arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

For China’s Business Elites, Staying Out of Politics Is No Longer an Option

Internet infrastructure operators like Didi must now prove their political and legal legitimacy to the government, Ma Changbo, an online media start-up founder, wrote on his WeChat social media account.

“This is the second half of the U.S.-China decoupling,” he wrote. “In the capital market, the model of playing both sides of the fence is coming to an end.”

Didi, Ms. Liu and Mr. Liu didn’t immediately respond to requests for comment.

China’s internet companies have benefited from the best of two worlds since the 1990s. Many received foreign venture funding — Alibaba, the e-commerce giant, was funded by Yahoo and SoftBank, while Tencent, another internet titan, was backed by South Africa’s Naspers. They also copied their business models from Silicon Valley companies.

The Chinese companies gained further advantages when Beijing blocked almost all big American internet companies from its domestic market, giving its home players plenty of room to grow. Many Chinese internet firms later went public in New York, where investors have a bigger appetite for innovative and risky start-ups than in Shanghai or Hong Kong. So far this year, more than 35 Chinese companies have gone public in the United States.

Now the Didi crackdown is changing the calculations for many in China’s tech industry. One entrepreneur who has set her sights on a listing in New York for her enterprise software start-up said it would be harder to go public in Hong Kong with a high valuation because what her company did — software as a service — was a relatively new idea in China.

A venture capitalist in Beijing added that because of China’s data security requirements, it was now unlikely that start-ups in artificial intelligence and software as a service would consider going public in New York. Few people were willing to speak on the record for fear of retaliation by Beijing.

At the same time, the United States has become more hostile to Chinese tech companies and investors. As Washington has ramped up its scrutiny of deals that involve sensitive technologies, it has become almost impossible for Chinese venture firms to invest in Silicon Valley start-ups, several investors said.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

WhatsApp Sues India’s Government to Stop New Internet Rules

SAN FRANCISCO — WhatsApp sued the Indian government on Wednesday to stop what it said were oppressive new internet rules that would require it to make people’s messages “traceable” to outside parties for the first time.

The lawsuit, filed by WhatsApp in the Delhi High Court, seeks to block the enforceability of the rules that were handed down by the government this year. WhatsApp, a service owned by Facebook that sends encrypted messages, claimed in its suit that the rules, which were set to go into effect on Wednesday, were unconstitutional.

Suing India’s government is a highly unusual step by WhatsApp, which has rarely engaged with national governments in court. But the service said that making its messages traceable “would severely undermine the privacy of billions of people who communicate digitally” and effectively impair its security.

“Civil society and technical experts around the world have consistently argued that a requirement to ‘trace’ private messages would break end-to-end encryption and lead to real abuse,” a WhatsApp spokesman said. “WhatsApp is committed to protecting the privacy of people’s personal messages and we will continue to do all we can within the laws of India to do so.”

a broadening battle between the biggest tech companies and governments around the world over which of them has the upper hand. Australia and the European Union have drafted or passed laws to limit the power of Google, Facebook and other companies over online speech, while other countries are trying to rein in the companies’ services to stifle dissent and squash protests. China has recently warned some of its biggest internet companies against engaging in anticompetitive practices.

In India, Prime Minister Narendra Modi and his ruling Bharatiya Janata Party have worked for several years to corral the power of the tech companies and more strictly police what is said online. In 2019, the government proposed giving itself vast new powers to suppress internet content, igniting a heated battle with the companies.

The rules that WhatsApp is objecting to were proposed in February by Ravi Shankar Prasad, India’s law and information technology minister. Under the rules, the government could require tech companies to take down social media posts it deemed unlawful. WhatsApp, Signal and other messaging companies would also be required to create “traceable” databases of all messages sent using the service, while attaching identifiable “fingerprints” to private messages sent between users.

WhatsApp has long maintained that it does not have insight into user data and has said it does not store messages sent between users. That is because the service is end-to-end encrypted, which allows for two or more users to communicate securely and privately without allowing others to access the messages.

More than a billion people rely on WhatsApp to communicate with friends, family and businesses around the world. Many users are in India.

ordered to take down dozens of social media posts that were critical of Mr. Modi’s government and its response to the coronavirus pandemic, which has ravaged the country. Government officials said the posts should be removed because they could incite panic and could hinder its response to the pandemic.

The social media companies complied with many of the requests by making the posts invisible inside India, though they were still visible to people outside the country. In the past, Twitter and Facebook have reposted some content after determining that it didn’t break the law.

Tensions between tech companies and the Indian government escalated this week when the police descended on the New Delhi offices of Twitter to contest labels affixed to certain tweets from senior members of the government. While Twitter’s offices were empty, the visit symbolized the mounting pressure on social media companies to rein in speech seen as critical of the ruling party.

Facebook and WhatsApp have long maintained working relationships with the authorities in dozens of countries, including India. Typically, WhatsApp has said it will respond to lawful requests for information and has a team that assists law enforcement officials with emergencies involving imminent harm.

Only rarely has WhatsApp pushed back. The service has been shut down many times in Brazil after the company resisted requests for user data from the government. And it has skirmished with U.S. officials who have sought to install “back doors” in encrypted messaging services to monitor for criminal activity.

But WhatsApp argued that even if it tried enacting India’s new “traceability” rules, the technology would not work. Such a practice is “ineffective and highly susceptible to abuse,” the company said.

Other technology firms and digital rights groups like Mozilla and the Electronic Frontier Foundation said this week that they supported WhatsApp’s fight against “traceability.”

“The threat that anything someone writes can be traced back to them takes away people’s privacy and would have a chilling effect on what people say even in private settings, violating universally recognized principles of free expression and human rights,” WhatsApp said.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source

Apple’s Compromises in China: 5 Takeaways

Apple has created an internal bureaucracy that rejects or removes apps the company believes could run afoul of Chinese rules. Apple trains its app reviewers and uses special software to inspect apps for any mention of topics Apple has deemed off limits in China, including Tiananmen Square, the Chinese spiritual movement Falun Gong, the Dalai Lama, and independence for Tibet and Taiwan.

Apple said it removes apps in China to comply with local laws.

In 2018, China’s internet regulators ordered Apple to reject an app from Guo Wengui, a Chinese billionaire who had broadcast claims of corruption inside the Communist Party. Top Apple executives then decided to add Mr. Guo to Apple’s “China sensitivities list,” which meant software would scan apps for mention of him and app reviewers would be trained to reject his apps, according to court documents.

When an app by Mr. Guo later slipped by Apple’s defenses and was published to the App Store, Chinese officials contacted Apple wanting answers. Apple’s app review chief then sent colleagues an email at 2:32 a.m. that said, “This app and any Guo Wengui app cannot be on the China store.” Apple investigated the incident and later fired the app reviewer who had approved the app.

Apple said that it had fired the app reviewer for poor performance and that it had removed Mr. Guo’s app in China because it had determined it was illegal there.

Since 2017, roughly 55,000 active apps have disappeared from Apple’s App Store in China, with most remaining available in other countries, according to a Times analysis.

More than 35,000 of those apps were games, which in China must get approval from regulators. The remaining 20,000 cut across a wide range of categories, including foreign news outlets, gay dating services and encrypted messaging apps. Apple also blocked tools for organizing pro-democracy protests and skirting internet restrictions, as well as apps about the Dalai Lama.

Apple disputed The Times’s figures, saying that some developers removed their own apps from China.

View Source

Censorship, Surveillance and Profits: A Hard Bargain for Apple in China

On Chinese iPhones, Apple forbids apps about the Dalai Lama while hosting those from the Chinese paramilitary group accused of detaining and abusing Uyghurs, an ethnic minority group in China.

The company has also helped China spread its view of the world. Chinese iPhones censor the emoji of the Taiwanese flag, and their maps suggest Taiwan is part of China. For a time, simply typing the word “Taiwan” could make an iPhone crash, according to Patrick Wardle, a former hacker at the National Security Agency.

Sometimes, Mr. Shoemaker said, he was awakened in the middle of the night with demands from the Chinese government to remove an app. If the app appeared to mention the banned topics, he would remove it, but he would send more complicated cases to senior executives, including Mr. Cue and Mr. Schiller.

Apple resisted an order from the Chinese government in 2012 to remove The Times’s apps. But five years later, it ultimately did. Mr. Cook approved the decision, according to two people with knowledge of the matter who spoke on the condition of anonymity.

Apple recently began disclosing how often governments demand that it remove apps. In the two years ending June 2020, the most recent data available, Apple said it approved 91 percent of the Chinese government’s app-takedown requests, removing 1,217 apps.

In every other country combined over that period, Apple approved 40 percent of requests, removing 253 apps. Apple said that most of the apps it removed for the Chinese government were related to gambling or pornography or were operating without a government license, such as loan services and livestreaming apps.

Yet a Times analysis of Chinese app data suggests those disclosures represent a fraction of the apps that Apple has blocked in China. Since 2017, roughly 55,000 active apps have disappeared from Apple’s App Store in China, according to a Times analysis of data compiled by Sensor Tower, an app data firm. Most of those apps have remained available in other countries.

View Source

A Phishing Test Promised Workers a Covid Bonus. Now They Want an Apology.

A report released this week by Britain’s National Cyber Security Centre showed a 15-fold increase in the number of scams removed from the internet, and said the agency had taken more fraudulent sites offline in the past year than in the previous three years combined.

In the first quarter of this year, according to government statistics, almost 40 percent of businesses in Britain reported digital breaches or attacks, with an average cost for medium to large firms of around 13,400 pounds, or $18,800. And the cost of a serious breach can be far more daunting: One study conducted last year by the Ponemon Institute for IBM Security, which interviewed 524 organizations across 17 countries, found that data breaches in 2020 cost an organization on average $3.86 million.

Phishing has also been used by scammers attempting to swindle grandparents out of their savings, by intelligence agencies to gain information and diplomatic leverage, and by IT departments to see if employees are paying attention.

“A sufficiently well-designed phishing email will get clicked on 100 percent of the time,” said Steven J. Murdoch, a professor of security engineering at University College London, adding all companies were vulnerable to phishing.

But testing employees with fake emails about bonuses was “entrapment,” he said, adding that it risked harming the relationship between companies and employees, which was crucial for security. Some attacks, as an example, come from disgruntled employees, he said. “People responsible for fire safety don’t set fire to the building,” he said of the tests.

Rather than discouraging employees from clicking on any link, he said, more effective strategies could include blocking phishing emails, installing software to protect against ransomware, and addressing use of passwords.

Alienating employees also meant they could be less likely to report suspicious activity to their company departments, a crucial method of stopping attacks from becoming more serious, said Jessica Barker, a co-founder of Cygenta, a cybersecurity company.

View Source