SolarWinds hack targeted nearly 2 dozen federal prosecutors offices, including some of the most influential in the country like the Eastern District of New York

department of justice building
  • The emails of federal prosecutors’ offices around the country were hacked by Russian intelligence during the SolarWinds cyber attack.
  • The Russian hackers had access to the emails of federal prosecutors in New York, California, DC and other jurisdictions from May to December 2020.
  • The Justice Department released the update to “increase transparency” with the public as it continues to investigate the hacking.
  • See more stories on Insider’s business page.

Federal US prosecutors were among targets of the Russian hackers behind the 2020 SolarWinds cyber attack, the Justice Department said on Friday.

According to the update, the SolarWinds hackers breached the Department’s Microsoft O365 email accounts, which included the mailboxes of federal prosecutors from New York, Los Angeles, and prominent offices in 13 other states.

At least one employee email at each of the affected district offices was hacked, and at least 80% of employees in the four major US attorneys’ New York district offices — the Eastern, Southern, Western and Northern — had their accounts hacked, the DOJ said. Hackers gained access to all sent, received, and stored emails and attachments in those accounts, though it is unclear which information the hackers took.

“New York is the financial center of the world and those districts are particularly well known for investigating and prosecuting white-collar crimes and other cases, including investigating people close to the former president,” Bruce Green, a Fordham Law School professor, told the Associated Press.

US federal investigators said Russia’s Foreign Intelligence Service (SVR) was responsible for installing malicious malware into SolarWinds’ Orion software in 2020. The US information technology firm has more than 300,000 clients, including US government agencies and the vast majority of Fortune 500 companies.

The group is believed to have had access to the emails from May to December of last year.

After learning these accounts were hacked, the Department’s Office of the Chief Information Officer cut off the channel the hackers used to the Microsoft Office accounts, notified the affected parties and the public, and is continuing to monitor the security risks associated with the hack.

The Justice Department released the update to “encourage transparency and strengthen homeland resilience,” and so that others can “use that information to prepare themselves for the next threat,” the updated statement said.

The US Department of Justice could not be reached at the time of publication.

Read the original article on Business Insider

Twitter is testing a new e-commerce feature, which allows businesses to showcase their products on their Twitter profile

Twitter
Twitter

  • Twitter is revamping its e-commerce efforts with tests of its new Shop Module feature
  • The Shop Module appears as a product image carousel at the top of a brand’s Twitter profile.
  • Shop Module is ‘exploratory’ for Twitter as it enters an already crowded social media e-commerce market.
  • See more stories on Insider’s business page.

Twitter on Wednesday rolled out testing of Shop Module, a new e-commerce feature on its platform.

With Shop Module, Twitter users can scroll and tap through products to learn more about and shop for products on the business’ landing page without leaving the Twitter app.

“We know people come to Twitter to interact with brands and discuss their favorite products,” said Twitter’s Revenue Product Lead Bruce Falck at Twitter Analyst Day 2021. “Imagine easily discovering, and quickly purchasing a new skincare product or trendy sneaker from a brand you follow with only a few clicks.”

Shop Module is a new player in an already robust social media e-commerce space, with Facebook Marketplace, Shopify, and Instagram Checkout being big competitors. Twitter plans to capitalize on an increasing social commerce consumer market, which boomed during the coronavirus pandemic and is projected to grow over the next three to five years.

twitter shop module

Twitter first ventured into e-commerce in 2014 with their “Buy Now” button, which embedded product links into tweets. The company decided to focus on performance ad sales since, but announced its intentions to re-explore e-commerce at Twitter Analyst Day last spring.

Twitter also introduced several e-commerce related features earlier this year, like Super Follows, which could potentially connect their fans to products and merchandise, and Professional Profiles, which allows businesses to display their address, phone numbers, and operating hours on their profile.

Still in the early stages of testing, Shop Module is currently only available to around 12 businesses across lifestyle, retail, and entertainment, according to Tech Crunch, and only US English-speaking IOS Twitter users can see the Shop Module on the app.

“Fundamentally, it’ll give us the chance to keep learning about which shopping experiences people prefer on Twitter,” Falck added in a blog post announcing the Shop Module.

Read the original article on Business Insider

A man used AI to bring back his deceased fiancé. But the creators of the tech warn it could be dangerous and used to spread misinformation.

GPT-3 is a computer program that attempts to write like humans.
GPT-3 is a computer program that attempts to write like humans.

  • A man used artificial intelligence (AI) to create a chatbot that mimicked his late fiancé.
  • The groundbreaking AI technology was designed by Elon Musk’s research group OpenAI.
  • OpenAI has long warned that the technology could be used for mass information campaigns.
  • See more stories on Insider’s business page.

After Joshua Barbeau’s fiancé passed away, he spoke to her for months. Or, rather, he spoke to a chatbot programmed to sound exactly like her.

In a story for the San Francisco Chronicle, Barbeau detailed how Project December, a software that uses artificial intelligence technology to create hyper-realistic chatbots, recreated the experience of speaking with his late fiancé. All he had to do was plug in old messages and give some background information, and suddenly the model could emulate his partner with stunning accuracy.

It may sound like a miracle (or a Black Mirror episode), but the AI creators warn that the same technology could be used to fuel mass misinformation campaigns.

Project December is powered by GPT-3, an AI model designed by the Elon Musk-backed research group OpenAI. By consuming massive datasets of human-created text (Reddit threads were particularly helpful), GPT-3 can imitate human writing, producing everything from academic papers to letters from former lovers.

It’s some of the most sophisticated – and dangerous – language-based AI programming to date.

When OpenAI released GPT-2, the predecessor to GPT-3, the group wrote that it can potentially be used in “malicious ways.” The organization anticipated bad actors using the technology could automate “abusive or faked content on social media,” “generate misleading news articles,” or “impersonate others online.”

GPT-2 could be used to “unlock new as-yet-unanticipated capabilities for these actors,” the group wrote.

OpenAI staggered the release of GPT-2, and still restricts access to the superior GPT-3, in order to “give people time” to learn the “societal implications” of such technology.

Misinformation is already rampant on social media, even with GPT-3 not widely available. A new study found that YouTube’s algorithm still pushes misinformation, and the nonprofit Center for Countering Digital Hate recently identified 12 people responsible for sharing 65 percent of COVID-19 conspiracy theories on social media. Dubbed the “Disinformation Dozen,” they have millions of followers.

As AI continues to develop, Oren Etzioni, CEO of the non-profit, bioscience research group, Allen Institute, previously told Insider it will only become harder to tell what’s real.

“The question ‘Is this text or image or video or email authentic?’ is going to become increasingly difficult to answer just based on the content alone,” he said.

Read the original article on Business Insider

Clubhouse no longer requires an invite, ditching the exclusive ‘club’ identity it was founded on

clubhouse app

Clubhouse is opening up membership to new users without needing an invite to join.

The audio-first social app hosts a variety of live, user-led conversations in virtual chat rooms. The app was originally only open to people who received an invitation from a Clubhouse member, an integral part of its early identity in the social media space as an exclusive freeform conversation space where users could log on to chat and listen to everyone from Oprah Winfrey to Mark Zuckerberg.

There are around 10 million new users on the waitlist, and they will gradually be added to the app overtime, The Verge reported on Wednesday.

The company’s exclusive, invite-only waitlist system was devised as a technical solution for the app’s early growth, with the app essentially in a beta-testing period for the past year, a Clubhouse spokesperson told Insider on Wednesday. But its goal has always been a wide release once the company could logistically support it, the spokesperson said.

“We got to a point from a technical proficiency standpoint, and also the community has scaled to such a level now, where basically we believe we can handle the influx of millions of people,” the spokesperson said.

The announcement comes after a drop in new downloads earlier this year and a subsequent launch on Android that boosted new user signups. In June, the audio chat app was downloaded around 7.8 million times across Android and iOS, according to data from research firm Sensor Tower shared with Insider – almost twice as many as the previous month.

The company also released a new text-based feature, Backchannel, last week.

Meanwhile, members who joined during the invite-only era of Clubhouse will get to keep the invitation badge on their profile (which indicates when you were invited and by whom) as an indicator of how long they have been using the app.

Read the original article on Business Insider

TikTok wants to be LinkedIn for Gen Z, launches TikTok Resumes for video job applications

TikTok resumes

TikTok launched the pilot program “TikTok Resumes” on Wednesday, hoping to connect Gen Z to job openings at major companies like Chipotle, Shopify, Target, and Alo Yoga.

The program is only accepting video resumes for a limited time, with applications open through July 31.

As of this year, there are more Gen Z users on TikTok than on Instagram– over half of the app’s user base is younger than 24 years old. Comparatively, only 19.3% of Linkedin users belong to Gen Z.

Statistic: Distribution of LinkedIn users worldwide as of April 2021, by age group | Statista


Find more statistics at Statista

TikTok users have already been using the platform as a tool for sharing career advice as well as providing tips for job openings, interview etiquette, and resume-building advice, Insider’s Aleeya Mayo reported.

CareerTok is already a thriving subculture on the platform,” Nick Tran, Global Head of Marketing at TikTok, said. “We can’t wait to see how the community embraces TikTok Resumes and helps to reimagine recruiting and job discovery.”

“Interested candidates are encouraged to creatively and authentically showcase their skillsets and experiences, and use #TikTokResumes in their caption when publishing their video resume to TikTok,” the company said.

Participating employers include Chipotle, Target, WWE, Alo Yoga, Shopify, Contra, Movers+Shakers and more.

The program launch comes amid a nationwide labor shortage that has left companies across industries struggling to hire enough workers.

You can access the TikTok Resumes program in the app through #TikTokResumes or at www.tiktokresumes.com.

Read the original article on Business Insider

A 41-year-old bitcoin mogul died unexpectedly, leaving behind a fortune worth billions

A pile of bitcoin cryptocurrencies is seen.
A pile of bitcoin cryptocurrencies is seen.

  • Major bitcoin investor Mircea Popescu suddenly died, leaving behind a cryptocurrency fortune reportedly worth over $2 billion.
  • Popescu, 41, drowned last week off the coast of Costa Rica, local reports said.
  • His death has prompted questions about what will happen to Popescu’s enormous bitcoin fortune.
  • See more stories on Insider’s business page.

A major bitcoin investor has suddenly died, leaving behind a cryptocurrency fortune reportedly worth more than $2 billion.

Mircea Popescu, a Romanian national, drowned last week off the coast of Costa Rica, local reports said. He was 41.

Popescu drowned at Playa Hermosa, according to Teletica.com, which reported that Popescu was swept away by the current and died.

His death has prompted questions surrounding what will now happen to Popescu’s enormous bitcoin fortune.

Popescu, a controversial figure sometimes referred to as “the father of bitcoin toxicity,” is known for launching a “bitcoin securities exchange” called MPEx in 2012, according to Bitcoin magazine.

“The website was once an early breeding ground for early bitcoin IPOs, a practice that earned him the ire of the US Securities and Exchange Commission, an agency whose power he took no shortage of joy in openly undermining,” the magazine said.

Popescu generated “an aggressive brand of unapologetic bitcoin evangelism that made his influence enduring despite documented instances of sexism, bigotry and anti-semitism,” Bitcoin Magazine said.

He has claimed to hold 1 million bitcoins, though some have estimated that he had tens of thousands of coins.

Read the original article on Business Insider

Edward Snowden says Julian Assange ‘could be next’ after John McAfee dies by suicide in jail

snowden
  • Edward Snowden said he fears that Julian Assange ‘could be next’ if he faces extradition.
  • John McAfee took died by apparent suicide on Wednesday. News had broken that he would be extradited to the US from Spain.
  • “Europe should not extradite those accused of non-violent crimes to a court system so unfair,” Snowden tweeted.
  • See more stories on Insider’s business page.

Former NSA consultant and data privacy advocate Edward Snowden tweeted on Wednesday that Julian Assange “could be next,” after antivirus mogul John McAfee died by apparent suicide in a Barcelona prison cell following news that he was being extradited to the US on criminal tax evasion charges.

Spanish outlets broke the news of McAfee’s death by suicide on Wednesday.

“Europe should not extradite those accused of non-violent crimes to a court system so unfair – and prison system so cruel – that native-born defendants would rather die than become subject to it. Julian Assange could be next,” Snowden tweeted.

“Until the system is reformed, a moratorium should remain,” he added.

Wikileaks founder Julian Assange was arrested in April 2019 in the United Kingdom, and a UK court temporarily blocked his extradition to the US in January 2021 on 18 charges, most through the Espionage Act, of obtaining and sharing classified information.

Read the original article on Business Insider

China hacked an internet security tool to target Verizon and Southern California’s water supplier, among others

iPhone displaying Pulse Secure App
  • China hacked into Pulse Connect Secure, which provides internet security for Verizon, among others.
  • Sophisticated hackers were able to exploit never-before-seen vulnerabilities.
  • It’s unclear, what, if any sensitive information the hackers were able to ascertain.
  • See more stories on Insider’s business page.

RICHMOND, Va. (AP) – A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical US entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.

“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer of Mandiant, whose company first publicized the hacking campaign in April.

The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to US critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations. The US government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyber spies, which infiltrated dozens of private sector companies and think tanks as well as at least nine US government agencies and went on for most of 2020.

The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.

In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.

“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” said Adrian Nish, the head of cyber at BAE Systems Applied Intelligence. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”

The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, or CISA, issued an April alert about the Pulse hack saying it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities, and other private sector organizations.” The agency has since said that at least five federal agencies have identified indications of potential unauthorized access, but not said which ones.

Verizon said it found a Pulse-related compromise in one of its labs but it was quickly isolated from its core networks. The company said no data or customer information was accessed or stolen.

“We know that bad actors try to compromise our systems,” said Verizon spokesman Rich Young. “That is why internet operators, private companies, and all individuals need to be vigilant in this space.”

The Metropolitan Water District of Southern California, which provides water to 19 million people and operates some of the largest treatment plants in the world, said it found a compromised Pulse Secure appliance after CISA issued its alert in April. Spokeswoman Rebecca Kimitch said the appliance was immediately removed from service and no Metropolitan systems or processes were known to have been affected. She said there was “no known data exfiltration.”

The Metropolitan Transportation Authority in New York also said they’ve not found evidence of valuable data or customer information was stolen. The breach was first reported by The New York Times.

Mandiant said it found signs of data extraction from some of the targets. The company and BAE have identified targets of the hacking campaign in several fields, including financial, technology and defense firms, as well as municipal governments. Some targets were in Europe, but most in the US.

The new details of the Pulse Secure hack come at a time of tension between the US and China. Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”

Read the original article on Business Insider

Trump’s 3 Supreme Court appointees joined the 3 liberal justices to limit a landmark federal cybercrime law

Supreme Court
In this Nov. 2, 2020, file photo an American flag waves in front of the Supreme Court building on Capitol Hill in Washington. The Supreme Court punted on a case over whether the Trump administration can exclude people in the country illegally from the count used for divvying up congressional seats.

An unusual majority of the Supreme Court ruled on Thursday that the Computer Fraud and Abuse Act doesn’t cover cases in which a person accesses a computer system they are authorized to use.

Former President Donald Trump’s three Supreme Court nominees – Justices Neil Gorsuch, Brett Kavanaugh, and Amy Coney Barrett – joined liberal Justices Stephen Breyer, Sonia Sotomayor, and Elena Kagan to impose limits on the landmark cybercrime law.

The case, Nathan Van Buren v. United States, involved a former Georgia police officer who was accused of looking up a license plate number in the state’s database in exchange for money. The court found that though Van Buren accessed the system for improper reasons, he was authorized to use the computer database.

Civil liberties groups had argued that widening the scope of the Computer Fraud and Abuse Act could criminalize mundane things, like checking social media at work, according to Politico.

This is a developing story. Please check back for more updates.

Read the original article on Business Insider

Google urged to halt cloud-computing project in Saudi Arabia over human rights concerns

AP20004581852301
Dakar Rally organizers stand in front of a screen displaying images of Saudi King Salman, right, and Crown Prince Mohammed bin Salman, during a presentation in Dakar village, in Jiddah, Saudi Arabia, Saturday, Jan. 4, 2020.

  • In December 2020, Google announced it would build a cloud-computing center in Saudi Arabia.
  • Critics fear that could allow Saudi authorities to more easily access user data.
  • Human rights groups are calling on Google to halt work on the project.
  • See more stories on Insider’s business page.

A Silicon Valley tech giant could end up enabling one of the world’s worst human rights abusers to better spy on its citizens, human rights campaigners said Wednesday.

When Google announced last year that it had finalized an agreement to build a major new cloud-computing center in Saudi Arabia, the company said the move would allow businesses there to “confidently grow and scale their offerings in this market.”

The company opened the first such centers, known as Google Cloud regions, in 2020, starting with the US, Indonesia, and South Korea. It also announced plans to open them in Spain, France, Italy, and Qatar.

But in a statement, critics said that setting up shop in Saudi Arabia could end up bringing more than just faster data transfer speeds to its clients, including Saudi Aramco, a state-owned oil company.

“In a country where dissidents are arrested, jailed for their expression and tortured for their work – Google’s plan could give the Saudi authorities even greater powers to infiltrate networks and gain access to data on peaceful activists and any individual expressing a dissenting opinion in the Kingdom,” Rasha Abdul Rahim, director of Amnesty Tech, said in a press release.

The backlash underscores the difficulties Google faces in its aggressive pursuit of cloud computing, as the push into more markets risks tangling the company up in geopolitical quandaries.

The communique, signed by Amnesty International, Human Rights Watch, and the Electronic Frontier Foundation, among others, calls on Google to “immediately halt” work on the project until the company “can publicly demonstrate how it will mitigate adverse human rights impacts.”

The stated fear among campaigners is not that Google will directly assist Saudi authorities’ attempts to silence dissent, but that those authorities have shown no qualms about infiltrating technology companies – and demanding that they hand over user data. In at least one case, the Saudi government appears to have placed spies within a US social media company, Twitter, to obtain information it could not get through legal means.

The US State Department, in a 2020 human rights report, noted that Saudi authorities “frequently attempted to identify and detain anonymous or pseudonymous users and writers who made critical or controversial remarks.” The Saudi government “regularly surveilled websites, blogs, chat rooms, social media sites, emails, and text messages,” the report noted, and a counter-terrorism law grants authorities the right to circumvent legal protections to access someone’s “private communications.”

Saudi Arabia is also a world leader when it comes to beheading citizens it deems enemies of the kingdom. Its top officials also orchestrated the killing of journalist Jamal Khashoggi, using spyware to keep tabs on the dissident and his friends, according to a lawsuit.

Campaigners want Google to come out and set “red lines” concerning requests from the Saudi government with which it will refuse to comply. It also wants Google to elaborate on the specifics of the independent human rights assessment the company said it conducted.

“We are saying they should not have any cloud region in Saudi Arabia, unless and until there has been a robust and thorough human rights due diligence process,” Michael Kleinman, director of Amnesty International’s Silicon Valley initiative, told Insider.

In 2018, after employee backlash over a cloud contract with the Department of Defense, Google published a set of principles around AI that included a commitment to not design or deploy AI that “contravenes widely accepted principles of international law and human rights.”

But as Google races to catch Microsoft and Amazon in the cloud wars, deals with some governments risk backlash both inside and outside the company. Earlier this month, some Google employees called on the company to terminate contracts with the Israeli government due to the deadly attacks on Palestinians in Gaza.

The company did not respond to a request for comment.

Have a news tip? Email this reporter: cdavis@insider.com.

Have a tip about Google? Contact Hugh Langley securely using the encrypted messaging apps Signal and Telegram (+1-628-228-1836) or encrypted email (hslangley@protonmail.com

Read the original article on Business Insider