Connect with us

Tech

UK infrastructure being targeted by hackers

By Alexander J Martin, Technology Reporter

Hackers are targeting companies connected to the UK's critical national infrastructure, the National Cyber Security Centre (NCSC) has warned.

The campaign against critical national infrastructure (CNI) has been taking place since at least March 2017 and is ongoing, according to an industry advisory notice circulated by the NCSC.

Cybersecurity companies which have identified very similar campaigns include Symantec, BAE Systems and Kaspersky Labs, who have suggested that the hackers may be based in Eastern Europe.

The hacking group is believed to conducting a cyber espionage campaign covering a broad range of targets connected to CNI through supply chain attacks.

Such attacks target computers which are not directly connected to the ultimate target's network and are a technique for compromising victims who might have very thorough security at their immediate perimeter.

In January, NCSC head Ciaran Martin said it was a matter of "when, not if" the UK was victim to a category one cyberattack targeting CNI.

The ultimate aim of such attacks is most often assumed to be sabotage, but the nature of an implant within a computer system means that it can be used to look into the system's workings as well as disrupt them.

:: What can the UK actually expect in a cyberwar?

LONDON, ENGLAND - FEBRUARY 14: A logo is displayed on a television screen in the National Cyber Security Centre on February 14, 2017 in London, England. The National Cyber Security Centre (NCSC) is designed to improve Britain's fight against cyber attacks and act as an operational nerve centre. (Photo by Carl Court/Business-Powers.com)
Video: Under attack: Millions of cyberattacks every month

The hackers have been aiming to infect engineering and industrial control companies by strategically compromising particular websites in "watering hole" attacks, where they add a link to a resource located on a malicious file server.

Spear-phishing emails have also been detected, often including stolen CVs which are loaded with malware to take control of the victim's computer.

Dr Adrian Nish, the head of Threat Intelligence at BAE Systems Applied Intelligence told Sky News: "This is a classic supply-chain attack – where the culprits hack into small companies initially and use them as stepping stones in targeting larger organisations.

"The larger organisations would typically be customers of theirs, hence an inherent trust relationship already exists.

"Here the attackers are focused on the energy sector as their end targets, and leverage engineering firms supplying specialist technology to stage further attacks – either via email, compromising their websites, or even placing malware into software updates.

"It is widespread activity, though focused on Western Europe, the UK, and US. This is not a new campaign, but supply chain vulnerabilities represent an ongoing risk to organisations," Dr Nish added.

Kaspersky Lab suggested that because the adversary was not deploying zero-day exploits (exploits which had never been seen before, leaving security researchers with "zero days" to respond to them), it was not a very sophisticated campaign.

More from United Kingdom

  • 1.5bn sensitive files are exposed on the internet, security researchers say

  • North Korean hackers, not nukes, threaten UK the most – report

  • Recap: Belgium joins nations expelling diplomats

  • Icy roads and floods still a risk as big thaw begins

  • Drivers stuck for 18 hours in the snow as cold snap batters the UK

  • Naming Russia as a perpetrator offers cybersecurity its #MeToo moment

However, Symantec noted that part of a similar threat actor's methodology meant that it was not possible to definitively identify its origins – suggesting that the group wants to make it difficult to identify who is behind the campaign.

The company described the threat actor it has identified as an "accomplished attack group" which has carried out "targeted attacks on energy sector targets since at least 2011".

Continue Reading

Tech

Tory vice-chair admits hacking Labour MP’s website

By Greg Heffer, Political Reporter

A rising star in the Conservative Party has apologised after she admitted she hacked a Labour MP's website and altered its content.

Kemi Badenoch, the hotly tipped MP for Saffron Walden, made the confession in a video obtained by The Mail On Sunday.

Asked what is the naughtiest she's ever done, the 38-year-old replied: "About 10 years ago I hacked into a Labour MP's website and I changed all the stuff in there to say nice things about Tories."

Mrs Badenoch did not name the Labour MP in question.

Under the Computer Misuse Act 1990, unauthorised access to computer material can result in two years' imprisonment and/or a fine.

Mrs Badenoch said: "This was a foolish prank over a decade ago, for which I apologise."

New Tory vice-chairs at 10 Downing Street on January 8, 2018 in London, England.
Image: The 38-year-old was appointed a Tory vice-chair this year

Mustafa Al-Bassam, a PhD researcher at University College London's computer science department, revealed he had submitted a crime report to the UK's national reporting centre for fraud and cyber crime.

He posted on Twitter: "I hope they do take this matter seriously, and apply the law equally to Tory MPs as they do to hacktivists who have gone to jail for less."

Mr Al-Bassam also speculated the Labour MP in question could be the party's former deputy leader Harriet Harman.

In 2008, it was reported Ms Harman's personal website was hacked and updated with a post apparently announcing her defection to the Conservative Party.

Another hacked post called for Londoners to support Boris Johnson's bid to become Mayor of London.

Mrs Badenoch, a former London Assembly member, was elected an MP at last year's snap general election.

She has since been appointed Tory vice-chair with responsibility for selecting candidates for the 2022 election.

More from Politics

  • Tories attack Russia and 'useful idiot' Jeremy Corbyn over Salisbury poisoning

  • Row as Government insists violent crime rise not due to police cuts

  • Government to announce new acid and knife laws to tackle violent crime

  • Good Friday Agreement chair George Mitchell issues Brexit warning

  • Government 'cannot bury head in the sand' amid crime surge, London MPs say

  • Spy poisoning: Russia warns UK it is 'playing with fire' at UN meeting

Mrs Badenoch was also given the honour of introducing Theresa May at last year's Conservative Party conference.

On Friday night, she was guest speaker at the annual dinner of the Prime Minister's constituency party.

Continue Reading

Tech

MIT is making a device that can ‘hear’ the words you say silently

Arnav Kapur and the AlterEgo device.

Lorrie Lejeune/MIT

Students from MIT have created a prototype device, dubbed AlterEgo, that can recognize the words you mouth when silently talking to yourself—and then take action based on what it thinks you’re saying.

Arnav Kapur, a master’s student at the MIT Media Lab—a division of the Massachusetts Institute of Technology that focuses on the intersection of people and technology— and author of the paper, stresses that the device doesn’t read thoughts or the random, stray words that just happen to pass through your mind. “You’re completely silent, but talking to yourself,” he says. “It’s neither thinking nor speaking. It’s a sweet spot in between, which is voluntary but also private. We capture that.”

The prototype system, as it exists right now, looks like a white headset a telemarketer might wear. But instead of a mic hovering in front of their lips, it sticks to the face and neck, where a handful of electrodes pick up the miniscule electrical signals generated by the subtle internal muscle motions that occur when you silently talk to yourself. The device connects via Bluetooth to a computer, which then communicates with a server that interprets the signals to determine what words the wearer is articulating.

It’s very much in the prototype stage, though it represents a fascinating departure from the norm. We most often interact with our devices by touching them—typing on a smartphone, pressing on an app, or double tapping the side of Apple’s AirPods to pause or play music. Or, we talk to our gadgets or smart speakers by engaging with digital helpers like Siri, Alexa, or the Google Assistant. Those services require more from you than speaking silently to yourself. Put another way: this type of tech is like having a simpler version of Siri hear your silent whispers.

The goal of all this? To further “combine humans and computers,” Kapur says. The more tightly we interact with computers, the more we can take advantage of their strengths—like quickly getting help with a math problem or a translation—without having to look up from your work and click, tap, or type.

Or a user could simply change the channel on the Roku—those remotes are so small and easily lost!—in total silence. The AlterEgo also seems promising for people with disabilities, or paralysis. But Kapur says they haven’t been able to study that application yet.

To be sure, the tech is still in its early stages, so each app only has the capacity to learn about 20 different words. The system can’t understand every word a person says—just the ones it has been taught. Talking to yourself deliberately, but not saying anything out loud, is an easy practice to learn, Kapur says. When training someone to use it, they start by asking them to read a passage aloud. “After that, we ask them to not voice the words” as they read, he says. “It’s more comfortable than speaking out loud.”

To build the system, Kapur used a common artificial intelligence tool called a neural network, which can learn from data inputs. They trained the neural network to recognize how different electrical signals correspond to the different words a person could say to themselves.

While it’s easy to see military applications of such a device—a professor from Georgia Tech’s College of Computing, Thad Starner, said in a statement on MIT’s website that he could envision “special ops” using such a device—Kapur says that’s not their intended goal for the system.

“This is more about how we could bridge the gap between computers and humans,” he says. The ideal scenario is one in which people can augment themselves with the smarts of an artificial intelligence system smoothly and in real time.

The next step: work on the device’s form, so it’s a bit “more invisible.” It’s all about that seamless integration—so ideally future versions won’t look like a taped-on telemarketer’s headset.

Continue Reading

Tech

Facebook admits Zuckerberg uses secret tool to unsend messages

Facebook users who change their mind and do not want their messages to appear in a recipients' inbox will be able to delete them in future.

The US tech giant has admitted its boss Mark Zuckerberg has been secretly using a tool to delete his messages in other users' inboxes for several years without telling recipients.

Until now, the option has not been available to most users – something which Facebook has apologised for.

The social network admitted it began erasing the messages of Mr Zuckerberg and other top executives in 2014 after hackers got hold of and released emails from Sony Pictures executives.

The Sony messages included critical remarks about movie stars and others in the entertainment industry.

On Friday, Facebook announced it will also require advertisers who want to run "issue ads" – not endorsing particular candidates or parties but discussing political topics – to verify who pays for them and where the advertiser is based.

Mark Zuckerberg will testify before US committee
Image: Facebook has admitted some of Mark Zuckerberg's messages have been erased from recipients' inboxes

:: Almost 3 million EU citizens hit by Facebook data breach

The measure is already in place for political ads, and comes as Facebook tries to clamp down on outside election interference ahead of this year's US mid-terms and upcoming political contests around the world.

Facebook will also require those who look after pages with a "large number" of followers to also be verified, but it has not stated what this number would be.

The company is trying to clamp down on fake pages and accounts used to disrupt the 2016 US presidential election.

Facebook says page administrators and advertisers will be asked to provide a government-issued ID for verification.

More from Facebook

  • Almost 3 million EU citizens hit by Facebook data breach

  • Zuckerberg to testify before US Congress over privacy row

  • Facebook and Instagram ban 135 Russian troll accounts over meddling

  • Facebook ends partnerships with data brokers following Cambridge Analytica scandal

  • Facebook unveils new privacy tools that let you delete data for good

  • Apple unveils new privacy controls in iOS 11.3 update amid Facebook data scandal

The company is facing a global backlash over the improper sharing of data.

Hearings are planned in the US over the scandal and the EU is considering what actions to take against the company.

Continue Reading

Tech

Scott Pruitt wants to roll back the EPA’s requirements for clean vehicles. It’s going to be a fight.

Ford F-150 Pickup truck

The Ford F-150 gets just 26 mpg highway, which leaves it a long way to go toward the 2025 goal.

Ford

EPA Administrator Scott Pruitt recently announced his intention to repeal Obama-era standards on vehicle emissions. While we don't have specific details about the new requirements, we do know they would be less strict—or ambitious—than the current standards set to start with the 2022-2025 model year. This could mean more greenhouse gas emissions, less fuel-efficient vehicles, and the possibility of cheaper automobiles. It all depends on who you ask.

But it's likely that the actions of the Trump-era EPA here won't be the final say in this emissions-regulating saga, which draws heavy influence from the political powers in charge at a given moment. Instead, it's going to set up an epic lawsuit with Pruitt and the EPA on one side, and California and a host of other states — all of which are blue and represent around a third of the country’s new car market according to Bloomberg — on the other. And that's where the real showdown will take place.

How we got here

After President Trump's surprise electoral victory in November 2016, the Obama-era EPA pushed through a "midterm evaluation" (MTE) of vehicle emissions regulations originally proposed in 2012. The MTE was scheduled for completion in April, 2018 and was meant to examine whether the proposed 2022-2025 standards were fair. The Obama EPA finalized its evaluation more than a year early, publishing its decision on January 17, 2017—three days before the Trump administration took over. Obama's EPA found, perhaps unsurprisingly, that the 2022-2025 regulations were just fine, and could remain in place.

The impending requirements call for the fleetwide average fuel economy of cars and trucks to rise to 51.4 miles per gallon by 2025, up from 35.5 mpg in 2016. Similarly, tailpipe carbon dioxide emissions will fall 31 percent to 173 grams per mile. It's the averages that matter — car companies that sell lots of efficient hybrids and electric cars will be able to offset fuel-hungry pickup trucks to meet goals. Companies that don't achieve the standards are able to purchase credits from companies that overachieve — making a useful revenue stream for EV-only companies like Tesla (and this is happening already).

The downside here is that whenever you increase capability — horsepower, towing capacity, or fuel efficiency — things get more expensive, and the strict regulations could force companies to change their product mix to something less profitable (or less desired by consumers).

Companies like GM and Ford make a ton of money off heavy, fuel-inefficient pickup trucks. The top-three best-selling vehicles in the US last year were the Ford F-series (900,000), Chevy Silverado (600,000), and Ram Pickup (~500,000) — and the segment continues to grow. Everything else takes a distant second and showcases the difficulties with trying to regulate fleetwide emissions standards. For reference, the stock model 2018 Ford F-150 has a fuel efficiency of around 26 mpg—roughly half of the 51.4 number the fleet will need to average. Higher fuel economy standards could put significant pressure on those sales by forcing carmakers to sell more small, fuel-efficient cars that consumers are less interested in.

Ford F-150 Pickup truck

Popular pickup

The Ford F-150 gets just 26 mpg highway, which leaves it a long way to go toward the 2025 goal.

Ford

Big oil change

This week, when the midterm evaluation was originally supposed to take place — and perhaps also unsurprisingly — the Trump EPA thought differently.

"The Obama Administration's determination was wrong," said EPA Administrator Scott Pruitt in a statement. "Obama’s EPA cut the Midterm Evaluation process short with politically charged expediency, made assumptions about the standards that didn’t comport with reality, and set the standards too high."

Politics plays a big role in many things at the EPA, and that's perhaps even more true with former Oklahoma Attorney General Scott Pruitt (who is a close ally of the fossil fuel industry and repeatedly sued the EPA as Oklahoma AG) at the helm. The Trump administration has been rolling back regulations all over the place, environmental and otherwise, including on so-called clean coal, financial institutions, and, of course, net neutrality.

This is just the latest volley in what they consider cutting red tape. Revising proposed regulations on how much greenhouse gases autos can emit into the atmosphere is par for the course — but what's really interesting is what happens next.

"There's going to be incredible litigation over this," says Emil Frankel, senior fellow at the Eno Center for Transportation and a former Assistant Secretary for Transportation Policy under President George W. Bush. And that litigation is where Pruitt's real fight is.

Under the Clean Air Act, the EPA is charged with setting national standards for vehicle tailpipe emissions of certain pollutants. But the EPA also has the authority to grant a waiver to the state of California, allowing that state (as well as the 13 states and Washington DC, which follow its requirements) to set their own, stricter standards. Those states, for example, mandate that 15 percent of all vehicles sold in 2025 to be zero-emission, a requirement that probably won’t exist in the rest of the country. But Pruitt's statement suggests that he might not allow California to continue to determine its own emissions standards.

"EPA will set a national standard for greenhouse gas emissions that allows auto manufacturers to make cars that people both want and can afford — while still expanding environmental and safety benefits of newer cars. It is in America's best interest to have a national standard, and we look forward to partnering with all states, including California, as we work to finalize that standard."

In our highly charged world of political gamesmanship, them's fightin' words. And this is consistent with the Trump administration's aggressive posture towards California's sovereignty, on everything from sanctuary cities to federal land transfers.

And California, naturally, is prepared to fight back. "We’re prepared to do everything we need to defend the process," Xavier Becerra, California's attorney general, said in an interview with The New York Times.

Environmental advocacy groups are readying for a fight, too. “The current standards have helped bring back, secure, and create jobs nationwide; they have reduced pollution; saved consumers billions at the pump; and have been integral to growing and sustaining America’s manufacturing sector over the past decade,” said a statement by the BlueGreen Alliance, a group of labor unions and environmental groups. “Weakening the rules — which is indicated to be the intent of today’s decision — could put American jobs at risk today and in coming years, and would threaten America’s competitiveness in manufacturing critical technology.”

The long road ahead

Expect the battle over this repeal to take a long time. The courts move slowly, and this is a complicated issue on which billions of dollars in car-industry R&D budgets are resting. Do automakers need to plan to meet the Obama-approved regulations in 2022, or are the forthcoming Trump/Pruitt-proposed regs going to be locked in?

It also has the potential, environmental advocates say, of perhaps putting the US on the back foot when it comes to international emissions regulations. If the EU and China end up with stronger emissions requirements, they could set the tone for car development in the rest of the world. If the US adopts weaker standards, the auto lobby could use that fact to encourage other countries to adopt weaker emissions and fuel economy standards as well. What automakers want, more than anything, is worldwide consistency so they don’t need to make different cars for different markets.

The Obama administration was trying to be the first mover on this and set the tone for everyone else, as Europe and China are just starting the standards-making process. By undoing the aggressive Obama EPA regulations, the Trump administration may lower worldwide standards at the same time. The regulations that Pruitt and the EPA want to overturn are still a few years away — but given lengthy development cycles, automakers are already well into the planning of cars that will be released in a few years. This means any uncertainty (especially around whether stronger regulations will go into effect or not) could be an expensive proposition.

In the end, many car companies are focusing on developing so-called "global cars" — vehicles that are equipped largely identically all around the world. This reduces costs through economies of scale, but also restricts cars to the lowest common denominator between all countries. If China or Europe has stricter requirements, companies (especially those who sell more cars in those markets) may choose to build to stricter requirements from those countries regardless of what the US does.

The automakers, at least publicly, are supportive of whatever the EPA decides. In reality, they’re walking a delicate line between the economic reality of tougher regulations (which would likely drive up costs) and environmental impacts. Carmakers also express a need for a single national emissions standard, not dual requirements for California and then the rest of the US.

GM and Ford both sent us boilerplate statements that don’t add much to the conversation. There isn’t, however, a single “automaker” position on the topic. Carmakers, like Ford, that have more advanced engine and manufacturing technology, are already on track to achieve the current Obama-era standards. In that case, the high standards are a competitive advantage. While others, like Fiat Chrysler, who declined to provide a standalone statement, may find meeting the Obama standards extraordinarily difficult — if not impossible.

The Auto Alliance, a trade group that represents most of the major automakers, is perfectly happy to take sides. It’s openly supportive of Pruitt's move — and has been quietly lobbying for this sort weakening of the standards:

"This was the right decision, and we support the Administration for pursuing a data-driven effort and a single national program as it works to finalize future standards. We appreciate that the Administration is working to find a way to both increase fuel economy standards and keep new vehicles affordable to more Americans.”

Arriving at a destination

To revise the Obama-era regulations, Pruitt's EPA will need to go through a formal rulemaking process, which would include a public notice (which should be coming later this month) and an open comment period. This means a public and lengthy fight — and likely will include lawsuits from multiple players including environmental groups and states opposed to the EPA's proposed changes. It could be years, even beyond the 2020 election, before this is all over.

With the potential implementation of these requirements more than three years away, nothing will need change immediately. But with both sides making hay out of the need for more (or fewer) regulations on the environment, expect the dueling press releases to continue indefinitely. And, soon enough, dueling lawsuits too.

Continue Reading

Tech

Almost 3m Europeans hit by Facebook data breach

Facebook has reportedly told the European Union that nearly three million people in the bloc could have been affected by the data-sharing scandal involving Cambridge Analytica.

According to EU Commission spokesman Christian Wigand, Facebook said that up to 2.7 million citizens may have had their data breached.

Mr Wigand said that the EU's justice commissioner Vera Jourova will have a telephone call with Mark Zuckerberg early next week regarding the data breach.

The EU and Facebook will discuss changes Facebook needs to make to protect its users in the wake of the scandal, and consider how Facebook needs to adapt to new EU data protection rules which will be implemented on 25 May.

Mr Wigand added that the EU's data protection authorities will discuss over the coming days "a strong co-ordinated approach" on how to deal with the investigation into Facebook.

Facebook logo
Image: EU authorities are to consider how to handle the Facebook scandal

Last week, Mr Zuckerberg avoided apologising for the scandal by saying: "You may have heard about a quiz app built by a university researcher that leaked Facebook data of millions of people in 2014. This was a breach of trust, and I'm sorry we didn't do more at the time."

Although the data was openly given by Facebook to the university researcher, the company has said that this was legitimate and that only its further transfer to Cambridge Analytics was illicit.

The university researcher referenced, Aleksandr Kogan, allegedly developed This Is Your Digital Life, which allowed Cambridge Analytica to potentially unlawfully collect the data of up to 87 million Facebook users, as of Facebook's last estimate.

More from Facebook

  • Zuckerberg to testify before US Congress over privacy row

  • Facebook and Instagram ban 135 Russian troll accounts over meddling

  • Facebook ends partnerships with data brokers following Cambridge Analytica scandal

  • Facebook unveils new privacy tools that let you delete data for good

  • Apple unveils new privacy controls in iOS 11.3 update amid Facebook data scandal

  • Mark Zuckerberg's refusal to face MPs is 'absolutely astonishing'

The figures released by the EU are part of Facebook's last estimate, which also includes 70,632,350 users in the US. About a million users in the UK are believed to have been affected.

Meanwhile, the company has warned that it is "reasonable to expect" that potentially every Facebook user has had their phone number and email address scraped from the site.

Continue Reading

Trending