WASHINGTON, August 7 -- North Korea has raised up to $2 billion for its weapons of mass destruction programs through cyberattacks on cryptocurrency operators and overseas banks, a report compiled by a panel of the U.N. sanctions committee on the country showed Monday.
"Democratic People's Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raised money for its WMD programs with total proceeds to date estimated at up to 2 billion U.S. dollars," the panel of independent experts said in the report, according to a portion obtained by Kyodo News. "In particular, large scale attacks against cryptocurrency exchanges allowed the DPRK to generate income in ways that are hard to trace and subject to less government oversight and regulation than the traditional banking sector," the report said. The DPRK is the acronym for North Korea's official name. According to the report, the panel looked into at least 35 cases of cyberattacks in 17 countries including Chile, India, Malaysia, South Africa and South Korea. The investigation showed "a marked increase in the scope and sophistication of cyber activities including attacks in violation of the financial sanctions," it added. The findings underscore that cash-strapped North Korea has resorted to cyberattacks as a means to acquire foreign currency amid continued international sanctions.
Additionally, the panel said in the report that North Korea's Munitions Industry Department -- a designated entity involved in supervising the country's nuclear and ballistic missile programs -- has been using its subordinate corporations to place IT workers abroad to earn foreign currency. Despite international sanctions, North Korea "enhanced its overall ballistic missile capabilities" through missile launches in May and July, the report said. Pyongyang also continued to violate sanctions "through illicit ship-to-ship transfers" in procurement of WMD-related items and luxury goods, and "as a primary means of importing refined petroleum," it said. The sanctions committee operates under the mandate of the U.N. Security Council.
SHENZHEN, July 19 -- Huawei, the world’s largest telecommunications equipment vendor, said more than half of the contracts it has signed so far to supply next-generation 5G gear are with European operators.
Huawei has secured 50 5G commercial contracts globally, of which 28 were signed in Europe, Chen Lifang, president of the telecoms giants public affairs and communications department, said in Brussels on Thursday. The Shenzhen-based company, which leads in global 5G equipment sales, did not disclose the names of its partners. Huawei’s major competitors in network development, Finland’s Nokia and Sweden’s Ericsson, had secured 43 contracts and 22 contracts as of the end June, respectively. Huawei’s crosstown rival, ZTE, has publicly announced 25 commercial deals. Huawei earned 204.5 billion yuan (US$29.8 billion) from Europe, the Middle East and Africa – its biggest overseas market region – in 2018, according to its annual report. That accounted for about 28.4 per cent of its total revenue and more than the combined contribution from the Americas and Asia-Pacific, excluding China regions. Europe, which has generally resisted pressure from the US to shut out Huawei, is an important market that the company could not afford to lose after a series of bans in North America and Oceania.
“Huawei is following closely the 5G framework of the EU, and fully supports this framework,” Chen said at the Brussels round table on Thursday, according to the transcript on Huawei EU’s official Twitter account.
PALO ALTO, July 16 -- iOS 13 is still in beta and therefore bugs are to be expected, but a recently-discovered security vulnerability in the operating system is especially worth noting.
This iOS 13 bug makes it easy for someone to gain access to the “Website & App Passwords” data in Settings. Essentially, when running iOS 13 developer beta 3 or the second public beta of iOS 13, it’s incredibly easy to bypass the Face ID or Touch ID authentication prompt in Settings when trying to access your iCloud Keychain passwords. The issue was first noted on Reddit. As detailed by iDeviceHelp on YouTube, you can access all of the saved usernames and passwords in Settings by repeatedly tapping the “Website & App Passwords” menu and avoiding the Face ID or Touch ID prompt. After several tries, iOS 13 will show all of your passwords and logins, even if you never successfully authenticated with Face ID or Touch ID.
9to5Mac confirmed that this vulnerability is present in the latest iOS 13 developer beta. Apple has been informed of the issue via the Feedback app in iOS 13, but has yet to acknowledge it. The bug is also present in the latest betas of iPadOS 13. Of course, in order to access the “Website & App Passwords” menu, someone would also need to unlock your device to begin with, whether it be through Face ID, Touch ID, or with your passcode. By running an iOS beta, you accept a certain level of risk and this vulnerability is a good example of such risk. Though, it is notable that such a major security hole is present in the public beta of iOS 13, which Apple released ahead of schedule to users. Nonetheless, you should never expect an iOS beta to be perfectly secure and stable, especially only 6 weeks into the testing process. Apple released iOS 13 beta 3 to developers on July 2nd. This means we’re likely just a day or two away from the release of iOS 13 beta 4. Ideally, iOS 13 beta 4 and iOS 13 public beta 3 will resolve this vulnerability, but there’s no guarantee.
NEW YORK, July 11 -- Instagram has launched new measures to prevent bullying online, including a novel use of artificial intelligence to catch offensive messages prior to posting.
Bullying on social media, particularly among youth, has been seen in Japan and many other countries around the world, with online problems sometimes escalating to crime or suicide. Noting that it has endeavored for years to reduce bullying via AI that detects harmful comments, photos and videos, the Facebook-owned platform said, "We started rolling out a new feature powered by AI that notifies people when their comment may be considered offensive before it's posted." Calling bullying "a complex issue," Instagram said in a release on Monday, "We can do more to prevent bullying from happening on Instagram, and we can do more to empower the targets of bullying to stand up for themselves."
The new tool "gives people a chance to reflect and undo their comment and prevents the recipient from receiving the harmful comment notification," Instagram said, adding that teens are unlikely to report online bullying even though they experience it the most. Instagram said it will also test a new method called "Restricted" to protect a user's account from unwanted interactions. "Once you restrict someone, comments on your posts from that person will only be visible to that person. You can choose to make a restricted person's comments visible to others by approving their comments." Under the new feature, restricted people will not be able to see "when you're active on Instagram or when you've read their direct messages," the operator said.
Author: Lora Smith
TEL AVIV, June 25 -- Hackers have broken into the systems of more than a dozen global telecoms companies and taken large amounts of personal and corporate data, researchers from a cyber security company said on Tuesday, identifying links to previous Chinese cyber-espionage campaigns.
Investigators at U.S.-Israeli cyber security firm Cybereason said the attackers compromised companies in more than 30 countries and aimed to gather information on individuals in government, law-enforcement and politics. The hackers also used tools linked to other attacks attributed to Beijing by the United States and its Western allies, said Lior Div, chief executive of Cybereason. “For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” he told Reuters. A spokesman for China’s Foreign Ministry said he was not aware of the report, but added “we would never allow anyone to engage in such activities on Chinese soil or using Chinese infrastructure.” Cybereason declined to name the companies affected or the countries they operate in, but people familiar with Chinese hacking operations said Beijing was increasingly targeting telcos in Western Europe.
Western countries have moved to call out Beijing for its actions in cyberspace, warning that Chinese hackers have compromised companies and government agencies around the world to steal valuable commercial secrets and personal data for espionage purposes. Div said this latest campaign, which his team uncovered over the last nine months, compromised the internal IT network of some of those targeted, allowing the attackers to customize the infrastructure and steal vast amounts of data. In some instances, they managed to compromise a target’s entire active directory, giving them access to every username and password in the organization. They also got hold of personal data, including billing information and call records, Cybereason said in a blog post. “They built a perfect espionage environment,” said Div, a former commander in Israel’s military intelligence unit 8200. “They could grab information as they please on the targets that they are interested in.”
Cybereason said multiple tools used by the attackers had previously been used by a Chinese hacking group known as APT10. The United States indicted two alleged members of APT10 in December and joined other Western countries in denouncing the group’s attacks on global technology service providers to steal intellectual property from their clients. The company said on previous occasions it had identified attacks it suspected had come from China or Iran but it was never certain enough to name these countries. Cybereason said: “This time as opposed to in the past we are sure enough to say that the attack originated in China.” “We managed to find not just one piece of software, we managed to find more than five different tools that this specific group used,” Div said.
MOSCOW, June 18 -- Using Russian equipment and software to manage the country's power grids is necessary to protect the energy system from cyber criminals, the press service of the Russian Ministry of Digital Development, Communications and Media said on Monday.
The ministry was commenting on the article in The New York Times that claims that "the United States is stepping up digital incursions into Russia's electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively." "Informational security of the energy system is one of our priorities. We are constantly working on it together with the Ministry of Energy. Using our own intelligent accounting software, telecommunications equipment, component base and secure protocols provides a guarantee against hacker attacks," spokesman for the Ministry of Digital Development, Communications and Media Yevgeny Novikov said. Novikov noted that "smart" meters can be used to remotely turn on and off the supply of resources (electricity or gas). "So a hacker attack can, for example, leave a hospital, school, or a whole city, without electricity. In a situation with gas supplies, consequences can be catastrophic," Novikov said.
LONDON, June 14 -- The UK home secretary, Sajid Javid, has revealed he has signed a request for Julian Assange to be extradited to the U.S. where he faces charges of computer hacking, The Guardian reports.
Speaking on the Today Programme on Thursday, June 13, Javid said: “He’s rightly behind bars. There’s an extradition request from the U.S. that is before the courts tomorrow but yesterday I signed the extradition order and certified it and that will be going in front of the courts tomorrow.” Javid’s decision opens the way to the court sending the WikiLeaks founder to America. Assange faces an 18-count indictment, issued by the U.S. Justice Department, that includes charges under the Espionage Act. He is accused of soliciting and publishing classified information and conspiring to hack into a government computer. Javid said: “It is a decision ultimately for the courts, but there is a very important part of it for the home secretary and I want to see justice done at all times and we’ve got a legitimate extradition request, so I’ve signed it, but the final decision is now with the courts.”
Javid’s decision follows news last week that an attempt to extradite Assange to Sweden had suffered a setback when a court in Uppsala said he did not need to be detained. The ruling by the district court prevented Swedish prosecutors from applying immediately for an extradition warrant for Assange to face an allegation of rape dating back to 2010. Assange denies the accusation. Assange is serving a 50-week sentence in Britain for skipping bail after he spent seven years in the Ecuadorian embassy in London attempting to avoid extradition to Sweden. Swedish prosecutors dropped their rape investigation in 2017 but reopened it after Ecuador rescinded its offer of asylum to Assange in April this year and allowed British police to arrest him.
MONTREUX, 28 MAY 2019 – The 67th Bilderberg Meeting will take place from May 30 – June 2, 2019 in Montreux, Switzerland.
About 130 participants from 23 countries have confirmed their attendance. As ever, a diverse group of political leaders and experts from industry, finance, academia, labour and the media has been invited.The 2019 edition of the exclusive Bilderberg Meeting will take place at the Hotel Montreux Palace in the Swiss town of Montreux from Thursday to Sunday. It will feature Swiss Finance Minister Ueli Maurer, French Economy Minister Bruno Le Maire, the head of Germany’s Christian Democrats, Annegret Kramp-Karrenbauer, and Crédit-Suisse CEO Tidjane Thiam among others. According to Swiss daily Tages Anzeiger, US Secretary of State Mike Pompeo will also be among the attendees, although he is not on the official guest list on the Bildberg website. The Swiss paper reports that Pompeo is set to sit down with Ueli Maurer. The two are tipped to discuss the situation in Iran where Switzerland represents US interests.
However, the Swiss Finance Ministry told The Local on Tuesday that no meeting was envisaged between Pompeo and Maurer. The yearly Bilderberg talk-fest, which dates back to 1954, features a guest list of around 130 people from Europe and North America including everyone from royals to business tycoons and academics. A highly secretive affair without a fixed agenda, the Bilderberg Meeting is regular fodder for conspiracy theorists who believe its participants act as a secret world government. However, organisers argue the private nature of the event gives attendees the chance to hold informal discussions about major issues. Topics up for discussion this year include climate change and sustainability, Brexit, China, Russia, the future of capitalism and the weaponization of social media. According to the official Bilderberg website, discussions are held under the Chatham House Rule, which means participants can use any information they receive during the meeting but cannot reveal its source. This year will be the second time the Bilderberg meeting has been held in Switzerland. In 2011, it was held in St Moritz in the country’s southeast.
The key topics for discussion this year are:
LIST OF PARTICIPANTS 2019
WASHINGTON, May 16 -- The US Commerce Department has announced it is blacklisting Chinese telecom giant Huawei and 70 affiliates over alleged threat to national security.
The department said it has a reason to conclude that Huawei is "engaged in activities that are contrary to US national security or foreign policy interest." It accused Huawei of providing banned financial services to Iran bypassing US sanctions and also attempts to obstruct justice during the investigation into these violations. This move will "prevent American technology from being used by foreign owned entities in ways that potentially undermine US national security or foreign policy interests," Commerce Secretary Wilbur Ross said. On Wednesday, US President Donald Trump signed an executive order declaring emergency to protect US information and telecommunications technology from external threats. The order will empower the US commerce secretary after consultations with heads of other federal agencies to block transactions deemed as a threat to national security.
In August 2018, Trump signed an order banning US government agencies from using the equipment manufactured by Huawei and another Chinese company ZTE. Huawei has said the US "unreasonable restrictions" will infringe upon its rights. "Restricting Huawei from doing business in the US will not make the US more secure or stronger; instead, this will only serve to limit the US to inferior yet more expensive alternatives," the telecom giant said in a statement, according to AFP.
JERUZALEM, May 14 -- As Apple rolled out an advertising campaign last month touting the impenetrability of the iPhone — “Privacy. That’s iPhone”, the commercials promised a secretive Israeli company called in its sales people to talk about an important update designed to thwart that very privacy.
According to one person at the meeting, the executives from NSO Group made a bold claim: using just one simple missed call on WhatsApp, it had figured out a way to “drop its payload”, a piece of software called Pegasus that can penetrate the darkest secrets of any iPhone. Within minutes of the missed call, the phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details such as private messages or location, and even turns on the camera and microphone to live-stream meetings. The software itself is not new — it was the latest upgrade to a decade-old technology so powerful that the Israeli defence ministry regulates its sale. But the WhatsApp hack was an enticing new “attack vector”, the person says. “Great from a sales point.”
It was an illustration of the sales pitch that NSO has made to governments around the world — and which have helped give a tiny and discreet company a market valuation of around $1bn. NSO’s few hundred engineers claim they have managed to manoeuvre around whatever obstacle Apple, the world’s most valuable company, has thrown in its way. Apple declined to comment for this article. At an investor presentation in London in April, the company bragged that the typical security patches from Apple do not address the “weaknesses exploited by Pegasus”, according to an unimpressed potential investor. Despite the annual software updates unveiled by companies such as Apple, NSO had a “proven record” of identifying new weaknesses, the company representative told attendees. NSO’s pitch has been a runaway success — allowing governments to buy off the shelf the sort of software that was once thought to be restricted to only the most sophisticated spy agencies, such as GCHQ in the UK and the National Security Agency in America. The sale of such powerful and controversial technologies also gives Israel an important diplomatic calling card. Through Pegasus, Israel has acquired a major presence — official or not — in the deeply classified war rooms of unlikely partners, including, researchers say, Gulf states such as Saudi Arabia and the United Arab Emirates. Although both countries officially reject the existence of the Jewish state, they now find themselves the subject of a charm offensive by Prime Minister Benjamin Netanyahu that mixes a shared hostility to Iran with intelligence knowhow. The Israeli government has never talked publicly about its relationship with NSO. Shortly after he stepped down as defence minister in November, Avigdor Lieberman, who had responsibility for regulating NSO’s sales, said: “I am not sure now is the right time to discuss this . . . I think that I have a responsibility for the security of our state, for future relations.” But he added: “It is not a secret today that we have contact with all the moderate Arab world. I think it is good news.”