fbpx
Connect with us

News

Justice Department, federal court system hit by Russian hack

Inside Telecom Staff

Published

 on

The Justice Department and the federal court system disclosed on Wednesday that they were among the dozens of U.S. government agencies and private businesses compromised by a massive, months-long cyberespionage campaign that U.S. officials have linked to elite Russia hackers.

The extent of the damage was unclear.

The department said that 3% of its Microsoft Office 365 email accounts were potentially affected, but did not say to whom those accounts belonged. There are no indications that classified systems were affected, the agency said. Office 365 isn’t just email but a collaborative computing environment, which means that shared documents were also surely accessed, said Dmitri Alperovitch, former chief technical officer of the cybersecurity firm CrowdStrike.

Separately, the Administrative Office of U.S. Courts informed federal judicial bodies across the nation that the courts’ nationwide case management system was breached. That potentially gave the hackers access to sealed court documents, whose contents are highly sensitive.

The Justice Department said that on Dec. 24 it detected “previously unknown malicious activity” linked to the broader intrusions of federal agencies revealed earlier that month, according to a statement from spokesman Marc Raimondi.

Separately, the court office said on its website that “an apparent compromise” of the U.S. judiciary’s case management and electronic case file system was under investigation.

The Department of Homeland Security was scouring the system, it said, and cited a particular risk to sealed court filings, whose disclosure could jeopardize a lot more than active criminal investigations.

“The potential reach is vast. The actual reach is probably significant,” said a federal court official who spoke on condition of anonymity because they were not authorized to disclose the information. The official confirmed that the scope of the compromise was national but it was not clear how widespread.

The sealed court files, if indeed breached, could hold information about national security, trade secrets and wiretap transcripts, along with financial data from bankruptcy cases and the names of confidential informants in criminal cases, the official added.

On Tuesday, federal law enforcement and intelligence agencies formally implicated Russia in the intrusions, calling them part of a suspected intelligence gathering operation. President Donald Trump had previously questioned that consensus, suggesting without foundation that China could be to blame.

The hacking campaign was extraordinary in scale, with the intruders stalking through government agencies including the Treasury and Commerce departments, defense contractors and telecommunications companies for months by the time the breach was discovered.

Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, although the scope of the breaches and exactly what information was sought is unknown.

An estimated 18,000 organizations were seeded with malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds. But only a subset are believed to have been compromised. Tuesday’s statement said that fewer than 10 federal government agencies have so far been identified as having been hacked.

Johns Hopkins cyberespionage expert Thomas Rid said the 3% figure of email accounts accessed at Justice may not sound like a lot, but that it doesn’t mean that the hackers “didn’t get to the interesting stuff.”

Cybersecurity experts responding to the hack say highly skilled cyber spies of the caliber behind the SolarWinds hack are apt to keep their footprint as small as possible to avoid detection — targeting only high-value email and documents.

Rid wondered how sure the Justice Department could be about the extent of its compromise.

“How good is their own visibility given that U.S. government agencies totally missed the breach in the first place?” he said. “Are they really on top of the problem? Are we only really seeing the tip of the iceberg?”

The breach was discovered by FireEye, a prominent cybersecurity company, on its network. It then identified and notified other victims.

Experts expect the severity of the hack and the number of victims identified to increase over time.

“History tells us that if you have a large breach, not just in one organization but across an entire government — an entire sector — it will take a long time to identify who are the victims and how badly they are compromised,” said Rid.

Microsoft declined to comment on long the intruders were reading emails in the Justice Department’s Office 365 environment, which is typically a cloud-based service hosted by the software provider.

WASHINGTON (AP) — By ERIC TUCKER and FRANK BAJAK

Advertisement

We’re a diverse group of industry professionals from all corners of the world. Our desire is to provide a high-quality telecoms publication that caters to an international market, offering the latest and most relevant telecoms information to businesses, entrepreneurs and enthusiasts.

Continue Reading
Advertisement

News

EU regulator: Hackers ‘manipulated’ stolen vaccine documents

Inside Telecom Staff

Published

 on

EU regulator Hackers 'manipulated' stolen vaccine documents

The European Union’s drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but “manipulated.”

The European Medicines Agency said that an ongoing investigation showed that hackers obtained emails and documents from November related to the evaluation of experimental coronavirus vaccines. The agency, which regulates drugs and medicines across the 27-member EU, had troves of confidential COVID-19 data as part of its vaccine approval process.

“Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines,” the Netherlands-based agency said.

“We have seen that some of the correspondence has been published not in its integrity and original form and, or with, comments or additions by the perpetrators.”

The agency did not explain exactly what information was altered — but cybersecurity experts say such practices are typical of disinformation campaigns launched by governments.

Italian cybersecurity firm Yarix said it found the 33-megabyte leak on a well-known underground forum with the title “Astonishing fraud! Evil Pfffizer! Fake vaccines!” It was apparently first posted on Dec. 30 and later appeared on other sites, including on the dark web, the company said on its website.

Yarix said “the intention behind the leak by cybercriminals is certain: to cause significant damage to the reputation and credibility of EMA and Pfizer.”

Cybersecurity consultant Lukasz Olejnik said he believed the intention was far more broad.

“I fear this release has a significant potential of sowing distrust in the EMA process, the vaccines, and vaccination in Europe in general,” he said. “While it is unclear as to who may be behind this operation, it is evident that someone determined allocated resources to it.”

“This is an unprecedented operation targeting the validation of pharmaceutical material, with potentially broad negative effects on the health of Europeans if it leads to undermining trust in the vaccine,” Olejnik added.

The EMA said law enforcement authorities are taking “necessary action” in response to the hack and a criminal investigation is ongoing.

It said that given the devastating toll of the pandemic, there was an “urgent public health need to make vaccines available to EU citizens as soon as possible.” The EMA insisted that despite that urgency, its decisions to recommend the green-lighting of vaccines were based “on the strength of the scientific evidence on a vaccine’s safety, quality and efficacy, and nothing else.”

The EMA, which is based in Amsterdam, came under heavy criticism from Germany and other EU member countries in December for not approving vaccines against the virus more quickly. The agency issued its first recommendation for the Pfizer and BioNTech vaccine weeks after the shot received approval in Britain, the United States, Canada and elsewhere.

The EMA recommended a second vaccine, made by Moderna, for use earlier this month. A third shot made by AstraZeneca and Oxford is currently under consideration by the agency.


LONDON (AP) — By MARIA CHENG

Continue Reading

News

Deaths, self-immolation draw scrutiny on China tech giants

Inside Telecom Staff

Published

 on

Deaths, self-immolation draw scrutiny on China tech giants

E-commerce workers who kept China fed during the coronavirus pandemic, making their billionaire bosses even richer, are so unhappy with their pay and treatment that one just set himself on fire in protest.

China’s internet industries already were known for long, demanding days. With millions of families confined at home, demand surged and employees delivered tons of vegetables, rice, meat, diapers and other supplies, often aboard scooters that exposed them to sub-freezing winter cold.

For white-collar workers in the technology industry, pay is better than in some industries but employees are often expected to work 12 hours a day or more.

The human cost caught public attention after the deaths of two employees from e-commerce platform Pinduoduo, known for selling fresh produce at low prices. Their deaths prompted suggestions they were overworked. In an indication of high-level concern, the official Xinhua News Agency called for shorter work hours, describing long hours of overtime at the expense of employees’ health as an “illegal” operation.

Renewed concerns over dire working conditions for delivery drivers also came to the forefront when a video circulated on Chinese social media showing what it said was a driver for Ele.me, part of e-commerce giant Alibaba Group, setting himself on fire to protest unpaid wages.

The controversy is a blow to the image of internet industries that are transforming China’s economy and generating new jobs. They have made some of the founders among the world’s wealthiest entrepreneurs. During the heights of the pandemic, the fortunes of the biggest, including Alibaba founder Jack Ma and Pinduoduo founder Colin Huang, swelled as online consumer spending boomed.

In a video widely circulated on Chinese social media, 45-year-old delivery driver Liu Jin poured gasoline and set himself on fire outside a distribution station for Eleme in the eastern city of Taizhou, shouting that he wanted his money. Others snuffed the flames and rushed him to a hospital, where he is being treated for third-degree burns on his body.

Details of Liu’s complaint could not be verified and Eleme did not immediately respond to a request for comment.

Separately, a 43-year-old delivery driver collapsed on the job and died last week while delivering food for Eleme.

The company said in a statement that it will give 600,000 yuan ($92,700) to the driver’s family and raised its insurance coverage for drivers to that level. Its statement said Eleme “had not done enough in terms of accidental death insurance, and needs to do more.”

The issue was highlighted again after a Pinduoduo employee surnamed Tan committed suicide after taking leave from the firm to return to his hometown, less than two weeks after a 22-year-old employee surnamed Zhang in Urumqi collapsed while walking home from work with colleagues, and later passed away.

Pinduoduo, China’s third-largest e-commerce firm, released statements saying it was providing assistance and support to the families of the two employees who died. Shanghai authorities also are reviewing working hours, contracts and other conditions at the company.

The deaths raised an outcry on social media, with many people suspecting that they were a result of overwork. Chinese social media users blasted the country’s technology sector, criticizing not just Pinduoduo for a culture of long hours but pointing out that this was an industry-wide problem, with similar company cultures seen at most of China’s large technology companies.

They also revived a national debate over the tech sector’s so-called “996” working culture, in which employees often work from 9 a.m. to 9 p.m. six days a week. Companies sometimes pay huge bonuses to some employees, enticing them to work more overtime.

“We must strive to succeed in pursuit of dreams, but the legitimate rights and interests of workers cannot be ignored or even violated,” said state-owned Xinhua News Agency in a post on microblogging site Weibo.

The issue has also cast a spotlight on the working conditions of delivery drivers, who are under heavy pressure to get orders to customers quickly and at times make less than 10 yuan ($1.55) per delivery. If they fail to meet deadlines, fines imposed can range from as little as 1 yuan ($0.15) to as much as 500 yuan ($77.30) if a customer lodges a complaint.

As part of the gig economy, such delivery workers often do not get the benefits provided to full-time employees, such as social or medical insurance.

Since there are many people willing to work under those conditions, it is hard for employees to negotiate better pay and conditions.

Last August, the All-China Federation of Trade Unions (ACFTU) — the only trade union allowed to legally exist in communist-ruled China — said that 6.5 million delivery workers had joined it since 2018. However, the worker rights group China Labor Bulletin, which tracks labor relations in China, says little has been done to improve workers’ ability to win better treatment from companies. The union provides only skills training, legal assistance and some medical benefits.

“Labor unions need to become more effective, otherwise labor laws cannot be enforced,” said Li Qiang, founder of China Labor Watch, another organization that monitors labor rights.

Under China’s labor laws, workers and laborers should work no longer than eight hours a day, or more than 44 hours a week on average. Total amount of overtime should not exceed more than 36 hours in a month, and should only be done “after consultation with the trade union and laborers”.

However, even though the labor laws exist, they are rarely enforced as employees become mired in a culture of overwork while striving for bonuses or in cases of delivery drivers, to eke out a living.

Delivery workers are part of a corporate culture where even white-collar employees in the technology sector work excessively long hours, Li noted.

“Employees who do not work overtime cannot survive in technology or white-collar jobs. Everyone is working overtime. If they do not work overtime, they will be terminated,” Li said.

Putting workers at an even bigger disadvantage, indemnity clauses are at times written into workers’ contracts in some industries, absolving a company from responsibility for death on the job and other such events, said Li of China Labor Watch. Although such clauses may violate China’s labor laws, the legal system in China is opaque and laws can be difficult to enforce.

“In Western countries, if an employee dies because of working overtime, then the legal and economic costs will be greater, and they are generally more restrained as the country’s laws will intervene,” said Li. “But in China, there is no bottom line when it comes to working overtime, and companies are generally not held liable in the event of death.”

HONG KONG (AP) — By ZEN SOO AP Technology Writer

Continue Reading

News

Twitter CEO defends Trump ban, warns of dangerous precedent

Inside Telecom Staff

Published

 on

Twitter CEO defends Trump ban, warns of dangerous precedent

Twitter CEO Jack Dorsey defended his company’s ban of President Donald Trump in a philosophical Twitter thread that is his first public statement on the subject.

When Trump incited his followers to storm the U.S. Capitol last week, then continued to tweet potentially ominous messages, Dorsey said the resulting risk to public safety created an “extraordinary and untenable circumstance” for the company. Having already briefly suspended Trump’s account the day of the Capitol riot, Twitter on Friday banned Trump entirely, then smacked down the president’s attempts to tweet using other accounts.

“I do not celebrate or feel pride in our having to ban @realDonaldTrump from Twitter,“ Dorsey wrote. But he added: ”I believe this was the right decision for Twitter.”

Dorsey acknowledged that shows of strength like the Trump ban could set dangerous precedents, even calling them a sign of “failure.” Although not in so many words, Dorsey suggested that Twitter needs to find ways to avoid having to make such decisions in the first place. Exactly how that would work isn’t clear, although it could range from earlier and more effective moderation to a fundamental restructuring of social networks.

In Dorsey-speak, that means Twitter needs to work harder to “promote healthy conversation.”

Extreme measures such as banning Trump also highlight the extraordinary power that Twitter and other Big Tech companies can wield without accountability or recourse, Dorsey wrote.

While Twitter was grappling with the problem of Trump, for instance, Apple, Google and Amazon were effectively shutting down the right-wing site Parler by denying it access to app stores and cloud-hosting services. The companies charged that Parler wasn’t aggressive enough about removing calls to violence, which Parler has denied.

Dorsey declined to criticize his Big Tech counterparts directly, even noting that “this moment in time might call for this dynamic.” Over the long term, however, he suggested that aggressive and domineering behavior could threaten the “noble purpose and ideals” of the open internet by entrenching the power of a few organizations over a commons that should be accessible to everyone.

The Twitter co-founder, however, had little specific to say about how his platform or other Big Tech companies could avoid such choices in the future. Instead, he touched on an idea that, taken literally, sounds a bit like the end of Twitter itself — a long-term project to develop a technological “standard” that could liberate social networks from centralized control by the likes of Facebook and Twitter.

But for the moment, Dorsey wrote, Twitter’s goal “is to disarm as much as we can, and ensure we are all building towards a greater common understanding, and a more peaceful existence on earth.”


SAN FRANCISCO (AP) — By DAVID HAMILTON

Continue Reading

Trending