According to the update, the SolarWinds hackers breached the Department’s Microsoft O365 email accounts, which included the mailboxes of federal prosecutors from New York, Los Angeles, and prominent offices in 13 other states.
At least one employee email at each of the affected district offices was hacked, and at least 80% of employees in the four major US attorneys’ New York district offices — the Eastern, Southern, Western and Northern — had their accounts hacked, the DOJ said. Hackers gained access to all sent, received, and stored emails and attachments in those accounts, though it is unclear which information the hackers took.
“New York is the financial center of the world and those districts are particularly well known for investigating and prosecuting white-collar crimes and other cases, including investigating people close to the former president,” Bruce Green, a Fordham Law School professor, told the Associated Press.
The group is believed to have had access to the emails from May to December of last year.
After learning these accounts were hacked, the Department’s Office of the Chief Information Officer cut off the channel the hackers used to the Microsoft Office accounts, notified the affected parties and the public, and is continuing to monitor the security risks associated with the hack.
The Justice Department released the update to “encourage transparency and strengthen homeland resilience,” and so that others can “use that information to prepare themselves for the next threat,” the updated statement said.
The US Department of Justice could not be reached at the time of publication.
Twitter on Wednesday rolled outtesting of Shop Module, a new e-commerce feature on its platform.
With Shop Module, Twitter users can scroll and tap through products to learn more about and shop for products on the business’ landing page without leaving the Twitter app.
“We know people come to Twitter to interact with brands and discuss their favorite products,” said Twitter’s Revenue Product Lead Bruce Falck at Twitter Analyst Day 2021. “Imagine easily discovering, and quickly purchasing a new skincare product or trendy sneaker from a brand you follow with only a few clicks.”
Shop Module is a new player in an already robust social media e-commerce space, with Facebook Marketplace, Shopify, and Instagram Checkout being big competitors. Twitter plans to capitalize on an increasing social commerce consumer market, which boomed during the coronavirus pandemic and is projected to grow over the next three to five years.
Twitter first ventured into e-commerce in 2014 with their “Buy Now” button, which embedded product links into tweets. The company decided to focus on performance ad sales since, but announced its intentions to re-explore e-commerce at Twitter Analyst Day last spring.
Twitter also introduced several e-commerce related features earlier this year, like Super Follows, which could potentially connect their fans to products and merchandise, and Professional Profiles, which allows businesses to display their address, phone numbers, and operating hours on their profile.
Still in the early stages of testing, Shop Module is currently only available to around 12 businesses across lifestyle, retail, and entertainment, according to Tech Crunch, and only US English-speaking IOS Twitter users can see the Shop Module on the app.
“Fundamentally, it’ll give us the chance to keep learning about which shopping experiences people prefer on Twitter,” Falck added in a blog post announcing the Shop Module.
After Joshua Barbeau’s fiancé passed away, he spoke to her for months. Or, rather, he spoke to a chatbot programmed to sound exactly like her.
In a story for the San Francisco Chronicle, Barbeau detailed how Project December, a software that uses artificial intelligence technology to create hyper-realistic chatbots, recreated the experience of speaking with his late fiancé. All he had to do was plug in old messages and give some background information, and suddenly the model could emulate his partner with stunning accuracy.
It may sound like a miracle (or a Black Mirror episode), but the AI creators warn that the same technology could be used to fuel mass misinformation campaigns.
It’s some of the most sophisticated – and dangerous – language-based AI programming to date.
When OpenAI released GPT-2, the predecessor to GPT-3, the group wrote that it can potentially be used in “malicious ways.” The organization anticipated bad actors using the technology could automate “abusive or faked content on social media,” “generate misleading news articles,” or “impersonate others online.”
GPT-2 could be used to “unlock new as-yet-unanticipated capabilities for these actors,” the group wrote.
OpenAI staggered the release of GPT-2, and still restricts access to the superior GPT-3, in order to “give people time” to learn the “societal implications” of such technology.
Clubhouse is opening up membership to new users without needing an invite to join.
The audio-first social app hosts a variety of live, user-led conversations in virtual chat rooms. The app was originally only open to people who received an invitation from a Clubhouse member, an integral part of its early identity in the social media space as an exclusive freeform conversation space where users could log on to chat and listen to everyone from Oprah Winfrey to Mark Zuckerberg.
There are around 10 million new users on the waitlist, and they will gradually be added to the app overtime, The Verge reported on Wednesday.
The company’s exclusive, invite-only waitlist system was devised as a technical solution for the app’s early growth, with the app essentially in a beta-testing period for the past year, a Clubhouse spokesperson told Insider on Wednesday. But its goal has always been a wide release once the company could logistically support it, the spokesperson said.
“We got to a point from a technical proficiency standpoint, and also the community has scaled to such a level now, where basically we believe we can handle the influx of millions of people,” the spokesperson said.
The company also released a new text-based feature, Backchannel, last week.
Meanwhile, members who joined during the invite-only era of Clubhouse will get to keep the invitation badge on their profile (which indicates when you were invited and by whom) as an indicator of how long they have been using the app.
“Interested candidates are encouraged to creatively and authentically showcase their skillsets and experiences, and use #TikTokResumes in their caption when publishing their video resume to TikTok,” the company said.
A major bitcoin investor has suddenly died, leaving behind a cryptocurrency fortune reportedly worth more than $2 billion.
Mircea Popescu, a Romanian national, drowned last week off the coast of Costa Rica, local reports said. He was 41.
Popescu drowned at Playa Hermosa, according to Teletica.com, which reported that Popescu was swept away by the current and died.
His death has prompted questions surrounding what will now happen to Popescu’s enormous bitcoin fortune.
Popescu, a controversial figure sometimes referred to as “the father of bitcoin toxicity,” is known for launching a “bitcoin securities exchange” called MPEx in 2012, according to Bitcoin magazine.
“The website was once an early breeding ground for early bitcoin IPOs, a practice that earned him the ire of the US Securities and Exchange Commission, an agency whose power he took no shortage of joy in openly undermining,” the magazine said.
Popescu generated “an aggressive brand of unapologetic bitcoin evangelism that made his influence enduring despite documented instances of sexism, bigotry and anti-semitism,” Bitcoin Magazine said.
He has claimed to hold 1 million bitcoins, though some have estimated that he had tens of thousands of coins.
Former NSA consultant and data privacy advocate Edward Snowden tweeted on Wednesday that Julian Assange “could be next,” after antivirus mogul John McAfee died by apparent suicide in a Barcelona prison cell following news that he was being extradited to the US on criminal tax evasion charges.
Spanish outlets broke the news of McAfee’s death by suicide on Wednesday.
“Europe should not extradite those accused of non-violent crimes to a court system so unfair – and prison system so cruel – that native-born defendants would rather die than become subject to it. Julian Assange could be next,” Snowden tweeted.
“Until the system is reformed, a moratorium should remain,” he added.
Wikileaks founder Julian Assange was arrested in April 2019 in the United Kingdom, and a UK court temporarily blocked his extradition to the US in January 2021 on 18 charges, most through the Espionage Act, of obtaining and sharing classified information.
RICHMOND, Va. (AP) – A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical US entities.
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.
It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.
But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.
“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer of Mandiant, whose company first publicized the hacking campaign in April.
The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to US critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations. The US government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyber spies, which infiltrated dozens of private sector companies and think tanks as well as at least nine US government agencies and went on for most of 2020.
The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” said Adrian Nish, the head of cyber at BAE Systems Applied Intelligence. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”
The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, or CISA, issued an April alert about the Pulse hack saying it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities, and other private sector organizations.” The agency has since said that at least five federal agencies have identified indications of potential unauthorized access, but not said which ones.
Verizon said it found a Pulse-related compromise in one of its labs but it was quickly isolated from its core networks. The company said no data or customer information was accessed or stolen.
“We know that bad actors try to compromise our systems,” said Verizon spokesman Rich Young. “That is why internet operators, private companies, and all individuals need to be vigilant in this space.”
The Metropolitan Water District of Southern California, which provides water to 19 million people and operates some of the largest treatment plants in the world, said it found a compromised Pulse Secure appliance after CISA issued its alert in April. Spokeswoman Rebecca Kimitch said the appliance was immediately removed from service and no Metropolitan systems or processes were known to have been affected. She said there was “no known data exfiltration.”
The Metropolitan Transportation Authority in New York also said they’ve not found evidence of valuable data or customer information was stolen. The breach was first reported by The New York Times.
Mandiant said it found signs of data extraction from some of the targets. The company and BAE have identified targets of the hacking campaign in several fields, including financial, technology and defense firms, as well as municipal governments. Some targets were in Europe, but most in the US.
The new details of the Pulse Secure hack come at a time of tension between the US and China. Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”
An unusual majority of the Supreme Court ruled on Thursday that the Computer Fraud and Abuse Act doesn’t cover cases in which a person accesses a computer system they are authorized to use.
Former President Donald Trump’s three Supreme Court nominees – Justices Neil Gorsuch, Brett Kavanaugh, and Amy Coney Barrett – joined liberal Justices Stephen Breyer, Sonia Sotomayor, and Elena Kagan to impose limits on the landmark cybercrime law.
The case, Nathan Van Buren v. United States, involved a former Georgia police officer who was accused of looking up a license plate number in the state’s database in exchange for money. The court found that though Van Buren accessed the system for improper reasons, he was authorized to use the computer database.
Civil liberties groups had argued that widening the scope of the Computer Fraud and Abuse Act could criminalize mundane things, like checking social media at work, according to Politico.
This is a developing story. Please check back for more updates.
A Silicon Valley tech giant could end up enabling one of the world’s worst human rights abusers to better spy on its citizens, human rights campaigners said Wednesday.
When Google announced last year that it had finalized an agreement to build a major new cloud-computing center in Saudi Arabia, the company said the move would allow businesses there to “confidently grow and scale their offerings in this market.”
The company opened the first such centers, known as Google Cloud regions, in 2020, starting with the US, Indonesia, and South Korea. It also announced plans to open them in Spain, France, Italy, and Qatar.
But in a statement, critics said that setting up shop in Saudi Arabia could end up bringing more than just faster data transfer speeds to its clients, including Saudi Aramco, a state-owned oil company.
“In a country where dissidents are arrested, jailed for their expression and tortured for their work – Google’s plan could give the Saudi authorities even greater powers to infiltrate networks and gain access to data on peaceful activists and any individual expressing a dissenting opinion in the Kingdom,” Rasha Abdul Rahim, director of Amnesty Tech, said in a press release.
The backlash underscores the difficulties Google faces in its aggressive pursuit of cloud computing, as the push into more markets risks tangling the company up in geopolitical quandaries.
The communique, signed by Amnesty International, Human Rights Watch, and the Electronic Frontier Foundation, among others, calls on Google to “immediately halt” work on the project until the company “can publicly demonstrate how it will mitigate adverse human rights impacts.”
The stated fear among campaigners is not that Google will directly assist Saudi authorities’ attempts to silence dissent, but that those authorities have shown no qualms about infiltrating technology companies – and demanding that they hand over user data. In at least one case, the Saudi government appears to have placed spies within a US social media company, Twitter, to obtain information it could not get through legal means.
The US State Department, in a 2020 human rights report, noted that Saudi authorities “frequently attempted to identify and detain anonymous or pseudonymous users and writers who made critical or controversial remarks.” The Saudi government “regularly surveilled websites, blogs, chat rooms, social media sites, emails, and text messages,” the report noted, and a counter-terrorism law grants authorities the right to circumvent legal protections to access someone’s “private communications.”
Saudi Arabia is also a world leader when it comes to beheading citizens it deems enemies of the kingdom. Its top officials also orchestrated the killing of journalist Jamal Khashoggi, using spyware to keep tabs on the dissident and his friends, according to a lawsuit.
Campaigners want Google to come out and set “red lines” concerning requests from the Saudi government with which it will refuse to comply. It also wants Google to elaborate on the specifics of the independent human rights assessment the company said it conducted.
“We are saying they should not have any cloud region in Saudi Arabia, unless and until there has been a robust and thorough human rights due diligence process,” Michael Kleinman, director of Amnesty International’s Silicon Valley initiative, told Insider.
In 2018, after employee backlash over a cloud contract with the Department of Defense, Google published a set of principles around AI that included a commitment to not design or deploy AI that “contravenes widely accepted principles of international law and human rights.”
But as Google races to catch Microsoft and Amazon in the cloud wars, deals with some governments risk backlash both inside and outside the company. Earlier this month, some Google employees called on the company to terminate contracts with the Israeli government due to the deadly attacks on Palestinians in Gaza.
The company did not respond to a request for comment.