German Firm Suffers Massive Cyberattack; Facebook Tackles Fake News

Posted December 8th, 2016 at 11:49 am (UTC-4)
Leave a comment

Today’s Tech Sightings:

FILE - The logo of ThyssenKrupp is seen at the headquarters of the steel maker and multinational conglomerate in Essen, Germany, April 20, 2016. (Reuters)

FILE – The logo of ThyssenKrupp is seen at the headquarters of the steel maker and multinational conglomerate in Essen, Germany, April 20, 2016. (Reuters)

ThyssenKrupp Secrets Stolen in ‘Massive’ Cyberattack

Germany’s ThyssenKrupp AG conglomerate said Thursday a massive cyberattack stole trade secrets from its steel production and manufacturing plant design divisions. The attack was discovered in April and traced back to February. The company, one of the world’s largest steel makers, is still trying to determine the extent of the stolen data. But its officials blamed unnamed organized and highly professional hackers in Southeast Asia for the theft.

Sheryl Sandberg Promises Facebook Is Working on Its Fake News Problem

Facebook’s chief operating officer Sheryl Sandberg said the social media service cannot escape criticism over its part in propagating fake news, but that it has been working to address the issue. Sandberg said Facebook has taken important steps to rectify the problem, but that much remains to be done.

Politics, Celebrity Deaths Dominated Facebook Discussions in 2016

Pokemon GO had its fair share of the conversation on Facebook in 2016, but it only came in third place. The most discussed topics on Facebook were first and second the U.S. presidential election and Brazilian politics. After that came Black Lives Matter, the Philippines, the Olympics, Brexit, the Super Bowl 50, David Bowie, and Muhammad Ali. Facebook’s most watched video in 2016 had absolutely nothing to do with any of the above and a lot to do with the movie Star Wars.

More:

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Malicious Ads Put Millions at Risk; the Trouble With Smart Cities

Posted December 7th, 2016 at 1:03 pm (UTC-4)
Leave a comment

Today’s Tech Sightings:

FILE - Adobe company logos are seen in this picture illustration taken in Vienna. (Reuters)

FILE – Adobe company logos are seen in this picture illustration taken in Vienna. (Reuters)

Malicious Online Ads Expose Millions to Possible Hack

Cybersecurity firm ESET says infected banner ads have put millions of internet users at risk of installing Trojans and spyware on their computers since October. The company said Stegano, as the attack campaign is called, has spread from malicious ads on several reputable sites, targeting Internet Explorer users and exploiting Adobe Flash vulnerabilities in order to gain access to various password credentials.

The Smart City Security Nightmare

Smart, connected cities sound like a great idea, and the technology sector is pushing hard to bring this vision to life. But not enough thought is going into potential security risks as more public infrastructure goes online. This was one of the topics at the 2016 Smart City Summit in Boston, where participants cautioned that lack of attention to the security of connected devices could spell disaster on a large scale.

New Zealand Passport Robot Tells Applicants of Asian Decent to Open Eyes

Facial recognition software in New Zealand rejected the passport photograph of an Asian man after mistakenly registering that his eyes were closed. Richard Lee submitted his photo to one of the government’s online passport photo checkers, but the photo was rejected even though Lee’s eyes were not closed. One official said up to 20 percent of passport photos submitted online are rejected.

More:

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Connected Toys Raise New Fears; Hackers Target Wi-Fi Router Keys

Posted December 6th, 2016 at 12:43 pm (UTC-4)
Leave a comment

Today’s Tech Sightings:

FILE - Yui Matusmoto, 4, plays with Edwin the Duck, a digital duck toy, in the living room of his home in Tokyo, In this Monday, May 23, 2016,.

FILE – Yui Matusmoto, 4, plays with Edwin the Duck, a digital ‘smart duck’ toy, in the living room of his home in Tokyo, Japan,  May 23, 2016,.

Consumer Groups Warn Connected Toys Open Bedroom Door to Strangers

The Norwegian Consumer Council and various consumer rights groups in Europe and the United States say Internet-connected toys subject children to hidden marketing messages and let them chat with strangers over their Bluetooth connection. The toys also record conversations and send them to voice recognition service providers without the explicit consent of users. The groups also found that the toys do not authenticate their Bluetooth pairings, meaning any stranger within radio range can detect them and connect.

Phishing-as-a-service Is Making It Easier for Hackers to Steal Your Data

If ransomware-as-a-service isn’t enough to get every crook into the data-hijacking business, there’s a new game in town – phishing-as-a-service. According to a report from Imperva’s Hacker Intelligence Initiative, there is a Phishing-as-a-Service store on the Russian black market that offers beginner scammers a “complete solution” to phishing, including email databases, scam templates and storage for stolen credentials.

Hackers Actively Stealing Wi-Fi Keys From Vulnerable Routers

If you just bought yourself a new Wi-Fi router, it is highly recommended that you change the default password. Hackers are now focused on compromising – and resetting – Wi-Fi keys, according to UK consultants, Pen Test Partners. Customers of UK ISP TalkTalk are among the most vulnerable.

More:

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Ransomware Gets Bolder as Bigger Players Join the Game

Posted December 2nd, 2016 at 11:00 am (UTC-4)
Leave a comment

(T. Benson for VOA)

(T. Benson for VOA)

Ransomware attacks are becoming more brazen if the November 25 assault on the San Francisco Municipal Transportation Agency’s (SFMTA) is any indication. And cybersecurity experts project a surge in these types of digital assault as new players get into the act.

“Unfortunately, this is a trend,” said Comodo Senior Research Scientist, Kenneth Geers. “And it works.”

“They seize your data virtually, encrypt it, and then they make you pay for this private key that is the only thing, according to the laws of mathematics, that will unencrypt your data and allow you to access it,” he said in an interview.

Different types of hacker groups are doing ransomware. Some go after any vulnerable target they find so long as they can make money. Increasingly, though, “the criminals who are doing ransomware are organized and sophisticated, said Dan Hubbard, Cisco Systems’ Chief Technology Officer for Cloud Security. These groups deliberately target different, possibly major entities or businesses that have a higher potential for profit.

“The trends we’re seeing are that there are larger groups doing it,” he told Techtonics. “Before, there was a narrow number of attacker groups that were actually doing ransomware, and that has broadened pretty considerably.”

Hubbard believes one of the key reasons ransomware attacks are becoming more pervasive is ransomware-as-a-service – a business model available to criminals online, complete with tech support. “They don’t necessarily have to be technical. They pay someone else who has the technical capabilities to do this.”

“Over the last maybe year and a half,” he added, “it has escalated and become quite more sophisticated and pervasive,” with various groups finding better and more sophisticated techniques to evade security products and deceive users into installing and running malicious software.

Where these criminals are is anybody’s guess, though many cybersecurity experts suspect Russian hackers. But Comodo’s research puts Albania at the top of the list of countries with the highest ratio of ransomware.

“Albania, South Korea, Finland, China, Denmark – those are our top five,” said Geers.

While it’s hard to predict where ransomware might hit next, Geers said sometimes, language and culture play a role, particularly if the hackers are using social engineering to manipulate people and trick them into divulging personal information.

“I suspect one of these organization might well be Albanian if they’re able to so effectively infiltrate [the] state,” he said. “But Russia is on … the top of everybody’s list – it’s number six on ours – by ratio.”

Old tricks still work

Attackers using ransomware encrypt files on mobile devices or PCs and lock out their users until they comply with a demand to pay ransom. (Ted Benson for VOA)

Attackers using ransomware encrypt files on mobile devices or PCs and lock out their users until they comply with a demand to pay ransom. (Ted Benson for VOA)

Ransomware attacks – or variations of them – are not new. Lockers, as they were called, were used as early as 1989 to block data access on browsers or desktops. In some cases, the hackers would grab a picture of the owner or the IP address of the computer and claim to be law enforcement agents. They then would tell the victim he has done something illegal and must pay a fine.

“This still happens all the time around the world,” said Geers. “… And a lot of people pay. And it’s lucrative for criminals.”

The scheme has netted criminals millions of dollars in “fines.” But over time, ransomware evolved into strong encryption. “They’ve gone a step further, essentially from 2013, in particular, on,” he said. “And they don’t need to threaten you as much.”

Once a cryptovirus has been loaded on a targeted device, hackers can access all sorts of documents, emails and system privileges. And while businesses, regardless of their size, are preferred targets, the lines between consumers and workers are becoming increasingly blurry as people use their own devices to work from home or in their car, or follow up on personal things at work.

Additional Resources

“That means that, as an individual, you’ve got to take some level of shared responsibility to be educated around the types of attacks and to understand that these things could happen to you as an individual and could potentially affect your company,” said Hubbard. “So obviously education is always an important thing … certainly awareness of this problem.”

Ironically, some companies believe this is something that can never happen to them. Hubbard cautioned, however, that anyone “can be a target at any time” – even individuals who suddenly cannot access their documents or find themselves looking at a ransom note on the screen.

It’s a good thing then SFMTA was prepared – sort of.

The hacker who compromised the agency’s data systems demanded a ransom of $73,000 in Bitcoin to release the files. But a viable data backup saved the day, so paying the ransom was not necessary. And as poetic justice would have it, a security researcher hacked the email the hacker provided for the ransom and obtained valuable clues on his identity and whereabouts.

Paying the ransom is a bad idea. Those that decide to go that route are often marked as a potential repeat target. And unless your hackers are business-minded enough to return your files, be prepared for the consequences.

“It really doesn’t guarantee anything if you pay,” said Geers. “A lot of times, law firms or hospitals – they’ll just pay the 50 euros, 100 euros or dollars in order to get their data back, but from a criminal syndicate perspective, that puts you in a category of someone who can and will pay, which is also dangerous.”

Even if you pay the ransom, hackers plan ahead, often leaving backdoors that allow them to get back in. And that makes it more difficult for the user to completely reinstall the compromised system or network from the ground up, a time-consuming and expensive process.

This is why a viable backup is crucial for recovery. And both Geers and Hubbard stress the importance of having a data backup offline on a separate device.

“Back up your data in what is called ‘cold storage’ – so offline,” said Geers. “… But … computer security goes back to best practices, which start with people.”

Keep your software up to date and remain vigilant for malicious apps and email payloads. Develop a response strategy, and if ransomware strikes, know what to do and who to call.

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Wechat’s Censorship Game; FireEye: Russia Weaponized Social Media

Posted December 1st, 2016 at 12:29 pm (UTC-4)
Leave a comment

Today’s Tech Sightings:

FILE - A WeChat logo is displayed on a mobile phone as a woman talks on her mobile phone in this picture illustration taken July 21, 2016. (Reuters)

FILE – A WeChat logo is displayed on a mobile phone as a woman talks on her mobile phone in this picture illustration taken July 21, 2016. (Reuters)

Report: China’s WeChat Censors Users Abroad

A new report from Toronto’s Citizen Lab says China’s top messaging app WeChat censors or blocks key words and sensitive terms in messages sent from overseas to mainland China. The block affects group chats of three or more users and messages containing terms not sanctioned by Beijing or are linked to Chinese phone numbers.

FireEye: Russia Weaponized Social Media in US Election

Cybersecurity firm FireEye says in addition to hacking and document leaks, Moscow used social media as a weapon during the U.S. presidential campaign in November to influence perceptions. A FireEye analysis of thousands of online posts, links, and documents found material stolen by Russian intelligence being heavily promoted through fake social media accounts and narratives.

A Beginner’s Guide to Beefing Up Your Privacy and Security Online

These days, it’s harder than ever to protect you privacy amid an ongoing rash of cybersecurity breeches and expanded government surveillance. But there are steps you can take to beef up your digital privacy. Writer Andrew Cunningham offers some basic guidelines to help the uninitiated.

More:

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Google Hacked; Trump Mobile Alerts Are Coming to Your Phone

Posted November 30th, 2016 at 2:28 pm (UTC-4)
Leave a comment

Today’s Tech Sightings:

FILE - This March 23, 2010, file photo shows the Google logo at the Google headquarters in Brussels. (AP)

FILE – This March 23, 2010 photo shows the Google logo at the Google headquarters in Brussels. (AP)

At Least 1 Million Google Accounts Breached by Gooligan Android Malware

An Android-based malware dubbed Gooligan has compromised up to one million Google accounts. Researchers from security firm Check Point Software Technologies found the strain in at least 86 apps available in third-party marketplaces. When the apps are installed, they gain high-level access to devices running version 4 and 5 of Google’s Android operating system. The malware then steals authentication tokens that allow access to various Google accounts. Here’s how to find out if you were affected.

Starting January 20, Trump Can Send Unblockable Mass Text Messages to Entire Nation

The U.S. Congress created Wireless Emergency Alerts in 2006 to inform mobile phone users nationwide about critical emergencies. But starting next year, President-elect Donald Trump will be able to mass-text every single America – and you will not be able to block the them, thanks to a congressional demand that carriers make this line of communication unblockable.

Reported Webcam Blackmail Cases Double in UK, Are Linked to Four Suicides

Britain’s National Crime Agency says reported webcam blackmail cases have more than doubled over the past year and have been connected to at least four suicides. The numbers have gone up to 864 from 385 webcam cases in 2015. Ninety-five percent of the victims are men 21-30 years of age, and all the suicide victims were men.

More:

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Television Is Taking Over Social Media; 2016’s Biggest Breaches

Posted November 29th, 2016 at 11:21 am (UTC-4)
Leave a comment

Today’s Tech Sightings:

FILE - A 3D plastic representation of the Facebook logo is seen in front of displayed logos of social networks in this illustration in Zenica, Bosnia and Herzegovina. (Reuters)

FILE – A 3-D plastic representation of the Facebook logo is seen in front of displayed logos of social networks in this illustration in Zenica, Bosnia and Herzegovina. (Reuters)

Social Media Is Killing Discourse Because It’s Too Much Like TV

Writer Hossein Derakshan argues social media now represents the ascendance of television over other media. As video and graphic content replace text and hypertext, he says social media is recreating television, albeit with new problems. On social media, he argues, algorithms determine what content to display to maximum emotional effect. The outcome, he says, “is a proliferation of emotions, a radicalization of those emotions, and a fragmented society. This is way more dangerous for the idea of democracy founded on the notion of informed participation.”

SafariSeat’s Wheelchair for Developing Countries Hits 300 Percent Crowdfudning

In many African countries, people who use wheelchairs find it hard to maneuver in the absence of ramps or friendly terrain. But SafariSeat wants to change that with an all-terrain open source wheelchair. The wheelchair, which so far has been overfunded on Kickstarter, is designed for developing countries and can be assembled locally with bicycle parts. The crowdfunding campaign will fund as many chairs as the company is able to build and an open source manual to allow communities to build their own wheelchairs.

These Were the Biggest Hacks, Leaks and Data Breaches of 2016

Hack attacks have become bolder and more sophisticated in recent years. And 2016 has seen some of the biggest on record. ZDNet looks at some of 2016’s biggest and most dangerous attacks and leaks that compromised the personal information of millions of people.

More:

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

By the Way

Posted November 25th, 2016 at 11:35 am (UTC-4)
Leave a comment

Techtonics is taking the day off. Please check back with us on Tuesday.

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

By the Way

Posted November 24th, 2016 at 11:30 am (UTC-4)
Leave a comment

Techtonics is taking a couple of days off. Please check back with us on Tuesday.

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.

Posted November 23rd, 2016 at 10:11 am (UTC-4)
Leave a comment

Techtonics is taking a few days off. Please check back with us on Tuesday.

Aida Akl
Aida Akl is a journalist working on VOA's English Webdesk. She has written on a wide range of topics, although her more recent contributions have focused on technology. She has covered both domestic and international events since the mid-1980s as a VOA reporter and international broadcaster.