An internet entrepreneur admits he posted a fake FBI file online to promote conspiracy theories about a slain Democratic National Committee staffer -- but he's not going to delete it.
Kim Dotcom has played a central role in reviving claims that DNC staffer Seth Rich was murdered after revealing or threatening to disclose damaging information about Hillary Clinton during the presidential campaign.
Dotcom told Fox News host Sean Hannity that he had evidence that Rich had sent documents to WikiLeaks, which conservatives then cited to dismiss claims about Russian election interference -- but the Megaupload website founder now admits the document he helped spread online is a fake.
"After doing some forensic analysis of the document I came to believe it is not authentic. And I have retweeted Wikileaks which came to the same conclusion," Dotcom told Gizmodo.
But that doesn't mean he's going to delete it.
"There is no need to delete those tweets because I have been very cautious and warned within an hour of the release of that document that it could be a fake," he said.
Rich was shot to death July 10 in what Washington, D.C., police believe was an attempted robbery, but conspiracy theorists have speculated that he was killed for leaking emails about the DNC.
Dotcom, who is wanted by U.S. authorities for criminal copyright infringement, told Gizmodo that he had hoped to pressure the FBI into commenting on the document by sharing it on Twitter.
The fake document was first published on the Borderland Alternative Media website and then spread on social media and conspiracy clearinghouse websites, and even Alex Jones' Prison Planet has agreed to delete it after confirming it's not legitimate.
Rich's family accused Dotcom of attempting to hack into the slain DNC staffer's email account, presumably to plant evidence to support his claims, but the internet entrepreneur threatened to sue them for defamation.
Dotcom refuses to back off his claim that Rich was the WikiLeaks source, although he declined to share his evidence with Gizmodo.
A popular Chinese dating app for lesbians has been shut down, along with its website and main social media account, just as the gay community celebrates Taiwan's decision giving same-sex couples the right to marry, a first for Asia.
The app, Rela, set up in 2012, has around 5 million registered users, a cached version of its entry on Apple's iTunes site shows.
But users began noticing last week that the app, along with its Twitter-like Weibo account and website, was no longer accessible, according to users posting on Weibo under the hashtags #rela and #relahasbeenblocked.
The service was temporarily suspended due to an "important adjustment in service," Rela told users on its WeChat app account.
"Rela has always been with you and please await its return!" it added, but gave no details of why it was suspending service.
"This is discrimination against us lesbians," wrote one user on Weibo.
"Not being able to open it feels like being jilted," wrote another.
It was not immediately clear why Rela has been shut down.
The company did not respond to an email seeking comment. Apple did not immediately respond to a request for comment.
Internet regulator the Cyberspace Administration of China also did not immediately respond to a faxed request for comment on Monday, which is a national holiday.
In the past, the government has blocked sites it deems could challenge Communist Party rule or threaten stability, including Western sites such as Facebook and Google's main search engine and Gmail service.
It is not illegal to be gay in China, although the country regarded homosexuality as a mental disorder until 2001. Many large cities have thriving gay scenes, but gay individuals still face a lot of family pressure to get married and have children.
Gay activists say deeply conservative attitudes towards homosexuality in some parts of society have contributed to occasional government clampdowns.
In April, another gay Chinese dating app, Zank, was also shut down after operating for about four years.
In a message on its Weibo account, which is still available, Zank said it had been accused by the internet regulator of broadcasting pornographic content and so had been closed down.
Still, gay dating apps are big business, even for Chinese companies.
Last week Beijing Kunlun Tech Co Ltd said it would buy the remaining stake in global gay dating app Grindr that it did not own.
(Reporting by Ben Blanchard; Additional reporting by Cate Cadell, and Brenda Goh in Shanghai; Editing by Clarence Fernandez)
This story was co-published with Gizmodo. Two weeks ago, on a sparkling spring morning, we went trawling along Florida’s coastal waterway. But not for fish. We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled…
The ransomware cyber attack that has so far affected around 300,000 computers in 150 countries could have been much worse. In fact, it still could be. The spread of the malicious software (malware), nicknamed WannaCry or WannaCrypt, has been halted several times by researchers who have identified flaws in the program known as kill switches. But cybercriminals are already fighting back by altering the code, leading to a game of cat and mouse as researchers then have to hunt for a new kill switch.
Ransomware is a type of malware that blocks access to a computer until money is paid to release it. It is normally spread as an attachment on an email but WannaCry is different because it can spread through a local network on its own.
It looks for other computers running a file and printer sharing protocol called Server Message Block (SMB), which is found in older operating systems such as Windows XP that no longer receive routine security updates. It then uses a flaw in SMB to spread to other computers without their users having to download the file. This explains why more computers have been affected than is typical with this kind of malware.
The Achilles heel of malware is the need to call home to its operator. For ransomware, there has to be a mechanism for the program’s operator to collect the ransom money and unlock the data. These communications can provide a way for law enforcement to track down the cybercriminals, so they often build into their malware something called a kill switch.
Generally, a kill switch is a mechanism for turning off a device or a piece of software remotely – and abruptly – in an emergency, such as when it has been stolen or accessed without authorisation. In malware, a kill switch is a way for the operator to terminate their connection to the software to prevent authorities from discovering their identity.
One kill switch method is to redirect the malware’s communications to a “sinkhole” server, which can render it ineffective. Investigators can study the malware and look for such a kill switch or a way to take over the software.
A sophisticated piece of malware will often run its control communication across multiple unregistered internet domains. By periodically changing the domain it uses, the software can thwart attempts to understand or neutralise it. This means investigators need to constantly adapt and register any new domains the malware may try to use to make the sinkhole effective.
Accidental death
In the case of WannaCry, a researcher using the pseudonym MalwareTech ended up accidentally activating the kill switch when he tried to create a sinkhole in order to study the software. WannaCry included code that looked to check if a specified domain had been registered. If it received a response from the domain, it shut down. If not, it continued to work. So when MalwareTech registered the domain, it effectively activated the kill switch.
This kill switch was probably inserted to prevent investigators studying the software in a closed virtual environment called a “sandbox”. These typically respond to all communication attempts by the malware with signals from registered domains. So when WannaCry received a response from the domain, it was tricked into thinking it was in a sandbox and shut down to protect itself.
The problem is that modifying WannaCry’s code so it looks for a different unregistered domain will allow new versions of the software to continue running. In fact, one new variant of the malware has already been stopped after researchers registered the new domain, activating the related kill switch.
An interesting paradox is that WannaCry was developed using a surveillance tool called EternalBlue created by the US National Security Agency (NSA) and leaked by a group of hackers known by the pseudonym Shadow Brokers. They are now claiming to have further harmful source code for WannaCry and are threatening to release it into the wild for anyone to modify freely. Based on the history of previous similar malware, copycats are extremely likely. With major modifications to the source code, the recent updates made to anti-malware software will become futile as the the cycle begins again.
Researchers are even questioning why WannaCry’s kill switch existed at all given that it was so easy to discover and execute. The danger is that WannaCry was just a test to illicit the response of defenders so deadlier variants can be unleashed later.
Technical staff scrambled on Sunday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc on Monday when employees log back on.
Cybersecurity experts said the spread of the virus dubbed WannaCry - "ransomware" which locked up more than 100,000 computers - had slowed, but the respite might only be brief.
New versions of the worm are expected, they said, and the extent of the damage from Friday's attack remains unclear.
Marin Ivezic, cybersecurity partner at PwC, said that some clients had been "working around the clock since the story broke" to restore systems and install software updates, or patches, or restore systems from backups.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet in March by a hacking group known as the Shadow Brokers. The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.
Hong Kong-based Ivezic said that the ransomware was forcing some more "mature" clients affected by the worm to abandon their usual cautious testing of patches "to do unscheduled downtime and urgent patching, which is causing some inconvenience."
He declined to identify which clients had been affected.
The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number will grow when people return to work on Monday.
"The global reach is unprecedented ... and those victims, many of those will be businesses, including large corporations," Europol Director Rob Wainwright told Britain's ITV.
"At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning."
MONDAY MORNING RUSH?
Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.
"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.
Targets both large and small have been hit.
Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.
Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England.
Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.
German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.
In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.
Telecommunications company Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.
A Jakarta hospital said on Sunday that the cyber virus had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.
In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician's error had led to 12 kiosks being infected in two of the island's malls. Director Dennis So said the systems were not connected to the malls' or tenants' networks.
Symantec, a cybersecurity company, forecast infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Ransoms paid amount to tens of thousands of dollars, one analyst said, but he predicted they would rise.
Governments and private security firms said on Saturday that they expected hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate.
"This particular attack was relatively easy to shut down," said Bryce Boland, Asia Pacific chief technology officer for FireEye, a cybersecurity company.
But he said it would be straightforward for the existing attackers to launch new releases or for other ransomware authors to start copying the way the malware replicated.
The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report any to the Federal Bureau of Investigation or Department of Homeland Security.
(Additional reporting by Neil Jerome Morales, Masayuki Kitano, Kiyoshi Takenaka, Jose Rodriguez, Elizabeth Piper, Emmanuel Jarry, Orathai Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim and Mai Nguyen; Editing by Mike Collett-White/Mark Heinrich)
LONDON (AP) - A global "ransomware" attack, unprecedented in scale, had technicians scrambling to restore Britain's crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations. The worldwide cyberextortion attack is so unprecedented, in fact, that Microsoft quickly changed its policy, announcing security fixes available…
The shadowy tech firm connected to Trump megadonor Robert Mercer is using mass-collected data to employ psychological warfare techniques to alter elections and build a total surveillance state.
There are strict laws governing the data the government can collect on Americans -- but private companies are free to gather any information they want using social media and other tools, reported Carole Cadwalladr for The Guardian.
Cambridge Analytica lawfully gathered mountains of data on Facebook users and then created psychological profiles for each of them, matched to their home addresses, phone numbers and email addresses -- which the company used to individually target them with political messaging.
Congress made data gathering even easier in March, when lawmakers repealed rules that would have required internet service providers to obtain customer permission to collect, use and sell information about individual online habits.
"This is military-funded technology that has been harnessed by a global plutocracy and is being used to sway elections in ways that people can’t even see, don’t even realize is happening to them," said Tamsin Shaw, a New York University philosophy professor who has studied the military's psychological research. "It’s about exploiting existing phenomenon like nationalism and then using it to manipulate people at the margins. To have so much data in the hands of a bunch of international plutocrats to do with it what they will is absolutely chilling."
Cadwalladr links a handful of obscure data companies -- whose only common thread are ties to Mercer, Cambridge Analytica and its former vice president, Steve Bannon -- to show possibly illegal coordination by campaigns advocating for Britain's exit from the European Union.
Vote Leave paid £3.9 million -- more than half its £7 million budget -- to the obscure Canadian tech firm AggregateIQ to "micro-target" voters on social media during the Brexit referendum campaign.
Mercer purchased the intellectual property of AggregateIQ, which also worked for the Trump campaign, and is friends with former UKIP leader Nigel Farage -- as are Trump and Bannon.
"If AggregateIQ is involved then Cambridge Analytica is involved, and if Cambridge Analytica is involved, then Robert Mercer and Steve Bannon are involved," said one former Cambridge Analytica employee.
That former employee, identified only as Paul, told Cadwalladr that Cambridge Analytica underwent an abrupt transformation ahead of the lead-up to the Brexit referendum.
"It was so … messed up," Paul said. "It happened so fast. I just woke up one morning and found we’d turned into the Republican fascist party. I still can’t get my head around it."
That change came sometime after a former intern urged Alexander Nix, director of Cambridge Analytica and SCL Group, in 2013 to meet with a friend of her father.
The former intern, Sophie Schmidt, is the daughter of Google chairman Eric Schmidt and a current spokeswoman for Uber, and she helped introduce Nix to the data mining company Palantir and its owner, Peter Thiel -- the billionaire co-founder of eBay and PayPal who later became Silicon Valley’s first public Trump supporter.
Paul told Cadwalladr that Cambridge Analytica had always engaged in "psychological warfare," but another former employee was worried where the company was headed now that Bannon, its former vice president, worked in the White House and the firm had won contracts with the Pentagon and U.S. Department of State.
It's also reportedly under consideration for work with the military and in homeland security.
"We are in an information war and billionaires are buying up these companies, which are then employed to go to work in the heart of government," said Shaw, the NYU philosophy professor. "That’s a very worrying situation."
The second former employee, David, told Cadwalladr that the company's political work in Trinidad was essentially cover for its work with the country's national security council.
Cadwalladr reviewed documents that showed how SCL Group and Cambridge Analytica hoped to build a national police database -- using Trinidadians' browsing history, recorded phone calls and other data -- to predict how likely they would be individually to commit crimes.
“The plan put to the (Trinidadian) minister was 'Minority Report,'" David said. "It was pre-crime, and the fact that Cambridge Analytica is now working inside the Pentagon is, I think, absolutely terrifying."
Since its launch in 2013, the neo-Nazi website The Daily Stormer has quickly become the go-to spot for racists on the internet. Women are whores, blacks are inferior and a shadowy Jewish cabal is organizing a genocide against white people. The site can count among its readers Dylann Roof, the white teenager who slaughtered nine African Americans in Charleston in 2015, and James Jackson, who fatally stabbed an elderly black man with a sword in the streets of New York earlier this year.
Traffic is up lately, too, at white supremacist sites like The Right Stuff, Iron March, American Renaissance and Stormfront, one of the oldest white nationalist sites on the internet.
The operations of such extreme sites are made possible, in part, by an otherwise very mainstream internet company — Cloudflare. Based in San Francisco, Cloudflare operates more than 100 data centers spread across the world, serving as a sort of middleman for websites — speeding up delivery of a site’s content and protecting it from several kinds of attacks. Cloudflare says that some 10 percent of web requests flow through its network, and the company’s mainstream clients range from the FBI to the dating site OKCupid.
The widespread use of Cloudflare’s services by racist groups is not an accident. Cloudflare has said it is not in the business of censoring websites and will not deny its services to even the most offensive purveyors of hate.
“A website is speech. It is not a bomb,” Cloudflare’s CEO Matthew Prince wrote in a 2013 blog post defending his company’s stance. “There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain.”
Cloudflare also has an added appeal to sites such as The Daily Stormer. It turns over to the hate sites the personal information of people who criticize their content. For instance, when a reader figures out that Cloudflare is the internet company serving sites like The Daily Stormer, they sometimes write to the company to protest. Cloudflare, per its policy, then relays the name and email address of the person complaining to the hate site, often to the surprise and regret of those complaining.
This has led to campaigns of harassment against those writing in to protest the offensive material. People have been threatened and harassed.
ProPublica reached out to a handful of people targeted by The Daily Stormer after they or someone close to them complained to Cloudflare about the site’s content. All but three declined to talk on the record, citing fear of further harassment or a desire to not relive it. Most said they had no idea their report would be passed on, though Cloudflare does state on the reporting form that they “will notify the site owner.”
“I wasn’t aware that my information would be sent on. I suppose I, naively, had an expectation of privacy,” said Jennifer Dalton, who had complained that The Daily Stormer was asking its readers to harass Twitter users after the election.
Andrew Anglin, the owner of The Daily Stormer, has been candid about how he feels about people reporting his site for its content.
“We need to make it clear to all of these people that there are consequences for messing with us,” Anglin wrote in one online post. “We are not a bunch of babies to be kicked around. We will take revenge. And we will do it now.”
ProPublica asked Cloudflare’s top lawyer about its policy of sharing information on those who complain about racist sites. The lawyer, Doug Kramer, Cloudflare’s general counsel, defended the company’s policies by saying it is “base constitutional law that people can face their accusers.” Kramer suggested that some of the people attacking Cloudflare’s customers had their own questionable motives.
Hate sites such as The Daily Stormer have become a focus of intense interest since the racially divisive 2016 election — how popular they are, who supports them, how they are financed. Most of their operators supported Donald Trump and helped spread a variety of conspiracy theories aimed at damaging Hillary Clinton. But they clearly have also become a renewed source of concern for law enforcement.
In testimony Tuesday before the Senate Judiciary Committee, Chief Will D. Johnson, chair of the International Association of Chiefs of Police Human and Civil Rights Committee, highlighted the reach and threat of hate on the Internet.
“The internet provides extremists with an unprecedented ability to spread hate and recruit followers,” he said. “Individual racists and organized hate groups now have the power to reach a global audience of millions and to communicate among like-minded individuals easily, inexpensively, and anonymously.
“Although hate speech is offensive and hurtful, the First Amendment usually protects such expression,” Johnson said. “However, there is a growing trend to use the Internet to intimidate and harass individuals on the basis of their race, religion, sexual orientation, gender, gender identity, disability, or national origin.”
A look at Cloudflare’s policies and operations sheds some light on how sites promoting incendiary speech and even violent behavior can exist and even thrive.
Jacob Sommer, a lawyer with extensive experience in internet privacy and security issues, said there is no legal requirement for a company like Cloudflare to regulate the sites on their service, though many internet service providers choose to. It comes down to a company’s sense of corporate responsibility, he said.
For the most part, Sommers said, a lot of companies don’t want “this stuff” on their networks. He said those companies resist having their networks become “a hive of hate speech.”
Jonathan Vick, associate director for investigative technology and cyberhate response at the Anti-Defamation League, agrees. He said that many of the hosts they talk to want to get hate sites off their networks.
“Even the most intransigent of them, when they’re given evidence of something really problematic, they do respond,” he said.
Cloudflare has raised at least $180 million in venture capital since its inception in 2009, much of it from some of the most prominent venture capital firms and tech companies in the country. The service is what’s known as a content delivery network, and offers protection from several cyber threats including “denial of service” attacks, where hundreds of computers make requests to a website at once, overwhelming it and bringing it down.
Company officials have said Cloudflare’s core belief is in the free and open nature of the internet. But given its outsize role in protecting a range of websites, Cloudflare has found itself the target of critics.
In 2015, the company came under fire from the hacker collective Anonymous for reportedly allowing ISIS propaganda sites on its network. At the time, Prince, the company’s CEO, dismissed the claim as “armchair analysis by kids,” and told Fox Business that the company would not knowingly accept money from a terrorist organization.
Kramer, in an interview with ProPublica, reiterated that the company would not accept money from ISIS. But he said that was not for moral or ethical reasons. Rather, he said, Cloudflare did not have dealings with terrorists groups such as ISIS because there are significant and specific laws restricting them from doing so.
In the end, Kramer said, seedy and objectionable sites made up a tiny fraction of the company’s clients.
“We’ve got 6 million customers,” he told ProPublica. “It’s easy to find these edge cases.”
One of the people ProPublica spoke with whose information had been shared with The Daily Stormer’s operators said his complaint had been posted on the site, but that he was “not interested in talking about my experience as it’s not something I want to revisit.” Someone else whose information was posted on the site said that while she did get a few odd emails, she wasn’t aware her information had been made public. She followed up to say she was going to abandon her email account now that she knew.
“The entire situation makes me feel uneasy,” she said.
Scott Ernest had complained about The Daily Stormer’s conduct after Anglin, its owner, had used the site to allegedly harass a woman in the town of Whitefish, Montana. After his complaint, Ernest wound up on the receiving end of about two dozen harassing emails or phone calls.
“Fuck off and die,” read one email. “Go away and die,” read another. Those commenting on the site speculated on everything from Ernest’s hygiene to asking, suggestively, why it appeared in a Facebook post that Ernest had a child at his house.
Ernest said the emails and phone calls he received were not traumatizing, but they were worrying.
“His threats of harassment can turn into violence,” he said of Anglin.
Anglin appears quite comfortable with his arrangement with Cloudflare. It doesn’t cost him much either — just $200 a month, according to public posts on the site.
“[A]ny complaints filed against the site go to Cloudflare, and Cloudflare then sends me an email telling me someone said I was doing something bad and that it is my responsibility to figure out if I am doing that,” he wrote in a 2015 post on his site. “Cloudflare does not regulate content, so it is meaningless.”
Representatives from Rackspace and GoDaddy, two popular web hosts, said they try to regulate the kinds of sites on their services. For Rackspace, that means drawing the line at hosting white supremacist content or hate speech. For GoDaddy, that means not hosting the sort of abusive publication of personal information that Anglin frequently engages in.
“There is certainly content that, while we respect freedom of speech, we don’t want to be associated with it,” said Arleen Hess, senior manager of GoDaddy’s digital crimes unit.
Both companies also said they would not pass along contact information for people who complain about offensive content to the groups generating it.
Amazon Web Services, one of the most popular web hosts and content delivery networks, would not say how they handle abuse complaints beyond pointing to an “acceptable use” policy that restricts objectionable, abusive and harmful content. They also pointed to their abuse form, which says the company will keep your contact information private.
According to Vick at the ADL, the fact that Cloudflare takes money from Anglin is different from if he’d just used their free service.
“That’s a direct relationship,” he said. “That raises questions in my mind.”
Some companies offering other services vital to success on the web have chosen not to do business with Anglin’s The Daily Stormer. Google, PayPal and Coinbase, for instance, have chosen to cut off his accounts rather than support his activities. Getting booted around from service to service can make it hard to run a hate site, but Cloudflare gives the sites a solid footing.
And, by The Daily Stormer’s account, advice and assurances. In a post, the site’s architect, Andrew Auernheimer, said he had personal relationships with people at Cloudflare, and they had assured him the company would work to protect the site in a variety of ways — including by not turning over data to European courts. Cloudflare has data centers in European countries such as Germany, which have strict hate speech and privacy laws.
Company officials offered differing responses when asked about Auernheimer’s post. Kramer, Cloudflare’s general counsel, said he had no knowledge of employee conversations with Auernheimer. Later, in an email, the company said Auernheimer was a well-known hacker, and that as a result at least one senior company official “has chatted with him on occasion and has spoken to him about Cloudflare’s position on not censoring the internet.”
A former Cloudflare employee, Ryan Lackey, said in an interview that while he doesn’t condone a lot of what Auernheimer does, he did on occasion give technical advice as a friend and helped some of the Stormer’s issues get resolved.
“I am hardcore libertarian/classical liberal about free speech — something like Daily Stormer has every right to publish, and it is better for everyone if all ideas are out on the internet to do battle in that sphere,” he said.
Vick at the ADL agrees that Anglin has a right to publish, but said people have the right to hold to task the Internet companies that enable him.
“Andrew Anglin has the right to be out there and say what he wants to say. But the people who object to what he has to say have a right to object as well,” he said. “You should be able to respond to everybody in the chain.”
Facebook Inc's virtual reality content production unit, Oculus' Story Studio, is shuttering its doors to shift focus on supporting external content makers, the company said on Thursday, two years after the in-house studio launched.
Oculus, which makes virtual reality headsets Rift and Gear VR, will allocate $50 million to directly fund creators of non-gaming VR content, Jason Rubin, the company's vice president of content, said in a blog post.
Rubin added that Oculus is "still absolutely committed to growing the VR film and creative content ecosystem."
Facebook paid $3 billion to acquire Oculus and retain its employees in 2014. Chief Executive Officer Mark Zuckerberg said he believed the medium that offers a 360-degree panoramic view using headsets "will become a part of daily life for billions of people."
Oculus tapped talent from both Oscar-winning animation company Pixar and the video gaming world to head up Story Studio, which it launched in January 2015 at the Sundance Film Festival.
Facebook's VR ambitions have been threatened somewhat by a lawsuit from video game publisher ZeniMax Media Inc accusing Facebook and Oculus of infringing ZeniMax's copyrighted software code.
A jury found in ZeniMax's favor in February, awarding it $500 million. Oculus has asked for a new trial.
Vive, a unit of HTC Corp, and Sony Corp are also racing to bring virtual reality products to a mass audience.
Oculus debuted its first short film called "Lost" at Sundance two years ago, a story of an animated mechanical creature in a forest.
Last year, Story Studio won an Emmy for original interactive program for its short VR film "Henry," and at Sundance this year, it premiered "Dear Angelica," an illustrated film of a mother and daughter.
But internally, Oculus has undergone some changes in its management in the past year.
Brendan Iribe stepped down as CEO in December, saying he was going to head up the PC division of the VR company. In March, Oculus founder Palmer Luckey, who created the prototype Oculus headset, parted ways with Facebook.
(Additional reporting by David Ingram; Editing by Lisa Shumaker)
The first Thursday in May is World Password Day, but don’t buy a cake or send cards. Computer chip maker Intel created the event as an annual reminder that, for most of us, our password habits are nothing to celebrate. Instead, they – and computer professionals like me – hope we will use this day to say our final goodbyes to “qwerty” and “123456,” which are still the most popular passwords.
The problem with short, predictable passwords
The purpose of a password is to limit access to information. Having a very common or simple one like “abcdef” or “letmein,” or even normal words like “password” or “dragon,” is barely any security at all, like closing a door but not actually locking it.
Hackers’ password cracking tools take advantage of this lack of creativity. When hackers find – or buy – stolen credentials, they will likely find that the passwords have been stored not as the text of the passwords themselves but as unique fingerprints, called “hashes,” of the actual passwords. A hash function mathematically transforms each password into an encoded, fixed-size version of itself. Hashing the same original password will give the same result every time, but it’s computationally nearly impossible to reverse the process, to derive a plaintext password from a specific hash.
Instead, the cracking software computes the hash values for large numbers of possible passwords and compares the results to the hashed passwords in the stolen file. If any match, the hacker’s in. The first place these programs start is with known hash values for popular passwords.
More savvy users who choose a less common password might still fall prey to what is called a “dictionary attack.” The cracking software tries each of the 171,000 words in the English dictionary. Then the program tries combined words (such as “qwertypassword”), doubled sequences (“qwertyqwerty”), and words followed by numbers (“qwerty123”).
Moving on to blind guessing
Only if the dictionary attack fails will the attacker reluctantly move to what is called a “brute-force attack,” guessing arbitrary sequences of numbers, letters and characters over and over until one matches.
Mathematics tells us that a longer password is less guessable than a shorter password. That’s true even if the shorter password is made from a larger set of possible characters.
For example, a six-character password made up of the 95 different symbols on a standard American keyboard yields 956, or 735 billion, possible combinations. That sounds like a lot, but a 10-character password made from only lowercase English characters yields 2610, 141 trillion, options. Of course, a 10-character password from the 95 symbols gives 9510, or 59 quintillion, possibilities.
That’s why some websites require passwords of certain lengths and with certain numbers of digits and special characters – they’re designed to thwart the most common dictionary and brute-force attacks. Given enough time and computing power, though, any password is crackable.
And in any case, humans are terrible at memorizing long, unpredictable sequences. We sometimes use mnemonics to help, like the way “Every Good Boy Does Fine” reminds us of the notes indicated by the lines on sheet music. They can also help us remember a password like “freQ!9tY!juNC,” which at first appears very mixed up.
Splitting the password into three chunks, “freQ!,” “9tY!” and “juNC,” reveals what might be remembered as three short, pronounceable words: “freak,” “ninety” and “junk.” People are better at memorizing passwords that can be chunked, either because they find meaning in the chunks or because they can more easily add their own meaning through mnemonics.
Don’t reuse passwords
Suppose we take all this advice to heart and resolve to make all our passwords at least 15 characters long and full of random numbers and letters. We invent clever mnemonic devices, commit a few of our favorites to memory, and start using those same passwords over and over on every website and application.
At first, this might seem harmless enough. But password-thieving hackers are everywhere. Recently, big companies including Yahoo, Adobe and LinkedIn have all been breached. Each of these breaches revealed the usernames and passwords for hundreds of millions of accounts. Hackers know that people commonly reuse passwords, so a cracked password on one site could make the same person vulnerable on a different site.
Not only do we need long, unpredictable passwords, but we need different passwords for every site and program we use. The average internet user has 19 different passwords. It’s easy to see why people write them down on sticky notes or just click the “I forgot my password” link.
Software can help! The job of password management software is to take care of generating and remembering unique, hard-to-crack passwords for each website and application.
Sometimes these programs themselves have vulnerabilities that can be exploited by attackers. And some websites block password managers from functioning. And of course, an attacker could peek at the keyboard as we type in our passwords.
So no more excuses. Let’s put on our party hats and start changing those passwords. World Password Day would be a great time to ditch “qwerty” for good, try out a password manager and turn on multi-factor authentication. Once you’re done, go ahead and have that cake, because you’ll deserve it.
Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.
Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.
"Our abuse team is working to prevent this kind of spoofing from happening again," the company said in an email to Reuters.
The malicious emails asked victims to click to view a file created with Google Docs. Anybody who did that unknowingly granted hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.
"This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party," said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.
He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.
(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)
When George McFadden sits at his computer to analyze crop photos, he looks like a doctor pointing out trouble spots on an X-ray. He identifies unnatural lines, “blob-like” patterns, and streaks clouding a field. All can indicate a troubling diagnosis.
“Can you see these little dots?” McFadden asks, pointing at a thermal shot of a tomato field that has suffered from a defective irrigation system. The dots on the image revealed that the system’s drip line had tears in it, he says. Watering the field became “like taking a straw, putting a bunch of pinholes in it, and trying to pump water through it.” The tomato grower used the image to show the manufacturer that the irrigation line was defective.
“Pretty striking,” McFadden says, still examining the screen. The 32-year-old field agronomist works for Ceres Imaging, a start-up in Oakland, California, that uses aerial imagery to help farmers optimize water and fertilizer application. The company is part of a growing contingent of technology start-ups vying to transform one of the state’s most powerful industries — agriculture — for a future in which its most important input grows increasingly scarce, and every drop counts.
California is the country’s top agricultural producer, growing two-thirds of the nation’s fruits and nuts and more than a third of its vegetables. Golden State farms and ranches constitute a $54 billion annual industry. The state’s ag-focused economy means growers have historically been power players in politics, especially in discussions about apportioning water.
But as growth, drought, and climate change have increased scarcity and led to louder calls for conservation, the industry’s clout has been waning.
In 2015, during a record-setting drought, Gov. Jerry Brown ordered cities and towns to reduce water use by 25 percent — the first such mandatory cutback in state history. It prompted some to criticize the agriculture sector’s consumption — which makes up 80 percent of state use — and question why the industry was spared.
Brown defended the decision, saying farmers were already among those hardest hit. Many faced huge cuts to water allotments from state and federal systems and had to pay overblown sums for the water they could access. This was particularly hard on farmers because they operate with narrow profit margins, and more than 80 percent of California farms are small and family-owned. A few months after the order for cities, as the drought slid into its fourth year, some farmers were slammed with further restrictions.
A study released last summer estimated that the drought would cost California’s agricultural industry more than $600 million in 2016. For 2015, the estimate was $2.7 billion.
And though much of the state has gotten drenched this winter — over 70 percent of California is now out of drought — the long-term forecast for severe water shortages remains unchanged. In April, Brown ended the state of emergency for most parts of California; it had been in effect since January 2014. But climate change will continue tightening the state’s water supply. To keep crop yields high, or even just to stay in business, farmers will have to become more calculating.
That’s where technology comes in.
Silicon Valley, the nation’s most powerful tech hub, sits in the middle of California’s most productive farmland. To the east lies the Central Valley, growing crops like almonds and walnuts; to the north is Napa Valley, with its world-famous grapes; and to the south is the Central Coast, the “salad bowl of the world.”
Despite their proximity, the agriculture and technology sectors haven’t had much interaction. Though both are powerful forces in the state — ag a long-time influencer, tech a newer one — the cultural divide between the two is vast.
But bridging that gap could help solve one of agriculture’s most pernicious problems: water scarcity. Technologists are betting their solutions will ensure a steady stream of revenue for both industries in an increasingly dry world.
Jenna Rodriguez, Ceres’ product manager, was raised in Linden, California, a small agricultural town on the northern tip of the San Joaquin Valley in the center of the state.
“I’ve grown up listening to growers talk about the water situation,” Rodriguez tells me. “They’re growing food to also feed their families. And when a family farm has water allocations cut back to zero percent, it can make or break the income for a family.”
After spending summers driving tractors and bailers at her parents’ hay harvesting business, Rodriguez got a Ph.D. in hydrological sciences. Now she’s based in the Central Valley town of Ripon, working to bring Ceres’ technology to more farmers throughout the area.
The day we spoke, Rodriguez had just finalized plans for Ceres’ launch into Hawaii, where its imaging system will be used on tropical crops like pineapple and coffee as well as commodities like corn and soybeans. When it launched in 2014, Ceres initially focused on lucrative nut crops in the Central Valley. Then it expanded to other crops in California, the Midwest, and even Australia. In total, the company now analyzes hundreds of thousands of acres for its clients.
Some of Ceres’ aerial technology is similar to what has been used by other imaging companies for decades. But Ceres’ chlorophyll measurements are a proprietary product. Its image processing and the guidance it offers to growers are also unique.
To assess fields, Ceres hires pilots who fly their aircraft low over the ground. The company attaches special cameras focused on particular wavelengths to assess water stress, chlorophyll content, and biomass — all indicators of health in a crop. Within 24 to 48 hours, growers can access processed imagery on devices like phones or tablets, which McFadden says are popular with growers in the field.
Then someone on Ceres’ small staff of 24, often Rodriguez or McFadden, will work with growers to explain the significance of the patterns and colors expressed in the images. Blue and green indicate healthy plants, while red and yellow show water stress and potential irrigation problems.
Ceres images from a 160-acre almond study. (Ceres Imaging)
“It’s like this constant battle of maintaining and operating your irrigation system,” says McFadden, sitting at a gray folding table in Ceres’ bare-bones office. “A big thing with tomatoes is identifying the leaks. Currently [growers] have teams of people who will go and walk each row of the tomato field, which is a pretty inefficient use of time.”
According to independent field tests, the imagery works. Since 2014, Ceres has teamed up with the University of California Cooperative Extension, a program that has provided agricultural data to growers in California for over a century. The extension has worked on several studies with Ceres, including a trial for the Almond Board of California that measured the response of nuts to different rates of watering.
In that study, data from Ceres images matched well with the extension’s ground measurements, says Blake Sanden, who headed up the trial. He’s an irrigation and soils management adviser for the extension program — or, as he calls himself, in a voice as slow as molasses, “the water and mud guy for Kern County,” which sits at the southern end of the San Joaquin Valley.
Ceres’ relationship with the extension program has helped the company gain trust with sometimes-skeptical farmers. Sanden says the extension’s government-funded trials are “the gold standard of efficacy” for new products in the ag market.
Agronomist George McFadden uses aerial imagery to help farmers save water. (Emma Foehringer Merchant)
Even with that kind of validation, though, it takes effort to convince growers that a new product isn’t snake oil. Farmers tend to be skeptical of change and hesitant to acknowledge that they’ll need to cede more water to other uses in the state.
Sanden told me the Central Valley’s attitude toward a water-stressed future can be summed up in two words: “Fear and trepidation.”
Farmers, who Rodriguez calls “the original stewards of the environment,” are not prone to waste. But in the past, many California growers had cheap, consistent access to water distributed by systems like the Central Valley Project, a federal network of reservoirs and irrigation channels. More recently, though, programs developed to keep growers flush have dried up or apportioned some of them much less water than in the past — down to nothing.
“The attitude used to be, ‘I can find water,’” says Sanden. “I would say that 30, 40 years ago there was an attitude of hope, overconfidence — whatever you want to call it — that some of the restrictions on pumping water [would] go away.” He says growers expected decision-makers “to come back to reality and understand that we’ve got to make money in California and grow food.”
But the restrictions didn’t go away. Instead, they became stricter. Those constraints, along with the drought, have threatened grower livelihoods across the state. The uncertainty has made farmers friendlier to new technologies. For many, it’s been the only way to survive.
Dave Santos, who grows apricots, cherries, and almonds in Patterson, a Central Valley town sandwiched between I-5 and the San Joaquin River, remembers the advent of drip irrigation, which his 900-acre farm has used for more than 30 years. Since then, he says, a lot more innovation has sprung up — so much so that 67-year-old Santos leaves some of it to his son, like experimenting with aerial imaging.
“I’m just a neophyte in all of this stuff,” he says. “We’re trying to do our best.”
Today, growers like Santos and his son attend conferences to learn about the latest tools and meet with a rotating cast of salespeople who pitch them on new products and services.
“Obviously, with the California drought, anything that can help with water efficiency, they’re willing to spend time and listen to see what’s available,” McFadden says. “In general, all these costs are increasing, but the revenue is not. So how do they deal with that? Become more efficient.”
Scott Bryan and Tom Ferguson meet me in a French café in San Francisco’s Financial District. Next door is a hip ice cream shop, and above that is their tiny office — in a coworking space — from which they run the only California-based start-up accelerator focused specifically on water innovation.
Each year, Imagine H2O handpicks about 10 start-ups working on “solving” water. Competition is fierce. The nonprofit’s staff of four and a group of judges comb through about 100 applications for each cycle. They’re looking for a special sauce that includes commercial potential, interesting technology, and solutions that keep the customer in mind.
“There are a lot of people in water who just have an idea,” says Bryan, the group’s president. “It can be something on the side.”
“Let’s tow icebergs down from Alaska — which is a thing,” offers Ferguson.
“Which is a thing,” Bryan says.
“Apparently,” Ferguson adds wryly.
The day we sit down together in January, they’d just begun working with the 12 companies selected for the 2017 program. Over the course of nearly a year, the selected companies will work with industry mentors, hone their pitches, and liaise with potential customers, partners, and investors. Imagine H2O’s goal is to get start-ups from point A to whatever a company envisions as point B. Since 2009, the program has helped 650 companies that are working on water scarcity and conservation in more than 30 countries.
In March, Imagine H2O held a swanky champagne reception for its new cohort at a San Francisco event space bathed in blue light. While suited attendees milled around the room, the cohort’s entrepreneurs floated next to display tables, ready to pitch their technologies.
Last year, Ceres was among Imagine H2O’s chosen cohort. At the 2016 reception, the company was selected from the larger group as the program’s Water Data Challenge winner.
“They had clearly spent a hell of a lot of time with their customers,” says Ferguson, the vice president of programming. “Your network is crucial.” Farmers want to know: “What’s my neighbor doing? Does he trust it?” he says.
“It’s the relationship component,” adds Bryan.
“Totally,” Ferguson agrees. “That’s kind of the determinant of virality — to use a terrible San Francisco phrase.”
What many tech entrepreneurs get wrong, according to the two, is assuming growers have an unlimited capacity to adopt new technology. “Is a farmer going to have 10 different phones with 40 different apps on each phone?” Bryan asks. “No. The farmer is going to be like anyone else — they’re going to use technology, but they’re going to use the stuff that has some kind of return for them.”
Rodriguez says there’s still “a substantial barrier in general between ag tech and agriculture.” But people working at the intersection insist both sides have the desire to find technological solutions that address the water crisis.
“The agricultural industry wants to be more productive, they want to make money, they want to be profitable,” says Graeme Jarvis, an Imagine H2O accelerator judge and mentor, who has worked in start-ups and who helped build John Deere’s precision agriculture business unit.
“It just so happens that by leveraging technology and new ways of understanding how to drive those in-field decisions,” Jarvis says, “[you] actually end up having this secondary or complementary benefit, which is better water stewardship. That said, it’s early days in the realization of a lot of this.”
To succeed, technologists will have to meet farmers in the field.
Bryan says, “The biggest mistake people make: They don’t understand what the on-the-ground needs and limitations are.” You can only grasp that by talking, and especially listening, to growers. “If you don’t, you’re just another entrepreneur with a gadget looking for a problem.”
The U.S. Homeland Security Department's inspector general said on Friday he was investigating possible abuse of authority in a case that triggered a lawsuit against the department by Twitter Inc .
Inspector General John Roth described the probe in a letter to Senator Ron Wyden, an Oregon Democrat who had asked for an investigation due to concerns about free speech protections.
In a lawsuit on April 6, Twitter disclosed that it received a summons in March from the U.S. Bureau of Customs and Border Protection, an agency within Homeland Security, demanding records about an account on the social media platform identified by the handle @ALT_uscis.
The account has featured posts critical of President Donald Trump's immigration policies, leading Twitter to complain in its lawsuit that the summons was an unlawful attempt to suppress dissent.
The agency dropped its demand of Twitter the day after the suit was filed.
The people behind the account have not disclosed their identities, but the use of "ALT" with a government agency acronym has led many to assume government employees were behind the tweets critical of Trump.
The lawsuit said the account "claims to be" the work of at least one federal immigration employee. USCIS is the acronym of United States Citizenship and Immigration Services, a component of Homeland Security.
Roth's office is charged with investigating waste, fraud and abuse within Homeland Security. He wrote in his letter that he was looking at whether the summons to Twitter "was improper in any way, including whether CBP abused its authority."
"DHS OIG is also reviewing potential broader misuse of summons authority at the department," he added.
Wyden's office posted the letter online. A representative for Roth could not immediately be reached for comment. CBP officials also could not be reached. A Twitter spokeswoman declined to comment.
