vkomarov-600x344

Intellectual Property Theft a Growing Threat

The new U.S.-China trade agreement includes provisions that are aimed at curbing forced technology transfers, in which companies hand over technical know-how to foreign partners. For many high-tech businesses, the intellectual property behind their products represents the bulk of their companies’ value.  To learn more about the risks of IP theft, Elizabeth Lee recently visited the Consumer Electronics Show in Las Vegas, where companies talked about the risks to their technology secrets.

vkomarov-600x344

Intellectual Property Theft a Growing Threat

Intellectual property theft is a growing concern, and it poses a real risk at large conferences where people from around the world are gathered, the Federal Bureau of Investigation said recently. David Eagleman was one of more than 175,000 people at the Consumer Electronics Show held earlier this month in Las Vegas. He is a Stanford neuroscientist who co-founded a company that creates a wristband that helps the hearing-impaired hear through their skin. The device was produced after years of research, so Eagleman wanted it well-protected globally. Sorry, but your player cannot support embedded video of this type, you can
FILE – Tara Scranton demonstrates the Sarcos Robotics Guardian XO at the Delta Airlines booth during the CES tech show, Jan. 8, 2020, in Las Vegas. The full-body powered exoskeleton is designed to boost the user’s strength and endurance.At conferences, such as the Consumer Electronics Show, where there were more than 4,000 companies exhibiting and more than 160 countries represented, Rouse said one should be aware of who is handling the technology at all times. “Before you come out to one of these conferences, [it’s important] to make sure that the equipment arrives intact and on time, that it makes it off the loading dock,” he said. “And then during the time of the convention, who’s handling your your equipment? Who is handling your product, and do they have access or the capability of installing malware onto that product at that time?” As technology continues to permeate every aspect of life, especially internet file sharing, the FBI warns intellectual property theft is a growing threat that can cost companies billions of dollars. 

vkomarov-600x344

EU Legal Opinion: Mass Data Retention at Odds With EU Law

A legal adviser at the European Union’s highest court said Wednesday that the bloc’s data protection rules should prevent member states from indiscriminately holding personal data seized from Internet and phone companies, even when intelligence agencies claim that national security is at stake.
In a non-binding opinion on how the European Court of Justice, or ECJ, should rule on issues relating to access by security and intelligence agencies to communications data retained by telecommunications providers, advocate general Campos Sanchez-Bordona said “the means and methods of combating terrorism must be compatible with the requirements of the rule of law.”
Commenting on a series of cases from France, the U.K. and Belgium — three countries that have been hit by extremist attacks in recent years and have reinforced surveillance — Sanchez-Bordona said that the ECJ’s case law should be upheld. He cited a case in which the court ruled that general and indiscriminate retention of communications “is disproportionate” and inconsistent with EU privacy directives.
The advocate general recommended limited access to the data, and only when it is essential “for the effective prevention and control of crime and the safeguarding of national security.”
The initial case was brought by Privacy International, a charity promoting the right to privacy. Referring to the ECJ’s case law, it said that the acquisition, use, retention, disclosure, storage and deletion of bulk personal data sets and bulk communications data by the U.K. security and intelligence agencies were unlawful under EU law.
The U.K.’s Investigatory Powers Tribunal referred the case to the ECJ, which held a joint hearing with two similar cases from France and another one from Belgium.
“We welcome today’s opinion from the advocate general and hope it will be persuasive to the Court,” said Caroline Wilson Palow, the Legal Director of Privacy International. “The opinion is a win for privacy. We all benefit when robust rights schemes, like the EU Charter of Fundamental Rights, are applied and followed.”
The ECJ’s legal opinions aren’t legally binding, but are often followed by the court. The ECJ press service said a ruling is expected within two months.
“Should the court decide to follow the opinion of the advocate general, ‘metadata’ such as traffic and location data will remain subject to a high level of protection in the European Union, even when they are accessed for national security purposes,” said Luca Tosoni, a researcher at the Norwegian Research Center for Computers and Law. “This would require several member states — including Belgium, France, the U.K. and others — to amend their domestic legislation.”
  

vkomarov-600x344

National Security Agency Discovers a Major Security Flaw in Microsoft’s Windows Operating System

The National Security Agency has discovered a major security flaw in Microsoft’s Windows operating system and tipped off the company so that it can fix it.Microsoft made a software patch to fix it available Tuesday and credited the agency as the flaw’s discoverer.The company said it has not seen any evidence that hackers have used the technique discovered by the NSA.”Customers who have already applied the update, or have automatic updates enabled, are already protected,” said Jeff Jones, a senior director at Microsoft, in a statement.Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the “constructive role” that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it’s likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.The revamping of what’s known as the “Vulnerability Equities Process” put more emphasis on disclosing unpatched vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.Those changes happened after a group calling itself “Shadow Brokers” released a trove of high-level hacking tools stolen from the NSA.

vkomarov-600x344

Forget the Mouse: Your Thoughts Can Control Devices

It sounds like science fiction, but a number of tech wearables are letting users control devices with their thoughts. The implications for consumers and businesses are significant. But to start out, the goal of two developers is to simply enable more productivity. Tina Trinh meets the Brooklyn team behind a thought-powered headset.
 

vkomarov-600x344

While Shuttered at Home, China Exploits Social Media Abroad

China says its diplomats and government officials will fully exploit foreign social media platforms such as Facebook and Twitter that are blocked off to its own citizens.
Foreign Ministry spokesman Geng Shuang on Monday likened the government to “diplomatic agencies and diplomats of other countries” in embracing such platforms to provide “better communication with the people outside and to better introduce China’s situation and policies.”
Facebook, Twitter and other social media platforms have tried for years without success to be allowed into the lucrative Chinese market, where Beijing has helped create politically reliable analogues such as Weichat and Weibo. Their content is carefully monitored by the companies and by government censors.
Despite that, Geng said China is “willing to strengthen communication with the outside world through social media such as Twitter to enhance mutual understanding.” He also insisted that the Chinese internet remained open and said the country has the largest number of users of any nation, adding, “we have always managed the internet in accordance with laws and regulations.”
The canny use of social media by pro-democracy protesters in Hong Kong has further deepened China’s concern over the use of such platforms, prompting further crackdowns on the mainland, including on the use of virtual private networks.  

vkomarov-600x344

US Scanning Cyberspace for Signs of Iranian Aggression

U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.According to the latest advisory from the Department of Homeland Security, there are still “no specific, credible threats” to the United States. But officials say Iran’s public assurances that it is done retaliating mean little.“Iran has been one of the most malicious actors out there,” a senior State Department official said Thursday. “We’re very concerned about Iran’s capabilities and activities.”U.S. government officials have been hesitant to comment in any detail on what Iranian cyber actors have been up to in recent days, though they note Iran’s capabilities are on par with Russia, China and North Korea when it comes to using cyber to target industrial control systems or physical infrastructure.“DHS [Department of Homeland Security] is operating under an enhanced posture to improve coordination and situational awareness should any specific threats emerge,” a department spokesperson told VOA.The spokesperson added DHS is coordinating with U.S. intelligence agencies, key private sector companies and organizations, and is ready to “implement enhanced security measures, as needed.”Iranian Cyber ActivityBracing for a ‘significant’ attackIntelligence officials say much of Iran’s cyber activity is driven by the Islamic Revolutionary Guard Corps (IRGC), sometimes using front companies or sometimes carrying out cyberattacks themselves.Past Iranian cyberattacks have ranged from distributed denial of service attacks (DDoS), which block access to websites by overwhelming the server hosting the site with internet traffic, to efforts to deface websites or attempts to steal personal data.An alert this week from the FILE – The Twitter and Facebook logos, Nov. 26, 2019.Ramping up disinformation campaignsAnd once the U.S. airstrike took out Soleimani, the Iranian disinformation machinery went into action.“As that news came out, we saw them ramp their program and start pushing that stuff out,” Hultquist said.The disinformation from Iran’s proxy forces in the Middle East further increased Tuesday during Iran’s retaliatory missile strike on Iraqi bases hosting U.S. and coalition forces — “in terms of reports coming in about certain hits that happened and numbers of casualties from the Iranian response,” said Phillip Smyth, an analyst with the Washington Institute for Near East Policy who has been tracking social media activity by the Iranian-backed militias.But Iran-linked cyber actors have also eyed more ambitious campaigns.In October 2018, for example, Facebook and Instagram removed 82 accounts, pages and groups from their platforms.The posts, Facebook said, focused on “politically charged topics such as race relations, opposition to the [U.S.] president and immigration.”Facebook Removes 82 Iranian-Linked Accounts

        Facebook announced Friday that it has removed 82 accounts, pages or groups from its site and Instagram that originated in Iran, with some of the account owners posing as residents of the United States or Britain and tweeting about liberal politics.At least one of the Facebook pages had more than one million followers, the firm said. The company said it did not know if the coordinated behavior was tied to the Iranian government. 

Analysts said while those Iranian disinformation efforts paled in comparison to the campaign run by Russia in the run-up to the 2016 U.S. presidential elections, the effort showed signs of increasing sophistication, which has continued to this day.Some former U.S. officials and analysts also suspect Iran may be targeting news outlets.The Kuwaiti government Wednesday said the Kuwait News Agency’s Twitter account was hacked after it posted false reports that the U.S. was withdrawing all troops based in the country.Separately, hackers claiming to be working on behalf of Iran defaced the website of the U.S. Federal Depository Library Program.Despite suspicions and concerns, though, officials have yet to definitely attribute either attack to Iran. And there is a risk that such attacks are actually the work of other cyber actors.For example, former officials said there have been instances in the past where Russian cyber operatives hijacked Iranian infrastructure or malware to launch intrusions of their own.Targeting AmericansIran, though, has other tools it can use to strike the U.S. and the West. “Iranian cyber actors are targeting U.S. government officials, government organizations and companies to gain intelligence and position themselves for future cyber operations,” U.S. intelligence agencies warned in their most recent threat assessment.Iran’s Cyber Spies Looking to Get Personal

        Iran appears to be broadening its presence in cyberspace, stealing information that would allow its cyber spies to monitor and track key political and business officials, including some in the United States.A new, U.S. intelligence report released Tuesday warned Iranian cyber actors "are targeting U.S. Government officials, government organizations, and companies to gain intelligence and position themselves for future cyber operations."The latest Worldwide Threat Assessment also said Tehran has been…

The U.S.-based cybersecurity firms FireEye and Symantec have said their research shows Iranian-linked cyber actors have paid particular attention to telecommunications and travel companies, mining them for personal data that could prove useful in such cyber campaigns.Not everyone, however, is convinced Iran is positioned to launch a major cyber offensive.“A lot of the doom and gloom headlines that are out there right now, I think, are overblowing or overhyping the immediate cyberthreat coming from Iran,” Hoover Institution Fellow Jacquelyn Schneider said.“The reality is that Iranians have been conducting these cyberattacks over the last year, if not longer,” she said, adding that while there may well be an uptick in attacks, “they’ve been trying this entire time.”Still, a former U.S. National Security Agency threat manager cautions even a small cyberattack can inadvertently do widespread damage.“There’s always the potential that an attack or an intrusion, which is physically or strategically designed to only impact a certain geography or certain network, creeps to other parts of the network,” said Priscilla Moriuchi, now head of nation-state research at the cybersecurity firm Recorded Future.