Slashdot security articles

Syndicate content Slashdot: Generated for TarPitt (217247)
News for nerds, stuff that matters: Generated for TarPitt (217247)
Updated: 18 hours 46 min ago

Making Video Games Is Not a Dream Job

Fri, 04/05/2019 - 07:30
The video game industry is richer than it has ever been. Its revenue in 2018 was $43.8 billion, a recent report estimated, thanks in large part to hugely popular games like Fortnite and Call of Duty. These record-breaking profits could have led one to think that the people who develop video games had it made. But then the blood bath began. From a story, shared by an anonymous reader: In February, Call of Duty's publisher, Activision Blizzard, laid off 8 percent of its staff, or nearly 800 workers, in a cost-cutting massacre. A few weeks later, the game studio ArenaNet cut dozens of positions, while smaller layoffs hit companies like Valve and the digital store operator GOG. And just last week, the video game giant Electronic Arts announced that it was laying off 350 people across the globe. This brutal start to 2019 followed the closures of major game companies like Telltale, the makers of games based on The Walking Dead, and Capcom Vancouver, the large studio behind the popular action series Dead Rising in 2018. All in all, thousands of video game workers have lost their jobs in the past 12 months. In many of these cases, laid-off employees had no idea what was coming. One developer at a major studio told me in February that he and his colleagues had been crunching -- putting in long hours, including nights and weekends -- for a video game release, only to be suddenly told that security was waiting to escort them off the premises. Worker exploitation has always been part of the video game industry's DNA. Executives with multimillion-dollar stock packages often treat their employees like Tetris pieces, to be put into place as efficiently as possible, then promptly disposed of. For many kids who grew up with controllers in their hands, being a game developer is a dream job, so when it comes to talent, supply is higher than demand. Some people who make video games receive decent salaries and benefits (experienced programmers at the richest studios can make six figures), but many do not.

Hacker Group Has Been Hijacking DNS Traffic On D-Link Routers For Three Months [Update]

Fri, 04/05/2019 - 05:00
An anonymous reader quotes a report from ZDNet: For the past three months, a cybercrime group has been hacking into home routers -- mostly D-Link models -- to change DNS server settings and hijack traffic meant for legitimate sites and redirect it to malicious clones. The attackers operate by using well-known exploits in router firmware to hack into vulnerable devices and make silent changes to the router's DNS configuration, changes that most users won't ever notice. Targeted routers include the following models (the number to the side of each model lists the number of internet-exposed routers, as seen by the BinaryEdge search engine): D-Link DSL-2640B - 14,327; D-Link DSL-2740R - 379; D-Link DSL-2780B - 0; D-Link DSL-526B - 7; ARG-W4 ADSL routers - 0; DSLink 260E routers - 7; Secutech routers - 17; and TOTOLINK routers - 2,265. Troy Mursch, founder and security researcher at internet monitoring firm Bad Packets, said he detected three distinct waves during which hackers have launched attacks to poison routers' DNS settings --late December 2018, early February 2019, and late March 2019. Attacks are still ongoing, he said today in a report about these attacks. A normal attack would look like this: 1. User's computer or smartphone receives wrong DNS server settings from the hacked router. 2. User tries to access legitimate site. 3. User's device makes a DNS request to the malicious DNS server. 4. Rogue server returns an incorrect IP address for the legitimate site. 5. User lands on a clone of the legitimate site, where he might be required to log in and share his password with the attackers. Update: 04/05 16:45 GMT by M : The story adds, "According to Stefan Tanase, security researcher at Ixia, these campaigns have hijacked traffic meant for Netflix, Google,PayPal, and some Brazilian banks, and have redirected users to clone sites, hosted over HTTP, on the networks of known bulletproof hosting providers."

Apple Hires AI Expert Ian Goodfellow

Thu, 04/04/2019 - 18:10
One of Google's top minds in artificial intelligence has joined Apple in a director role. Ian Goodfellow said on his LinkedIn profile that he switched employers in March. He said he's a director of machine learning in the Special Projects Group. CNBC reports: Goodfellow is the father of an AI approach known as generative adversarial networks, or GANs. The approach draws on two networks, one known as a generative network and the other known as a discriminative network, and can be used to come up with unusual and creative outputs in the form of audio, video and text. GAN systems have been used to generate "deepfake" fake media content. Goodfellow got his Ph.D. at the University of Montreal in 2014, and since then he has worked at OpenAI and Google. At OpenAI he was paid more than $800,000, according to a tax filing. His research is widely cited in academic literature. At Google Goodfellow did work around GANs and security, including an area known as adversarial attacks. People working on AI at Apple have previously done research that drew on the GAN technology.

Apache Web Server Bug Grants Root Access On Shared Hosting Environments

Thu, 04/04/2019 - 14:50
An anonymous reader quotes a report from ZDNet: This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server. The vulnerability, tracked as CVE-2019-0211, affects Apache web server releases for Unix systems only, from 2.4.17 to 2.4.38, and was fixed this week with the release of version 2.4.39. According to the Apache team, less-privileged Apache child processes (such as CGI scripts) can execute malicious code with the privileges of the parent process. Because on most Unix systems Apache httpd runs under the root user, any threat actor who has planted a malicious CGI script on an Apache server can use CVE-2019-0211 to take over the underlying system running the Apache httpd process, and inherently control the entire machine. "First of all, it is a LOCAL vulnerability, which means you need to have some kind of access to the server," Charles Fol, the security researcher who discovered this vulnerability told ZDNet in an interview yesterday. This means that attackers either have to register accounts with shared hosting providers or compromise existing accounts. Once this happens, the attacker only needs to upload a malicious CGI script through their rented/compromised server's control panel to take control of the hosting provider's server to plant malware or steal data from other customers who have data stored on the same machine. "The web hoster has total access to the server through the 'root' account. If one of the users successfully exploits the vulnerability I reported, he/she will get full access to the server, just like the web hoster," Fol said. "This implies read/write/delete any file/database of the other clients."

Windows 10 Will No Longer Auto Install Feature Updates Twice a Year

Thu, 04/04/2019 - 10:10
Microsoft has announced that starting with the Windows 10 May 2019 Update, which will hit general availability late next month, users will no longer be forced to install new Windows 10 feature updates as they become available. From a report: This comes after feedback from users who have had countless issues with updates breaking programs, losing files, and installing at inconvenient times. Microsoft has been working hard to improve Windows Update, and while the system is better than it was at launch in 2015, it's still not perfect. Now, users will have the option to not have to deal with feature updates when they are released. What Microsoft is doing here is splitting Windows Update in two. The normal "check for updates" button will now only function for security and monthly patches. Feature updates now get their own area in Windows Update where the user can initiate the download and install process for the latest feature update available. If the user doesn't want to initiate that process, they don't have to. The user will be alerted that a new feature update is available every now and then, but at no point will the user be forced to install that update, as long as the version of Windows 10 they're currently running is still in support.

The End of the Desktop?

Thu, 04/04/2019 - 09:30
Steven J. Vaughan-Nichols, writing for ComputerWorld : Of course, at one time, to get any work done with a computer, you first had to learn a lot, about computers, operating systems, commands and more. Eventually, "friendly" became the most important adverb in computing circles, and we've reached the point in user-friendliness that people don't even talk about it anymore. Today, Google has shown with its Chrome OS that most of us can pretty much do anything we need to do on a computer with just a web browser. But Google's path is not Microsoft's path. Instead, it's moving us first to Windows as desktop as a service (DaaS) via Microsoft Managed Desktop (MMD). This bundles Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security and cloud-based system management into Microsoft 365 Enterprise. The next step, Windows Virtual Desktop, enables companies to virtualize Windows 7 and 10, Office 365 ProPlus apps and other third-party applications on Azure-based virtual machines. If all goes well, you'll be able to subscribe to Windows Virtual Desktop this fall. Of course, Virtual Desktop is a play for business users -- for now. I expect Virtual Desktop to be offered to consumers in 2020. By 2025, Windows as an actual desktop operating system will be a niche product. Sound crazy? Uh, you do know that Microsoft already really, really wants you to "rent" Office 365 rather than buy Office 2019, don't you? But what about games, you say? We'll always have Windows for games! Will we? Google, with its Google Stadia gaming cloud service, is betting we're ready to move our games to the cloud as well. It's no pipe dream. Valve has been doing pretty well for years now with its Steam variation on this theme. So where is all this taking us? I see a world where the PC desktop disappears for all but a few. Most of us will be writing our documents, filling out our spreadsheets and doing whatever else we now do on our PCs via cloud-based applications on smart terminals running Chrome OS or Windows Lite. If you want a "real" PC, your choices are going to be Linux or macOS.

Microsoft Bounty Program Offers Larger Rewards For Bug Hunters

Thu, 04/04/2019 - 08:10
Microsoft, which already offers one of the biggest bug bounty programs, said today it is increasing the payouts it makes and the time it takes to push the payments. From a report: A key change in policy is that Microsoft will no longer wait until a fix has been produced for a bug until making a payout -- now the only requirement is that a bug can be reproduced. This is thanks in part to a partnership with HackerOne. [...] The maximum bounty has increased from $15,000 to $50,000 for the Windows Insider Preview bounty and from $15K to $20K for the Microsoft Cloud Bounty.

MIT Cuts Funding Ties With Huawei, ZTE Citing US National Security Concerns

Thu, 04/04/2019 - 02:00
Following similar moves by Stanford, University of California Berkeley and University of Minnesota, Massachusetts Institute of Technology announced that it is cutting ties with Huawei and ZTE, citing U.S. national security concerns. "At this time, based on this enhanced review, MIT is not accepting new engagements or renewing existing ones with Huawei and ZTE or their respective subsidiaries due to federal investigations regarding violations of sanction restrictions," Richard Lester, MIT's associate provost, and Maria Zuber, the school's vice-president for research, said in a letter to faculty on Wednesday. The South China Morning Post reports: MIT's move is part of a broader effort to strengthen its vetting of research partners, which may affect relationships with other entities in mainland China, Hong Kong, Russia and Saudi Arabia. "Most recently we have determined that engagements with certain countries -- currently China [including Hong Kong], Russia and Saudi Arabia -- merit additional faculty and administrative review beyond the usual evaluations that all international projects receive," the letter said. The Protect Our Universities Act, introduced last month by Representative Jim Banks, an Indiana Republican, would establish a task force, led by the U.S. Department of Education, to maintain a list of "sensitive" research projects, including those financed by the defense and energy departments and U.S. intelligence agencies. The proposed body would monitor foreign student participation in those projects. Students with past or current Chinese citizenship would not be allowed access to the projects without a waiver from the director of national intelligence. The Act also calls for the intelligence director to create a list of foreign entities that "pose a threat of espionage with respect to sensitive research," and stipulates that Huawei and ZTE be included.

'It's Time To End the NSA's Metadata Collection Program'

Wed, 04/03/2019 - 16:30
Jake Laperruque, Senior Counsel at The Constitution Project, where he is working on issues of government surveillance, national security and defending privacy rights in the digital age, argues via Wired that it's time to end the National Security Agency's metadata collection program, known as CDR. An anonymous reader shares an excerpt: In 2015, Congress passed the USA Freedom Act to reform Section 215 and prohibit the nationwide bulk collection of communications metadata, like who we make calls to and receive them from, when, and the call duration. The provision was replaced with a significantly slimmed-down call detail record program, known as CDR. Rather than collecting information in bulk, CDR collects communications metadata of surveillance targets as well as those of individuals up to two degrees of separation (commonly called "two hops") from the surveillance target. But this newer system appears to be no more effective than its predecessor and is highly damaging to constitutional rights. Given this combination, it's time for Congress to pull the plug and end the authority for the CDR program. It's unsurprising that just last week a bipartisan group in Congress introduced a bill to do so. Last month, the New York Times reported that a highly placed congressional staffer had stated that the CDR program has been out of operation for months, and several days later, NSA Director Paul Nakasone issued comments responding to questions about the Times story by saying the NSA was deliberating the future of the program. If accurate, this news is major but not shocking; this large-scale-collection program has been fraught with problems. Last year, the NSA announced that technical problems had caused it to collect information it wasn't legally authorized to, and that in response, the agency had voluntarily deleted all the call detail records it had previously acquired through the CDR program -- without even waiting for a court order or trying to save some of the data -- indicating that the system was unwieldy and the data being collected was not important to the agency.

Huawei Laptop 'Backdoor' Flaw Raises Concerns

Wed, 04/03/2019 - 14:30
A flaw in Huawei Matebook laptops, found by Microsoft researchers, could have been used to take control of machines. From a report: The "sophisticated flaw" had probably been introduced at the manufacturing stage, one expert told BBC News. Huawei is under increasing scrutiny around the world over how closely it is tied to the Chinese government. The company, which denies any collusion with Beijing, corrected the flaw after it was notified about it in January. Prof Alan Woodward, a computer security expert based at Surrey University, told BBC News the flaw had the hallmarks of a "backdoor" created by the US's National Security Agency to spy on the computers of targets. That tool was leaked online and has been used by a wide variety of hackers, including those who are state-sponsored and criminal gangs. "It was introduced at the manufacture stage but the path by which it came to be there is unknown and the fact that it looks like an exploit that is linked to the NSA doesn't mean anything," Prof Woodward said.

Kaspersky Lab Will Warn You If Your Phone is Infected With Stalkerware

Wed, 04/03/2019 - 13:50
Kaspersky Lab said today it would start flagging stalkerware as malicious, and warn people through its Android app when stalkerware is installed on their phones. In 2018 Kaspersky Lab detected stalkerware on 58,487 mobile devices. From a report: Stalkerware is frequently used by stalkers and abusers to spy on people through their phones. It essentially turns victims' phones into surveillance devices, letting an attacker track a person's every step and listen in on every word. Stalkerware is quietly installed on people's devices, and then accesses personal data including GPS location, text messages, photos and microphone feeds. You don't have to be an expert to get your hands on it -- stalkerware is sold online, for as little as a few hundred dollars. Some purveyors offer subscription plans for $68 a month, according to Kaspersky Lab. Kaspersky Lab said it was motivated to start flagging stalkerware apps after speaking with Eva Galperin, the Electronic Frontier Foundation's head of cybersecurity. "As a result, we now flag commercial spyware with a specific alert which warns users of the dangers stalkerware poses," Alexey Firsh, a security researcher at Kaspersky Lab, said in a statement. "We believe users have a right to know if such a program is installed on their device."

Fake Cancerous Nodes in CT Scans, Created By Malware, Trick Radiologists

Wed, 04/03/2019 - 11:11
Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks. An anonymous reader shares a report: Researchers in Israel say they have developed malware to draw attention to serious security weaknesses in critical medical imaging equipment used for diagnosing conditions and the networks that transmit those images -- vulnerabilities that could have potentially life-altering consequences if unaddressed. The malware they created would let attackers automatically add realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them. Or it could remove real cancerous nodules and lesions without detection, leading to misdiagnosis and possibly a failure to treat patients who need critical and timely care. Yisroel Mirsky, Yuval Elovici and two others at the Ben-Gurion University Cyber Security Research Center in Israel who created the malware say that attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment. The research isn't theoretical. In a blind study the researchers conducted involving real CT lung scans, 70 of which were altered by their malware, they were able to trick three skilled radiologists into misdiagnosing conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.

A Suite of Digital Cryptography Tools, Released Today, Has Been Mathematically Proven To Be Completely Secure and Free of Bugs

Wed, 04/03/2019 - 07:26
By making programming more mathematical, a community of computer scientists is hoping to eliminate the coding bugs that can open doors to hackers, spill digital secrets and generally plague modern society. From a report: Now a set of computer scientists has taken a major step toward this goal with the release today of EverCrypt, a set of digital cryptography tools. The researchers were able to prove -- in the sense that you can prove the Pythagorean theorem -- that their approach to online security is completely invulnerable to the main types of hacking attacks that have felled other programs in the past. "When we say proof, we mean we prove that our code can't suffer these kinds of attacks," said Karthik Bhargavan, a computer scientist at Inria in Paris who worked on EverCrypt. EverCrypt was not written the way most code is written. Ordinarily, a team of programmers creates software that they hope will satisfy certain objectives. Once they finish, they test the code. If it accomplishes the objectives without showing any unwanted behavior, the programmers conclude that the software does what it's supposed to do. Yet coding errors often manifest only in extreme "corner cases" -- a perfect storm of unlikely events that reveals a critical vulnerability. Many of the most damaging hacking attacks in recent years have exploited just such corner cases.

Facebook is Demanding Some Users Share the Password For Their Outside Email Account

Wed, 04/03/2019 - 06:01
An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password." "That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.

Researcher Prints 'PWNED!' On Hundreds of GPS Watches' Maps Due To Unfixed API

Wed, 04/03/2019 - 05:00
An anonymous reader quotes a report from ZDNet: A German security researcher has printed the word "PWNED!" on the tracking maps of hundreds of GPS watches after the watch vendor ignored vulnerability reports for more than a year, leaving thousands of GPS-tracking watches --some of which are used by children and the elderly-- open to attackers. Speaking at the Troopers 2019 security conference that was held in Heidelberg, Germany, at the end of March, security researcher Christopher Bleckmann-Dreher presented a series of vulnerabilities impacting over 20 models of GPS watches manufactured by Austrian company Vidimensio. The watch models all share a common backend API, which works as an intermediary and storage point between the GPS watches and associated mobile apps. Back in December 2017, Dreher discovered flaws in the mechanism through which the GPS watches communicate with this backend API server. [...] Dreher's new warning comes as the number vulnerable Vidimensio GPS watches grew ten times since December 2017, despite the warning from German authorities to destroy and stop using children smartwatches with intrusive tracking and eavesdropping capabilities. According to the researcher, the number has grown from around 700 to 7,000, of which 3,000 have been active in the past month. To raise awareness to these still-unpatched devices, Dreher told ZDNet that he has now turned to an unconventional strategy. The researcher has been using one of the security flaws he discovered to insert fake GPS coordinates in people's location history. The researcher designed these fake GPS coordinates to look like the word "PWNED!" when displayed on the location history section map --displayed inside the mobile apps and the watches' web dashboard.

IT and Security Professionals Think Normal People Are Just the Worst

Tue, 04/02/2019 - 10:54
Two new studies reaffirm every computer dunce's worst fears: IT professionals blame the employees they're bound to help for their computer problems -- at least when it comes to security. From a report: One, courtesy of SaaS operations management platform BetterCloud, offers grim reading. 91 percent of the 500 IT and security professionals surveyed admitted they feel vulnerable to insider threats. Which only makes one wonder about the supreme (over-)confidence of the other 9 percent. [...] Yet now I've been confronted with another survey. This one was performed by the Ponemon Institute at the behest of security-for-your-security company nCipher. Its sampling was depressingly large. 5,856 IT and security professionals from around the world were asked for their views of corporate IT security. They seemed to wail in unison at the lesser and more unwashed. Oh, an objective 30 percent insisted that external hackers were the biggest cause for concern. A teeth-gritting 54 percent, however, said the most extreme threat to corporate IT security came from employee mistakes.

Laptops To Stay in Bags as TSA Brings New Technology To Airports

Tue, 04/02/2019 - 06:44
Air passengers at a growing number of U.S. airports will no longer need to remove electronics, liquids, and other items from their carry-on luggage at security checkpoints as the Transportation Security Administration rolls out new technology. From a report: The TSA took a major step in a broader plan to revamp its overall screening process with faster, more advanced technology when it signed a contract Thursday for hundreds of new carry-on baggage screening machines, Administrator David Pekoske said on a press call Friday. The agency has tested the new technology at more than a dozen airports since 2017, along with the relaxed protocols that allow passengers to leave items such as laptops and toiletries inside their luggage. The rollout of the computed tomography, or CT, machines will begin this summer, Pekoske said. The $97 million contract will buy 300 machines, but the list of airports receiving them has yet to be made final, Pekoske said. The technology creates 3-D images of bags' contents and will eventually be able to detect items automatically that the TSA now asks passengers to remove, he said.

Researchers Trick Tesla Autopilot Into Steering Into Oncoming Traffic

Tue, 04/02/2019 - 05:00
An anonymous reader quotes a report from Ars Technica: Researchers have devised a simple attack that might cause a Tesla to automatically steer into oncoming traffic under certain conditions. The proof-of-concept exploit works not by hacking into the car's onboard computing system. Instead, it works by using small, inconspicuous stickers that trick the Enhanced Autopilot of a Model S 75 into detecting and then following a change in the current lane. Researchers from Tencent's Keen Security Lab recently reverse-engineered several of Tesla's automated processes to see how they reacted when environmental variables changed. One of the most striking discoveries was a way to cause Autopilot to steer into oncoming traffic. The attack worked by carefully affixing three stickers to the road. The stickers were nearly invisible to drivers, but machine-learning algorithms used by by the Autopilot detected them as a line that indicated the lane was shifting to the left. As a result, Autopilot steered in that direction. The researchers noted that Autopilot uses a variety of measures to prevent incorrect detections. The measures include the position of road shoulders, lane histories, and the size and distance of various object. [A section of the researchers' 37-page report] showed how researchers could tamper with a Tesla's autowiper system to activate wipers on when rain wasn't falling. Unlike traditional autowiper systems -- which use optical sensors to detect moisture -- Tesla's system uses a suite of cameras that feeds data into an artificial intelligence network to determine when wipers should be turned on. The researchers found that -- in much the way it's easy for small changes in an image to throw off artificial intelligence-based image recognition (for instance, changes that cause an AI system to mistake a panda for a gibbon) -- it wasn't hard to trick Tesla's autowiper feature into thinking rain was falling even when it was not. So far, the researchers have only been able to fool autowiper when they feed images directly into the system. Eventually, they said, it may be possible for attackers to display an "adversarial image" that's displayed on road signs or other cars that do the same thing. In a statement, Tesla officials said that the vulnerabilities addressed in the report have been fixed via security update in 2017, "followed by another comprehensive security update in 2018, both of which we released before this group reported this research to us." They added: "The rest of the findings are all based on scenarios in which the physical environment around the vehicle is artificially altered to make the automatic windshield wipers or Autopilot system behave differently, which is not a realistic concern given that a driver can easily override Autopilot at any time by using the steering wheel or brakes and should always be prepared to do so and can manually operate the windshield wiper settings at all times."

Taiwan To Block Tencent and Baidu Streaming Sites, Citing National Security and Propaganda Concerns

Mon, 04/01/2019 - 18:20
Taiwan is blocking video streaming services of Chinese tech giants Baidu and Tencent Holdings, citing national security and propaganda concerns ahead of a presidential election next year. "Chiu Chui-Cheng, deputy minister of Taiwan's Mainland Affairs Council, [said] that Taiwan is likely to ban Baidu's popular iQiyi platform, and block Tencent's plan to bring its streaming service to the island later this year," Nikkei Asian Review reports. From the report: "We are concerned that streaming media services that have close ties with Beijing could have cultural and political influences in Taiwan... and even affect Taiwan's elections," Chiu said. "If Tencent's streaming video service is trying to enter the Taiwanese market, it's very likely that it's a part of Beijing's propaganda campaign," he said. "What if the company inserts some content that Beijing hopes to advertise? What if it implements messages linked to the Communist Party or its army? We should treat this seriously and carefully at a national security level." The official said that Beijing has stepped up its "cultural infiltration" into Taiwan after Chinese President Xi Jinping used a speech in January to push for an accelerated reunification process. Taiwan does not allow any Chinese Netflix-like streaming services to operate locally, but search engine giant Baidu has been operating in Taiwan through an agent, OTT Entertainment, after Taipei blocked the platform in November 2016. The company's data shows iQiyi's Taiwan site -- one of the most popular video streaming platforms on the island, has 2 million active daily users.

Former NSA Spies Hacked BBC Host, Al Jazeera Chairman for UAE

Mon, 04/01/2019 - 12:45
A UAE cyber espionage contractor staffed with several former U.S. intelligence agents hacked journalists or news executives at Al Jazeera, the BBC, Al Arabi and others throughout June 2017, Reuters reported Monday. From the report: The American operatives worked for Project Raven, a secret Emirati intelligence program that spied on dissidents, militants and political opponents of the UAE monarchy. A Reuters investigation in January revealed Project Raven's existence and inner workings, including the fact that it surveilled a British activist and several unnamed U.S. journalists. The Raven operatives -- who included at least nine former employees of the U.S. National Security Agency and the U.S. military -- found themselves thrust into the thick of a high-stakes dispute among America's Gulf allies. The Americans' role in the UAE-Qatar imbroglio highlights how former U.S. intelligence officials have become key players in the cyber wars of other nations, with little oversight from Washington. The crisis erupted in the spring of 2017, when the UAE and allies -- including Saudi Arabia and Egypt -- accused Qatar of sowing unrest in the Middle East through its support of media outlets and political groups. The UAE camp demanded Qatar take a series of actions, including shuttering the Qatar-funded Al Jazeera satellite television network, withdrawing funding from other media outlets Doha supports, and cracking down on the Muslim Brotherhood, an Islamic movement some Arab governments regard as a threat.