Information Technology

Singapore is looking to expand its use of cameras and technology to better support law enforcers and first responders. These include plans to tap sensors, video analytics, artificial intelligence (AI), automation, and drones to ease manpower shortages and improve service efficiencies. 
As it is, the police have deployed almost 90,000 cameras in public locations such as carparks and residential estates across the island. And “many more” will be rolled out in the coming years, according to Minister for Home Affairs and Minister for Law K. Shanmugam, who was speaking in parliament Monday. 
Describing these cameras as “a game-changer” in deterring and investigating crimes, he said the devices had helped the police solve 4,900 cases as of December 2020. 

Singapore puts budget focus on transformation, innovation
After tilting last year’s budget towards ’emergency support’ in light of the global pandemic, Singapore’s government will spend SG$24 billion ($18.1 billion) over the next three years to help local businesses innovate and build capabilities needed to take them through the next phase of transformation.
Read More

Shanmugam noted that there were limits to resources and manpower, and his ministry had focused on transformation with increased use of technology to address the shortage. 
Neighbour police centres and police posts, for instance, had been redesigned to include automated self-help kiosks, so citizens could police services 24 by 7, he said. 
Some 300 next-generation Fast Response Cars also would hit the roads by 2023, equipped with cameras capable of providing a 360-degree view of their surroundings back to the Police Command Centre. This would enable agents at the command centre to assess the situation and deploy backups, he said. The vehicles also would be armed with video analytics technology to read number plates and automatically flag vehicles of interest. 
“So you will be surrounded by sensors, which make people feel safer and more confident,” the minister said. 

In addition, the police had been trialling beacon prototypes for a year, enabling the public to contact law enforcements directly during emergencies. Located across two residential estates, these beacons were equipped with various capabilities to “create deterrence and project presence”, he said, adding that they also had CCTV cameras to allow the police to assess the situation quickly. 
Beyond the law, efforts were underway to build “smart” fire stations that would make greater use of sensors and automation to facilitate operational response, decision making, and manpower management. Manual processes such as tracking the readiness of emergency supplies, vehicles, and personnel rostering would be automated, said Shanmugam. 
An AI-powered system also would send information during an emergency, such as a building’s floor plans and on-site live video feed, to officers before they arrived at the location. This would enable them to better assess the situation, develop a plan more quickly, and improve their response. 
Emergency first responders also would have smart wearables that were integrated with the smart fire station’s systems, enabling commanders to monitor their officers’ physical condition during operations and training. 
Moving to immigration control, Shanmugam said further enhancements would be made to verify travellers’ identities through iris and facial images at automated lanes, bypassing the use of passports and thumbprints. Trials were underway and showing promising results, he added.
He also pointed to the use of drones and robots to facilitate security operations at COVID-19 isolation facilities, which reduced the risk of exposure for frontline officers.
Robots also had been tapped to fight fire, including at an industrial fire last March where they tackled the most dangerous parts of the fire, fraught with immense heat and poor visibility, he noted.
RELATED COVERAGE More

A new light-based system could be used to generate the cryptography keys that secure highly sensitive data and transactions.  
Image: Kyungduk Kim/ University of Yale
Using a single, chip-scale laser, scientists have managed to generate streams of completely random numbers at about 100 times the speed of the fastest random-numbers generator systems that are currently in use.  
The new system, which is described as “massively parallel ultrafast random bit generation,” could be used to generate the cryptography keys that secure highly sensitive data and transactions, which are currently at risk of attack from hackers armed with ever-increasing computer power.  

Randomness has a fundamental role to play in cryptography: the more random a security key is, the harder it is to use logical mathematics to crack the code. This is why random numbers generators are used to encrypt data: the technology creates streams of bits that can in turn be used to produce very strong cryptography keys.  
There are many ways to generate random numbers, the most well-known of which can be traced back over thousands of years: for instance, a simple dice, or coin-flipping, provide unpredictable results. This is what modern cryptography is attempting to emulate. 
Of course, manual random number generation is incapable of keeping pace with the scale of demand for data security. To create large amounts of random numbers at scale, new technologies were developed to quickly translate into bits, or numbers, the unpredictable behavior of some natural phenomena.  
Lasers, for example, are made of tiny quantum photons that behave in a chaotic, unpredictable manner – and the random fluctuations of the particles that make up a laser beam can be detected by a computer, to be translated into sequences of numbers that are completely non-deterministic.  
Although the unpredictable properties of lasers have been used to generate random numbers before, those systems are limited. Laser-based systems aren’t capable of producing many numbers very fast, nor can they generate numbers simultaneously from a single beam. 

“Usually, those physical random number generators are not very fast – that’s one problem,” said Hui Cao, professor of applied physics at Yale University, who led the study. “Also, they are sequential – that is, they usually just generate one bitstream. They cannot generate many bitstreams simultaneously. And in each stream, the rate is relatively low, so that prevents it from generating a lot of random numbers very quickly.” 
At the same time, the need for a system that can produce random numbers at scale is fast increasing. As networks expand in an ever-connected way, it is becoming necessary to increase the generation rate of random numbers to keep pace with demand, and make sure that sensitive data is appropriately protected. 
To improve the output of laser-based random number generators, Cao and her team created a compact single laser, and tweaked the design of the laser cavity to make it resemble an hourglass. When the laser is shined, light waves ricochet between either end of the hourglass, simultaneously resonating in the device; the fluctuations in the intensity of the quantum particles of light are recorded by a fast camera, to be translated by a computer into random series of numbers.  
Thanks to the new design, therefore, the cavity acts as a resonator for the light waves, meaning that random bits can be generated in parallel, even with a single laser diode – a first, for light-based random number generators. 
The results are promising, both in speed and scale: using the new amplifying system, Cao and her team generated about 250 terabits, or 250,000 gigabits, or random bits per second, which is more than two orders of magnitude higher than the fastest current systems. The researchers said that the technology can also be scaled up “significantly”. 
“It really opens a new avenue on how to generate random numbers much faster, and we have not reached the limit yet,” said Cao. “As to how far it can go, I think there’s still a lot more to explore.” 
For the technology to be ready for practical use, however, it will be necessary to create a compact chip that incorporates both the laser and the photodetectors that could directly and rapidly send measurements to computers in real-time.  
With many companies looking at innovative ways to leverage light particles for random number generation, the field is likely to be busy in the next few years.  
UK-based quantum company Nu Quantum, for example, is working on a device that can emit and detect quantum particles of light, called single photons. In the long term, Nu Photon’s founders hope that the technology will be used to build large-scale quantum computers; for now, however, the start-up is working with the National Physical Laboratory to commercialize the device for quantum random number generation.  More

Small businesses can receive bespoke advice on how to improve their cybersecurity and protect their networks from malicious hackers and cyber crime via a new tool from the National Cyber Security Centre (NCSC).
The ‘Cyber Action Plan’ is a free online service designed to help small businesses protect themselves against cyber attacks.
While smaller businesses might not believe they’re a tempting target for cyber criminals, almost half have reported cybersecurity breaches or attacks over the last year. That figure is up from under a third of SMBs reporting incidents during the previous twelve months.
For cyber criminals, while targeting smaller businesses might not be as lucrative as campaigns targeting larger businesses, the potential lack of cybersecurity barriers could provide them with easy pickings. The attacker could always be targeting a small business as part of a supply chain attack against a larger target anyway.
SEE: What is cyber insurance? Everything you need to know about what it covers and how it works
The NCSC’s Cyber Action Plan tool aims to help small businesses improve their resilience to cyber attacks via the aid of a short questionnaire about their current cybersecurity strategy and provides customised advice on how the business could be better protected against cyber crime.
Some of the potential recommendations include building a backup strategy and regularly updating those backups, using a strong password and multi-factor authentication, as well as making sure that software updates and security updates are regularly applied.

SEE: Network security policy (TechRepublic Premium)
By applying relatively simple cybersecurity procedures like these, small businesses can go a long way towards protecting themselves from falling victim to data breaches, malware, ransomware and other cyber attacks.
“Small businesses are the lifeblood of this country, but we know they can be a target for cyber criminals, particularly as they move more operations online,” said Sarah Lyons, deputy director for economy and society at the NCSC.
“Our free Cyber Action Plan is here to help, offering bespoke, actionable information linked to the Cyber Aware behaviours. If you work for yourself, or run a small business, I would urge you to spend a few minutes on the questionnaire and follow the steps to help secure your business,” she added.
The action plan is the latest in a line of tools and initiatives by the NCSC designed to help protect businesses and individuals from falling victim to cyber attacks – or knowing what to do if they do become a victim of cyber crime.
The NCSC will be launching a version of the cyber action plan designed to help individuals and families protect themselves from cyber attacks at some point in the future.
MORE ON CYBERSECURITY More

Google is warning that bots are causing more problems for business — but many companies are only focused on the most obvious attacks.
At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen “two years’ worth of digital transformation in two months.” Google now sees that attackers have adapted to these changed conditions and are boosting attacks on newly online businesses, with bots high on the list of tools used. 
Bot attacks can cover anything from web scraping where bots are used to gather content or data, to bots that try to beat Captchas, to ad fraud, card fraud and inventory fraud. Of particular concern are distributed denial of service attacks (DDoS), where junk traffic is directed at an online service with the purpose of flooding it to the point of knocking it offline. 

ZDNet Recommends

According to the advertising giant, 71% of companies experienced an increase in the number of successful bot attacks, and 56% of companies reported seeing different types of attacks, but it said many companies are using the wrong mix of technology to protect themselves.
Google’s research has found that while 78% of organizations are using DDoS protection, such as web application firewalls, and content distribution networks (CDN), less than a fifth of them are using a “full bot management system”. 
“Bots attack an application’s business logic, and only a bot management solution can protect against that sort of threat,” says Google cloud platform’s Kelly Anderson, a product marketing manager. 
“To effectively safeguard web applications from bot attacks, organizations must use tools like DDoS protection, WAF, and/or CDNs, alongside a bot management solution.”

According to Anderson, there’s a missing link between application security and security operations teams and e-commerce, fraud, and network security pros, which allows for bots to pose a threat to business operations. 
“Effective bot management relies on collaboration between many teams within an organization, including security, customer experience, e-commerce, and marketing. But on average, only two teams are involved in bot management, usually the application security and security operations teams. Yet, it’s the e-commerce, fraud, and network security professionals that most commonly consume the data from bot management tools. This disconnect can lead to the commerce or fraud teams being left out of critical bot management decisions,” she explains. 
Because of this disconnection between security and anti-fraud teams, firms spend  53 working days — or nearly two months — across roles resolving attacks.
Anderson wants businesses to invest in a bot management system that can detect the most sophisticated bots. 
“Good automated traffic comes from approved partner applications and search engines, while bad traffic comes from malicious bot activity. Bots account for over half of all automated web traffic and nearly a quarter of all internet traffic in 2019, leaving professionals to thread the needle,” Google says in a research paper. 
Google commissioned the research to analyst firm Forrester Consulting, which looked at bot management approaches. The survey gained 425 respondents with responsibilities over fraud management, attack detection and response, and the protection of user data.
The company found that most organizations are only protecting themselves on card fraud, ad fraud, and influence fraud attacks. 
“Only 15% of businesses are currently protecting themselves against web scraping attacks, yet 73% face such an attack on a weekly basis,” Forrester Consulting says. 
Almost two-thirds of respondents said they lost between 1% and 10% of revenue to web scraping attacks alone. 
“Many businesses focus on the types of attacks that are mostly commonly in the news, rather than the attacks that can cause the most damage to their bottom lines,” the consulting firm says.  More

Cyberattackers have turned to search engine optimization (SEO) techniques to deploy malware payloads to as many victims as possible. 

ZDNet Recommends

According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. 
SEO optimization is used by webmasters to legitimately increase their website’s exposure on search engines such as Google or Bing. However, Sophos says that threat actors are now tampering with the content management systems (CMS) of websites to serve financial malware, exploit tools, and ransomware. 
In a blog post on Monday, the cybersecurity team said the technique, dubbed “Gootloader,” involves deployment of the infection framework for the Gootkit Remote Access Trojan (RAT) which also delivers a variety of other malware payloads. 
The use of SEO as a technique to deploy Gootkit RAT is not a small operation. The researchers estimate that a network of servers — 400, if not more — must be maintained at any given time for success. 
While it isn’t known if a particular exploit is used to compromise these domains in the first place, the researchers say that CMSs running the backend of websites could have been hijacked via malware, stolen credentials, or brute-force attacks. 

Once the threat actors have obtained access, a few lines of code are inserted into the body of website content. Checks are performed to ascertain whether the victim is of interest as a target — such as based on their IP and location — and queries originating from Google search are most commonly accepted. 

Websites compromised by Gootloader are manipulated to answer specific search queries. Fake message boards are a constant theme in hacked websites observed by Sophos, in which “subtle” modifications are made to “rewrite how the contents of the website are presented to certain visitors.”
“If the right conditions are met (and there have been no previous visits to the website from the visitor’s IP address), the malicious code running server-side redraws the page to give the visitor the appearance that they have stumbled into a message board or blog comments area in which people are discussing precisely the same topic,” Sophos says.
If the attackers’ criteria aren’t met, the browser will display a seemingly-normal web page — that eventually dissolves into garbage text. 
A fake forum post will then be displayed containing an apparent answer to the query, as well as a direct download link. In one example discussed by the team, the website of a legitimate neonatal clinic was compromised to show fake answers to questions relating to real estate. 

Victims who click on the direct download links will receive a .zip archive file, named in relation to the search term, that contains a .js file. 
The .js file executes, runs in memory, and obfuscated code is then decrypted to call other payloads. 
According to Sophos, the technique is being used to spread the Gootkit banking Trojan, Kronos, Cobalt Strike, and REvil ransomware, among other malware variants, in South Korea, Germany, France, and the United States. 
“At several points, it’s possible for end-users to avoid the infection, if they recognize the signs,” the researchers say. “The problem is that, even trained people can easily be fooled by the chain of social engineering tricks Gootloader’s creators use. Script blockers like NoScript for Firefox could help a cautious web surfer remain safe by preventing the initial replacement of the hacked web page to happen, but not everyone uses those tools.”

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Tether has revealed a ransomware demand in which threat actors are allegedly demanding 500 Bitcoin ($24 million). 

Over the weekend, the blockchain and cryptocurrency organization said on Twitter that a demand for payment had been made, on pain of documents being leaked online that would “harm the Bitcoin ecosystem.” 
The wallet address associated with the demand, at the time of writing, has $72 in BTC stored. 
Tether said that the payment deadline is March 1, but added, “We are not paying.”
“It is unclear whether this is a basic extortion scheme like those directed at other crypto companies or people looking to undermine Tether and the crypto community as a whole,” Tether says. “Either way, those seeking to harm Tether are getting increasingly desperate.”
The company also used the same thread to claim that documents circling online, allegedly showing dubious communication between employees of Tether, Deltec Bank & Trust, and other parties, are “forged”.  
The unverified email screenshots appear to relate to Bahamas-based Deltec, which has a banking relationship with Tether, and a discussion over asset backing. Tether says the documents are “bogus.”

In a separate tweet, Tether and Bitfinex CTO Paolo Ardoino said the main goal of these alleged leaks “is to discredit #bitcoin and all #crypto.”
“While we believe this is a pretty sad attempt at a shakedown, we take it seriously,” Tether commented. “We have reported the forged communications and the associated ransom demand to law enforcement. As always, we will fully support law enforcement in an investigation of this extortion scheme.”
Update 14.37 GMT: Tether told ZDNet that the company does not know the identity of the individual making the ransom demand and is “not in a position” to provide a copy of the ransom note “at this time.”
In other Tether news, the organization has reached an $18.5 million settlement with the New York Attorney General’s Office to settle a case in which both Tether and Bitfinex were accused of covering up an $850 million loss.
Letitia James, NY attorney-general, accused the firms of “recklessly and unlawfully covered up massive financial losses to keep their scheme going and protect their bottom lines,” adding that “Tether’s claims that its virtual currency was fully backed by US dollars at all times was a lie.”
Tether admitted no wrongdoing but has agreed to settle, a gesture the firm says “should be viewed as a measure of our desire to put this matter behind us and focus on our business.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A $650 million settlement to close a class-action lawsuit alleging that Facebook violated user privacy has been approved. 

The case, a class-action lawsuit filed against the social media giant six years ago, alleged that Facebook violated the Illinois Biometric Information Privacy Act (BIPA), which prevents companies from gathering or using biometric information from users without consent. 
The lawsuit claimed that the Facebook Tag Suggestions feature, which used facial markers to suggest people in image tagging, violated BIPA by scanning, storing, and using user biometrics to create “face templates” without written permission.
On Friday, in California, US District Judge James Donato approved the $650 million settlement, an increase of $100 million from Facebook’s proposed $550 million in January 2020. 
The ruling has been described as a “landmark result.” 
In total, close to 1.6 million Facebook users in Illinois could receive as much as $345 each within months, on the assumption that no appeal is filed, as reported by the Chicago Tribune. 
However, only users that signed up for representation in the class-action suit before the November 23, 2020 deadline are eligible for compensation. 

The three plaintiffs who originally filed the suit will receive $5,000 each. 
“Overall, the settlement is a major win for consumers in the hotly contested area of digital privacy,” the order read. “Final approval of the class action settlement is granted. Attorneys’ fees and costs, and incentive awards to the named plaintiffs, are also granted.”
In a statement, Facebook said, “we are pleased to have reached a settlement so we can move past this matter, which is in the best interest of our community and our shareholders.”
In related news over the past week, video content-sharing platform TikTok has agreed to a $92 million settlement to resolve claims that the company harvested and shared data belonging to minors. 
The case, originating from 21 class-action lawsuits filed in California and Illinois, also included allegations of BIPA violations. 
TikTok has agreed to the settlement — despite denying any wrongdoing — in order to focus on “building a safe and joyful experience for the TikTok community.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

TikTok has released its latest transparency report, revealing that more than 89.13 million videos were removed from its platform in the second half of 2020. The majority of these, at 11.78 million, are from the United States and 83.3% were yanked before they clocked any views.
The videos, which accounted for under 1% of all videos uploaded on TikTok, were removed for violating various conditions detailed in the Chinese tech company’s community guidelines or terms of service. These included safety involving minors, violent and graphic content, illegal activities and regulated goods, and suicide and dangerous activities, according to its latest and fourth transparency report.
Some 92.4% of videos were removed before users reported them and 93.5% within 24 hours of being posted. More than 6.14 million accounts were shuttered, while almost 9.5 million spam accounts were removed along with 5.23 million spam videos posted by these accounts. Some 173.25 million accounts were stopped from being created through automated means. 
In addition, more than 3.5 million ads also were rejected for violating the company’s advertising policies and guidelines, said TikTok, which noted that it did not accept paid political ads. 
Apart from the US, some 8.22 million videos removed originated in Pakistan while 7.51 million were from Brazil and 4.75 million were from Russia. Indonesia rounded up the top five countries, accounting for 3.86 million videos that were removed worldwide. 
Amongst government agencies that submitted requests to restrict or remove content on the video platform, Russia led the pack with 135 such requests, followed by Pakistan at 97, and Australia at 32. 
Owned by ByteDance, TikTok also operated a COVID-19 information hub, which it said clocked some 2.63 billion views in the second half of last year. Public service announcements directing users to the World Health Organisation and local public health resources were viewed more than 38.01 billion times. 

TikTok added that it removed 51,505 videos for promoting COVID-19 misinformation, 86% of which were yanked out before users reported them and 87% within 24 hours of being uploaded on the platform. Some 71% did not clock any views before they were removed. 
In the first half of 2020, the video platform removed more than 104.54 million videos, with India and the US contributing the most of such content at 37.68 million and 9.82 million, respectively. 
RELATED COVERAGE More