Earth

Mayors of 7,400 Cities Vow To Meet Obama's Climate Commitments (theguardian.com) 120

An anonymous reader quotes a report from The Guardian: Mayors of more than 7,400 cities across the world have vowed that Donald Trump's decision to withdraw from the Paris accord will spur greater local efforts to combat climate change. At the first meeting of a "global covenant of mayors," city leaders from across the US, Europe and elsewhere pledged to work together to keep to the commitments made by Barack Obama two years ago. Cities will devise a standard measurement of emission reductions to help them monitor their progress. They will also share ideas for delivering carbon-free transport and housing. Kassim Reed, the mayor of Atlanta, told reporters he had travelled to Europe to "send a signal" that US states and cities would execute the policies Obama committed to, whether the current White House occupants agreed or not. Reed, whose administration has promised that the city of Atlanta will use 100% renewable energy by 2035, said 75% of the US population and GDP lay in urban areas, where local leaders were committed to fighting climate change. "We have the ability to still achieve between 35% and 45% CO2 emission reductions without the involvement of the national government and it is why I chose to be here at this time to send a signal to 7,400 cities around the world that now should be a time of optimism, passion and action," he said.
Government

US Imposes Stricter Security Screenings At Foreign Airports, But Won't Expand Laptop Ban Yet (theverge.com) 43

An anonymous reader quotes a report from The Verge: The United States will require foreign airports to implement stricter security practices and screenings for any passengers headed to the U.S. John Kelly, the U.S. secretary of Homeland Security, announced today that the new measures were being put in place. Though he didn't go into specifics, Kelly said the new requirements would include further screenings of electronics, more thorough vetting of passengers, and measures meant to stop "insider attacks." The U.S. is also encouraging the use of more bomb-detecting dogs, "advanced checkpoint screening technology," and the addition of "preclearance" locations, which station U.S. customs officers overseas, allowing them to screen passengers before boarding instead of after they land. One thing Kelly didn't announce was an expansion of the tablet and laptop ban, which is currently in effect on flights from 10 airports in the Middle East and North Africa. If airports don't comply with the new screening rules, Kelly said, they may be subject to additional electronics bans. But for the time being, it sounds like the ban will be kept to those 10 locations. According to Reuters, airlines have 21 days to comply with the new rules for explosives screenings and four months to comply with everything else.
Security

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com) 123

Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.
Government

FBI Interviews Employees of Russia-Linked Cyber Security Firm Kaspersky Lab (nbcnews.com) 40

FBI agents on Tuesday paid visits to at least a dozen employees of Kaspersky Lab, a Russia-based cyber-security company, asking questions about that company's operations as part of a counter-intelligence inquiry, multiple sources familiar with the matter told NBC News. From a report: In a classic FBI investigative tactic, agents visited the homes of the employees at the end of the work day at multiple locations on both the east and west coasts, the sources said. There is no indication at this time that the inquiry is part of Special Counsel Robert Mueller's investigation into Russian election meddling and possible collusion. Kaspersky has long been of interest to the U.S. government. Its cyber-security software is widely used in the United States, and its billionaire owner, Eugene Kaspersky, has close ties to some Russian intelligence figures, according to U.S. officials.
Businesses

President Trump Attacks Amazon, Incorrectly Claiming That It Owns The Washington Post For Tax Purposes (recode.net) 375

The Washington Post, which has been critical of Donald Trump and his administration in its coverage, has become the latest victim in Trump's Twitter tirade. On Wednesday, he accused Amazon of not "paying internet taxes (which they should)," adding that the company is using The Washington Post "in a scheme to dodge" the taxes. Quick fact check: Amazon doesn't own The Washington Post, Jeff Bezos -- in his personal capacity -- does. At any rate, Trump's furious tweets come a day after The Washington Post reported that a fake issue of Time magazine with Trump on the cover was hanging in some of the president's golf clubs. The timing of this is also awkward because just last week the president met with Bezos and other top executives to discuss ways the White House can modernize government and aid the tech industry. But the two have a long history. As Recode reminds: Meanwhile, Amazon is about to embark on what could be a lengthy government antitrust review of its bid to buy Whole Foods. Already looming large over the roughly $14 billion deal are the president's own comments: He has previously attacked Bezos and claimed the Post is a tax-dodging scheme for Amazon. "He thinks I'll go after him for antitrust," Trump said at one point during his campaign. "Because he's got a huge antitrust problem, because he's controlling so much, Amazon is controlling so much of what they are doing." Months later, Trump charged: "Believe me, if I become president, oh, do they have problems, they are going to have such problems." Meanwhile, Bezos isn't one to shy about his anti-Trump views either. At one point during the election, Bezos tweeted that he'd save a seat for Trump on his Blue Origin spacecraft, with the hashtag "sendDonaldtospace."
Security

Microsoft's Telemetry Shows Petya Infections in 65 Countries Around the World (microsoft.com) 84

From a blog post by Microsoft: On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States. The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated. [...] Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc. Although this vector was speculated at length by news media and security researchers -- including Ukraine's own Cyber Police -- there was only circumstantial evidence for this vector. Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process. A New York Times reports how rest of the world is dealing with Petya. From the article: A fuller picture of the impact will probably emerge in the coming days. But companies and government offices worldwide appeared less affected than the WannaCry attack, notably in places like China, which was hard hit in May. Reports from Asia suggested that many of the companies hit were the local arms of European and American companies struck on Tuesday. In Mumbai, India, a port terminal operated by A.P. Moller-Maersk, the Danish shipping giant, was shut after it disclosed that it had been hit by the malware. In a statement, Indian port authorities said they were taking steps to relieve congestion, such as finding places to park stranded cargo. The attack shut the terminal down on Tuesday afternoon. On the Australian island of Tasmania, computers in a Cadbury chocolate factory owned by Mondelez International, the American food company, displayed the ransomware message, according to the local news media.
Security

Contractors Lose Jobs After Hacking CIA's In-House Vending Machines (techrepublic.com) 181

An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.
China

China's All-Seeing Surveillance State Is Reading Its Citizens' Faces (wsj.com) 104

China's government is using facial-recognition technology to help promote good behavior and catch lawbreakers, reports the WSJ. From the article: Facial-recognition technology, once a specter of dystopian science fiction, is becoming a feature of daily life in China, where authorities are using it on streets, in subway stations, at airports and at border crossings in a vast experiment in social engineering (alternative source). Their goal: to influence behavior and identify lawbreakers. Ms. Gan, 31 years old, had been caught on camera crossing illegally here once before, allowing the system to match her two images. Text displayed on the crosswalk screens identified her as a repeat offender. "I won't ever run a red light again," she said. China is rushing to deploy new technologies to monitor its people in ways that would spook many in the U.S. and the West. Unfettered by privacy concerns or public debate, Beijing's authoritarian leaders are installing iris scanners at security checkpoints in troubled regions and using sophisticated software to monitor ramblings on social media. By 2020, the government hopes to implement a national "social credit" system that would assign every citizen a rating based on how they behave at work, in public venues and in their financial dealings.
Businesses

Short of IT Workers At Home, Israeli Startups Recruit Elsewhere (reuters.com) 132

New submitter Alex Wilson shares a Reuters report: Driven by startups, Israel's technology industry is the fastest growing part of the economy. It accounts for 14 percent of economic output and 50 percent of exports. But a shortage of workers means its position at the cutting edge of global technology is at risk, with consequences for the economy and employment. When Alexey Chalimov founded software design firm Eastern Peak in Israel four years ago he knew he would not find the developers he needed at home. He went to Ukraine and hired 120 people to develop mobile apps and web platforms for international clients and smaller Israeli startups. "I worked for years in the Israeli market and I knew what the costs were in Israel and I knew there was a shortage of workers," he told Reuters.

The government's Innovation Authority forecasts a shortage of 10,000 engineers and programmers over the next decade in a market that employs 140,000. Israel has dropped six spots in three years to 17th in the World Economic Forum's ranking of the ease of finding skilled technology employees. In the meantime, many Israeli startups are looking abroad.

Security

Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World (vice.com) 106

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."

According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
Canada

China, Canada Vow Not To Conduct Cyberattacks On Private Sector (reuters.com) 52

New submitter tychoS writes from a report via Reuters: China and Canada have signed an agreement vowing not to conduct state-sponsored cyberattacks against each other aimed at stealing trade secrets or other confidential business information. The new agreement was reached during talks between Canada's national security and intelligence adviser, Daniel Jean, and senior communist party official Wang Yongqing, a statement dated June 22 on the Canadian government's website showed. "This is something that three or four years ago (Beijing) would not even have entertained in the conversation," an unnamed Canadian government official told the Globe and Mail, which first reported the agreement. The new agreement only covers economic cyber-espionage, which includes hacking corporate secrets and proprietary technology, but does not deal with state-sponsored cyber spying for intelligence gathering.
Businesses

The High-Tech Jobs That Created India's Gilded Generation Are Disappearing (washingtonpost.com) 163

An anonymous reader shares a report: Information technology services account for 9.5 percent of the India's gross domestic product, according to the India Brand Equity Foundation (IBEF), but now, after decades of boom, the future of the industry seems precarious. Since May, workers' groups have reported unusually numerous layoffs. The Forum for IT Employees (FITE) estimates that 60,000 workers have lost their jobs in the past few months (syndicated source). "Employees are being rated as poor performers so companies can get rid of them," said FITE's Chennai coordinator, Vinod A.J. IT companies and some government officials say the numbers have been exaggerated, but industry experts say the country's digital wunderkinds have much to fear. "For the first time, companies are touching middle management," said Kris Lakshmikanth, chief of a recruitment firm called Head Hunters India. Bias against Indians abroad is also compounding workers' fears of layoffs and downsizing at home. President Trump has stoked anxiety among Indian techies, who make up the majority of applicants for the H-1B visa program for highly skilled foreign workers. Trump has talked about sharply restricting H-1Bs, and this year the number of applications dropped a staggering 16 percent as companies prepared for Trump's immigration cutbacks. Instead, Indian outsourcing companies such as Infosys started recruiting Americans, bowing to Trump's calls for "America First." On Monday, India's Prime Minister Modi will meet Trump to talk about trade, visas and climate issues.
Government

Supreme Court Partially Revives Travel Ban, Will Hear Appeal (bloomberg.com) 568

From a report: The U.S. Supreme Court partially revived President Donald Trump's travel ban and said the justices will hear arguments in the fall. The justices said the ban can apply for now only to people who don't have a "credible claim of a bona fide relationship with a person or entity in the United States." From a NYT report: Mr. Trump's revised executive order, issued in March, limited travel from six mostly Muslim countries for 90 days and suspended the nation's refugee program for 120 days. The time was needed, the order said, to address gaps in the government's screening and vetting procedures. [...] The United States Court of Appeals for the Ninth Circuit, in San Francisco, recently blocked both the limits on travel and the suspension of the refugee program. It ruled on statutory rather than constitutional grounds, saying Mr. Trump had exceeded the authority granted him by Congress. The court agreed to review both cases, and said it would hear arguments in October, noting that the government had not asked it to act faster.
United States

Ohio Government Websites Hacked With Pro-Islamic State Messages (bloomberg.com) 207

An anonymous reader quotes Bloomberg: The websites of Ohio Governor John Kasich and other state government agencies were hacked on Sunday with a posting professing love for the jihadist group Islamic State. Ten state websites and two servers were affected, and they've been taken off line for an investigation with law enforcement into how the hackers were able to deface them, said Tom Hoyt, a spokesman for the Ohio Department of Administrative Services... The same pro-Islamic State message, accompanied by music, were also shown on Sunday on the website of Brookhaven, a town on New York's Long Island about 50 miles (80 kilometers) from Manhattan, the New York Post reported... Ohio Treasurer Josh Mandel, a Republican candidate for the U.S. Senate in 2018, posted on Facebook that the Department of Rehabilitation and Correction website had been hacked and said, "Wake up freedom-loving Americans. Radical Islam infiltrating the heartland."
Australia

Roadside Cameras Infected with WannaCry Virus Invalidate 8,000 Traffic Tickets (yahoo.com) 175

Long-time Slashdot reader nri tipped us off to a developing story in Victoria, Australia. Yahoo News reports: Victoria Police officials announced on Saturday, June 24, they were withdrawing all speed camera infringement notices issued statewide from June 6 after a virus in the cameras turned out to be more widespread than first thought. "That does not mean they [the infringement notices] won't not be re-issued," Assistant Commissioner Doug Fryer told reporters, explaining that he wants to be sure the red light and speed cameras were working correctly. Acting Deputy Commissioner Ross Guenther told reporters on Friday that 55 cameras had been exposed to the ransomware virus, but they've now determined 280 cameras had been exposed. The cameras are not connected to the internet, but a maintenance worker unwittingly connected a USB stick with the virus on it to the camera system on June 6.

Fryer said that about 1643 tickets would be withdrawn -- up from the 590 that police had announced on Friday -- and another five and a half thousand tickets pending in the system would be embargoed. Fryer said he was optimistic the 7500 to 8000 tickets affected could be re-issued, but for now police would not issue new tickets until police had reviewed the cameras to ensure they were functioning properly... The "WannaCry" malware caused the cameras to continually reboot, Fryer said. Fryer said there was no indication the malware had caused inaccurate radar readings, but police were being "over cautious" to maintain public faith in the system.

Last week Victoria's Police Minister was "openly furious" with the private camera operator, saying the group hadn't notified the relevant authorities about the infection.
Australia

Australian Officials Want Encryption Laws To Fight 'Terrorist Messaging' (arstechnica.com) 190

An anonymous reader quotes Ars Technica: Two top Australian government officials said Sunday that they will push for "thwarting the encryption of terrorist messaging" during an upcoming meeting next week of the so-called "Five Eyes" group of English-speaking nations that routinely share intelligence... According to a statement released by Attorney General George Brandis, and Peter Dutton, the country's top immigration official, Australia will press for new laws, pressure private companies, and urge for a new international data sharing agreement amongst the quintet of countries... "Within a short number of years, effectively, 100 per cent of communications are going to use encryption," Brandis told Australian newspaper The Age recently. "This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless it's addressed"... Many experts say, however, that any method that would allow the government access even during certain situations would weaken overall security for everyone.
America's former American director of national intelligence recently urged Silicon Valley to "apply that same creativity, innovation to figuring out a way that both the interests of privacy as well as security can be guaranteed." Though he also added, "I don't know what the answer is. I'm not an IT geek, but I just don't think we're in a very good place right now."
Wireless Networking

How A Contractor Exploited A Vulnerability In The FCC Website (wirelessestimator.com) 69

RendonWI writes: A Wisconsin wireless contractor discovered a flaw in the FCC's Antenna Structure Registration (ASR) database, and changed the ownership of more than 40 towers from multiple carriers and tower owners into his company's name during the past five months without the rightful owners being notified by the agency, according to FCC documents and sources knowledgeable of the illegal transfers. Sprint, AT&T and key tower companies were targeted in the wide-ranging thefts... Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR.
United States

Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com) 264

Long-time Slashdot reader quotes Ars Technica: The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.

The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.

According to the article, the U.S. government told the court that national security was at risk.
EU

Germany Cracks Down On Illegal Speech On Social Media. (smh.com.au) 532

ArmoredDragon writes: German police have raided 36 homes of people accused of using illegal speech on Facebook and Twitter. Much of it was aimed at political speech. According to the article, "Most of the raids concerned politically motivated right-wing incitement, according to the Federal Criminal Police Office, whose officers conducted home searches and interrogations. But the raids also targeted two people accused of left-wing extremist content, as well as one person accused of making threats or harassment based on someone's sexual orientation."

This comes just as a new law is being debated that can fine social media platforms $53 million for not removing 70% of illegal speech (including political, defamatory, and hateful speech) within 24 hours of it being posted, which Facebook argues will make it obligatory for them to delete posts and ban users for speech that isn't clearly illegal.

Privacy

State Legislators Want Surveillance Cameras To Catch Uninsured Drivers (arstechnica.com) 277

An anonymous reader quotes Ars Technica: A Rhode Island legislative committee has approved a bill that would greatly expand the surveillance state through the deployment of license plate readers. For the first time in the US, these devices would be attached along Rhode Island highways and roads for the stated purpose of catching uninsured motorists from any state... The legislation spells out that the contractor for the project would get 50 percent of the fines paid by uninsured motorists ensnared under the program. The state and the contractor would each earn an estimated $15 million annually. Fines are as high as $120.

Many police departments nationwide are using surveillance cameras tacked onto traffic poles and police vehicles to catch traffic violators and criminal suspects. The proceeds from traffic fines usually are divvied up with contractors. But according to the Rhode Island lawmaker sponsoring this legislation, it's time to put surveillance cameras to a new purpose -- fining uninsured motorists.

Slashdot Top Deals