More stories

  • in

    Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend

    “Does anybody really know what time it is? Does anybody really care?”Actually, if you use computers for pretty much anything, you do. Oh, you may not know it if you’re not a system or network administrator, but security, identification, networks, everything that makes the internet goes depends on accurate time-keeping. To do this, some systems rely on Global Positioning Systems (GPS) appliances and the GPSD daemon to tell the exact time, and a nasty bug’s been uncovered in GPSD that’s going to pop up on October 24, 2021. If left unpatched, it’s going to switch your time to some time in March 2012, and your system will crash with a resounding kaboom. Here’s how it works.

    ZDNet Recommends

    Best sports watch 2021

    Many athletes are looking for a watch that provides more data and more customization to track performance and inspire improvement.

    Read More

    First, Earth time is not absolute. Earth’s spin speed varies in response to geological events. The International Earth Rotation and Reference Systems Service (IERS) tracks this, and every few years, it adds a leap-second to the year. This is done to Coordinated Universal Time (UTC), which is the standard universal time system. UTC is used by the internet’s Network Time Protocol (NTP). In turn, NTP is used to keep all internet-connected devices in sync with each other.How does NTP know what time it is? By synchronizing NTP servers with atomic clocks. NTP is based on a hierarchy of levels, where each level is assigned a number called the stratum. Stratum 1 (primary) servers at the lowest level are directly synchronized to national time services via satellite, radio, or modem. Stratum 2 (secondary) servers are synchronized to stratum 1 servers and so on. Usually, NTP clients and servers connect to Stratum 2 servers. So far, so good, but how do stratum 1 servers sync up with clocks? Many of them use GPSD. This service daemon monitors one or more GPSes for location, course, velocity, and for our purposes, the most important element it tracks is time. This code, which is a mix of a linkable C service library, a C++ wrapper class, and a Python module, has, like all programs, its fair share of bugs.Recently it was discovered that a bug in the time rollback (aka “GPS Week Rollover”) sanity checking code scheduled for November 2038 will instead cause 1,024 to be subtracted from the October 24, 2021 week number. In other words, a lot of computers are in for a quick, sharp visit to March 2002.This will be ugly. Or, as Stephen Williams, who uncovered the bug put it, “I have a feeling that there will be some ‘interesting moments’ in the early morning when a bunch of the world’s stratum 1 NTP servers using GPSD take the long strange trip back to 2002.”

    GPSD maintainer Gary E. Miller has acknowledged the problem, and a fix has been made to the code. To be exact, the fix is in August 2021’s GPSD 3.23 release. So, what’s the problem if the fix is already in? 


    Well, there are two problems. First, it won’t be backported to previous releases. If you’re still using an older version, you may be out of luck. Second, as Miller observed, not all distros “pick up GPSD updates or upstream their patches. [This] is a very sore spot with me.” So, just because your operating system is up to date does not mean that it will have the necessary GPSD fix. Miller suggests that you check it and do it yourself: “I [am] gonna fall back on Greg K_H’s dictum: All users must update.”Oh, wondering what the mysterious root cause of all this commotion GPS Week Rollover? It’s a legacy GPS problem. The GPS signal GPS week number uses a 10-bit code with a maximum value of 1,023. This means every 19.7 years; the GPS week number rolls over to zero.  Or, as Miller noted, “This code is a 1024 week time warp waiting to happen.”So, check your systems now for this problem. And, if, like most of us, you’re relying on someone upstream from you for the correct time, check with them to make sure they’ve taken care of this forthcoming trouble. Otherwise, well, remember all that chatter about how awful Y2K was going to be? Y2K, as the end of the tech world, fizzled because we did all the right things. This one may not be a global problem, but I can easily see many companies ending up in a world of trouble if they don’t make sure their time-keeping is properly patched. Related Stories: More

  • in

    Autonomous race cars to battle at Indy Speedway

    Indy Autonomous Challenge


    No matter which team places first at the upcoming Indy Autonomous Challenge (IAC), the real winner will be the open source architecture powering the cars. The autonomous racing event, which takes place this week, pits nine teams representing 21 universities against each other in high-stakes racing for a $1 million prize purse.”To our knowledge, all of the vehicles in the IAC are running ROS 2 and Autoware as the basis of their autonomy stack,” says Katherine Scott, Developer Advocate at Open Robotics, which oversees the Robotic Operating System (ROS), an open source architecture for robotics development. Autoware is the first all-in-one open source software for self-driving cars.Organized by Energy Systems Network and the Indianapolis Motor Speedway, the primary goal of the IAC is to advance technology that can speed the commercialization of fully autonomous vehicles and deployments of advanced driver-assistance systems (ADAS). Much like racing development often leads to innovations adapted for the street, the high speeds and incredible handling challenges of racing are ideal proving grounds for autonomous mobility. Indianapolis-based Lilly Endowment Inc., one of the world’s largest philanthropic foundations, provided a grant to help Energy Systems Network develop the IAC and fund the $1 million IAC prize purse.

    [embedded content]

    But the unsung hero of the event is the open source architecture that’s made it possible, in relatively short order, for teams of university students to develop autonomous controls paradigms for performance race cars. “What we’re really excited about in the IAC — more so than just the high-speed vehicle autonomy — is the prospect of having an entire generation of engineers learning and using ROS,” says Scott. “Advanced technology doesn’t happen in a vacuum; students need a common language and set of tools to work together efficiently. When done right, open-source technology is accretive, and the advances in this year’s competition will likely make it into subsequent competitions and perhaps production vehicles.”The car used for the event, which is an incredible feat of racing engineering, is the Dallara-produced AV-21 that has been retrofitted with hardware and controls to enable automation. Since 2001, Dallara has been the sole supplier of the Indy Lights series.The performance race cars are equipped with custom sensing packages. Thanks to ROS and Autoware, the development process has focused on higher-level controls work.

    “The combination of ROS 2 and Autoware have given the IAC student teams a firm starting point for building out vehicle autonomy. Rather than having to focus on building interfaces to the sensors and actuators of the vehicles, the students can focus on the more challenging control and planning tasks. For example, instead of spending their time building an interface to the vehicle’s LIDAR, the students can instead focus on using data from that LIDAR to keep the vehicle in its lane and avoid obstacles.”The competition takes place on October 23 and is open to fans via a registration page. More

  • in

    Alibaba Cloud to build own servers with new in-house chip

    Alibaba Cloud says it has built its own server chip, touting it to be compatible with the latest Armv9 architecture. The Chinese tech giant also plans to develop its own servers that will be designed for “general purpose” and “specialised AI computing”.Custom-built by its chip development unit T-Head, the new 5nm server chip is powered by 128 Arm cores with 3.2GHz top-clock speed, according to Alibaba. Called Yitian 710, each processor has 60 billion integrated transistors and encompasses eight DDR5 channels and 96-lane PCIe 5.0, the Chinese tech vendor said in a statement Tuesday. It added that the new chip was the first server processor to be compatible with Arm’s v9 architecture.  It also would be deployed within Alibaba’s data centres. 

    Alibaba Cloud’s president and head of Alibaba DAMO Academy, Jeff Zhang, said: “Customising our own server chips is consistent with our ongoing efforts towards boosting our computing capabilities with better performance and improved energy efficiency. We plan to use the chips to support current and future businesses across the Alibaba Group ecosystem.”Zhang noted that Yitian-powered servers would be tapped to support cloud services delivered to its customers in “the near future”.Alibaba said it would develop a range of proprietary servers, called Panjiu, based on the new chip, with these systems to be designed for “optimised performance and energy efficiency”. The servers would be built for general purpose, artificial intelligence (AI) computing, and storage services. The Chinese vendor further noted that its servers would be deployed in modules for large-scale data centres and architected to handle cloud-native workloads, including containerised applications.

    When asked, Alibaba declined to specify a timeline on when the chip or systems would be operationally available. According to Zhang, the company would continue to use various systems from its global partner network, including Intel, Nvidia, AMD, and ARM. Alibaba said Yitian 710 clocked a score of 440 on SPECint2017, which was used to measure CPU integer processing power. The figure outpaced Arm’s current server processor by 20% in terms of performance and 50% in energy efficiency, Alibaba said. Chip core to be made open sourceApart from its chip development plans, Alibaba further unveiled it had made open source its XuanTie CPU core, which chips were based on RISC-V architecture. The chip was launched in 2019.Source codes of the XuanTie chip core currently are available on Github and Open Chip Community, offering developers the option to build their own chips based on the Alibaba CPU core. The Chinese vendor said the CPU architecture could be customised for Internet of Things (IoT) applications including gateway and edge servers. Software stacks based on XuanTie, including support for various operating systems such as Linux, Android, and Alibaba’s AliOS, also would be made open source, Alibaba said. It added that further services and development tools and SDKs (software development kits) would be made available in future. Zhang said: “By opening up the IP cores of our in-house IoT processors as well as related software stacks and development tools, we aim to assist global developers to build their own RISC-V-based chips in a much more cost-effective way. We hope this move can encourage more innovation amongst the thriving RISC-V software community and, as a result, help people enjoy the benefits of a connected world in the digital era.”Alibaba in 2019 released its first AI chip, Hanguang 800, which since had been rolled out in its cloud data centres to support various services such as search, recommendation, and live streaming. While asked, the vendor declined to provide figures on how many unit of the AI processor had been deployed.Alibaba last year said it would invest 200 billion yuan ($31.07 billion) in its cloud business over three years, focusing on infrastructure development including servers, chips, network, and operating system. It then also announced plans to deploy proprietary technologies in its data centres “in the coming years”.RELATED COVERAGE More

  • in

    REvil ransomware operators claim group is ending activity again, victim leak blog now offline

    Cybercriminals claiming to be part of the REvil ransomware group have alleged that the gang is closing shop after the group lost control of vital infrastructure and had internal disputes. Recorded Future security expert Dmitry Smilyanets shared multiple messages on Twitter from ‘0_neday’ — a known REvil operator — discussing what happened on the cybercriminal forum XSS. He claimed someone took control of the group’s Tor payment portal and data leak website.In the messages, 0_neday explains that he and “Unknown” — a leading representative of the group — were the only two members of the gang who had REvil’s domain keys. “Unknown” disappeared in July, leaving the other members of the group to assume he died. The group resumed operations in September but this weekend, 0_neday wrote that the REvil domain had been accessed using the keys of “Unknown.” In another message, 0_neday said, “The server was compromised and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and raised their own so that I would go there. I checked on others — this was not. Good luck everyone, I’m off.”
    Dmitry Smilyanets
    REvil originally closed shop in July after the devastating attack on Kaseya infected hundreds of organizations across the world and caused untold damage. The group is one of the most prolific ransomware gangs currently operating, attacking hundreds of vital companies and organizations over the last few years. But the group attracted immense law enforcement scrutiny following the July 4 attack on Kaseya and ended its operation on July 13. By September, the group returned, continuing to attack dozens of companies in the last few weeks. According to The Record, the July 13 shut down happened because “Unknown” allegedly stole the group’s money and shut down their servers, making it difficult for those remaining to pay affiliates. 

    Smilyanets told the news outlet that he hoped the group had shut down because of law enforcement actions by US officials. The FBI and other US agencies faced significant backlash over the past few weeks because of their actions during the REvil attack on Kaseya. The FBI admitted it had decryption keys that could have helped the nearly 1,500 ransomware victims affected by the Kaseya attack, but decided against it because they were preparing an operation to disrupt REvil’s infrastructure. The group closed shop before the operation could be seen through and the FBI has been harshly criticized by the organizations affected and lawmakers for waiting to hand out the decryption keys. Bitdefender later released a free decryptor for all of the organizations affected by the Kaseya attack. Opinions on the situation were mixed among experts, with some cautioning people not to believe the word of criminals. Others said the situation made sense because REvil was facing criticism from its own affiliates for their actions. Allan Liska, a ransomware expert with Recorded Future, told ZDNet that there were two theories in his mind.”Unknown (the former leader of REvil) ‘returned from the dead’ and was not happy that his software developers were trying to push his ransomware. The second is that a government agency managed to penetrate the server before they closed shop the first time, got Unknown’s private key and decided to take these new actors down,” Liska said. “Normally, I am pretty dismissive of ‘law enforcement’ conspiracy theories, but given that law enforcement was able to pull the keys from Kaseya attack, it is a real possibility. The relaunch of REvil was ill conceived from the start. Rebranding happens a lot in ransomware after a shutdown. But no one brings old infrastructure that was literally being targeted by every law enforcement operation not named Russia in the world back online. That is just dumb.”Liska said that while some may question whether the drama within the group is real, he believes it is legitimate, noting the internal controversy that has engulfed other ransomware groups this year.”There is a lot of money in ransomware right now, and with lots of money is going to come drama,” he said. But while the REvil operators may have shut down this specific group, Liska said there is no doubt that everyone who was part of the REvil organization will continue to conduct ransomware attacks. “Whether it is through creating a new ransomware or becoming an affiliate for another ransomware group, it is hard to give up the money that can be made from ransomware,” Liska said. Sean Nikkel, Digital Shadows senior cyber threat intel analyst, said REvil was already facing additional scrutiny from the broader cybercriminal community due to drama involving accusations of failing to pay those involved in its partnership program and claims that it effectively cut out affiliates and shared decryption keys with victims.  On XSS, Nikkel said 0_neday was asked about who would work with REvil after this latest series of problems, and the representative replied, “Judging by everything, I’ll be working on my own.””Reaction to the news from other forum members ranged from largely unsympathetic to bordering on conspiracy theory. The main area of debate was whether the group would rebrand for a third time, with many questioning whether the cybercriminal community would still trust REvil-related schemes,” Nikkel explained.  Nikkel added that opinions appeared split on whether REvil’s reputation would ensure the group’s continued success, with many pointing out that all publicity is good publicity, and predicting that the promise of profits would still entice affiliates to work with the group in the future. “One theory doing the rounds posited that a disgruntled former team member, combined with poor password hygiene, could have resulted in the attack,” Nikkel added, noting that many users questioned the fact that this topic was even being discussed on the site at all considering XSS’s May 2021 ban on ransomware-related content. “The XSS representative for the LockBit ransomware group claimed to have predicted this turn of events, providing links to their ‘prophetic’ forum posts. They questioned the REvil representative’s intention to leave the forum, opining ‘if the domains have been hijacked, this is 100% proof that someone had a root on the server, which means that your database has been leaked too.’ The LockBit representative even put forward the idea the new REvil forum account may in fact be operated by law enforcement,” Nikkel said. Nikkel noted that in his opinion, the tone of the REvil’s forum posts indicate the group will be back in some form. But they may face difficulty returning after advertising for affiliates on a 90/10 profit-splitting basis, which is more than the group has shared in previous years. “Despite this, and the many controversies that REvil has been involved in that could have eroded all trust in and willingness to cooperate with the group, it seems that the group’s infamy and the promise of high profits are simply too much of a lure for many cybercriminals, who have returned to work with the group time and time again,” Nikkel said. Senior security researcher for DomainTools Chad Anderson added that his team discovered that REvil had a backdoor in its RaaS offering. After that, multiple affiliates of the REvil program confirmed they had been ripped off by the creators. “It’s hard to say what’s real at this point. We’ve seen groups disappear only to be reborn as a more full featured affiliate program. We’ve seen groups of affiliates shift to better payment models and we’ve seen group sites be taken over by others and their source code leaked or re-used,” Anderson told ZDNet. “At this point evidence suggests that the private keys for the Onion hidden services backing the REvil payment infrastructure have been compromised. This certainly could be a government agency operation but it’s just as likely without hard confirmation that it’s some other ransomware group. REvil made a lot of affiliates mad when it turned out their code had a backdoor that could let REvil operators steal from their affiliates.”Emsisoft ransomware expert Brett Callow was skeptical of what was written in the cybercrime forum, noting that they double as press release services for ransomware gangs.”Threat actors know that law enforcement, researchers and reporters monitor forums, and so use them to issue statements. They say only what they want people to know and believe,” Callow said. “Whether REvil has really closed shop, or are scamming their affiliates, or have some other reason for going dark, is impossible to say.” More

  • in

    Brazilian capital surpasses Rio and São Paulo in mobile broadband speed

    Brazil’s capital Brasília surpassed major urban centers of Rio de Janeiro and São Paulo in mobile broadband speed, according to a new report. According to the research on mobile performance by mobile and broadband network intelligence firm Ookla based on data from Internet access performance metrics tool Speedtest, Brasília’s median mobile download speed reached 31.44 Mbps, the fastest among the country’s most populous cities during the third quarter of 2021.After Brasília, Curitiba had the second fastest mobile download speed at an average of 29.35 Mbps, followed by Rio de Janeiro at 25.14 Mbps and São Paulo with 25.08 Mbps. The slowest median speeds were found in Recife, in the northeast of the country, at 18.65 Mbps and Manaus, at the bottom of the list with 18.37 Mbps. Regarding the consistency of each operator’s performance in the country, the report has found that Claro was the fastest mobile operator among top providers in Brazil in Q3 2021; in terms of consistency, 88.2% of results showed at least a 5 Mbps minimum download speed for Claro, and a 1 Mbps minimum upload speed. According to the Ookla report, there was no statistically fastest provider for median 5G download speed, though Claro showed 65.92 Mbps, Vivo 64.61 Mbps and TIM 58.14 Mbps.In terms of the median latency for top mobile providers in Brazil during the third quarter of the year, TIM had the lowest latency at 26 ms, according to the report. When it comes to device information, Ookla’s analysis on some of the fastest phones in Brazil found the iPhone 12 5G delivered the fastest median download speed during in the with 53.28 Mbps. A separate study, published by the Brazilian Internet Steering Committee in August has found that Brazil’s connected population relies mostly on smartphones to access the Internet as PC penetration remains low within financially vulnerable citizens. According to the research, 58% of Brazilians only access the web through their phones. More

  • in

    Sinclair confirms ransomware attack after TV station disruptions

    Sinclair Broadcast Group — which controls hundreds of TV stations across the US — has confirmed a ransomware attack on certain servers and workstations.In a statement and notice sent to the SEC, Sinclair said it was notified of a cybersecurity incident on Saturday, October 16. By Sunday, the company confirmed that it was a ransomware attack and backed up what many online had been reporting — outages at numerous local TV stations. “Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review. Promptly upon detection of the security event, senior management was notified, and the company implemented its incident response plan, took measures to contain the incident, and launched an investigation,” Sinclair said. “Legal counsel, a cybersecurity forensic firm, and other incident response professionals were engaged. The company also notified law enforcement and other governmental agencies. The forensic investigation remains ongoing. While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers.” The company went on to say that it is unclear what kind of impact the attack will have on its “business, operations or financial results.” It did not say which ransomware group was behind the attack and did not respond to requests for comment. Sinclair controls 21 regional sports network brands while owning and operating 185 television stations in 86 markets. The company also controls the Tennis Channel as well as Stadium and had an annual revenue of $5.9 billion in 2020.The attack was first reported by The Record after viewers took to Twitter and Reddit to report confusion over outages in their local markets. 

    Internal sources told The Record that the attack involved the company’s internal corporate network, email servers, phone services, and the broadcasting systems of local TV stations. Dozens of channels were unable to show local morning shows and NFL games on Sunday. Some channels were able to resume broadcasts because the attack did not reach Sinclair’s “master control” broadcast system. But the attack is still crippling dozens of stations even as others return to normal. The company suffered another cyberattack in July that forced them to reset all shared administration systems at all of their stations. This is the second ransomware incident targeting news stations this year, with Cox Media Group recently admitting that it was hit with a ransomware attack in June. Ransomware experts like Darktrace’s Justin Fier said that for broadcasters and media, these attacks don’t only disrupt operations but potentially give bad actors a platform to distribute disinformation on a global stage. “In the case of the Sinclair breach, simply having access to the broadcast network may itself be more valuable for attackers than a ransomware payment,” Fier said. “The reality is that the organization’s back is against the wall — it is clear that the security team at Sinclair have been caught off guard and outpaced and now must decide between system downtime or paying a hefty ransom.”Others noted that it was not surprising to see the attack occur on a weekend when ransomware actors know IT departments are working with skeleton crews. Bill Lawrence, CISO at SecurityGate, noted that the attack didn’t spread to Sinclair’s ‘master control’ broadcast system, indicating they may be using network segmentation or a higher level of protection and care for the ‘crown jewels.’ “Also, they lost their internal network, email, phones, along with local broadcasting systems. For your next incident response plan drill, put the participants in separate rooms and forbid the use of company email or phone calls,” Lawrence said. “It would be hard for them to order a pizza together, much less work on business continuity.” More

  • in

    Seven smaller Australian telcos have half of all complaints referred to TIO: ACMA

    Image: Getty Images
    Telco complaints are down 17% across Australia per 10,000 services to a total of just under 1.1 million, but the Australian Communications and Media Authority (ACMA) has found the time taken for complaints to be resolved is spiking. Since the 2018-19 fiscal year, the weighted average days to resolve a complaint has moved from 8.2 days to 12.2 in 2020-21. Across 32 telcos measured in its report, ACMA found the median interval was 4.1 days, and the average was 5.4 days — numbers that were essentially steady compared to last year. The rate of complaints needing to be referred to the Telecommunications Industry Ombudsman Judy Jones, who will be leaving the post in March next year, has increased by 1.4 percentage points to 10.7% in the past year. “This suggests that some telcos are not handling complaints at all well, and other smaller telcos are in fact not recording complaints at all,” ACMA authority member Fiona Cameron said. “Seven smaller telcos have absurdly high escalation rates, just above 50%, which indicates that some complaints are not being recorded in the first place and only being logged when escalated to the TIO.” The seven telcos were not named in ACMA’s report, with the regulator saying it would be following up with the seven outfits. Overall, the number of complaints about NBN broadband dropped 36% to 84 per 10,000 services, with the most complained about technology being fibre to the basement (FttB) with 147 per 10,000 services, fibre to the curb (FttC) with 119, HFC with 93, and fibre to the node (FttN) with 77 complaints per 10,000 services.

    However, the change in complaints was down across all NBN technologies, FttB was down 22%, FttC dropped 43%, HFC fell 53%, and FttN was down 28%. The least complained about NBN connectivity, satellite, had 27 complaints per 10,000 services and saw a fall in complaints of 59%. By category, of the 263,000 complaints related to the NBN, 92,700 were classed as other, 86,500 were related to faults, 68,400 were classed as connection complaints, and only 15,600 were related to speed. On Monday, the company responsible for the National Broadband Network revealed the allocation of its portable assets for what it termed as Australia’s “disaster season”. The company said it gained 58 new pieces of temporary infrastructure, at a value of AU$6 million. The pieces include multi-tech trailers that have a generator, battery, optional solar for power, and can connect to fibre to the node network, as well as have fixed wireless and HFC as a “bolt on”; wireless mast trailers that can replicate an 18-metre wireless network tower; hybrid power cubes that have generator, battery, and solar to keep fixed wireless towers operational when grid power is lost; and network on wheels trailers that operate as a small exchange to support all NBN technologies other than satellite. Victoria walked away with a pair of multi-tech trailers, a wireless mast trailer, and 10 hybrid power cubes; NSW received the same, minus the wireless mast trailer; Western Australia also received the same trailers as Victoria, but only four cubes; Queensland was allocated one network on wheels trailer, a pair of multi-tech trailers, and eight cubes; South Australia is much the same as Queensland but has five cubes; Tasmania gets three cubes, one network trailer, and one multi-tech trailer, and the Northern Territory gets one network trailer and one multi-tech trailer. NBN added it would be rolling out up to 2,000 disaster satellite service sites at emergency management sites and evacuation centres to offer satellite connectivity during an emergency. At the start of the month, NBN announced it was starting what it called a Remote Community COVID Emergency Wireless Trial that was looking at temporary connectivity for regional and remote locations with a majority Indigenous population. “At the request of the Central Darling Council and the local community, NBN Co and our partners are installing a temporary community Wi-Fi solution to areas of Wilcannia to support the community during the COVID-19 health emergency. It will support local people’s access online education and social services and is currently planned to be in place for approximately 90 days,” an NBN spokesperson told ZDNet. “We have worked closely with community elders and leaders, the local council and the NSW Department of Education on the solution and where it will be located. Nominated households will be supplied by the participating RSP the equipment they need to connect. NBN Co will not charge the RSP for the Wi-Fi solution to be provided.” Households needed to be nominated by council to receive a self-installed Wi-Fi kit. Related Coverage More

  • in

    Acer hit with second cyberattack in less than a week, Taiwanese authorities notified

    Acer has confirmed yet another cyberattack on its servers in Taiwan after their offices in India were hit less than a week ago by the same group.The Desorden Group — which claimed responsibility for both attacks — contacted ZDNet and said part of why they conducted the second attack was to prove their point “that Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers.” Acer spokesman Steven Chung told ZDNet that the company recently detected “an isolated attack on our local after-sales service system in India and a further attack in Taiwan.””Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data,” Chung said. “The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity,” he added.The group said it hacked Acer’s Taiwan servers that stored data on its employees and product information. “We did not steal all data, and only took data pertaining to their employee details. Right after the breach, we informed Acer management on the Taiwan server breach and Acer has since taken the affected server offline,” the group said in an email to ZDNet. 

    “Also, a few other of its global networks including Malaysia and Indonesia servers are vulnerable too.”The group did not say how much data they stole in this attack and did not respond to questions about what its end-goal is with these breaches. Acer has had a rough year from a cybersecurity perspective, suffering a ransomware attack in March that led to a previously-unheard ransom demand of $50 million. It is unclear if Acer ever paid the ransom. The attack last week on the company’s servers in India led to 60GB of files being stolen by the Desorden Group, which also claimed an attack on the Malaysian servers of ABX Express Enterprise in September. Acer India was hit with a similar cyberattack in 2012 by a Turkish cybercriminal group, according to The attackers defaced the company website and leaked 20,000 user credentials at the time.  More