Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Government

New US 'Secret' Clearance Unit Hires Firm Linked To 2014 Hacks (reuters.com) 15

An anonymous reader quotes a report from Reuters: A U.S. government bureau set up to do "secret" and "top secret" security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday. Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau's official opening, scheduled for next week. Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information. A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor's stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches. Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack. OPM officials said on Thursday one aim for NBIB is to reduce processing time for "top secret" clearances to 80 days from 170 days and for "secret" clearances to 40 days from 120 days.
Government

Researchers Ask Federal Court To Unseal Years of Surveillance Records (arstechnica.com) 19

An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."
The Courts

Four States Sue To Stop Internet Transition (thehill.com) 280

An anonymous reader quotes a report from The Hill: Republican attorneys general in four states are filing a lawsuit to block the transfer of internet domain systems oversight from the U.S. to an international governing body. Texas Attorney General Ken Paxton, Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt and Nevada Attorney General Paul Laxalt filed a lawsuit on Wednesday night to stop the White House's proposed transition of Internet Assigned Numbers Authority (IANA) functions. The state officials cite constitutional concerns in their suit against the National Telecommunications and Information Administration, U.S. government and the Department of Commerce. "The Obama Administration's decision violates the Property Clause of the U.S. Constitution by giving away government property without congressional authorization, the First Amendment to the U.S. Constitution by chilling speech, and the Administrative Procedure Act by acting beyond statutory authority," a statement released by Paxton's office reads. The attorneys generals claim that the U.S. government is ceding government property, pointing to a Government Accountability Office (GAO) review that "concluded that the transition does not involve a transfer of U.S. government property requiring Congressional approval." Paxton also echoed Texas Sen. Ted Cruz's warnings that the transition could harm free speech on the internet by giving Russia, China and Iran a voice on the international governing body that would oversee internet domain systems. "Trusting authoritarian regimes to ensure the continued freedom of the internet is lunacy," Paxton said. "The president does not have the authority to simply give away America's pioneering role in ensuring that the internet remains a place where free expression can flourish."
Facebook

WhatsApp Won't Comply With India's Order To Delete User Data (engadget.com) 76

An anonymous reader shares an Engadget report: WhatsApp's decision to share user data with Facebook has provoked the ire of yet another foreign government. Last week, India's Delhi High Court ordered WhatsApp to delete any data collected from users who opted out of the company's new privacy policy before September 25th. According to Mashable, however, WhatsApp has no plan to comply with the court order and it will have "no impact on the planned policy and terms of service updates." In August, privacy groups in the US spoke out against the change, which allows WhatsApp to pass account information like mobile phone number, contacts, profile pictures and status messages to its parent company. Facebook claims that sharing information between the two will help it to improve the experience and fight abuse across both platforms, while WhatsApp defended the change by saying that all messages on the service will remain encrypted.
China

Chinese Media, Government Confirm Apple Research Center in Beijing Tech Corridor (appleinsider.com) 19

An anonymous reader writes:According to Chinese media, Apple is launching its first research and development center in the country, located in long-time technology incubation area Zhongguancun Science Park, Beijing. While Apple has yet to comment on the matter, a statement issued by the Zhongguancun Park Management Committee to several Chinese media outlets has identified Apple's presence in the area. According to reports collated by Digitimes, the center has a budget of about $15 million, with a long-term expenditure goal of $45 million over the next few years. The center is allegedly seeking to hire around 500 workers, with no particular focus beyond Apple products and software. The move mirrors similar setups in Japan, and Israel.
Software

The UK's Largest Sperm Bank Is Now An App (technologyreview.com) 65

Sperm bank? There's an app for that. The largest sperm bank in the United Kingdom -- the London Sperm Bank -- has released an official app that aims to "modernize the process of hooking prospective parents up with the biological material they need to make it happen," according to MIT Technology Review: The app is essentially just a mobile version of the filtered search function the London Sperm Bank offers on its website. But in doing something as simple as bringing its desktop services to mobile devices, the bank is making a play to further normalize reproductive technologies. The London Sperm Bank boasts that users will receive push notifications as soon as new donors are available, which could help speed things up for hopeful parents looking for a match. The road to conception can take years for people using reproductive technologies, so expediting any part of the process would be a welcome time-saver. But the bank has over 10,000 vials of sperm, so searching, even using filters, could still be a lengthy process. To combat this, the app also offers a wish list function that lets more focused users predetermine what they're looking for in a donor, and receive a notification when their criteria are met. The way the service works on mobile has been compared to Tinder, but there's actually no swiping involved. Its wish list function means it's more akin to apps like Anthology, which job seekers use to find their next career move. The report notes that, while there are other mobile sperm bank apps out there, the London Sperm Bank is the only one with several medical associations and the U.K. government's Human Fertilization and Embryology Authority on board. Also, the app is free to download, but the cost of ordering sperm is about $1,200 per order, which is the same as if you order through the London Sperm Bank catalogue.
Government

US Believes Hackers Are Shielded By Russia To Hide Its Role In Cyberintrusions: WSJ (newsmax.com) 108

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
Privacy

Apple Logs Your iMessage Contacts - And May Share Them With Police: The Intercept 61

The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
Democrats

FBI Investigating Possible Hack of Democratic Party Staffer Cell Phones (cnn.com) 107

In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.
The Courts

US Department of Labor Is Suing Peter Thiel's Startup 'Palantir' For Discriminating Against Asians (reuters.com) 463

Palantir Technologies is a secretive start-up in Silicon Valley that specializes in big data analysis. It was founded in 2004 by Peter Thiel, Alex Karp, Joe Lonsdale, Stephen Cohen, and Nathan Gettings, and is backed by the FBI and CIA as it "helps government agencies track down terrorists and uncover financial fraud," according to Reuters. Today, the U.S. Department of Labor filed a lawsuit against the company, alleging that it discriminated against Asian job applicants. Reuters reports: The lawsuit alleges Palantir routinely eliminated Asian applicants in the resume screening and telephone interview phases, even when they were as qualified as white applicants. In one example cited by the Labor Department, Palantir reviewed a pool of more than 130 qualified applicants for the role of engineering intern. About 73 percent of those who applied were Asian. The lawsuit, which covers Palantir's conduct between January 2010 and the present, said the company hired 17 non-Asian applicants and four Asians. "The likelihood that this result occurred according to chance is approximately one in a billion," said the lawsuit, which was filed with the department's Office of Administrative Law Judges. The majority of Palantir's hires as engineering interns, as well as two other engineering positions, "came from an employee referral system that disproportionately excluded Asians," the lawsuit said. Palantir denied the allegations in a statement and said it intends to "vigorously defend" against them. The lawsuit seeks relief for persons affected, including lost wages.
Transportation

Planes, Trains, and Automobiles Have Become Top Carbon Polluters (technologyreview.com) 232

Transportation is likely to surpass the electricity sector in 2016 as the largest source of carbon dioxide emissions in the United States, according to a new analysis of government data, MIT Technology reports. From the article: In 2008, the global financial crisis caused widespread declines in energy use. In the U.S., that coincided with the early stages of a large-scale shift away from coal toward cleaner-burning natural gas as a way to generate electricity. As a result, carbon dioxide emissions from the electricity sector have continued to decline from their 2007 peak, even as the economy has resumed growing. The trend line for the transportation sector is less encouraging. Transportation emissions have begun rising as the economy rebounds. John DeCicco at the University of Michigan Energy Institute, who wrote the study, attributes the rebound we've seen during the past four years to straightforward causes: economic recovery and more affordable fuel prices. Vehicle sales numbers have been rising for several years, in particular for trucks and SUVs, and people are traveling more miles.
Government

California Launches Mandatory Data Collection For Police Use-of-Force (seattletimes.com) 115

An anonymous Slashdot reader quotes the AP: All 800 police departments in California must begin using a new online tool launched Thursday to report and help track every time officers use force that causes serious injuries... The tool, named URSUS for the bear on California's flag, includes fields for the race of those injured and the officers involved, how their interaction began and why force was deemed necessary.

"It's sort of like TurboTax for use-of-force incidents," said Justin Erlich, a special assistant attorney general overseeing the data collection and analysis. Departments must report the data under a new state law passed last November. Though some departments already tracked such data on their own, many did not... "As a country, we must engage in an honest, transparent, and data-driven conversation about police use of force," California Attorney General Kamala Harris said in a news release.

It's an open source tool developed by Bayes Impact, and California plans to share the code with other interested law enforcement agencies across the country. Only three other states currently require their police departments to track data about use-of-force incidents, "but their systems aren't digital, and in Colorado's case, only capture shootings."
Education

How ITT Tech Screwed Students and Made Millions (gizmodo.com) 330

An anonymous Slashdot reader shares "a grim story about a company that screwed poor people, military veterans, and taxpayers to turn a profit." Gizmodo reports: By the time ITT Technical Institute closed its doors earlier this month, the for-profit college had been selling tenuous diplomas at exorbitant prices for more than 20 years...burying low-income and first-generation students in insurmountable debt, and evading regulators since the early 1990s...
ITT collected $178 million over two years just in federal education funding for veterans -- even while the company projected 33% of its students would ultimately default on their loans -- and last year 70% of the school's total revenue came directly from federal financial aid programs. Gizmodo spoke to one student who "will now spend the rest of his life paying back loans for a degree that is practically useless," after compounding interest turned his $70,000 loan into $200,000 in debt. "Like all of the former students interviewed by Gizmodo, he was placed in a job that did not require professional training" -- specifically, a game-testing position that didn't even require a high school diploma, while ITT "placed" another student in a $5.95-an-hour telemarketing job. Her assessment of ITT? "It was totally worthless."
United States

US Panel Extends Nuclear Power Tax Credit (thehill.com) 248

Slashdot reader mdsolar quotes The Hill: The House Ways and Means Committee voted Wednesday to remove a key deadline for a nuclear power plant tax credit... The credit was first enacted in 2005 to spur construction of new nuclear plants, but it has gone completely unused because no new plants have come online since then...

It would likely benefit two reactors under construction at Southern Co.'s Vogtle Electric Generating Plant in Georgia and another two at Virgil C. Summer Nuclear Generating Station in South Carolina. Both projects are at risk of missing the 2020 deadline... "When Congress passed the 2005 act, it could not have contemplated the effort it would take to get a nuclear plant designed and licensed," said representative Tom Rice (R-S.C.).

Although one Democrat criticized the extension by arguing that nuclear power "does better in a socialist economy than in a capitalist one, because nuclear energy prefers to have the public do the cleanup, do the insurance, cover all of the losses and it only wants the profits."
Government

Senators Accuse Russia Of Disrupting US Election (washingtonpost.com) 199

An anonymous Slashdot reader quotes The Washington Post: Two senior Democratic lawmakers with access to classified intelligence on Thursday accused Russia of "making a serious and concerted effort to influence the U.S. election," a charge that appeared aimed at putting pressure on the Obama administration to confront Moscow... "At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes," the statement said. "We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government..."

White House officials have repeatedly insisted that they are awaiting the outcome of a formal FBI investigation, even though U.S. intelligence are said to have concluded with "high confidence" that Russia was responsible for the DNC breach and other attacks. The White House hesitation has become a source of frustration to critics, including senior members of Congress.

Meanwhile, U.S. intelligence officials are reportedly investigating whether Donald Trump's foreign policy adviser "opened up private communications with senior Russian officials -- including talks about the possible lifting of economic sanctions if the Republican nominee becomes president."
United States

U.S. Funds Challenges To North Korea's 'Information Shield' (freekorea.us) 86

The U.S. State Department is pursuing "a detailed plan for making unrestricted, unmonitored, and inexpensive electronic mass communications available to the people of North Korea." Slashdot reader Greg Jones reports: Plenty of government-designed "information" flows out of North Korea. At One Free Korea Joshua Stanton reports that the U.S. State Department just announced a new grant program for information technology solutions to punch through the wall that prevents the free flow of information into North Korea.
"Those of us who wrote and negotiated the [North Korea Sanctions and Policy Enhancement Act] were equally concerned with direct engagement of the North Korean people..." Stanton writes on his blog, reporting that there's now grants available to fund multiple projects. "If you have the technical knowledge to make this a reality, or know a place online where people with those talents congregate, please share and repost this solicitation and help spread the word."
Security

Hacker Who Aided ISIS Gets 20 Years In Prison (softpedia.com) 131

An anonymous reader quotes a report from Softpedia: Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, will spend 20 years in a U.S. prison for providing material support to ISIS hackers by handing over data for 1,351 U.S. government employees. Ferizi obtained the data by hacking into a U.S. retail company on June 13, 2015. The hacker then filtered the stolen information and put aside records related to government officials, which he later handed over to Junaid Hussain, the then leader of the Islamic State Hacking Division (ISHD). Hussain then uploaded this information online, asking fellow ISIS members to seek out these individuals and execute lone wolf attacks. Because of this leak, the U.S. Army targeted and killed Hussain in a drone strike in Syria in August 2015. Before helping ISIS, Ferizi had a prodigious hacking career as the leader of Kosova Hacker's Security (KHS) hacking crew. He was arrested on October 6, 2015, at the international airport in Kuala Lumpur, Malaysia, while trying to catch a flight back to Kosovo. Ferizi was in Kuala Lumpur studying computer science.
Government

From Bicycles To Washing Machines: Sweden To Give Tax Breaks For Repairs (mnn.com) 146

jenningsthecat writes: The Swedish government is putting its money where its mouth is when it comes to encouraging the repair of stuff that would otherwise be thrown away, according to both The Guardian and Fast Company. The country's Social Democrat and Green party coalition have submitted proposals to Parliament that would reduce the value-added-tax (VAT) on bicycle, clothing, and shoe repairs from 25% to 12%. Also proposed is an income tax deduction equalling half the labor cost of repairing household appliances. According to The Guardian, "the incentives are part of a shift in government focus from reducing carbon emissions produced domestically to reducing emissions tied to goods produced elsewhere." Per Bolund, Sweden's Minister for Financial Markets and Consumer Affairs, said the policy also tied in with international trends around reduced consumption and crafts, such as the "maker movement" and the sharing economy, both of which have strong followings in Sweden. The VAT cut may create more jobs for immigrants as it could spur the creation of a new home-repairs service industry. Also, from a science standpoint, the incentives could help cut the cost of carbon emissions on the planet as it should in theory reduce emissions linked to consumption. "I believe there is a shift in view in Sweden at the moment. There is an increased knowledge that we need to make our things last longer in order to reduce materials' consumption," Bolund said. The Guardian's report concludes: "The proposals will be presented in parliament as part of the government's budget proposals and if voted through in December will become law from January 1, 2017."
Medicine

UPS Is Starting To Test Drone Deliveries In the US (qz.com) 44

An anonymous reader quotes a report from Quartz: UPS announced Sept. 23 that it has begun testing drone deliveries in the U.S. with drone manufacturer CyPhy Works. The two companies yesterday completed a test of delivering medicine from the coastal town of Beverly, Massachusetts, to Children's Island, a small island about three miles into the Atlantic Ocean. CyPhy's drone has night-vision capabilities, according to a release shared with Quartz. The test yesterday involved a trial situation where an asthmatic child urgently needed an inhaler, which was dispatched from the mainland to the island, arriving far more quickly than it would've taken a boat to get there. CyPhy's drone autonomously flew supplies over the ocean to a group waiting to receive them on the other end, although there was no actual child with asthma in danger. In May, UPS had announced that it was partnering with the drone company Zipline to deliver medical supplies to rural Rwanda, having invested nearly $1 million into the company. UPS has also invested an undisclosed amount in CyPhy. UPS told Quartz that the FAA was aware of its test, and Houston Mills, a commercial pilot with UPS for over a decade and the company's director of airline safety, was recently announced as a member of the FAA's Drone Advisory Committee. The committee is working with industry experts and companies to figure out how to safely integrate a network of commercial drones into U.S. airspace. You can watch the heroic footage of the trial run here.
Security

Sad Reality: It's Cheaper To Get Hacked Than Build Strong IT Defenses (theregister.co.uk) 183

It's no secret that more companies are getting hacked now than ever. The government is getting hacked, major corporate companies are getting hacked, and even news outlets are getting hacked. This raises the obvious question: why aren't people investing more in bolstering their security? The answer is, as a report on The Register points out, money. Despite losing a significant sum of money on a data breach, it is still in a company's best interest to not spend on upgrading their security infrastructure. From the report: A study by the RAND Corporation, published in the Journal of Cybersecurity, looked at the frequency and cost of IT security failures in US businesses and found that the cost of a break-in is much lower than thought -- typically around $200,000 per case. With top-shelf security systems costing a lot more than that, not beefing up security looks in some ways like a smart business decision. "I've spent my life in security and everyone expects firms to invest more and more," the report's author Sasha Romanosky told The Reg. "But maybe firms are making rational investments and we shouldn't begrudge firms for taking these actions. We all do the same thing, we minimize our costs." Romanosky analyzed 12,000 incident reports and found that typically they only account for 0.4 per cent of a company's annual revenues. That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues. As for reputational damage, Romanosky found that it was almost impossible to quantify. He spoke to many executives and none of them could give a reliable metric for how to measure the PR cost of a public failure of IT security systems.

Slashdot Top Deals