More stories

  • in

    China says NSA used multiple cybersecurity tools in attacks against Chinese university

    China has released a report that reveals the US National Security Agency (NSA) used multiple cybersecurity tools in its recent attacks against a Chinese university. Amongst these are sniffing and Trojan programs, which Chinese researchers say led to the theft of a “large amount of sensitive data”. China’s National Computer Virus Emergency Response Center (CVERC) on Tuesday said “41 types of cyber weapons” were tapped by NSA’s hacking unit, Tailored Access Operations (TAO), in the cyber attacks targeting China’s Northwestern Polytechnical University. Located in the Chinese city of Xi’an, the university describes itself as a research-focused institution with disciplines in aeronautics, astronautics, and marine technology engineering. It is affiliated with China’s Ministry of Industry and Information Technology.The university is on the US government’s Entity List alongside several other Chinese educational institutions, including Sichuan University and Beijing University of Aeronautics and Astronautics. US companies are prohibited from exporting or transferring specific items to companies on the list unless they have procured a licence from their government to do so.According to a report by state-owned news agency Xinhua, CVERC revealed that amongst the security tools TAO used was a sniffing program CVERC dubbed “Suctionchar”. One of the key components that resulted in the data theft, Suctionchar was capable of stealing accounts and passwords used in remote management and file transfer services on targeted servers, CVERC said in its report, which was released in collaboration with Chinese cybersecurity vendor, Beijing Qi’an Pangu Laboratory Technology.”Suctionchar can run stealthily on target servers, monitor in real-time users’ input on the terminal program of the operating system console, and intercept all kinds of user names and passwords,” the report noted, adding that these credentials then could be used to breach other servers and network devices.In its attacks against Northwestern Polytechnical University, TAO had used Suctionchar with other components of a Trojan program, Bvp47, which Pagu Lab referred to as a backdoor tool developed by the Equation Group, which reportedly was linked to TAO.According to the Chinese security vendor, Bvp47 had been deployed in attacks targeting 45 global markets for more than a decade and had breached 64 systems in China. Attack tools not newA cybersecurity vendor, though, noted that the technical research detailed in the report appeared to focus on “years-old implants” that had been widely known for several years now. Speaking to ZDNET on the condition of anonymity, a spokesperson from the security vendor said there was consensus amongst cybersecurity experts from the West that the attacks targeting Northwestern Polytechnical University appeared to be an espionage operation. He noted that the Chinese university seemed to be involved in the development of modern weapons, which might make it an attractive target. Pointing to the report released by CVERC and Pangu Labs, he said the details appeared to focus on hacking tools used in previous leaks that were uncovered in 2016, collectively known as Shadow Brokers. He added that it remained unclear what new technical evidence was disclosed in Tuesday’s announcement, but noted that he drew his reference from information that was available in English. He said cyber espionage was “nothing new” and the US had not denied their involvement in such operations. China first unveiled the breach against Northwestern Polytechnical University early last week, with the national State Council Information Office publicly condemning the cyberattacks. The Chinese foreign ministry’s spokesperson Mao Ning said NSA’s cyber attacks and data theft had involved 13 personnel from the US government agency. She revealed that more than 1,000 attacks were launched against the university, during which “core technical data” was stolen. Mao said: “Security of the cyberspace is a common issue facing all countries in the world. As the country that possesses the most powerful cyber technologies and capabilities, the US should immediately stop using its prowess as an advantage to conduct theft and attacks against other countries, [and] responsibly participate in global cyberspace governance and play a constructive role in defending cybersecurity.” She added that the US had “long carried out indiscriminate audio surveillance” against Chinese users, stealing text messages and conducting geolocation positioning. She said the US posed a “serious danger” to China’s national security and citizens’ personal data security.RELATED COVERAGE More

  • in

    How to tighten your security in Microsoft Edge

    monticello/Shutterstock Those of you who use Microsoft Edge want to make sure that your security is as tight as possible. And Edge offers a variety of settings to help you reach that goal. A SmartScreen option will protect you from malicious websites and files. An option for potentially unwanted apps blocks downloads of suspicious or […] More

  • in

    The worst thing about eSIM-only iPhone 14s

    From a consumer perspective, not much. Yes, it’s easier to pick a menu item than swap those fiddly little nano-SIM cards, but that’s about it. SIMlessness isn’t really a feature that will sell iPhones.From Apple’s perspective, had they only one variant, you could say that it was simplifying the circuit. But since Apple appears to be supporting some SIM-free phones, some with SIM and eSIM, and dual SIM in China, that simplification benefit isn’t there.From the perspective of major carriers, it somewhat herds users into the premium carrier club, preventing iPhone 14 users in the US from using cheap seat carriers like Ting.From the perspective of law enforcement, iPhones 14s will be easier to trace back to their owners, but all of the other legendary iPhone privacy features remain intact.So there you go. Are you concerned about losing physical SIM cards? Do you travel? Will using your iPhone 14 in China be an issue for you? Let us know in the comments below. More

  • in

    The ransomware problem won't get better until we change one thing

    <figure uuid="d87dd592-287c-4a03-99a7-e61544b589b0" size="original" float="none" image-caption=" A woman looking stressed out in front of a laptop in an office meeting room. ” image-credit=”Image: Getty/VioletaStoimenova” image-alt-text=”a-woman-looking-stressed-out-in-front-of-a-laptop-in-an-office-meeting-room” image-filename=”a-woman-looking-stressed-out-in-front-of-a-laptop-in-an-office-meeting-room.jpg” image-date-created=”2022/09/09″ image-width=”2141″ image-height=”1401″ image-do-not-crop=”false” image-do-not-resize=”false” image-watermark=”false” lightbox=”false” preload=”true” class=”c-shortcodeImage u-clearfix c-shortcodeImage-large c-shortcodeImage-hasCaption”> A woman looking stressed out in front of a laptop in an office meeting room. Image: Getty/VioletaStoimenovaRansomware is […] More

  • in

    The 4 best VPN services for torrenting in 2022

    ExpressVPN specificationsSimultaneous connections: 5Kill Switch: YesPlatforms: Windows, macOS, iOS, Android, Linux, and moreLogging: No browsing logs, some connection logsSupports torrenting/P2P: YesCountries: 94Money-back guarantee: 30 daysExpressVPN has an exceptionally large network of servers in 94 countries. Not only that, but it’s an exceptionally fast VPN, our sister site CNET found that it only cut speeds by 2%. Because of the encryption and server you route through, a VPN will slow down your internet connection, but 2% is unreasonably low.Exclusive offer: Get an additional three months free More

  • in

    These hackers used Log4Shell vulnerability to target US energy firms

    Getty State-back hackers behind the infamous crypto-stealing group Lazarus are now using the Log4shell flaw to breach energy firms in North America and Japan for espionage.  Cisco’s Talos security analysts say Lazarus hackers are exploiting flaws in Log4J — an open source application logging component — in unpatched internet-facing VMware’s Horizon servers to gain initial […] More

  • in

    Hong Kong consumers want right to choose when firms use AI

    Online consumers in Hong Kong are concerned about how artificial intelligence (AI) is used to deliver the services they consume and want more transparency from merchants. They admit, however, to having little knowledge about the technology. Just 31% of consumers in the Asian market said they trusted AI, but 51% acknowledged it helped cut the time they spent choosing products, according to a study released Thursday by Hong Kong Consumer Council. The online survey polled 1,219 respondents aged 15 and above who had visited local and international online stores, 77% of whom made purchases or browsed online stores on a daily or weekly basis. While 75% said they were unfamiliar with AI, 41% said the technology addressed their needs accurately. Another 74% expressed concerns about the excessive data businesses collected and 72% were worried no one would be held responsible if the AI algorithm was inaccurate and caused problems. Some 81% said they should have the right to choose when AI tools were used and 78% suggested merchants should inform consumers if they were using AI to provide services. Despite their consumers about the use of personal data, 60% of respondents had never read privacy policies at online stores or were unaware what such policies were. Amongst those who took the time to go through privacy policies, 43% stopped visiting online stores because these merchants collected too much of their personal data and too many third-party organisations had access to the data. They also pointed to the excessive purposes for which their data was collected. Some 77% said there should be more public education and information on AI. According to the Council, 89% of AI tools were used to power product recommendation, while 75% supported chatbots and 55% powered advanced biometrics. AI also was used to provide augmented reality services. However, the study found that only 38% of consumers found chatbots useful in enhancing their online shopping experience, citing the technology’s inability to accurately address their questions. In fact, 48% said they were cautious about providing personal data when using chatbots. Just over half, at 56%, were happy with product recommendations. In assessing the privacy policies of 112 local and international e-commerce sites, the Council noted that 90% revealed how they collected consumer data, the types of data collected, and the purposes of their data collection. However, just six of the online platforms mentioned the data was used to train AI and machine learning tools, while 41% said the data collected would be anonymised before it was used for data analytics. Only 17% provided details on how long the data would be retained and 42% offered information on how consumers could reject or opt out of data collection and cookie tracking.  In addition, 6% to 10% of the e-commerce stores collected data that had no direct relevance to the transaction, such as the customer’s education, income, marital status, and employment status. The Council urged the need for Hong Kong to accelerate the development of its AI governing framework to mitigate the associated risks. It noted that more than 160  sets of AI ethics principles or guidelines already had been introduced by various international organisations and several jurisdictions had either developed or were in the process of developing their national AI regulations. The Hong Kong statutory body added that it reviewed AI governance frameworks of 10 jurisdictions, including Singapore, South Korea, Mainland China, Japan, and France. Amongst these, there were common themes related to the monitoring and regulation of consumer rights, including accountability, transparency, and data privacy. The Council also noted that Japan and South Korea conducted regular surveys on the status of consumers’ understanding of AI, while Singapore focused on increasing AI literacy and provided various support for businesses, such as the launch of a toolkit to assess their AI use based on ethical principles. Pointing to the Hong Kong government’s AI development plan detailed in “The Smart City Blueprint for Hong Kong 2.0”, the Consumer Council said AI-related initiatives and guidelines currently were driven by the respective authorities based on their own assessment on industry adoption and governing practices. To facilitate the adoption of ethical AI use, it suggested that relevant regulatory bodies and government departments established sector-specific guidelines or standards for AI adoption amongst businesses. Their AI compliance results also could be disclosed publicly and consumer feedback gathered to improve such initiatives. The Council also recommended key areas the government could address in its AI plan, including boosting funding support to drive the commercialisation of AI projects, nurture AI talent, and provide AI ethics training to local businesses. “For AI to thrive in Hong Kong, apart from strengthening consumer education on issues pertaining to e-commerce, including data privacy and cybersecurity risks, traders should take a proactive step to adopt industry best practices in formulating company AI policy and corporate governance, as well as establish a ‘Consumer Charter’ to safeguard consumer rights,” the Council said.”Furthermore, the government could establish a holistic policy for long-term AI development, so as to progressively drive digital transformation in society.”RELATED COVERAGE More