Botnet

FBI Seizes Control of Russian Botnet (thedailybeast.com) 173

The Daily Beast reports that the FBI has seized control of a key server in the Kremlin's global botnet of 500,000 hacked routers. "The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow's ability to reinfect its targets," writes Kevin Poulsen. From the report: The FBI counter-operation goes after "VPN Filter," a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim's Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The Courts

ACLU Sues ICE For License Plate Reader Contracts, Records (sfgate.com) 82

An anonymous reader quotes a report from SFGate: The American Civil Liberties Union on Wednesday sued U.S. Immigration and Customs Enforcement for records about the agency's use of license plate reader technology, after ICE apparently failed to turn over records following multiple requests. In December, ICE purchased access to two databases of ALPR data, the complaint reads. One of those databases is managed by Vigilant Solutions, which has contracts with more than two dozen Bay Area law enforcement agencies. "We believe the other is managed by Thomson Reuters," ACLU laywer Vasudha Talla said. The ACLU and other privacy advocates have expressed concern about how this data will be stored and used for civil immigration enforcement. The ACLU filed two requests under the Freedom of Information Act in March seeking records from ICE, including contracts, memos, associated communications, training materials and audit logs. Since then, ICE has not provided any records, the ACLU said in the complaint, which was filed Tuesday morning in the Northern District Court for the Northern District of California. "The excessive collection and storing of this data in databases -- which is then pooled and shared nationally -- results in a systemic monitoring that chills the exercise of constitutional rights to free speech and association, as well as essential tasks such as driving to work, picking children up from school, and grocery shopping," the complaint said. "We have essentially two concerns: one that is general to ALPR databases, and one that's specific to this situation with ICE," Talla said. "The ACLU has done a lot of work around surveillance technology and ALPR, and we're generally concerned about the aggregation of all this data about license plates paired with a time and location, stretching back for so many months and years."
Businesses

Comcast Confirms Plan To Buy 21st Century Fox and Control of Hulu (arstechnica.com) 64

Comcast is reportedly preparing an offer to buy major portions of 21st Century Fox, which would give it majority control of Hulu and other media properties. Ars Technica reports: Walt Disney Company already has a $52.4 billion all-stock deal to buy the 21st Century Fox properties. But Comcast was rumored to be lining up $60 billion in financing in order to make a hostile bid for the Fox assets, and Comcast's announcement today confirms it. Comcast "is considering, and is in advanced stages of preparing, an offer for the businesses that Fox has agreed to sell to Disney," Comcast's announcement said. Comcast is working on the offer in preparation for shareholder meetings in which the Disney/Fox deal will be considered.

The Fox properties for sale do not include assets such as the Fox News Channel, Fox Business Network, and Fox Broadcasting Company. Those properties would be spun off into a company being referred to as "New Fox," and Comcast would acquire 21st Century Fox after the spinoff. The Fox sale to either Disney or Comcast would include 21st Century Fox's film and television studios; cable entertainment networks; the Fox Sports Regional Networks; and international properties including Star in India and Fox's 39-percent ownership of Sky across Europe. The sale would also include Fox's 30-percent stake in Hulu, the popular online video streaming service. Comcast already owns 30 percent of Hulu, so a deal with Fox would give the nation's largest cable company majority control over the online video provider.

Businesses

Elon Musk To Fight Fake News, Rate Journalists' Credibility Via a Site Called 'Pravda' 306

Elon Musk took to Twitter today to announce his next project: a site called "Pravda" that ranks journalists' credibility and fights fake news. "Going to create a site where the public can rate the core truth of any article & track the credibility score over time of each journalist, editor & publication," tweeted Musk. "Thinking of calling it Pravda..." Musk continued: "Even if some of the public doesn't care about the credibility score, the journalists, editors & publications will. It is how they define themselves." A subsequent Twitter poll (exposed to mostly Musk followers) reveals that most people believe "this would be good."

Accredited journalist Mark Harris replied to the Tesla and SpaceX CEO with a copy of a Statement and Designation by Foreign Corporation form that names the Pravda Corp. "Er, he's not kidding folks," Harris tweeted. "I noticed that one of Musk's agents had incorporated Pravda Corp in California back in October last year. I was wondering what it was all about..."

GeekWire has catalogued a string of replies between Musk and Twitter users who are supportive/unsupportive of his plans.
Government

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks (thedailybeast.com) 120

The law says American agencies must eliminate the use of Kaspersky Lab software by October. But U.S. officials say that's impossible as the security suite is embedded too deep in our infrastructure, The Daily Beast reported Wednesday. From a report: Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware -- and nobody is certain how to get rid of it. "It's messy, and it's going to take way longer than a year," said one U.S. official. "Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with."

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of "any hardware, software, or services developed or provided, in whole or in part," by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed "Kaspersky-branded" products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky's presence in federal networks in the wake of Russia's 2016 election interference campaign.

United States

NYC Transit Boss Unveils Sweeping 10-Year Subway Modernization Plan (nbcnewyork.com) 63

The Metropolitan Transportation Authority (MTA) on Wednesday unveiled a sweeping plan to modernize the city's subway system over the next 10 years. From a report: The proposal, which new New York City Transit President Andy Byford called "Fast Forward," centers on overhauling the mass transit network's signaling system -- some of which dates back to the early 20th century -- 30 years sooner than current Subway Action Plan.

But it won't come without a good bit of pain: sources told News 4 that Byford's plan would require entire lines to be taken out of service during overnight and weekend hours for extended periods. Byford -- who took over the task of running the city's subways and buses earlier this year -- said in an MTA meeting Wednesday that the work would be split into two five-year chunks. Over the first five years parts or all of the 4,5, 6, E, F, M, R, A, C, E and G lines would receive modern signaling systems. That would include the entirety of the Lexington Avenue line, which carries the 4, 5 and 6 trains and is the most-used mass transit line in the United States.

AI

UK Military Fears Robots Learning War From Video Games (bbc.com) 68

Robots that train themselves in battle tactics by playing video games could be used to mount cyber-attacks, the UK military fears. From a report: The warning is in a Ministry of Defence report on artificial intelligence. Researchers in Silicon Valley are using strategy games, such as Starcraft II, to teach systems how to solve complex problems on their own. But artificial intelligence (AI) programs can then "be readily adapted" to wage cyber-warfare, the MoD says. Officials are particularly concerned about the ability of rogue states and terrorists to mount advanced persistent threat attacks, which can disable critical infrastructure and steal sensitive information.
United States

The US Military is Funding an Effort To Catch Deepfakes and Other AI Trickery (technologyreview.com) 70

The Department of Defense is funding a project that will try to determine whether the increasingly real-looking fake video and audio generated by artificial intelligence might soon be impossible to distinguish from the real thing -- even for another AI system. From a report: This summer, under a project funded by the Defense Advanced Research Projects Agency (DARPA), the world's leading digital forensics experts will gather for an AI fakery contest. They will compete to generate the most convincing AI-generated fake video, imagery, and audio -- and they will also try to develop tools that can catch these counterfeits automatically. The contest will include so-called "deepfakes," videos in which one person's face is stitched onto another person's body.

Rather predictably, the technology has already been used to generate a number of counterfeit celebrity porn videos. But the method could also be used to create a clip of a politician saying or doing something outrageous. DARPA's technologists are especially concerned about a relatively new AI technique that could make AI fakery almost impossible to spot automatically. Using what are known as generative adversarial networks, or GANs, it is possible to generate stunningly realistic artificial imagery.

Transportation

Tesla's Promised $35,000 Model 3 Is Still a Long Way Off (engadget.com) 275

When the Model 3 was first unveiled, it was pitched as an EV for the masses that would have a reasonable $35,000 price. Two years later and we still don't have a clear timeline as to when the $35,000 Model 3 will ship. In fact, Elon Musk last weekend unveiled the pricing and specs of a newer, more expensive Model 3 with AWD. It will cost $78,000. Engadget reports: CEO Elon Musk recently tweeted that the $35,000 Model 3 now won't ship until three to six months after Tesla achieves its 5,000 vehicle-per-week production goal. The reason for the new delay in the base model is simple: If the company was to ship it now, it would lose money on every vehicle and "die," as Musk put it. If Tesla had hit its initial forecasts and was producing 5,000 vehicles a week by January, the base, $35,000 Model 3 probably wouldn't have been delayed by so much. One potential problem for Tesla, as the WSJ points out, is that many of the 500,000 buyers who laid down a $1,000 deposit did so expecting to buy a $35,000 car, not a $49,000 one. When they get a letter saying the time has come to configure their EVs, quite a few might decide to back out, which could impact Tesla's already precarious cash flow situation.
Worms

Giant Predatory Worms Are Invading France (qz.com) 246

An anonymous reader quotes a report from Quartz: In a Peer J study published on May 22, "Giant worms chez moi!" zoologist Jean-Lou Justine of the Museum National d'Histoire Naturelle in Paris, entomologist colleagues, and Pierre Gros, outline a discovery that "highlights an unexpected blind spot of scientists and authorities facing an invasion by conspicuous large invasive animals." About 100 citizen scientists ultimately contributed to the assessment of this alien invasion, identifying five giant predatory worm species in France that grow up to 10 inches long. The study relied on contributors' worm sightings, reported "mainly by email, sometimes by telephone." Researchers requested photographs and details about locality. In 2013, the Washington Post reports, "a group of terrorized kindergartners claimed they saw a mass of writhing snakes in their play field." These were giant flatworms! The study concludes that the alien creatures appear to reproduce asexually. They prey on other, smaller earthworms, stunning them with toxins. "The planarian also produces secretions from its headplate and body that adhere it to the prey, despite often sudden violent movements of the latter during this stage of capture," researcher note. In other words, the hammerheads produce a substance that allows them to stick to victims while killing them. The study points out that invasive alien flatworms have been spotted in New Zealand, Papua New Guinea, Brazil, and Australia. But the five species of hammerhead flatworms invading France are giants, growing up to 27 centimeters.
Encryption

FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (techcrunch.com) 157

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

Sony

Sony In $2.3 Billion Deal For EMI, Becomes World's Biggest Music Publisher 28

Sony said on Tuesday it would pay about $2.3 billion to gain control of EMI, becoming the world's largest music publisher in an industry that has found new life on the back of streaming services. Reuters reports: The acquisition is the biggest strategic move yet by new CEO Kenichiro Yoshida and gives Sony a catalogue of more than 2 million songs from artists such as Kanye West, Sam Smith and Sia. The deal is part of Yoshida's mission to make revenue streams more stable with rights to entertainment content -- a strategy that follows a major revamp by his predecessor which shifted Sony's focus away from low-margin consumer electronics.

The spread of the internet led to a shrinking of the music market from around 1999 to 2014, Yoshida said, but added that has turned around with the growth of fixed-price music streaming services. The deal values EMI Music Publishing at $4.75 billion including debt, more than double the $2.2 billion value given in 2011 when a consortium led by Sony won bidding rights for the company. EMI currently commands 15 percent of the music publishing industry which combined with its Sony ATV business would make the Japanese giant the industry leader with market share of 26 percent, a company spokesman said.
Youtube

Google Launches YouTube Music Service With Creepy AI To Predict Listening Habits (audioholics.com) 86

Audiofan writes: Will the new YouTube Music streaming service provide the soundtrack to your life? Google believes that its ability to harness the power of artificial intelligence will help the new service catch up to its rivals in the music streaming business. Google's latest attempt to compete with Spotify and Apple Music may finally have what it takes if it doesn't creep users out in the process. While the service officially rolls out on Tuesday, May 22nd, only some users will be able to use it at launch. What separates YouTube's music streaming service from the competition is its catalog of remixes, live versions, and covers of official versions of songs. It also uses the Google Assistant to make music recommendations based on everything it knows (and can learn) about you and your listening habits. "When you arrive at the gym, for example, YouTube Music will offer up a playlist of hard-hitting pump-up jams (if that's your thing)," reports Audioholics. "Late at night, softer tunes will set a more relaxing mood."

YouTube Music is free with ads, but will cost $9.99 for ad-free listening. There is also YouTube Premium, which will cost $11.99 per month, and will include both the ad-free music service and the exclusive video content from the now-defunct YouTube Red.
Open Source

Computer History Museum Makes Eudora Email Client Source Code Available To the Public (medium.com) 53

Computer History Museum (CHM), an institution which explores the history of computing and its impact on the human experience, announced on Tuesday the public release and long-term preservation of the Eudora source code, one of the early successful email clients, as part of its Center for Software History's Historical Source Code. The release comes after a five-year negotiation with Qualcomm. From the press release: The first version of Eudora was created in the 1980s by Steve Dorner who was working at the University of Illinois at Urbana-Champaign. It took Dorner over a year to create the first version of Eudora, which had 50,000 lines of C code and ran only on the Apple Macintosh. In 1991, Qualcomm licensed Eudora from the University of Illinois and distributed it free of charge. Qualcomm later released Eudora as a consumer product in 1993, and it quickly gained popularity. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of users. After 15 years, in 2006, Qualcomm decided that Eudora was no longer consistent with their other major project lines, and they stopped development. The discussion with Qualcomm for the release of the Eudora source code by the company's museum took five years. Len Shustek, the chairman of the board of trustees of the Computer History Museum, writes: Eventually many email clients were written for personal computers, but few became as successful as Eudora. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of happy users. Eudora was elegant, fast, feature-rich, and could cope with mail repositories containing hundreds of thousands of messages. In my opinion it was the finest email client ever written, and it has yet to be surpassed. I still use it today, but, alas, the last version of Eudora was released in 2006. It may not be long for this world. With thanks to Qualcomm, we are pleased to release the Eudora source code for its historical interest, and with the faint hope that it might be resuscitated. I will muse more about that later.
Open Source

The Percentage of Open Source Code in Proprietary Apps is Rising (helpnetsecurity.com) 60

Zeljka Zorz, writing for Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed two interesting findings:

96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.

Slashdot Top Deals