Roblox, the game company, showed prototypes to 10 teenage players, said Chris Aston Chen, a senior product manager at the company.

One possible method required players to get on a video call, while another checked government databases. Mr. Chen said the players gravitated toward using government IDs, an option they trusted and thought was convenient. (Roblox’s chief product officer is a board member of The New York Times Company.)

The technology will also make it easier for Roblox to keep out players it has barred because of inappropriate conduct in the voice chat feature. If those players log back in using a new account but try to verify their age using the same government document, they’ll be locked out.

one user said. The user noted that he had first bought the track on cassette “when I was about 12, almost 30 years ago.”

“This is a rule applied to video sharing platforms in certain countries,” YouTube’s customer support account responded.

Mr. Errington in Britain said YouTube had asked him for a credit card when he tried to watch “Space Is the Place.” He doesn’t have one. And he said he felt uncomfortable uploading a photo ID.

“I wasn’t prepared to give out this information,” he said. “So the Sun Ra video remains a mystery.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

How to Find ‘Stalkerware’ on Your Devices

Fighting stalkerware is tough. You may not suspect it’s there. Even if you did, it can be difficult to detect since antivirus software only recently began flagging these apps as malicious.

Here’s a guide to how stalkerware works, what to look out for and what to do about it.

Surveillance software has proliferated on computers for decades, but more recently spyware makers have shifted their focus to mobile devices. Because mobile devices have access to more intimate data, including photos, real-time location, phone conversations and messages, the apps became known as stalkerware.

Various stalkerware apps collect different types of information. Some record phone calls, some log keystrokes, and others track location or upload a person’s photos to a remote server. But they all generally work the same way: An abuser with access to a victim’s device installs the app on the phone and disguises the software as an ordinary piece of software, like a calendar app.

From there, the app lurks in the background, and later, the abuser retrieves the data. Sometimes, the information gets sent to the abuser’s email address or it can be downloaded from a website. In other scenarios, abusers who know their partner’s passcode can simply unlock the device to open the stalkerware and review the recorded data.

So what to do? The Coalition Against Stalkerware, which was founded by Ms. Galperin and other groups, and many security firms offered these tips:

In the end, there’s no true way to defeat stalkerware. Kevin Roundy, NortonLifeLock’s lead researcher, said he had reported more than 800 pieces of stalkerware inside the Android app store. Google removed the apps and updated its policy in October to forbid developers to offer stalkerware.

But more have emerged to take their place.

“There are definitely a lot of very dangerous, alarming possibilities,” Mr. Roundy said. “It’s going to continue to be a concern.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Apple Security Update Closes Spyware Flaw in iPhones, Macs and iWatches

The consortium did not disclose how it had obtained the list, and it was unclear whether the list was aspirational or whether the people had actually been targeted with NSO spyware.

Among those listed were Azam Ahmed, who had been the Mexico City bureau chief for The Times and who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, Lebanon, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman.

It also included 14 heads of state, including President Emmanuel Macron of France, President Cyril Ramaphosa of South Africa, Prime Minister Mostafa Madbouly of Egypt, Prime Minister Imran Khan of Pakistan, Saad-Eddine El Othmani, who until recently was the prime minister of Morocco, and Charles Michel, the head of the European Council.

Shalev Hulio, a co-founder of NSO Group, vehemently denied the list’s accuracy, telling The Times, “This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it.”

This year marks a record for the discovery of so-called zero days, secret software flaws like the one that NSO used to install its spyware. This year, Chinese hackers were caught using zero days in Microsoft Exchange to steal emails and plant ransomware. In July, ransomware criminals used a zero day in software sold by the tech company Kaseya to bring down the networks of some 1,000 companies.

For years, the spyware industry has been a black box. Sales of spyware are locked up in nondisclosure agreements and are frequently rolled into classified programs, with limited, if any, oversight.

NSO’s clients previously infected their targets using text messages that cajoled victims into clicking on links. Those links made it possible for journalists and researchers at organizations like Citizen Lab to investigate the possible presence of spyware. But NSO’s new zero-click method makes the discovery of spyware by journalists and cybersecurity researchers much harder.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

How China Transformed Into a Prime Cyber Threat to the U.S.

Nearly a decade ago, the United States began naming and shaming China for an onslaught of online espionage, the bulk of it conducted using low-level phishing emails against American companies for intellectual property theft.

On Monday, the United States again accused China of cyberattacks. But these attacks were highly aggressive, and they reveal that China has transformed into a far more sophisticated and mature digital adversary than the one that flummoxed U.S. officials a decade ago.

The Biden administration’s indictment for the cyberattacks, along with interviews with dozens of current and former American officials, shows that China has reorganized its hacking operations in the intervening years. While it once conducted relatively unsophisticated hacks of foreign companies, think tanks and government agencies, China is now perpetrating stealthy, decentralized digital assaults of American companies and interests around the world.

Hacks that were conducted via sloppily worded spearphishing emails by units of the People’s Liberation Army are now carried out by an elite satellite network of contractors at front companies and universities that work at the direction of China’s Ministry of State Security, according to U.S. officials and the indictment.

like Microsoft’s Exchange email service and Pulse VPN security devices, which are harder to defend against and allow China’s hackers to operate undetected for longer periods.

“What we’ve seen over the past two or three years is an upleveling” by China, said George Kurtz, the chief executive of the cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the smash-and-grab operators we saw in the past.”

China has long been one of the biggest digital threats to the United States. In a 2009 classified National Intelligence Estimate, a document that represents the consensus of all 16 U.S. intelligence agencies, China and Russia topped the list of America’s online adversaries. But China was deemed the more immediate threat because of the volume of its industrial trade theft.

But that threat is even more troubling now because of China’s revamping of its hacking operations. Furthermore, the Biden administration has turned cyberattacks — including ransomware attacks — into a major diplomatic front with superpowers like Russia, and U.S. relations with China have steadily deteriorated over issues including trade and tech supremacy.

China’s prominence in hacking first came to the fore in 2010 with attacks on Google and RSA, the security company, and again in 2013 with a hack of The New York Times.

breach of the U.S. Office of Personnel Management. In that attack, Chinese hackers made off with sensitive personal information, including more than 20 million fingerprints, for Americans who had been granted a security clearance.

White House officials soon struck a deal that China would cease its hacking of American companies and interests for its industrial benefit. For 18 months during the Obama administration, security researchers and intelligence officials observed a notable drop in Chinese hacking.

After President Donald J. Trump took office and accelerated trade conflicts and other tensions with China, the hacking resumed. By 2018, U.S. intelligence officials had noted a shift: People’s Liberation Army hackers had stood down and been replaced by operatives working at the behest of the Ministry of State Security, which handles China’s intelligence, security and secret police.

Hacks of intellectual property, that benefited China’s economic plans, originated not from the P.L.A. but from a looser network of front companies and contractors, including engineers who worked for some of the country’s leading technology companies, according to intelligence officials and researchers.

It was unclear how exactly China worked with these loosely affiliated hackers. Some cybersecurity experts speculated that the engineers were paid cash to moonlight for the state, while others said those in the network had no choice but to do whatever the state asked. In 2013, a classified U.S. National Security Agency memo said, “The exact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed from China’s Ministry of State Security.”

announced a new policy requiring Chinese security researchers to notify the state within two days when they found security holes, such as the “zero-days” that the country relied on in the breach of Microsoft Exchange systems.

arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

For China’s Business Elites, Staying Out of Politics Is No Longer an Option

Internet infrastructure operators like Didi must now prove their political and legal legitimacy to the government, Ma Changbo, an online media start-up founder, wrote on his WeChat social media account.

“This is the second half of the U.S.-China decoupling,” he wrote. “In the capital market, the model of playing both sides of the fence is coming to an end.”

Didi, Ms. Liu and Mr. Liu didn’t immediately respond to requests for comment.

China’s internet companies have benefited from the best of two worlds since the 1990s. Many received foreign venture funding — Alibaba, the e-commerce giant, was funded by Yahoo and SoftBank, while Tencent, another internet titan, was backed by South Africa’s Naspers. They also copied their business models from Silicon Valley companies.

The Chinese companies gained further advantages when Beijing blocked almost all big American internet companies from its domestic market, giving its home players plenty of room to grow. Many Chinese internet firms later went public in New York, where investors have a bigger appetite for innovative and risky start-ups than in Shanghai or Hong Kong. So far this year, more than 35 Chinese companies have gone public in the United States.

Now the Didi crackdown is changing the calculations for many in China’s tech industry. One entrepreneur who has set her sights on a listing in New York for her enterprise software start-up said it would be harder to go public in Hong Kong with a high valuation because what her company did — software as a service — was a relatively new idea in China.

A venture capitalist in Beijing added that because of China’s data security requirements, it was now unlikely that start-ups in artificial intelligence and software as a service would consider going public in New York. Few people were willing to speak on the record for fear of retaliation by Beijing.

At the same time, the United States has become more hostile to Chinese tech companies and investors. As Washington has ramped up its scrutiny of deals that involve sensitive technologies, it has become almost impossible for Chinese venture firms to invest in Silicon Valley start-ups, several investors said.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

WhatsApp Sues India’s Government to Stop New Internet Rules

SAN FRANCISCO — WhatsApp sued the Indian government on Wednesday to stop what it said were oppressive new internet rules that would require it to make people’s messages “traceable” to outside parties for the first time.

The lawsuit, filed by WhatsApp in the Delhi High Court, seeks to block the enforceability of the rules that were handed down by the government this year. WhatsApp, a service owned by Facebook that sends encrypted messages, claimed in its suit that the rules, which were set to go into effect on Wednesday, were unconstitutional.

Suing India’s government is a highly unusual step by WhatsApp, which has rarely engaged with national governments in court. But the service said that making its messages traceable “would severely undermine the privacy of billions of people who communicate digitally” and effectively impair its security.

“Civil society and technical experts around the world have consistently argued that a requirement to ‘trace’ private messages would break end-to-end encryption and lead to real abuse,” a WhatsApp spokesman said. “WhatsApp is committed to protecting the privacy of people’s personal messages and we will continue to do all we can within the laws of India to do so.”

a broadening battle between the biggest tech companies and governments around the world over which of them has the upper hand. Australia and the European Union have drafted or passed laws to limit the power of Google, Facebook and other companies over online speech, while other countries are trying to rein in the companies’ services to stifle dissent and squash protests. China has recently warned some of its biggest internet companies against engaging in anticompetitive practices.

In India, Prime Minister Narendra Modi and his ruling Bharatiya Janata Party have worked for several years to corral the power of the tech companies and more strictly police what is said online. In 2019, the government proposed giving itself vast new powers to suppress internet content, igniting a heated battle with the companies.

The rules that WhatsApp is objecting to were proposed in February by Ravi Shankar Prasad, India’s law and information technology minister. Under the rules, the government could require tech companies to take down social media posts it deemed unlawful. WhatsApp, Signal and other messaging companies would also be required to create “traceable” databases of all messages sent using the service, while attaching identifiable “fingerprints” to private messages sent between users.

WhatsApp has long maintained that it does not have insight into user data and has said it does not store messages sent between users. That is because the service is end-to-end encrypted, which allows for two or more users to communicate securely and privately without allowing others to access the messages.

More than a billion people rely on WhatsApp to communicate with friends, family and businesses around the world. Many users are in India.

ordered to take down dozens of social media posts that were critical of Mr. Modi’s government and its response to the coronavirus pandemic, which has ravaged the country. Government officials said the posts should be removed because they could incite panic and could hinder its response to the pandemic.

The social media companies complied with many of the requests by making the posts invisible inside India, though they were still visible to people outside the country. In the past, Twitter and Facebook have reposted some content after determining that it didn’t break the law.

Tensions between tech companies and the Indian government escalated this week when the police descended on the New Delhi offices of Twitter to contest labels affixed to certain tweets from senior members of the government. While Twitter’s offices were empty, the visit symbolized the mounting pressure on social media companies to rein in speech seen as critical of the ruling party.

Facebook and WhatsApp have long maintained working relationships with the authorities in dozens of countries, including India. Typically, WhatsApp has said it will respond to lawful requests for information and has a team that assists law enforcement officials with emergencies involving imminent harm.

Only rarely has WhatsApp pushed back. The service has been shut down many times in Brazil after the company resisted requests for user data from the government. And it has skirmished with U.S. officials who have sought to install “back doors” in encrypted messaging services to monitor for criminal activity.

But WhatsApp argued that even if it tried enacting India’s new “traceability” rules, the technology would not work. Such a practice is “ineffective and highly susceptible to abuse,” the company said.

Other technology firms and digital rights groups like Mozilla and the Electronic Frontier Foundation said this week that they supported WhatsApp’s fight against “traceability.”

“The threat that anything someone writes can be traced back to them takes away people’s privacy and would have a chilling effect on what people say even in private settings, violating universally recognized principles of free expression and human rights,” WhatsApp said.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source