Three investigating loss of phone services

Mobile network Three has acknowledged it is experiencing “technical difficulties with voice, text and data”, leaving many customers offline.

The problems appear to have started on Wednesday evening, according to the Down Detector website.

Customers across the UK have taken to social media to complain about the loss of service.

Three apologised for the problem and said it was “sorting this out right now”.

The problems, which are nationwide, started after some maintenance work on Three’s network infrastructure.

It is not sure how many of its 10 million customers are affected.

On Wednesday, rival network O2 switched on its next-generation 5G service in a number of UK cities.

Three tagged O2 in a tweet saying: “Oi, did you unplug our network so you could plug in your 5G? not cool guys.”

One customer said the joke would have been “cute” if the problems had not been ongoing for more than nine hours.

So many customers tried to access the status checker on Three’s website that it was temporarily unavailable on Thursday morning.

A queuing system has been switched on, to limit access to the tool.

“History shows that once service is restored people quickly forget about the issues,” said Ben Wood, an analyst at the CCS Insight consultancy.

“The challenge for Three UK will be getting its network back online reliably. Often it can take time for things to stabilise after such a massive outage, which can lead to intermittent service for a period of time after the original problems.”


Let’s block ads! (Why?)

BBC News – Technology

Food writer Jack Monroe ‘loses £5,000 in phone-number hijack’

Jack Monroe says she has lost about £5,000 after her phone number was hijacked and re-activated on another Sim card.

The criminals were then able to receive her two-factor authentication messages and access her bank and payment accounts.

The bestselling food writer tweeted she was “paranoid about security” and already had strong measures in place.

A privacy campaigner said the industry had failed to address “Simjacking”.

Ms Monroe tweeted she was “white-hot angry” and had been told although she should get her phone number back soon, the money “will take longer to recover”.

“The money stolen has run into thousands of pounds – I’m a self-employed freelancer and I have to absolutely hustle for every single pound I earn. And someone has just helped themselves to around five thousand of them,” she tweeted.

Ms Monroe is a best-known for her low-cost recipes and her support for anti-poverty campaigns.

In 2017, she successfully sued the right-wing commentator Katie Hopkins for libel.

Simjacking, also known as Simswapping, is when criminals port a phone number over to a new Sim card, which they can then use as if it was their own.

They do this by posing as a customer who wishes to move to a different mobile provider but keep their existing phone number.

While mobile phone operators often request personal information to complete the request, this can be data already in the public domain – Ms Monroe’s date of birth, for example, was on Wikipedia.

Sometimes individuals working for mobile operators or phone shops can be bribed into making the switch.

Often the first clue for the victim is when their own phone stops working.

Increasingly, banks and other services will use a text message to send a code as an extra layer of security to a registered phone number before allowing access to an account.

One critic of the industry’s response to the crime is a privacy campaigner who used to work for the GSMA, the trade body that represents mobile operators.

Pat Walshe, now managing director of Privacy Matters, told BBC News the scale of the problem in the UK was currently unknown but there were cases of Simjacking from around the world.

“The industry has failed to address this problem for a number of years,” he said.

“It’s not trivial [to carry out a Simjack attack] but someone could do it easily enough.”

Mr Walshe said victims should report the crime to their mobile provider, Action Fraud and the Information Commissioner’s Office (ICO).

“I think Jack Monroe’s case should now force the ICO to investigate whether mobile operators are meeting their obligations to safeguard services and data under telecom privacy rules, in addition to the [EU data protection law] GDPR,” he said.

The GSMA has championed an alternative mobile identity authenticator called Mobile Connect.

BBC News has contacted the ICO, which deals with data protection issues.

Jack Monroe has also been contacted.

Let’s block ads! (Why?)

BBC News – Technology

Payments giants abandon Facebook’s Libra cryptocurrency

Mastercard, Visa, eBay and payments firm Stripe have pulled out of Facebook’s embattled cryptocurrency project, Libra.

Their move, first reported in the Financial Times, follows the withdrawal of PayPal, announced last week.

It represents a huge blow to the social network’s plans to launch what it envisions as a global currency.

The project has drawn heavy scrutiny from regulators and politicians, particularly in the US.

Facebook chief executive Mark Zuckerberg will appear before the House Committee on Financial Services on 23 October to discuss Libra and its planned roll-out.

Regulators have raised multiple concerns over Libra, including the risk it may be used for money laundering.

Mercado Pago, a payments firm serving mostly Latin America, also pulled out. It means of the six payments-related firms first involved in Libra, just one, PayU, remains. Netherlands-based PayU did not respond to the BBC’s request for comment on Friday.

In a statement released on Friday, eBay said it “respected” the Libra project.

“However, eBay has made the decision to not move forward as a founding member. At this time, we are focused on rolling out eBay’s managed payments experience for our customers.”

A spokesperson for Stripe said the firm supported the aim of making global payments easier.

“Libra has this potential. We will follow its progress closely and remain open to working with the Libra Association at a later stage.”

A spokesperson for Visa said: “We will continue to evaluate and our ultimate decision will be determined by a number of factors, including the Association’s ability to fully satisfy all requisite regulatory expectations.”

The Libra Association, set up by Facebook to manage the project, said of the departing companies: “We appreciate their support for the goals and mission of the Libra project.

“Although the makeup of the Association members may grow and change over time, the design principle of Libra’s governance and technology, along with the open nature of this project ensures the Libra payment network will remain resilient.

“We look forward to the inaugural Libra Association Council meeting in just 3 days and announcing the initial members of the Libra Association.”

Facebook’s executive in charge of its Libra effort wrote on Twitter that losing the firms was “liberating”.

“I would caution against reading the fate of Libra into this update,” wrote David Marcus, who before joining Facebook was PayPal’s president.

“Of course, it’s not great news in the short term, but in a way it’s liberating. Stay tuned for more very soon. Change of this magnitude is hard. You know you’re on to something when so much pressure builds up.”

Last week, PayPal said it would no longer be part of the Libra Association, but did not rule out working on the project in future – prompting a strong reaction from the Association.

“Commitment to that mission is more important to us than anything else,” it said in a statement. “We’re better off knowing about this lack of commitment now.”

_____

Follow Dave Lee on Twitter @DaveLeeBBC

Do you have more information about this or any other technology story? You can reach Dave directly and securely through encrypted messaging app Signal on: +1 (628) 400-7370

Let’s block ads! (Why?)

BBC News – Technology

Call of Duty breaks records as publisher faces Hong Kong backlash

A mobile version of video game Call of Duty has been downloaded more than 100 million times in its first week.

However, a boycott aimed at the game’s publisher, Activision Blizzard, has been launched after Blizzard placed a 12-month ban on a Hearthstone gamer who staged an online protest over the political crisis in Hong Kong.

The hashtag #Blizzardboycott is now trending on Twitter.

Boycotters included Mark Kern, a developer who has worked for Blizzard.

“It’s done,” tweeted Mr Kern, with a screenshot suggesting he had just cancelled his subscription to World of Warcraft.

“Unless/until they completely reverse their stance on this issue (which, unfortunately, doesn’t seem likely) they will get no more money from me,” wrote one Reddit user in a long thread about the boycott.

The latest title in the hugely popular Call of Duty franchise has been well received by gamers, according to download statistics from Sensor Tower.

The company said the game, which was released on 1 October, had enjoyed the biggest mobile launch yet.

A PC and console title, Call of Duty: Modern Warfare, is due to be released on 25 October.

Journalist Ian Miles Cheong tweeted he had previously pre-ordered the game but, having joined the boycott, had now requested a refund.

Activision Blizzard’s share price had fallen by 2.3% by the close of trading on Tuesday.

However, the backlash was unlikely to cause serious commercial problems for Activision Blizzard, said James Batchelor, UK Editor at GamesIndustry.biz.

“It’s negative PR and that’s never great for a company but I can’t remember an instance where a consumer-led boycott has led to a significant drop in sales in the video games industry,” he told the BBC.

“These games have such a vast audience that I would almost say almost half don’t even know what’s happening… The vast majority of Call of Duty players are so casual, so mainstream.”

BBC News has contacted Activision Blizzard for comment.

Why are some gamers angry with Blizzard?

Ng Wai Chung is the name of the gamer banned for 12 months by Blizzard. He uses the pseudonym Blitzchung.

During a post-match interview on the official Hearthstone Taiwan video stream, he donned a gas mask and shouted: “Liberate Hong Kong, revolution of our age.”

Blizzard said tournament rules said players must not offend people or damage the company’s image.

Media playback is unsupported on your device

Other US technology have become embroiled in the controversy over Hong Kong.

China’s state media this week criticised Apple for listing an app in its app store designed to track the movements of police officers in Hong Kong.

The People’s Daily newspaper said the app was an endorsement for “rioters”.

The tool, HKmap.live, was not named explicitly by the newspaper.

It works by asking users to cite the locations of police and anti-government protesters. This data is then displayed on a map.

Let’s block ads! (Why?)

BBC News – Technology

China and Taiwan clash over Wikipedia edits

Ask Google or Siri: “What is Taiwan?”

“A state”, they will answer, “in East Asia”.

But earlier in September, it would have been a “province in the People’s Republic of China”.

For questions of fact, many search engines, digital assistants and phones all point to one place: Wikipedia. And Wikipedia had suddenly changed.

The edit was reversed, but soon made again. And again. It became an editorial tug of war that – as far as the encyclopedia was concerned – caused the state of Taiwan to constantly blink in and out of existence over the course of a single day.

“This year is a very crazy year,” sighed Jamie Lin, a board member of Wikimedia Taiwan.

“A lot of Taiwanese Wikipedians have been attacked.”

Edit wars

Wikipedia is a movement as much as a website.

Anyone can write or edit entries on Wikipedia, and in almost every country on Earth, communities of “Wikipedians” exist to protect and contribute to it. The largest collection of human knowledge ever amassed, available to everyone online for free, it is arguably the greatest achievement of the digital age. But in the eyes of Lin and her colleagues, it is now under attack.

The edit war over Taiwan was only one of a number that had broken out across Wikipedia’s vast, multi-lingual expanse of entries. The Hong Kong protests page had seen 65 changes in the space of a day – largely over questions of language. Were they protesters? Or rioters?

The English entry for the Senkaku islands said they were “islands in East Asia”, but earlier this year the Mandarin equivalent had been changed to add “China’s inherent territory”.

The 1989 Tiananmen Square protests were changed in Mandarin to describe them as “the June 4th incident” to “quell the counter-revolutionary riots”. On the English version, the Dalai Lama is a Tibetan refugee. In Mandarin, he is a Chinese exile.

Angry differences of opinion happen all the time on Wikipedia. But to Ms Lin, this was different.

“It’s control by the [Chinese] Government” she continued. “That’s very terrible.”

‘Socialist values’

BBC Click’s investigation has found almost 1,600 tendentious edits across 22 politically sensitive articles. We cannot verify who made each of these edits, why, or whether they reflect a more widespread practice. However, there are indications that they are not all necessarily organic, nor random.

Both an official and academics from within China have begun to call for both their government and citizens to systematically correct what they argue are serious anti-Chinese biases endemic across Wikipedia. One paper is called Opportunities And Challenges Of China’s Foreign Communication in the Wikipedia, and was published in the Journal of Social Sciences this year.

In it, the academics Li-hao Gan and Bin-Ting Weng argue that “due to the influence by foreign media, Wikipedia entries have a large number of prejudiced words against the Chinese government”.

They continue: “We must develop a targeted external communication strategy, which includes not only rebuilding a set of external communication discourse systems, but also cultivating influential editors on the wiki platform.”

They end with a call to action.

“China urgently needs to encourage and train Chinese netizens to become Wikipedia platform opinion leaders and administrators… [who] can adhere to socialist values and form some core editorial teams.”

Shifting perceptions

Another is written by Jie Ding, an official from the China International Publishing Group, an organisation controlled by the Chinese Communist Party. It argues that “there is a lack of systematic ordering and maintenance of contents about China’s major political discourse on Wikipedia”.

It too urges the importance to “reflect our voices and opinions in the entry, so as to objectively and truly reflect the influence of Chinese path and Chinese thoughts on other countries and history”.

“‘Telling China’s story’ is a concept that has gained huge traction over the past couple of years,” Lokman Tsui, an assistant professor at the Chinese University of Hong Kong, told BBC Click. “They think that a lot of the perceptions people have of China abroad are really misunderstandings.”

To Tsui, an important shift is now happening as China mobilises its system of domestic online control to now extend beyond its borders to confront the perceived misconceptions that exist there. Wikipedia has confronted the problem of vandalism since its beginning. You can see all the edits that are made, vandalism can be rolled back in a second, pages can be locked, and the site is patrolled by a combination of bots and editors.

People have tried to manipulate Wikipedia from the very beginning, and others have worked to stop them for just as long.

However, much of the activity that Lin described isn’t quite vandalism. Some – such as Taiwan’s sovereignty – is about asserting one disputed claim above others. Others, subtler still, are about the pruning of language, especially in Mandarin, to make a political point.

Should the Hong Kong protests be considered “against” China? Should you call a community “Taiwanese people of Han descent”, or “a subgroup of Han Chinese, native to Taiwan”?

It is over this kind of linguistic territory that many of the fiercest battles rage.

Coordinated strategy?

The attacks are often not to Wikipedia’s content, but rather its community of Wikipedians.

“Some have told us that their personal information has been sprayed [released], because they have different thoughts,” Lin said.

There have also been death threats directed at Taiwanese Wikipedians. One, on the related public Wikimedia Telegram Channel, read “the policemen will enjoy your mother’s forensic report”. And elections to administrator positions on Wikipedia, who hold greater powers, have similarly become starkly divided down geopolitical lines.

Attributing online activity to states is often impossible, and there is also no direct, proven link between any of these edits and the Chinese government.

“It’s absolutely conceivable,” Tsui continued, “that people from the diaspora, patriotic Chinese, are editing these Wikipedia entries. “But to say that is to ignore the larger structural coordinated strategy the government has to manipulate these platforms.”

Whilst unattributed, the edits do happen against the backdrop where a number of states, including China, have intensified attempts to systematically manipulate online platforms. They have done so on Twitter and Facebook, and researchers around the world have warned of state-backed online propaganda targeting a range of others.

Compared with almost any other online platform, Wikipedia makes for a tempting, even obvious, target.

“I’m absolutely not surprised,” said Heather Ford, a senior lecturer in digital cultures at the University of New South Wales, whose research has focused on the political editing of Wikipedia. I’m surprised it’s taken this long actually… It is a prioritised source of facts and knowledge about the world.”

Of course, every state cares about its reputation.

“China is the second largest economy in the world and is doing what any other country in this status would seek,” said Shirley Ze Yu, a visiting senior fellow at the LSE. “Today China does owe the world a China story told by itself and from a Chinese perspective. I think it’s not only Chinese privilege, it’s really a responsibility”.

Taiwan is itself locked in a messaging war with China, with its own geopolitical points to make and many of the misconceptions may be genuine ones, at least in the eyes of the people who edit them.

So does this amount to telling China’s story, or online propaganda?

At least on Wikipedia, the answer depends on where you fall on two very different ideas about what the internet is for. There is the philosophy of open knowledge, open source, volunteer-led communities.

But it may now be confronted by another force: the growing online power of states whose geopolitical struggles to define the truth now extend onto places like Wikipedia that have grown too large, too important, for them to ignore.

* The Chinese Embassy was approached for a comment but we did not receive a reply.

Let’s block ads! (Why?)

BBC News – Technology

Facebook encryption threatens public safety, say ministers

UK Home Secretary Priti Patel and counterparts in the US and Australia have sent an open letter to Facebook calling on it to rethink its plans to encrypt all messages on its platforms.

The policy threatens “lives and the safety of our children”, they said.

They said it could hamper international efforts to grant law enforcers faster access to private messages on social media, as agreed between the UK and US.

Facebook said “people have the right to have a private conversation online.”

The head of Facebook-owned WhatsApp Will Cathcart had previously posted on Hacker News: “End-to-end encryption protects that right for over a billion people every day.”

Facebook said it is “consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology” to keep people safe.

The letter was signed by Ms Patel, the US Attorney General William P Barr, Acting US Homeland Security Secretary Kevin McAleenan and the Australian minister for Home Affairs Peter Dutton. It comes off the back of a data access agreement between the US and the UK designed to remove the barriers to cross-border surveillance.

It allows British law-enforcement agencies to demand from US tech firms data relating to terrorists, child-sexual abusers and other serious criminals.

It is hoped it will dramatically speed up investigations – previously, the process of requesting data from US firms could take anything from six months to two years.

Media playback is unsupported on your device

Under the new agreement that could be cut to a matter of weeks or even days.

But there is one major problem – messages sent over services using end-to-end encryption, such as WhatsApp, will remain unreadable.

Privacy and safety

Following scandals over the misuse of personal data, the social network has focused on privacy and it now offers encryption as an option to users on its Messenger service.

It also has plans to introduce it to Instagram.

“Tech companies like Facebook have a responsibility to balance privacy with the safety of the public,” the letter read.

It added: “So far nothing we have seen from Facebook reassures me that their plans for end-to-end encryption will not act as barrier to the identification and pursuit of criminals operating on their platforms.

“Companies cannot operate with impunity where lives and the safety of our children is at stake, and if Mr Zuckerberg really has a credible plan to protect Facebook’s more than two billion users, it’s time he let us know what it is.”

In 2018, Facebook made 16.8 million reports of child sexual exploitation and abuse content to the US National Centre for Missing and Exploited Children, which the National Crime Agency estimates have led to more than 2,500 arrests and 3,000 children made safe.

Head of online child safety at the NSPCC Tony Stower said: “It’s an absolute scandal that Facebook are actively choosing to provide offenders with a way to hide in the shadows on their platform, seamlessly able to target, groom and abuse children completely undetected.

“The landmark agreement between the US and UK on accessing data will radically reduce the time it takes for police to get hold of the data they need from tech giants to bring offenders to justice.

“It should be a hugely important step forward in tackling online child abuse – if tech giants play their part too.”

Wire taps

There has been some confusion about whether the Cloud Act could force firms such as Facebook to offer so-called back doors to law enforcement.

In a series of tweets on the issue, Facebook’s ex-technology officer Alex Stamos attempted to clarify.

“This agreement would allow UK courts to issue requests equivalent to US courts, but it does not grant them access to anything a US court can’t get already,” he wrote.

“Orders for wire taps of products like WhatsApp can get some data, like IP addresses, phone numbers, contact lists and avatar photos. It cannot get encrypted messages and attachments.”

A BBC investigation earlier this year found that encrypted apps were taking over from the dark web as a place to host criminals.

Let’s block ads! (Why?)

BBC News – Technology

GoPro Hero 8 Black targets vloggers with add-on modules

GoPro’s new flagship action camera is designed to connect to a new range of hardware add-ons targeted at vloggers.

But experts suggest that other improvements are relatively minor, meaning the Hero 8 Black may be a tough sell.

GoPro remains the bestselling action cam brand in much of the world.

But the firm posted a loss in its last two quarters and is facing competition from China’s DJI, which entered the market with a rival product in May.

Last year’s GoPro launch – the Hero 7 Black – delivered a vast improvement to in-body stabilisation, leading its chief executive to claim it was a “gimbal killer “- a reference to the fact it did not require add-on equipment to produce smooth footage.

Reviewers recognised this to be a significant upgrade, and the company reported the model had achieved its strongest-ever first month sales to date.

But over the past 12 months as a whole, the firm’s cash reserves have still shrunk from $ 114.8m (£93.3m) to $ 91.2m, and its shares have dropped about 30%. One analyst warned it could face further problems if consumers do not consider the latest features to be a compelling enough leap forward.

“If retailers were unable to work through their existing inventory prior to GoPro’s new product launch, its new product launch may be cannibalised by a substantially discounted Hero 7 Black at holiday,” Alicia Reese from Wedbush Securities told the BBC.

“GoPro must continually launch products compelling enough for users to want to buy a GoPro in addition to a smartphone.

“[But in its favour], GoPro has greater mind-share when it comes to action cameras than other brands, and the company has a growing presence in the travel space.”

Add-on Mods

The Hero 8 Black’s standout feature is that users can now bolt on three optional accessories. They are:

  • a shotgun microphone for improved audio
  • a small light to help in dim conditions
  • a flip-up screen, allowing self-shooters to frame themselves

The camera body has also been redesigned to incorporate fold-out “finger” connectors – allowing it to be bolted to a mount without having to first be put in a case.

In addition, the firm says it has further improved in-body video stabilisation, which is now available for all video frame rates and resolutions. And it has added a new feature to its Timewarp mode – which creates smooth sped-up footage – to automatically adjust the footage’s speed dependant on the rate of the camera’s motion and the lighting conditions.

Furthermore, users can shoot video at up to 100 megabits per second – up from 78 Mb/s previously – which should deliver higher-quality images.

One of the problems the firm faces, however, is that smartphones are making significant strides forward of their own, including multiple lenses, the ability to blur the backgrounds of photos and sometimes videos, and the use of machine learning algorithms that vastly improve low-light shots.

“In terms of quality, it’s now difficult for action cams to offer anything that a smartphone can’t do,” commented Mark Wilson from the Trusted Reviews news site.

“And smartphones have gained waterproofing, which has helped encourage people to use them in situations that they might have previously have turned to a GoPro.

“Some people will still want a camera for situations they don’t want to risk damaging their phone.

“But it feels a bit like GoPro has reached the limitations of the hardware it has created, and has now moved on to accessories as the motivation to convince people to buy another one. Whether that’s enough remains to be seen.”

The new flagship camera costs £380 and the Mods accessories range from £50 to £80.

YouTube vloggers

The new camera will be marketed in part to social media creators.

However, in doing this, the firm will compete against not just against DJI’s Osmo Action camera – which features a selfie screen on its front – but also a variety of new “mirrorless” cameras with interchangeable lenses, which are targeting the same market.

“YouTube has been massive driver for GoPro sales, and there’s a degree of one-upmanship on the platform where users need to create something ever more more spectacular to stand out,” commented Mr Wilson.

“So that will help, but action cams are still a niche part of the vlogging market.”

GoPro has also announced a new dual-lensed 360-degree camera called the Max, which marks an upgrade to its earlier Fusion.

The firm says the new model has a wider field-of-view and should be easier to operate than before.

Such cameras have the ability to create interactive footage for use in virtual reality or that can be played back in software that allows viewers to shift perspective.

But they also allow owners to create standard videos, in which they can make adjustments to the view during their edit.

Demand for such products has been more limited than some had forecast, in part because VR headset sales have also been weaker than expected.

But Ms Reese said there should still enough demand for the GoPro Max to justify its existence from a group of professional and enthusiast film-makers.

“I don’t think these were ever expected to be mainstream products [and they] were never mass-produced,” she commented.

But she added that there was an “expectation that the new camera will be well-received by this niche market”.

Let’s block ads! (Why?)

BBC News – Technology

Spoofing emails: The trickery costing businesses billions

The email came in like any other, from the company chief executive to his finance officer.

“Hey, the deal is done. Please wire $ 8m to this account to finalise the acquisition ASAP. Needs to be done before the end of the day. Thanks.”

The employee thought nothing of it and sent the funds over, ticking it off his list of jobs before heading home.

But alarm bells started to ring when the company that was being acquired called to ask why it had not received the money.

An investigation began – $ 8m was most definitely sent, but where to?

We will never know.

Some of the money was clawed back by the banks, but most was lost to hackers who may have cashed out using an elaborate money-laundering network or simply moved on to the next victim.

Meanwhile, the finance officer is left feeling terrible and the company is left scratching its head.

After all, the email had come ostensibly from the boss’s address and his account had not been hacked.

It was left to cyber-security experts to break the bad news to the firm: emails are not to be trusted.

CEO Fraud

This is a real-life example of a cyber-attack known as Business Email Compromise, or CEO Fraud.

The attacks are relatively low-tech and rely more on social engineering and trickery than traditional hacking.

Cyber-criminals simply spoof the email address of a company executive and send a convincing request to an unsuspecting employee.

The message looks just as though it has come from the boss – but it has been sent by an imposter.

There is usually a sense of urgency to the order, and the employee simply does as they are told – maybe sending vast amounts of money to criminals by mistake.

These scams are on the rise and according to the FBI in the US, they have resulted in worldwide losses of at least $ 26bn (£21bn) since 2016.

Earlier this month, 281 suspected hackers were arrested in 10 different countries as part of a massive takedown operation of global cyber-crime networks based on the scams.

Ryan Kalember, executive vice-president of cyber-security strategy at Proofpoint, said: “Business Email Compromise (BEC) is the most expensive problem in all of cyber-security. There is not a single other form of cyber-crime that has the same degree of scope in terms of money lost.”

Proofpoint was appointed to deal with the CEO Fraud incident described in this article.

Mr Kalember and his team have seen the tactics evolve during the past year and have some interesting observations and warnings for potential victims.

Non-executive targets

The traditional targets for BEC attack are the “C-suite” figures of major companies, such as chief executive officers or chief finance officers.

But recently, criminals have been going for lower-hanging fruit.

“The ‘very attacked people’ we now see are actually rarely VIPs. Victims tend to have readily searchable emails or easily guessable shared addresses.

“VIPs, as a rule, tend to be less exposed as organisations are generally doing a fairly good job of protecting VIP email addresses now,” Mr Kalember added.

The trend has also been noticed by cyber-security company Cofense.

In some cases, employees’ emails are spoofed and the attacker asks the human-resources departments to send a victim’s wages to a new bank account.

“A smaller but much wider reward system will be a deliberate attempt to fly below the radar to target financial processes that are likely to have weaker controls, yet still produce attractive returns,” said Dave Mount, from Cofense.

Monday warning

Another method being seen more regularly is scam emails sent on Monday morning.

According to Proofpoint, more than 30% of BEC emails are delivered on Mondays as hackers try to capitalise on weekend backlogs.

They hope “social jetlag” will mean employees are more easily fooled by fake emails and other social-engineering tricks.

“Attackers know how people and offices work. They depend on people making mistakes and have a lot of experience with what works. This is not a technical vulnerability, it’s about human error,” said Mr Kalember.

Fake Forward

Fake email threads are part of another technique that has evolved.

Attackers start the subject lines of their emails with “Re:” or “Fwd:” to make it look like their message is part of a previous conversation.

In some cases, they even include a bogus email history to establish apparent legitimacy.

According to researchers, fraud attempts that use this technique have increased by more than 50% year-over-year.

Mr Kalember says all these trends follow a predictable pattern based on our own behaviour.

“One of the reasons why this is a particularly difficult problem to stamp out is that it relies on the systemic risk of all of us trusting email as a means of communication,” he said.

Unfortunately for businesses and unwitting employees, BEC is unlikely to go away.

Email spoofing is technically very simple, and free-to-use online services offer a low barrier to entry.

But there are lots of things companies and employees can do – including being vigilant and aware of the attacks.

Companies could insist on so-called two-factor verification before a payment is sent.

All of this, of course, relies on people taking a step back from what is often strived for in the workplace – speed and efficiency.

Action Fraud and the UK’s National Fraud Intelligence Bureau (FNIB) operate a 24/7 hotline on 0300 123 2040 for businesses to report live cyber-attacks.

Let’s block ads! (Why?)

BBC News – Technology

Pornography ‘one click away’ from young children

Children are stumbling upon pornography online from as young as seven, a report has indicated.

The survey, from the British Board of Film Classification (BBFC), suggested three-quarters of parents felt their child would not have seen porn online but more than half had done so.

Youngsters under the age of 10 described feeling “grossed out” and “confused” by what they had seen.

The UK is trying to make it harder for children to see adult content.

It is bringing in a new regime of age verification, under which websites hosting mainly pornography will be required to stop UK users from accessing content unless they can prove they are over 18.

Every time a UK IP address attempts to access a pornography website, the user will be required to verify their age.

The plans, part of the Digital Economy Act, were due to come into force in July but have since been delayed for a further six months.

The BBFC has been appointed as the age-verification regulator and will monitor adult sites to ensure they have appropriate means of checking the age of visitors.

Aggressive depictions

David Austin, chief executive of the BBFC, said: “Pornography is currently one click away for children of all ages in the UK, and this research supports the growing body of evidence that it is affecting the way young people understand healthy relationships, sex, body image and consent.

“The research also shows that when young children – in some cases as young as seven or eight years old – first see pornography online, it is most commonly not on purpose.”

The report also looked at the effects of pornography on youngsters. Just over 40% of those who knew about pornography agreed that watching it made people less respectful of the opposite sex. Girls spoke of their fear that aggressive depictions of sex would be seen as normal by young males and copied in real life.

The government and the BBFC is not prescribing how sites verify age but it will be done using a variety of methods, including credit card checks and systems such as AgeID, which requires people to upload scans of their passports or driving licences.

Critics say those determined to get around the rules will find it relatively easy to bypass the restriction. And it will remain legal to use virtual private networks which can make it seem like a UK-based computer is located elsewhere in order to avoid the blocks.

Let’s block ads! (Why?)

BBC News – Technology

Danielle Cohn: Are teen influencers being exploited?

US social media star Danielle Cohn has nearly four million followers on Instagram and 1.4 million on YouTube. She’s also one of TikTok’s biggest stars, with more than 13 million fans.

The young teenager’s photographs and their captions are often provocative.

She wears bikinis, lingerie and figure-hugging dresses, and her photo locations include bedrooms, pool-sides, and in one case lying beside a waxwork figure of the late Playboy founder Hugh Hefner, while wearing bunny ears.

Her recent brand collaborations include a women’s fashion label and an energy drink.

“What would u ask me if u knew my answer would be yes?” she wrote recently beside a picture of herself wearing a tight white dress, her hands above her head, in which she promoted a fashion brand.

She is managed by her mother.

But is this a good line of work for a teenager?

“Once on the internet, always on the internet,” says Rohan Midha, co-founder of the influencer agency PMYB.

“When she does hit 18 she may not be able to be doing these brand deals any more. It may not be a sustainable career.

“She may need to get a normal job, like everyone else… all of this stuff will come up when an employer searches her name.”

Mr Midha said he didn’t think young teenagers were capable of making such a huge decision about creating a specific identity that would follow them into adult life.

“I believe that often it’s an older relative or family member who has realised there is the opportunity to make some money in the short term and puts together a social strategy to grab the attention of the media,” he said.

Under UK law the employment of children below the age of 18 is heavily regulated but social media companies have no such obligations because they are not employing the children who use their platform, explains Keely Rushmore, partner at British law firm SA Law.

How about the brands they collaborate with?

“In the UK children can potentially enter into contracts for services personally, but this can be problematic,” she said.

“A way around this is to contract with the parents of the child instead, and I would expect that many brands choose this option in order to protect themselves.”

And there’s another issue – there’s a continuing debate about how old Danielle actually is.

Last week a man who said he was her estranged father, Dustin Cohn, wrote a long Facebook post in which he said he was unhappy with her online activities and claimed that Danielle was just 13 years old.

He has previously released a document which he says is her birth certificate.

His intervention made headlines across the world, including in the UK’s Sun newspaper, the New Zealand Herald, and Canada’s Toronto Sun.

Danielle issued an angry response to her father’s claims, saying she was “living her best life”.

However, she did not mention her age.

According to Danielle’s bio, and previous assertions by Danielle herself, she is 15.

When contacted for comment, her mother told the BBC: “I really think you guys need to leave it alone.”

Whatever her true age, some of the suggestive images date back more than two years on Danielle’s Instagram account.

She’s also no stranger to controversy after a video which appeared to show her getting married and revealing a pregnancy were released this summer – this turned out to be a promotion for a music video.

Her mother argues that what her daughter is doing is for her own benefit.

She said previously: “You might not agree with what my daughter [posts] or what she does, but at this age she [is] setting up her life… she [can] become a millionaire at her age.”

While Danielle Cohn appears to have a good relationship with her mother, who features in many of her YouTube videos, the comments left under them suggest not all viewers are entirely comfortable with Danielle’s work.

“You’re 13, stop it. Have a childhood while you can,” wrote one below a video uploaded on Sunday.

Children’s charity the NSPCC warns that even in the short term, there is no way of controlling what happens to an image once it is on the net.

“Parents should be aware there can be negative consequences of children sharing pictures of themselves on social media, as they will never be able to control where those images go,” said a spokeswoman.

Let’s block ads! (Why?)

BBC News – Technology