Information Technology

In an effort to combat the prevalence of deepfakes, Microsoft has launched a new video authenticator tool, which can analyse a still photo or video to provide a percentage of the chance that a piece of media is artificially manipulated.
In the case of a video, Microsoft said it could provide this percentage in real time for each frame as the video plays. It works by detecting the blending boundary of the deepfake and subtle fading or greyscale elements that might not be detectable by the human eye.
Deepfakes, or synthetic media, can be photos, videos, or audio files manipulated by artificial intelligence (AI). Microsoft said detection of deepfakes is crucial in the lead up to the US election.
See also: Deepfakes’ threat to 2020 US election isn’t what you’d think (CNET)
The tech was created using a public dataset from Face Forensic++ and Microsoft said it was tested on the DeepFake Detection Challenge Dataset, which it considers to be a leading model for training and testing deepfake detection technologies.
“We expect that methods for generating synthetic media will continue to grow in sophistication. As all AI detection methods have rates of failure, we have to understand and be ready to respond to deepfakes that slip through detection methods,” the company said in a blog post.
“Thus, in the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media.”
With few tools available to do this, Microsoft has also unveiled a new technology it said can both detect manipulated content and assure people that the media they’re viewing is authentic.
The tech has two components, with the first being a tool built into Microsoft Azure that enables a content producer to add digital hashes and certificates to a piece of content.
“The hashes and certificates then live with the content as metadata wherever it travels online,” Microsoft explained.
The second is a reader, which can be included in a browser extension, that checks the certificates and matches the hashes to determine authenticity.
In its deepfake fight, Microsoft has also partnered with the AI Foundation. The partnership will see the two parties make the video authenticator available to organisations involved in the democratic process, including news outlets and political campaigns through the foundation’s Reality Defender 2020 initiative.
The video authenticator will initially be available only through the initiative.

Microsoft’s video authenticator tool
Image: Microsoft
Another partnership with a consortium of media companies, known as Project Origin, will see Microsoft’s authenticity technology tested. An initiative from a number of publishers and social media companies, the Trusted News Initiative, have also agreed to engage with Microsoft on testing its technology.
The University of Washington, deepfake detection firm Sensity, and USA Today have also joined Microsoft to boost media literacy.
“Improving media literacy will help people sort disinformation from genuine facts and manage risks posed by deepfakes and cheap fakes,” Microsoft said. “Practical media knowledge can enable us all to think critically about the context of media and become more engaged citizens while still appreciating satire and parody.”
Through the partnership, there will be a public service announcement campaign encouraging people to take a “reflective pause” and check to make sure information comes from a reputable news organisation before they share or promote it on social media ahead of the election.
The parties have also launched a quiz for US voters to learn about synthetic media.
RELATED COVERAGE More

A Chinese national has been sentenced to 18 months in US prison by the District Court of Northern California for stealing trade secrets from semiconductor companies Avago and Skyworks.
The charged individual, Hao Zhang, was found to have stolen trade secrets such as semiconductor recipes, source code, specifications, presentations, design layouts, and other confidential information from these companies.
The original indictment had pressed charges against Zhang and five other Chinese nationals, but only Zhang will face prison time. 
The other five individuals are currently labelled as fugitives and are not based in the United States. 
According to the indictment, Zhang and Wei Pang — one of the charged individuals — had met at the University of Southern California (USC) during their studies. They then worked as semiconductor engineers at Skyworks and Avago, respectively, and stole trade secrets. 
These trade secrets were then shared with Tianjin University to enable the construction of a semiconductor fabrication plant and a China-based semiconductor business, the indictment explained.
In addition to facing prison time, Zhang was ordered by District Judge Edward Davila to pay around $477,000 in restitution to the two semiconductor companies. 
Davila’s decision brings an end to a case that was unsealed in 2015, when Zhang and the other individuals were charged. Zhang was arrested in the same year upon arriving at the Los Angeles International airport from China. 
The court verdict follows the Department of Justice earlier this week pressing charges against another Chinese national for allegedly destroying evidence in relation to a separate investigation into the potential illegal transfer of US technology to China. 
There has been a surge of these investigations since 2018, according to FBI Director Christopher Wray, when the DoJ launched the China Initiative campaign to counter and investigate Beijing’s economic espionage. 
“The FBI has about a thousand investigations involving China’s attempted theft of US-based technology in all 56 of our field offices and spanning just about every industry and sector,” Wray said earlier this year.
RELATED COVERAGE
Scientist sentenced to 2 years behind bars for stealing next-generation battery tech secrets
The intellectual property had an estimated value of $1 billion to the US company it belonged to.
DOJ indicts two Chinese hackers for attempted IP theft of COVID-19 research
The DOJ suggests in the indictment that the hackers were working for both themselves and for the benefit the Chinese government’s Ministry of State Security.
US charges Huawei with racketeering and conspiracy to steal trade secrets
US updates charges against Huawei, adds racketeering and IP theft allegations against the Chinese telco provider and its CFO.
FBI is investigating more than 1,000 cases of Chinese theft of US technology
US officials talk about all the methods the Chinese government and its agents have been using to target US companies and universities to steal intellectual property.
Engineer flees to China after stealing source code of US train firm
The 57-year-old is now considered a fugitive.  More

Image: Getty Images/iStockphoto
The liability for failing to protect systems from cyber incidents will fall directly onto many CEOs by 2024, Gartner is predicting.
The analyst firm expects liability for cyber-physical systems (CPSs) incidents will pierce the corporate veil to personal liability for 75% of CEOs.
“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” research vice president at Gartner Katell Thielemann said.
See also: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)
“In the US, the FBI, NSA, and Cybersecurity and Infrastructure Security Agenda (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry.”
Thielemann believes that CEOs will no longer be able to plead ignorance or retreat behind insurance policies.
Without even taking the actual value of human lives into the equation, Gartner said the costs for organisations in terms of compensation, litigation, insurance, regulatory fines, and reputation loss will be significant.
The financial impact of CPS attacks resulting in casualties to human life is predicted to reach over $50 billion by 2023.  
Gartner defines CPSs as systems that are engineered to orchestrate sensing, computation, control, networking, and analytics to interact with the physical world, including humans.
CPSs, therefore, underpin all connected IT, operational technology, and Internet of Things efforts where security considerations span both the cyber and physical worlds, such as asset-intensive, critical infrastructure, and clinical healthcare environments.
“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them,” Thielemann continued. “The more connected CPSs are, the higher the likelihood of an incident occurring.”
She said that with operational technology, smart buildings, smart cities, connected cars, and autonomous vehicles evolving, risks, threats, and vulnerabilities now exist in a bidirectional, cyber-physical spectrum.
“However, many enterprises are not aware of CPSs already deployed in their organisation, either due to legacy systems connected to enterprise networks by teams outside of IT, or because of new business-driven automation and modernisation efforts,” she added.
RELATED COVERAGE
The key to stopping cyberattacks? Understanding your own systems before the hackers strike
Organisations struggle to monitor their networks because they often don’t know what’s there. And that allows hackers to sneak in under the radar.
Ransomware: Cyber-insurance payouts are adding to the problem, warn security experts
“It seems like a fix but it really isn’t”. Paying the ransom might be the cheapest short-term option to get your data back, but it causes long-term problems.
Eight reasons more CEOs will be fired over cybersecurity breaches (TechRepublic)
Security is everyone’s problem, but CEOs should make sure their organisation doesn’t block its success. Gartner offers eight situations for CEOs to avoid if a breach occurs within their organisation. More

Image: Element5 Digital
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation said today that they have not seen any cyber-attacks target US voter registration databases and voting systems this year.
The two agencies issued a joint statement today after an article in Russian media had gone viral earlier this morning.
The article, published by Russian news agency Kommersant, claimed that a Russian hacker had obtained voter records for more than 7.6 million Michigan voters following an intrusion into the state’s database earlier this year, in March.
According to Kommersant, the hacker also claimed to be in possession of voter records for Connecticut, Arkansas, Florida, and North Carolina voters, but in smaller numbers, and was making all the databases available for free on a hacking forum since July.

Michigan’s voter records were not hacked. A Michigan voters file was posted on the site “raidforums” by user Gorka9. The file itself, available at https://t.co/og5TRC2mbo, contains only publicly available information from Michigan’s qualified voter file. Thread: pic.twitter.com/tGVdxbVjzk
— Jack Cable (@jackhcable) September 1, 2020

While most voter records in US states are available for free, the hacker claimed that at least the Michigan voter database contained fields that were meant to be private, such as emails and dates of birth.
CISA and the FBI say there was no hack
But in a joint statement published on Twitter today, CISA and the FBI claim that such a hack never happened. In fact, they haven’t seen any cyber-intrusions into election systems at all.
“CISA and the FBI have not seen cyber-attacks this year on voter registration databases or on any systems involving voting,” the two agencies said.

Furthermore, later in the day, Michigan and Connecticut state officials have also denied claims that they’ve been hacked, in statements released to NBC News reporter Kevin Collier.
The two states also reminded US voters that their respective voter databases are public, and anyone can obtain them for free, or by filing an FOIA (Freedom of Information Act) request, effectively calling the Kommersant report a non-story.
Nonetheless, this didn’t stop today’s Kommersant article going viral and causing panic among some US voters, with the report trending on Twitter US at one point earlier this morning.
The ludicrousness of thousands of Americans sharing a story from a Russian news site without questioning its reporting or authenticity was punctuated later in the day when both Facebook and Twitter announced they shut down a Russian-sponsored news site for misleading articles on US politics. More

Moscow, Russia – July 31, 2018: Tourists walk on the red square on a summer day. View of the square and the Kremlin’s Spassky Tower
Zayne C., Getty Images
Facebook and Twitter said on Tuesday that they removed social media accounts for a news organization going by the name of PeaceData, which they linked to Russia’s state propaganda efforts.
The two social networks said they started an investigation into accounts associated with this news site after they received a tip from the FBI earlier this summer.
Who is PeaceData
Following investigations started by both platforms, Facebook said it removed 13 accounts and two pages, while Twitter said it banned five accounts, all of which were used to promote news articles hosted on the PeaceData.net website.
In a report [PDF] published today analyzing PeaceData’s operations, social media research group Graphika said the news site focused on publishing news articles in both English and Arabic, critical of the US, the UK, and France.

PeaceData website
Image: ZDNet
Graphika said the website published content using both fake personas but also real journalists that they hired through ads posted on the Guru job portal.

Image: Graphika
The articles criticized both the right and left wings of the political spectrum, along with US military and foreign policies.
“They published and shared articles about the race protests in the United States, accusations of foreign interference and war crimes committed by the US, corruption, and the suffering caused by capitalism,” Graphika wrote in its report.
These articles are still live on the PeaceData website today. Many have skewed views and cover conspiracy theories, with headlines such as “Overfunding of US Military Is Driving Climate Change and White Supremacist Culture of War Crimes,” “Svetlana Tikhanovskaya’s Deleted Webpages Show She’s Little More Than a Western Regime Change Puppet,” “Portland Protests: Authoritarian Trump Is Worse Than the Demagogue,” and “Era of US Domination of Latin America Coming to an End.”
Graphika said the network was still in its infancy when it was taken down, suggesting that the FBI had spotted the operation before it could do any real damage on social media.
In a series of tweets today, Twitter confirmed this assessment, claiming that the banned PeaceData accounts “achieved little impact on Twitter and were identified and removed quickly.”
Linked to Russia’s IRA
Twitter avoided naming the real entity behind the PaceData website and only said that it could “reliably attribute to Russian state actors.”
On the other hand, Facebook was more brazen in a blog post today, claiming that the PeaceData website was linked to “individuals associated with past activity by the Russian Internet Research Agency (IRA),” the infamous Russian company based in Sankt Petersburg that is known to engage in online influence operations on behalf of the Russian government, and who is mostly known for its interference in the 2016 US presidential election.
Graphika also backed Facebook’s assessment, linking PeaceData to Russia’s IRA as well. More

Image: terimakasih0
The Norwegian Parliament (Stortinget) said on Tuesday that it fell victim to a cyber-attack that targeted its internal email system.
In a press release today, Stortinget director Marianne Andreassen said that hackers breached email accounts for elected representatives and employees alike, from where they stole various amounts of information.
Andreassen said the incident is currently under investigation, and, as a result, couldn’t provide any insight into who was behind the attack, or the number of hacked accounts.
Norway’s intelligence agency is currently investigating the incident, according to a statement the agency posted on its Twitter account earlier today.

PST er kjent med IT-angrepet mot Stortinget. Når PST har mottatt anmeldelsen vil vi vurdere om det er grunnlag for å starte etterforskning. https://t.co/UIuqeXgaea
— PST (@PSTnorge) September 1, 2020

While the investigation is still ongoing, Andreassen said that Stortinget has already started notifying impacted representatives and employees about the incident.
Local press, who first broke the story about the attacks, also reported that the parliament’s IT staff has shut down its email service to prevent the hackers from siphoning more data.
Prior to today’s incident, cyber-attacks targeting Norway have been rare and far apart.
In January 2018, a hacker group stole healthcare data for more than half of Norway’s population, according to local press.
In February 2019, cyber-security firms Rapid7 and Recorded Future revealed that Chinese hackers breached Visma, a Norwegian company that provides cloud-based business software solutions for European companies, and used this access to attack the company’s customers.
In May 2020, a group of internet scammers tricked Norfund, Norway’s state investment fund, out of $10 million, in an attack known as a business email compromise. More

The Pacific Light Cable Network (PLCN), an ambitious underwater data cable project partly owned by Facebook and Google, won’t be connecting Los Angeles to Hong Kong after all. 
New plans for the 12,800 kilometre-long network presented to the US Federal Communications Commission (FCC) show that the PLCN will instead only operate between the US, Taiwan and the Philippines.

Digital transformation

The nearly 13,000 kilometres of underwater cables have already been laid, but the project needed permission from the FCC before operations could kick off. In the new application filed by the companies managing PLCN, authorization was only requested to run the network between the US, Taiwan, and the Philippines. The file specifies that the applicants are not seeking authority for the Hong Kong path.
Initially announced in 2016, the PLCN project was intended to provide direct submarine cable connectivity between Hong Kong and Los Angeles. It is made of six fiber pairs, each linking the US and Hong Kong, with some pairs including branches to Taiwan or the Philippines.
Three firms share ownership of the cable network. Google owns one fiber pair with a branch to Taiwan, and Facebook owns another pair with branches to the Philippines. Hong Kong company Pacific Light Data Co (PLDC) owns all of the remaining pairs and acts as the landing party in Hong Kong. 
Last June, however, an FCC Committee called Team Telecom recommended that the US body deny the operation of a sub-sea cable system connecting directly to Hong Kong, saying that it was not in the interest of US national security or law enforcement interests to approve subsea cables landing in Chinese territory when the Chinese government had previously demonstrated its intent to acquire data on US citizens. 
The FCC Committee also argued that the high capacity and low latency of the network would encourage US communication traffic crossing the Pacific to detour through Hong Kong before reaching the intended destination, which would unnecessarily increase the amount of data going through infrastructure controlled by the Chinese government. 
As a result, plans for parts of the project had to be revised by Google and Facebook. The latest application filed with the FCC, therefore, establishes that the fiber pairs operated by PLDC will not be operational.
A Google spokesperson said: “We can confirm that the original application for the PLCN cable system has been withdrawn, and a revised application for the US-Taiwan and US-Philippines portions of the system has been submitted. We continue to work through established channels to obtain cable landing licenses for our undersea cables.”
Having a direct communication channel with ultra-high capacity between Los Angeles and Hong Kong was a prospect that sat well with many US firms that may want to expand their customer base to Asia. With capacity demand on such a route set to increase in the coming years, the network had been pitched as a way to enhance service quality, redundancy and resilience of communications systems in the region. 
Restricting the system’s perimeter to Taiwan and the Philippines might, therefore, impact business productivity. But FCC commissioner Geoffrey Starks said in a Tweet that national security concerns should prevail: “I share those concerns and will continue to speak out,” he said. “(The) FCC must ensure that our telecom traffic is safe and secure.”
The announcement is the latest move in an escalating trade war between the US and China, as the Trump administration continues to argue that Chinese companies are being leveraged by the Chinese government to spy on foreign nations.
Huawei, for example, was added to the US Entity List, effectively barring the firm from trading with US businesses. More recently, the Chinese telecommunications giant was forbidden from accessing key US semiconductor technologies like chips, on top of gradually being pushed out of several nations’ 5G networks.
The Trump administration is also clamping down on Chinese-owned apps TikTok and WeChat, and recently announced sanctions for any company doing business with the two platforms. More

Leaked documents have revealed the concerns of law enforcement in how Internet of Things (IoT) technology can pose a risk to the safety of police officers. 

Smart doorbell vendors including Ring have created product lines that have transformed traditional bells and door chimes into intelligent technological solutions that provide location monitoring, real-time camera feeds, audio and visual recordings, and the ability to communicate with visitors remotely. 
For homeowners, an IoT doorbell can provide an additional layer of security at points of entry. For law enforcement, their rapid adoption provides a new stream of intelligence for criminal investigations. 
Amazon acquired Ring in 2018. In the past few years, doorbells have been donated to residents in areas including Kansas City to tackle crime (.PDF), and in total, Ring now works with over 400 US police departments.
See also: Ring to enable 2FA for all user accounts after recent hacks
The Neighborhoods initiative brings Ring doorbells together as part of a wider network that displays installations on a map — highlighting where law enforcement could request footage from residents rather than obtain warrants. 
However, nodes in this network may also be used to push back against the police, according to leaked documents. 
As reported by The Intercept, a 2019 analysis bulletin highlights how IoT footage can be used to corroborate witness statements or alibis, but in turn, smart surveillance technology can also “pose security challenges” for law enforcement. 
Namely, when police officers are considered unwanted visitors. 
“Most IoT devices contain sensors and cameras, which generate an alert or can be remotely accessed by the owner to identify activity in and around an owner’s property,” the bulletin reads. “If used during the execution of a search, potential subjects could learn of LE’s [law enforcement] presence nearby, and LE personnel could have their images captured, thereby presenting risk to their present and future safety.”
In “standoff” situations, too, IoT devices containing motion sensors could alert suspects to the position of police officers around or in a property. 
CNET: How to avoid the latest text scam about package deliveries
A 2017 case noted in the bulletin says that the FBI once visited a residential home to serve a search warrant. A Wi-Fi doorbell at the property alerted the subject of the warrant, who was at another location. The subject then contacted his neighbor and landlord regarding the FBI’s presence at his home, rather than engage directly with the police. 
The publication cites another bulletin, “Video Doorbell Devices Pose Risk to Law Enforcement in New Orleans, Louisiana as of 25 July 2017,” which noted the “subject may have been able to covertly monitor law enforcement activity while law enforcement was onthe premises.”
TechRepublic: The best developer-centric security products
Another challenge posed by IoT devices is when users pull the footage and post suspected criminal activity across social media — a trend that you can often see in local Facebook groups, for example — before an investigation is launched. This can result in false accusations and may also tip off criminals to the existence of footage before the police become involved. 
Smart doorbells can be of benefit to consumers who want to enhance their home security. However, when surveillance becomes a sales pitch, muddying the water between a consumer product, law enforcement, and criminal investigations can pose a variety of issues — not just for our personal privacy, but also as these products can be turned away from their original purpose. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More