arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

A ‘System of Espionage’ Reigned at Ikea, a French Prosecutor Charges

VERSAILLES, France — The USB stick mysteriously appeared from an unidentified deliveryman. It held an explosive trove: a cache of startling emails detailing an intricate effort by Ikea executives in France to dig up information on employees, job applicants and even customers.

“Tell me if these people are known to the police,” read one executive’s message to a private investigator, seeking illicit background checks on hundreds of Ikea job applicants.

“A model worker has become a radical employee representative overnight,” read another. “We need to find out why.”

A decade after those emails surfaced, they are at the center of a criminal trial that has riveted public attention in France. Prosecutors are accusing the French arm of Ikea, the Swedish home furnishings giant, and some of its former executives of engineering a “system of espionage” from 2009 to 2012.

The alleged snooping was used to investigate employees and union organizers, check up on workers on medical leave and size up customers seeking refunds for botched orders. A former military operative was hired to execute some of the more clandestine operations.

The case stoked outrage in 2012 after the emails were leaked to the French news media, and Ikea promptly fired several executives in its French unit, including its former chief executive. There is no evidence that similar surveillance happened in any of the other 52 countries where the global retailer hones a fresh-faced image of stylish thriftiness served with Swedish meatballs.

unsuspecting customers who tangled with Ikea over big refunds. He insisted that he had never broken the law in gathering background material.

Some Ikea managers tapped police sources to gain access to government databases for job applicants at up to nine stores, seeking records on drug use, theft and other serious offenses. People whose files turned up “dirty” would not be hired, according to plaintiffs’ lawyers. As in the United States, applicants in France must consent to background checks.

The surveillance encompassed career workers. In one case, Mr. Fourès was hired to investigate whether Ikea France’s deputy director of communications and merchandising, who was on a yearlong sick leave recovering from hepatitis C, had faked the severity of her illness when managers learned she had traveled to Morocco.

He engaged a contact to pose as an airline worker and ask the 12-year Ikea employee, Virginie Paulin, to furnish copies of her passport stamps to win a free ticket offer. The passport confirmed her travel to Morocco.

“Excellent!” Mr. Baillot, the chief executive at the time, wrote in an email to Mr. Paris and Claire Héry, who was the director of human resources. “We’ll do more checks after Christmas to corner her,” he wrote. (Ms. Héry’s lawyer, Olivier Baratelli, said there was no evidence she had been aware of systemic surveillance. The charges against her were dropped.)

told The New York Times in 2012 that she had a second home in Morocco, and had flown there to recuperate from her illness. She said she had been so distraught by her dismissal that she attempted suicide.

Ikea officials paid particular attention to unions and their efforts to recruit members. In 2010, tensions erupted when Adel Amara, a union leader at an Ikea store in Franconville, northwest of Paris, rallied employees to strike for a 4 percent raise. Ikea said the strike had cost it millions of euros in lost sales.

After that, Ikea “tried to prevent more strikes by turning to a system of espionage,” said Vincent Lecourt, a lawyer for one of the store’s French unions. Ikea managers set up a surveillance net to gather information to fire Mr. Amara and curb militant union activity, plaintiffs’ lawyers said.

GSG, a French security company hired by Mr. Paris, advised Ikea to set a “legal trap” for Mr. Amara, and sent one of its agents to pose as a cashier, court documents showed. The mole infiltrated workers’ ranks, reporting conversations with Mr. Amara and his wife, also an Ikea employee, while spying on a number of other union activists.

“Their plan was to infiltrate the unions and explode them from the inside,” Mr. Lecourt said.

Mr. Paris also hired a bodyguard disguised as an administrative assistant with the goal, he testified, of protecting officials who claimed that Mr. Amara had harassed them. Mr. Amara was later found liable by a criminal judge for moral harassment after Ikea France filed a complaint.

Mr. Daoud, Ikea France’s lawyer, said there was no proof of the unions’ allegations. “There was no hunting down of union members,” he said.

That claim has not doused a sense of injustice among workers who said they were forever marked by the moment they learned their employer was spying on them.

Soon after Ikea fired Mr. Amara in 2011, he said in an interview, a USB stick was delivered to his home by a person who refused to identify himself, containing the explosive email trove that became the basis of the lawsuit.

The documents included receipts of nearly €1 million for surveillance operations, as well as a 55-page internal report on Mr. Amara’s union activities, personal situation and legal records dating to when he was a teenager. There were lists naming hundreds of job applicants and employees to undergo undisclosed checks, as well as the orders to investigate some customers.

“That’s when I understood that Ikea was spying this whole time, and that it was a regular practice,” Mr. Amara said. “It was absolutely surreal.”

Mr. Amara said he took the USB stick to French news outlets, he said, unleashing the media firestorm around Ikea France that led to police investigations and the current trial.

“Ikea acted as if it was all powerful over its employees,” he said.

“If Ikea hadn’t been exposed,” he added, “it would have just kept going.”

Gaëlle Fournier contributed reporting.

View Source

White House Weighs New Cybersecurity Approach After Failure to Detect Hacks

The question is how to set up such a system.

After revelations in 2013 by the former intelligence contractor Edward J. Snowden that set off a debate about government surveillance, American technology companies are wary of the appearance of sharing data with American intelligence agencies, even if that data is just warnings about malware. Google was stung by the revelation in the Snowden documents that the National Security Agency was intercepting data transmitted between its servers overseas. Several years later, under pressure from its employees, it ended its participation in Project Maven, a Pentagon effort to use artificial intelligence to make its drones more accurate.

Amazon, in contrast, has no such compunctions about sensitive government work: It runs the cloud server operations for the C.I.A. But when the Senate Intelligence Committee asked company officials to testify last month — alongside executives of FireEye, Microsoft and SolarWinds — about how the Russians exploited systems on American soil to launch their attacks, they declined to attend.

Companies say that before they share reporting on vulnerabilities, they would need strong legal liability protections.

The most politically palatable headquarters for such a clearinghouse — avoiding the legal and civil liberties concerns of using the National Security Agency — would be the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Mr. Gerstell described the idea as “automated computer sensors and artificial intelligence acting on information as it comes in and instantaneously spitting it back out.”

The department’s existing “Einstein” system, which is supposed to monitor intrusions and potential attacks on federal agencies, never saw the Russian attack underway — even though it hit nine federal departments and agencies. The F.B.I., lawmakers say, does not have broad monitoring capabilities, and its focus is divided across other forms of crime, counterterrorism and now domestic extremism threats.

“I don’t want the intelligence agencies spying on Americans, but that leaves the F.B.I. as the de facto domestic intelligence agency to deal with these kinds of attacks,” said Senator Angus King, a Maine independent, member of the Senate Intelligence Committee and co-chairman of the cyberspace commission. “I’m just not sure they’re set up for this.”

There are other hurdles. The process of getting a search warrant is too cumbersome for tracking nation-state cyberattacks, Mr. Gerstell said. “Someone’s got to be able to take that information from the N.S.A. and instantly go take a look at that computer,” he said. “But the F.B.I. needs a warrant to do that, and that takes time by which point the adversary has escaped.”

View Source