On Hello, we do not share data with third parties. We have our own registration and login and so the data doesn't follow you anywhere," he said. "You don't need to sell user data in order to be profitable or make money."

Robotics

Tesla Relied On Too Many Robots To Build the Model 3, Elon Musk Says (theverge.com) 103

An anonymous reader quotes a report from The Verge: Elon Musk says Tesla relied on too many robots to build the Model 3, which is partly to blame for the delays in manufacturing the crucial mass-market electric car. In an interview with CBS Good Morning, Musk agreed with Tesla's critics that there was over-reliance on automation and too few human assembly line workers building the Model 3. Earlier this month, Tesla announced that it had officially missed its goal of making 2,500 Model 3 vehicles a week by the end of the first financial quarter of this year. It will start the second quarter making just 2,000 Model 3s per week, but the company says it still believes it can get to a rate of 5,000 Model 3s per week at the midway point of 2018. Previously, Tesla has blamed bottlenecks in the production of the Model 3's batteries at the company's Gigafactory for the delays. But in a wide-ranging (and largely positive) interview with CBS's Gayle King, Musk also admits it was Tesla's over-reliance on robots in the production. Musk then said the company needs more people working in the factory and that automation slowed the Model 3 production process. He alluded to a "crazy, complex network of conveyor belts" the company had previously used and said the company eliminated it after it became clear it wasn't working.
Piracy

Telegram is Riddled With Tens of Thousands of Piracy Channels; Apple and Google Have Ignored Requests From Creators To Take Action (theoutline.com) 49

joshtops writes: Instant messaging platform Telegram, which is used by more than 200 million users, has had an open secret since its inception: The platform has served as a haven for online pirates. The Outline reports that the platform is riddled with thousands of groups and channels, many with more than 100,000 members, whose sole purpose of existence is to share illegally copied movies, music albums, apps, and other content. The files are stored directly to Telegram's servers, allowing users to download movies, songs, and other content with one click. Channel admins told The Outline that they have not come across any resistance from Telegram despite the company, along with Apple and Google, maintaining a 'zero tolerance' stance on copyright infringement. This permissiveness on Telegram's part has led to the proliferation of a cottage industry of piracy marketplaces on the service.

[...] The Outline also discovered several groups and channels on Telegram in which stolen credentials -- i.e., the username and password for a website -- from Netflix, Spotify, Hulu, HBO, CBS, EA Sports, Lynda, Sling, WWE Network, Mega, India's Hotstar, and dozens of other services were being offered to tens of thousands of members each day. The Outline sourced nearly three-dozen free credentials from six Telegram channels, all of which worked as advertised.
The report says that content creators have reached out to Apple, requesting the iPhone-maker to intervene, but the company has largely ignored the issue.

In an unrelated development, a Moscow court cleared the way on Friday for the local government to ban Telegram, the messaging app, over its failure to give Russian security services the ability to read users' encrypted messages.
Network

Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks (bleepingcomputer.com) 22

Catalin Cimpanu, reporting for BleepingComputer: Cyber-espionage groups -- also referred to as advanced persistent threats (APTs) -- are using hacked routers more and more during their attacks, according to researchers at Kaspersky Lab. "It's not necessarily something new. Not something that just exploded," said Costin Raiu, director of Global Research and Analysis Team (GReAT) at Kaspersky Lab, in a webinar today. "We've seen a bunch of router attack throughout the years. A very good example is SYNful Knock, a malicious implant for Cisco [routers] that was discovered by FireEye but also threat actors such as Regin and CloudAtlas. Both APTs have been known to have and own proprietary router implants." But the number of APTs leveraging routers for attacks has gone steadily up in the past year, and the tactic has become quite widespread in 2018. For example, the Slingshot APT (believed to be a US Army JSOC operation targeting ISIS militants) has used hacked MikroTik routers to infect victims with malware.
Social Networks

Instagram Will Soon Let You Download a Copy of Your Data (techcrunch.com) 22

An Instagram spokesperson has confirmed to TechCrunch that the site will soon let users download a copy of what they've shared on Instagram, including their photos, videos and messages. The new data portability tool could make it much easier for users to leave Instagram and go to a competing image social network. It will also help the site comply with the upcoming European GDPR privacy law that requires data portability, assuming the feature launches before May 25th. From the report: Instagram has historically made it very difficult to export your data. You can't drag, or tap and hold on images to save them. And you can't download images you've already posted. That's despite Instagram now being almost 8 years old and having over 800 million users. For comparison, Facebook launched its Download Your Information tool in 2010, just six years after launch. We're awaiting more info on whether you'll only be able to download your photos, videos, and messages; or if you'll also be able to export your following and follower lists, Likes, comments, Stories, and the captions you share with posts. It's also unclear whether photos and videos will export in the full fidelity that they're uploaded or displayed in, or whether they'll be compressed. Instagram told me "we'll share more details very soon when we actually launch the tool. But at a high level it allows you to download and export what you have shared on Instagram" so we'll have to wait for more clarity.

Slashdot Top Deals