Jump to content

Search the Community

Showing results for tags 'u.s.'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 13 results

  1. ABU DHABI (Reuters) - Oil producer group OPEC is not the enemy of the United States, United Arab Emirates Energy Minister Suhail al-Mazrouei said on Saturday in Abu Dhabi. UAE's Oil Minister OPEC President Suhail Mohamed Al Mazrouei “We are complementing each other, we are not enemies here,” Mazrouei told an industry conference in Abu Dhabi, addressing the relationship between the Organization of the Petroleum Exporting Countries and the U.S., a major oil consuming country. OPEC and other leading global oil producers led by Russia agreed in December to cut their combined oil output by 1.2 million barrels per day from January to prevent a supply glut and boost sagging prices. The decision came despite U.S. President Donald Trump’s call for the oil exporters’ club to refrain from cutting production, saying it would trigger higher oil prices worldwide. Mazrouei said the average oil price in 2018 was $70 a barrel. His Omani counterpart Mohammed al-Rumhi, addressing the same event, said he expected a price of between $60 and $80 a barrel in 2019. The 1.2 million bpd cut should be enough to balance the market, Mazrouei said, expecting the correction to start this month and to be achieved in the first half of the year. “We are assuming no changes in the cut that we have,” he said. Mazrouei also said he did not expect OPEC members Venezuela, Libya or Iran, who effectively have exemptions from the cuts, to increase their oil output in 2019, rather it was more likely their production would decline. Both Mazrouei and Rumhi said there was no need for OPEC and its allies to meet before April when they are set to decide their output policy for the rest of 2019. “Things are working well,” said Rumhi, whose country is taking part in the supply reduction agreement but is not an OPEC member. Source
  2. BEIJING/SHANGHAI (Reuters) - China and the United States made progress on “structural issues” such as forced technology transfers and intellectual property rights in talks this week and more consultations are being arranged, China’s commerce ministry said on Thursday. The three-day talks in Beijing that wrapped up on Wednesday were the first face-to-face negotiations since U.S. President Donald Trump and his Chinese counterpart, Xi Jinping, met in Buenos Aires in December and agreed on a 90-day truce in a trade war that has disrupted the flow of hundreds of billions of dollars of goods. The negotiations were initially scheduled to last two days but went on for three because both sides were “serious” and “honest”, Gao Feng, spokesman at the Chinese commerce ministry, told a news conference. Asked about China’s stance on issues such as forced technology transfers, intellectual property rights, tariff barriers and cyber attacks, and whether China was confident it could reach agreement with the United States, Gao said those issues “were an important part of this trade talk”. “There has been progress in these areas,” he said. He did not elaborate. The United States has presented China with a long list of demands that would rewrite the terms of trade between the world’s two largest economies. They include changes to China’s policies on intellectual property protection, technology transfers, industrial subsidies and other non-tariff barriers to trade. China has repeatedly played down complaints about intellectual property abuses, and has rejected accusations that foreign companies face forced technology transfer. Nearly halfway into the 90-day truce, there have been few concrete details on any progress made. Gao did not address questions on what demands both sides raised, or if the United States had agreed to drop its plan to implement additional tariffs by the March 2 deadline. In a brief statement earlier, the ministry said the talks were extensive, and helped establish a foundation for the resolution of each others’ concerns, but gave no details. On Wednesday, the U.S. Trade Representative’s office (USTR) said officials from the two sides discussed “ways to achieve fairness, reciprocity and balance in trade relations”, and focused on China’s pledge to buy a substantial amount of agricultural, energy, manufactured, and other products and services from the United States”. At stake are scheduled U.S. tariff increase on $200 billion worth of Chinese imports. Trump has said he would increase those duties to 25 percent from 10 percent if no deal is reached by March 2, and has threatened to tax all imports from China if it fails to cede to U.S. demands. U.S. officials have long complained that China has failed to live up to trade promises, often citing pledges to resume imports of American beef that took more than a decade to implement. No schedule for further face-to-face negotiations was released after the talks. The USTR said the American delegation was returning to Washington to report on the meetings and “receive guidance on the next steps”. Both sides agreed to maintain close contact, the Chinese commerce ministry said. “For the next step, work teams from both sides will continue to work hard and push forward consultations as originally planned,” Gao said. CORE ISSUES Since the Trump-Xi meeting in Argentina, China resumed purchases of U.S. soybeans. Buying had slumped after China imposed a 25 percent import duty on U.S. shipments of oilseed on July 6 in response to U.S. tariffs. China has also cut tariffs on U.S. cars, dialled back on an industrial development plan known as “Made in China 2025”, and told its state refiners to buy more U.S. oil. Earlier this week, China approved five genetically modified (GM) crops for import, the first in about 18 months, which could boost its overseas grains purchases and ease U.S. pressure to open its markets to more farm goods. Big spending on commodities and goods would send a positive signal on China’s intent to work with the United States, but would do nothing to resolve the U.S. demands that require difficult structural change from China. China has said it will not give up ground on issues that it perceives as core. One of the biggest challenges to any deal would be to ensure that China enforces whatever is agreed to stop technology transfers, intellectual property theft and hacking of U.S. computer networks. Source
  3. BEIJING (Reuters) - Chinese Vice Premier Liu He spoke on Tuesday with U.S. Treasury Secretary Steven Mnuchin and U.S. Trade Representative Robert Lighthizer, exchanging views on pushing forward the next stage of trade talks, China’s Commerce Ministry said. Source
  4. WASHINGTON (Reuters) - U.S.-China trade negotiations need to reach a successful end by March 1 or new tariffs will be imposed, U.S. Trade Representative Robert Lighthizer said on Sunday, clarifying there is a “hard deadline” after a week of seeming confusion among President Donald Trump and his advisers. Global markets are jittery about a collision between the world’s two largest economic powers over China’s huge trade surplus with the United States and U.S. claims that China is stealing intellectual property and technology. “As far as I am concerned it is a hard deadline. When I talk to the president of the United States he is not talking about going beyond March,” Lighthizer said on the CBS show “Face the Nation,” referring to President Donald Trump’s recent decision to delay new tariffs while talks proceed. “The way this is set up is that at the end of 90 days, these tariffs will be raised,” said Lighthizer, who has been tapped to lead the talks and appeared to tamp down expectations that the negotiation period could be extended. After a turbulent week in markets, investors “can be reassured that if there is a deal that can be made that will assure the protection of U.S. technology...and get additional market access...the president wants us to do it,” Lighthizer said. “If not we will have tariffs.” In Argentina last weekend, Trump and Chinese President Xi Jinping agreed to a truce that delayed the planned Jan. 1 U.S. hike of tariffs to 25 percent from 10 percent on $200 billion of Chinese goods while they negotiate a trade deal. However, the arrest of a top executive at China’s Huawei Technologies Co Ltd’s [HWT.UL] has roiled global markets amid fears that it could further inflame the China-U.S. trade row. In Beijing on Sunday, China’s foreign ministry protested the arrest to the U.S. ambassador. In a series of appearances on the Sunday morning talk shows, Lighthizer, economic adviser Larry Kudlow, and trade adviser Peter Navarro insisted the trade talks with China would not be derailed by the arrest, which they deemed solely a law enforcement matter. U.S. equity markets have staked much on the outcome of the talks. Stocks climbed early in the week on optimism tensions between the two sides were easing, then cratered after Trump claimed he was a “tariff man” after all. He also seemed to indicate the talks could be extended. But Lighthizer, in his first comments since being appointed to lead the negotiations, said the United States will need concessions across a number of areas in coming weeks if the higher tariffs are to be voided. That includes demands for increased purchases of U.S. goods in a more open Chinese market, as well as “structural changes” to a system that, for example, forces American firms to turn over technology to Chinese partners as a condition of doing business. “We need agricultural sales and we need manufacturing sales. We need structural changes on this fundamental issue of non-economic technology transfer,” Lighthizer said. The demands are similar to those made under previous Democratic and Republican presidents, but Lighthizer said he felt Trump’s willingness to go beyond “dialogue” and impose tariffs will produce results. Source
  5. Intelligence official says Chinese economic espionage on the upswing Rob Joyce speaks during the 2018 Aspen Cyber Summit in San Francisco on Thursday. SAN FRANCISCO — China has violated an accord it signed with the U.S. three years ago pledging not to engage in hacking for the purpose of economic espionage, a senior U.S. intelligence official said Thursday. The 2015 bilateral agreement had significantly reduced the amount of Chinese cybertheft targeting American companies, but Beijing’s commitment to the deal has eroded, said Rob Joyce, senior adviser for cybersecurity strategy at the National Security Agency. “It is clear they are well beyond the bounds of the agreement today that was forged between our two countries,” Joyce said during a panel conversation at the Aspen Cyber Summit. Joyce’s comments were the latest sign of Washington’s rising frustration over China’s alleged violation of the pact signed between then-President Barack Obama and Chinese President Xi Jinping. Last week, then-Attorney General Jeff Sessions also said China wasn’t adhering to the deal, in which the U.S. and China agreed not to conduct cyber operations against each other to steal intellectual property or other forms of economic intelligence. Source
  6. NEW YORK (Reuters) - A group of large institutional investors including BlackRock Inc and Allianz SE’s Pacific Investment Management Co has sued 16 major banks, accusing them of rigging prices in the roughly $5.1 trillion-a-day foreign exchange market. The lawsuit was filed on Wednesday in the U.S. District Court in Manhattan by plaintiffs that decided to “opt out” of similar nationwide litigation that has resulted in $2.31 billion (£1.76 billion) of settlements with 15 of the banks. Those settlements followed worldwide regulatory probes that have led to more than $10 billion of fines for several banks, and the convictions or indictments of some traders. The banks being sued are: Bank of America, Barclays, BNP Paribas, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, HSBC, JPMorgan Chase, Morgan Stanley, Japan’s MUFG Bank, Royal Bank of Canada, Royal Bank of Scotland, Societe Generale, Standard Chartered and UBS. Investors typically opt out of litigation when they hope to recover more by suing on their own. The plaintiffs in Wednesday’s lawsuit accused the banks of violating U.S. antitrust law by conspiring from 2003 to 2013 to rig currency benchmarks including the WM/Reuters Closing Rates for their own benefit by sharing confidential orders and trading positions. This manipulation was allegedly done through chat rooms with such names as “The Cartel,” “The Mafia” and “The Bandits’ Club,” through tactics with such names as “front running,” “banging the close,” “painting the screen” and “taking out the filth.” “By colluding to manipulate FX prices, benchmarks, and bid/ask spreads, defendants restrained trade, decreased competition, and artificially increased prices, thereby injuring plaintiffs,” the 221-page complaint said. Norway’s central bank Norges Bank and the big public pension fund California State Teachers’ Retirement System (CalSTRS) are among the several other named plaintiffs. Many of the plaintiffs plan to pursue similar litigation in London against many of the bank defendants with respect to trades in Europe, a footnote in the complaint said. Citigroup’s $402 million settlement is the largest in the earlier litigation. Credit Suisse has yet to settle that case. Neither had an immediate comment on Wednesday’s lawsuit. The law firm Quinn Emanuel Urquhart & Sullivan represents the opt-out investors. The case is Allianz Global Investors GMBH et al v Bank of America Corp et al, U.S. District Court, Southern District of New York, No. 18-10364. Source
  7. The U.S. Department of Justice on Thursday announced charges against a North Korean national who is believed to be a member of the notorious Lazarus Group, to which governments and the cybersecurity industry have attributed several high profile attacks. The suspect is Park Jin Hyok, who according to the DOJ worked for a North Korean government front company known as Chosun Expo Joint Venture and Korea Expo Joint Venture (KEJV). The Democratic People’s Republic of Korea allegedly used this company, which also has offices in China, to support its cyber activities. The complaint, filed on June 8 in a U.S. District Court in Los Angeles and made public on Thursday, accuses Park and other members of the Lazarus Group of conducting destructive cyberattacks that resulted in “damage to massive amounts of computer hardware and extensive loss of data, money and other resources.” The complaint describes both successful and unsuccessful campaigns of the threat actor, but it focuses on four operations: the 2014 Sony Pictures Entertainment hack, the $81 million cyber heist from the central bank of Bangladesh in 2016, the 2017 WannaCry ransomware attack, and attempts to breach the systems of several U.S. defense contractors, including Lockheed Martin, over the course of 2016 and 2017. Five Eyes countries and Japan last year officially blamed North Korea for the WannaCry attack. According to the DOJ, Park worked as a computer programmer at KEJV, which has been linked to DPRK military intelligence. Park allegedly did programming work for the company’s paying clients, while also engaging in malicious activities on behalf of Pyongyang. The man has been charged with one count of conspiracy to commit computer fraud and abuse, for which he faces up to five years in prison, and one count of conspiracy to commit wire fraud, which carries a sentence of up to 20 years in prison. “DPRK cyber adversaries represent some of the most active and disruptive threat groups today,” said Dmitri Alperovitch, CTO and co-founder of CrowdStrike. “Their tradecraft continues to grow in sophistication, leveraging cyber capabilities for conducting data exploitation, data destruction, cyber espionage and financially-motivated criminal activity — often costing organizations millions of dollars in damages. In the past year, we’ve witnessed DPRK commit to expansive cyber operations in support of their ability to service regime priorities and effectuate national interest. These crimes have impacted the global financial system and nearly every sector of the economy.” “One of the most important steps taken towards achieving effective cyber deterrence is the attribution of these attacks and holding the perpetrators accountable, as we witnessed today by the announcement of the US Department of Justice,” Alperovitch added. FDD Senior Fellow David Maxwell, who specializes in North Korea’s nuclear and cyber threats, noted that the charges represent a critically important development. “Although there is a significant time lapse between the hack and this indictment, it shows that the U.S. is tracking the North Korea threat, and that despite the current nuclear diplomacy the U.S. will pursue cyber operatives and hacker/criminals who wish to do the U.S. and the U.S. economy harm,” Maxwell said via email. “The U.S. has to address cyber threats, though this is just one very small step toward improving cyber defenses. The U.S. has to make it known it will hunt down hackers who do us harm, whether they are individuals or working for state actors such as North Korea,” he added. This is not the first time the United States has charged foreign nationals over cyberattacks believed to have been sponsored – or at least condoned – by their respective governments. The DOJ in the past years unsealed indictments against Chinese, Russian, Syrian and Iranian nationals. Source
  8. The US Government has asked a federal court in Georgia to dismiss the indictment against an alleged pirate app store operator. This means that, after more than half a decade, this case will be closed. The US previously accused the defendant of being linked to Applanet, but could not back up the copyright infringement charges. Assisted by police in France and the Netherlands, the FBI took down the “pirate” Android stores Appbucket, Applanet, and SnappzMarket during the summer of 2012. During the years that followed several people connected to the Android app sites were arrested and indicted, resulting in prison sentences for some. SnappzMarket’s Scott Walton was handed a 46-month prison sentence for conspiracy to commit copyright infringement, and his colleague Joshua Taylor was sentenced to a 16-month term. While some defendants pleaded guilty in order to get a reduced sentence, not all did. David Lee, a California man linked to Applanet, decided to fight the case instead, and not without success. The US Government had charged Lee with aiding and abetting criminal copyright infringement (pdf). In addition, he was charged with conspiring to infringe copyrights and violating the DMCA’s anti-circumvention provision. As the case progressed, it became clear that the U.S. Government’s evidence wasn’t as strong as initially thought. Before the trial even started, the prosecution voluntarily dropped the criminal copyright infringement charge. What remained was the conspiracy charge, but after hearing evidence and testimony from both sides of the case, the jury was unable to issue a unanimous decision. As a result, the case ended in a mistrial two years ago. The Department of Justice did not let the case go though. Soon after the mistrial, it informed the court that it would re-try Lee. This second trial was delayed a few times but never took place. Instead, the US Government asked the court to dismiss the indictment against the alleged pirate app store operator, without providing any context. This request was granted earlier this week, which means that Lee is relieved of all charges. It is not clear what moved the US to dismiss the case. TorrentFreak contacted both Lee’s lawyers and the US Department of Justice for comment, but at the time of publication, we have yet to hear back. However, with the indictment dismissed, Lee can close this chapter of his life after nearly six years. Indictment dismissed Source
  9. Justice Department opens investigation into illicit trading Agency is working with CFTC, which oversees crypto futures The Justice Department has opened a criminal probe into whether traders are manipulating the price of Bitcoin and other digital currencies, dramatically ratcheting up U.S. scrutiny of red-hot markets that critics say are rife with misconduct, according to four people familiar with the matter. The investigation is focused on illegal practices that can influence prices -- such as spoofing, or flooding the market with fake orders to trick other traders into buying or selling, said the people, who asked not to be identified because the review is private. Federal prosecutors are working with the Commodity Futures Trading Commission, a financial regulator that oversees derivatives tied to Bitcoin, the people said. Authorities worry that virtual currencies are susceptible to fraud for multiple reasons: skepticism that all exchanges are actively pursuing cheaters, wild price swings that could make it easy to push valuations around and a lack of regulations like the ones that govern stocks and other assets. Bitcoin extended its Thursday declines after Bloomberg News reported the investigation, and was down 3 percent to $7,409 as of 9:32 a.m. London time. It’s down more than 20 percent since a May 4 peak. Such concerns have prompted China to ban cryptocurrency exchanges and nations including Japan and the Philippines to regulate them, contributing to a slump that has sent Bitcoin below $8,000 this year. Still, digital coins continue to be a global investment craze, drawing legions of loyalists to industry conferences, generating celebrity endorsements and increasingly attracting the attention of Wall Street. Traders Colluding? The illicit tactics that the Justice Department is looking into include spoofing and wash trading -- forms of cheating that regulators have spent years trying to root out of futures and equities markets, the people said. In spoofing, a trader submits a spate of orders and then cancels them once prices move in a desired direction. Wash trades involve a cheater trading with herself to give a false impression of market demand that lures other to dive in too. Coins prosecutors are examining include Bitcoin and Ether, the people said. A Justice Department spokesman declined to comment and CFTC officials didn’t respond to requests for comment. The investigation, which the people said is in its early stages, is the U.S.’s latest effort to crack down on an industry that was initially embraced by those who were distrustful of banks and government control over monetary policy. But Bitcoin’s meteoric rise -- it surged to almost $20,000 in 2017 after starting the year below $1,000 -- has been a lure for mom-and-pop investors. That’s prompted regulators to grow concerned that people are jumping into cryptocurrencies without knowing the risks. For instance, the Securities and Exchange Commission has opened dozens of investigations into initial coin offerings, in which companies sell digital tokens that can be redeemed for goods and services, due to suspicions that many are scams. Cryptocurrency trading is fragmented on dozens of platforms across the globe, and many aren’t registered with the CFTC or SEC. As a derivatives watchdog, the CFTC doesn’t regulate what’s known as the spot market for digital tokens -- which is the trading of actual coins rather than futures linked to them. But if the agency finds fraud in spot markets, it does have authority to impose sanctions. Fraud Target The limited oversight of crypto trading makes it a target for crooks, said John Griffin, a University of Texas finance professor who has studied manipulation, including in digital-coin markets. “There’s very little monitoring of manipulative trading, spoofing and wash trading,” Griffin said. “It would be easy to spoof this market.” Signs are emerging that some crypto exchanges realize the industry’s growth could be constrained if large swaths of investors conclude that trading platforms have a “buyer beware” approach to oversight. The Winklevoss twins, who are known for getting rich off Facebook Inc., hired Nasdaq Inc. last month to conduct surveillance of digital coins trading on their exchange, Gemini Trust Co. Cameron and Tyler Winklevoss have also urged trading platforms to band together to form a group that would serve as a self regulator for the industry. Some market participants have alleged that crypto manipulation is rampant. Last year, a blogger flagged the actions of “Spoofy,” a nickname for a trader or group of traders that have allegedly placed $1 million orders without executing them. Source
  10. A new report from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices. The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes. Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole. Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades. Chart: RAND Rand’s researchers found that there was no pattern around which exploits lived a long or short life — severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available. “The relatively long life expectancy of 6.9 years means that zero-day vulnerabilities — in particular the ones that exploits are created for [in the gray market] — are likely old,” write lead researchers Lillian Ablon and Andy Bogart in their paper “Zero Days, Thousands of Nights.” Rand, a nonprofit research group, is the first to study in this manner a database of exploits that are in the wild and being actively used in hacking operations. Previous studies of zero days have used manufactured data or the vulnerabilities and exploits that get submitted to vendor bug bounty programs — programs in which software makers or website owners pay researchers for security holes found in their software or websites. The database used in the study belongs to an anonymous company referred to in the report as “Busby,” which amassed the exploits over 14 years, going back to 2002. Busby’s full database actually has around 230 exploits in it, about 100 of which are still considered active, meaning they are unknown to the software vendors and therefore no patches are available to fix them. The Rand researchers only had access to information on 207 zero days — the rest are recently discovered exploits the company withheld from Rand’s set “due to operational sensitivity.” While it’s not known how many of these exploits are in the U.S. government’s arsenal, Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs, believes the U.S. government’s zero-day stockpile is comparable in size to Busby’s. For many years, critics of the government’s use of zero days suspected the arsenal numbered in the thousands. But a report Healey published with his students last year, based in part on statistical analysis of the number of zero days that get discovered and disclosed each year to bug bounty programs, estimated that the government’s trove likely contained between two dozen and 225 zero-day exploits. This would seem to jibe with statements made by government officials. Michael Daniel, former special adviser to President Obama on cybersecurity issues and a member of Obama’s National Security Council, has said in the past that “there’s often this image that the government has spent a lot of time and effort to discover vulnerabilities that we’ve stockpiled in huge numbers and similarly that we would be purchasing very, very large numbers of vulnerabilities on the open market, the gray market, the black market, whatever you want to call it. [But] the numbers are just not anywhere near what people believe they are.” Shining a Light on the Government’s Zero-Day Policy The government has long insisted that it discloses more than 90 percent of the vulnerabilities it finds or purchases, and that those it doesn’t disclose initially get reviewed on a regular basis to re-evaluate if they should be disclosed. The problem with this is that the public doesn’t know how long the government is exploiting these security holes before they’re shared publicly — and therefore how long ordinary citizens are left exposed to Russian or Chinese nation-state hackers or cybercriminals who may discover the same vulnerabilities and exploit them. One factor that can affect how quickly the government discloses vulnerabilities is their collision rate or rediscovery rate. This refers to how often the same vulnerabilities get discovered independently by two or more parties. It’s a metric that is particularly important in the policy debate around the government’s use of zero-day exploits; if the U.S. knows about a vulnerability, there’s a good chance others do too and are quietly exploiting it. If the data shows there is high probability that criminal hackers or nation-state hackers from Russia or China could discover a vulnerability and create an exploit for it, this can be an argument for disclosing the vulnerability sooner rather than later to get it patched. But if that probability is low, the government can use it to justify nondisclosure and keeping people at risk longer. The Rand researchers found that the collision rate for the exploits in the Busby database was indeed low. In a typical one-year period, only about 6 percent of the vulnerabilities got discovered by others. That figure jumped to 40 percent, however, when viewed across the entire 14 years of the database. But there’s a slight problem with this analysis, says Columbia University’s Healey. The Rand researchers determined the collision rate based on publicly disclosed vulnerabilities — those discovered and reported by researchers as part of a vendor bug bounty program or made public in some other way, such as at conferences or in news articles. But this isn’t the collision that concerns critics of zero-day arsenals. They’re concerned about collisions with zero days that remain secret, such as those developed by other nation-state actors and criminal hackers and aren’t publicly disclosed. “The collision rate is absolutely fascinating, but this is the wrong way to talk about it,” says Healey. Healey says Rand should be looking for collisions with the zero days found in other gray market databases held by other exploit sellers. He says the kinds of researchers who participate in bug bounty programs tend to be looking for different kinds of vulnerabilities than researchers who are looking for vulnerabilities for offensive hacking. The latter will have different needs and also better resources to look for vulnerabilities. It’s worth noting that another study released this week by cryptographer Bruce Schneier and Trey Herr of the Harvard Kennedy School found a higher collision rate when looking at vulnerabilities found in browser software and mobile phones. “Between 15 percent and 20 percent of all vulnerabilities in browsers have at least one duplicate,” they wrote “For data available on Android between 2015 and 2016, 22 percent of vulnerabilities are rediscovered at least once an average of 2 months after their original disclosure. There are reasons to believe that the actual rate is even higher for certain types of software.” But this study also involved vulnerabilities disclosed to bug bounty programs. Dan Guido, CEO of Trail of Bits, whose company does extensive consulting on iOS security, says, “I don’t think studying bug bounty collisions is representative of exploit use in the wild.” Regardless of this limitation, Guido says the collision test conducted by Rand is still illuminating for the very fact that it involved at least one set of data consisting of live, in-the-wild exploits. “Even with the caveats around the collision rate, using the best available data we have now [with those live exploits], is significantly lower than we expected,” he said. Which begs the question — is it low enough that the government would be justified in holding on to exploits for years and not disclosing the vulnerabilities they attack? Ari Schwartz, former senior director of cybersecurity in Obama’s White House who participated in the so-called Vulnerabilities Equities process where the government makes these assessments, says even a low collision rate is a problem. “Let’s say it’s just 10 percent; is it worth doing disclosure for 10 percent? I think it is,” he says. “That’s still pretty high if you think about it — 1 in 10.” Healey says the RAND study is an incredible asset to other researchers because of its use of live exploits that are in the wild. It makes the data and analysis more realistic than studies that only simulate scenarios and guess at conclusions, like what the consequences of not disclosing a vulnerability might be. “We can theorize all we want about what’s good and what’s bad [in terms of disclosure], but this is going to shake things up, because now we can roll up our sleeves and actually come up with some real answers.” They hope it may also encourage the owners of other exploit databases to share their collections with researchers. By Kim Zetter https://theintercept.com/2017/03/10/government-zero-days-7-years/
  11. Secret CIA Assessment Says Russia Was Trying To Help Trump Win White House CIA officials told senators it is now “quite clear” that electing Donald Trump was Russia’s goal. In an interview on Fox News Sunday on Dec. 11, President-elect Trump denied the CIA's assessment. (Victoria Walker/The Washington Post) The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter. Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances. “It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.” The Post's Ellen Nakashima goes over the events, and discusses the two hacker groups responsible. (Jhaan Elker/The Washington Post) The Obama administration has been debating for months how to respond to the alleged Russian intrusions, with White House officials concerned about escalating tensions with Moscow and being accused of trying to boost Clinton’s campaign. [U.S. government officially accuses Russia of hacking campaign to interfere with elections] In September, during a secret briefing for congressional leaders, Senate Majority Leader Mitch McConnell (R-Ky.) voiced doubts about the veracity of the intelligence, according to officials present. The Trump transition team dismissed the findings in a short statement issued Friday evening. “These are the same people that said Saddam Hussein had weapons of mass destruction. The election ended a long time ago in one of the biggest Electoral College victories in history. It’s now time to move on and ‘Make America Great Again,’ ” the statement read. Trump has consistently dismissed the intelligence community’s findings about Russian hacking. “I don’t believe they interfered” in the election, he told Time magazine this week. The hacking, he said, “could be Russia. And it could be China. And it could be some guy in his home in New Jersey.” The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters. Sen. Lindsey Graham (R-S.C.) says he wants to investigate whether Russia interfered with the 2016 U.S. election, amongst claims that Donald Trump's rhetoric on Russia and Vladimir Putin is too soft. (Peter Stevenson/The Washington Post) The CIA presentation to senators about Russia’s intentions fell short of a formal U.S. assessment produced by all 17 intelligence agencies. A senior U.S. official said there were minor disagreements among intelligence officials about the agency’s assessment, in part because some questions remain unanswered. For example, intelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees. Moscow has in the past used middlemen to participate in sensitive intelligence operations so it has plausible deniability. Julian Assange, the founder of WikiLeaks, has said in a television interview that the “Russian government is not the source.” The White House and CIA officials declined to comment. On Friday, the White House said President Obama had ordered a “full review” of Russian hacking during the election campaign, as pressure from Congress has grown for greater public understanding of exactly what Moscow did to influence the electoral process. “We may have crossed into a new threshold, and it is incumbent upon us to take stock of that, to review, to conduct some after-action, to understand what has happened and to impart some lessons learned,” Obama’s counterterrorism and homeland security adviser, Lisa Monaco, told reporters at a breakfast hosted by the Christian Science Monitor. Obama wants the report before he leaves office Jan. 20, Monaco said. The review will be led by James Clapper, the outgoing director of national intelligence, officials said. During her remarks, Monaco didn’t address the latest CIA assessment, which hasn’t been previously disclosed. Seven Democratic senators last week asked Obama to declassify details about the intrusions and why officials believe that the Kremlin was behind the operation. Officials said Friday that the senators specifically were asking the White House to release portions of the CIA’s presentation. This week, top Democratic lawmakers in the House also sent a letter to Obama, asking for briefings on Russian interference in the election. U.S. intelligence agencies have been cautious for months in characterizing Russia’s motivations, reflecting the United States’ long-standing struggle to collect reliable intelligence on President Vladi­mir Putin and those closest to him. In previous assessments, the CIA and other intelligence agencies told the White House and congressional leaders that they believed Moscow’s aim was to undermine confidence in the U.S. electoral system. The assessments stopped short of saying the goal was to help elect Trump. On Oct. 7, the intelligence community officially accused Moscow of seeking to interfere in the election through the hacking of “political organizations.” Though the statement never specified which party, it was clear that officials were referring to cyber-intrusions into the computers of the DNC and other Democratic groups and individuals. Some key Republican lawmakers have continued to question the quality of evidence supporting Russian involvement. “I’ll be the first one to come out and point at Russia if there’s clear evidence, but there is no clear evidence — even now,” said Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee and a member of the Trump transition team. “There’s a lot of innuendo, lots of circumstantial evidence, that’s it.” [U.S. investigating potential covert Russian plan to disrupt elections] Though Russia has long conducted cyberspying on U.S. agencies, companies and organizations, this presidential campaign marks the first time Moscow has attempted through cyber-means to interfere in, if not actively influence, the outcome of an election, the officials said. The reluctance of the Obama White House to respond to the alleged Russian intrusions before Election Day upset Democrats on the Hill as well as members of the Clinton campaign. Within the administration, top officials from different agencies sparred over whether and how to respond. White House officials were concerned that covert retaliatory measures might risk an escalation in which Russia, with sophisticated cyber-capabilities, might have less to lose than the United States, with its vast and vulnerable digital infrastructure. The White House’s reluctance to take that risk left Washington weighing more-limited measures, including the “naming and shaming” approach of publicly blaming Moscow. By mid-September, White House officials had decided it was time to take that step, but they worried that doing so unilaterally and without bipartisan congressional backing just weeks before the election would make Obama vulnerable to charges that he was using intelligence for political purposes. Instead, officials devised a plan to seek bipartisan support from top lawmakers and set up a secret meeting with the Gang of 12 — a group that includes House and Senate leaders, as well as the chairmen and ranking members of both chambers’ committees on intelligence and homeland security. Obama dispatched Monaco, FBI Director James B. Comey and Homeland Security Secretary Jeh Johnson to make the pitch for a “show of solidarity and bipartisan unity” against Russian interference in the election, according to a senior administration official. Specifically, the White House wanted congressional leaders to sign off on a bipartisan statement urging state and local officials to take federal help in protecting their voting-registration and balloting machines from Russian cyber-intrusions. Though U.S. intelligence agencies were skeptical that hackers would be able to manipulate the election results in a systematic way, the White House feared that Russia would attempt to do so, sowing doubt about the fundamental mechanisms of democracy and potentially forcing a more dangerous confrontation between Washington and Moscow. [Putin denies that Russia hacked the DNC but says it was for the public good] In a secure room in the Capitol used for briefings involving classified information, administration officials broadly laid out the evidence U.S. spy agencies had collected, showing Russia’s role in cyber-intrusions in at least two states and in hacking the emails of the Democratic organizations and individuals. And they made a case for a united, bipartisan front in response to what one official described as “the threat posed by unprecedented meddling by a foreign power in our election process.” The Democratic leaders in the room unanimously agreed on the need to take the threat seriously. Republicans, however, were divided, with at least two GOP lawmakers reluctant to accede to the White House requests. According to several officials, McConnell raised doubts about the underlying intelligence and made clear to the administration that he would consider any effort by the White House to challenge the Russians publicly an act of partisan politics. Some of the Republicans in the briefing also seemed opposed to the idea of going public with such explosive allegations in the final stages of an election, a move that they argued would only rattle public confidence and play into Moscow’s hands. McConnell’s office did not respond to a request for comment. After the election, Trump chose McConnell’s wife, Elaine Chao, as his nominee for transportation secretary. Some Clinton supporters saw the White House’s reluctance to act without bipartisan support as further evidence of an excessive caution in facing adversaries. “The lack of an administration response on the Russian hacking cannot be attributed to Congress,” said Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House Intelligence Committee, who was at the September meeting. “The administration has all the tools it needs to respond. They have the ability to impose sanctions. They have the ability to take clandestine means. The administration has decided not to utilize them in a way that would deter the Russians, and I think that’s a problem.” Philip Rucker contributed to this report. Source Alternate Source - Intelligence Figures Fear Trump Reprisals Over Assessment Of Russia Election Role Also Read:
  12. Advertising network JuicyAds has scored an early victory at a California federal court. In a tentative ruling, District Court Judge George Wu says he will grant a motion to dismiss the complaint from adult entertainment publisher ALS Scan. This would mean that the advertiser is not liable for the infringements of any pirate sites it does business with. Increasingly, copyright holders have been urging third party services to cut their ties with pirate sites. Hosting providers, search engines, ISPs, domain name registrars and advertisers should all do more to counter online piracy, the argument goes. This summer adult entertainment publisher ALS Scan took the matter beyond the asking stage. The company filed a complaint at a California federal court, targeting CloudFlare and the advertising network JuicyAds over image copyright infringement carried out by their users. The case could set an important precedent for the entire advertising industry. However, according to a tentative ruling (pdf) issued by District Court Judge George Wu this week, they have little to worry about for now. After reviewing the first amended complaint (FAC), he concludes that there is no evidence that JuicyAds is liable for contributory copyright infringement. The complaint lists no evidence showing that JuicyAds’ parent company Tiger intentionally encouraged infringing acts, as the defense had argued. “The Court would agree that the FAC fails to plausibly allege a link between Tiger’s advertising brokerage services and the infringing conduct of the Publishers,” Judge Wu writes, citing a similar case between Perfect 10 and Visa. “It is entirely unclear from the FAC how serving an advertisement on a website encourages infringement, other than by enabling the website to profit from those advertisements, a theory the Ninth Circuit expressly rejected in Visa.” The inducement aspect of contributory infringement fails as well. Based on the current complaint there is no evidence that JuicyAds actively promoted or encouraged any infringing acts. “Here, the FAC does not allege that JuicyAds provides its advertising brokerage service for the purpose of promoting copyright infringement, or that it has directly encouraged Publishers to display infringing content on their websites.” On the issue of vicarious copyright infringement the Judge also sided with the defense. The adult entertainment publisher failed to show that Juicyads can control the websites of their clients or that it has a direct financial interest in the infringing activity. Judge Wu again cites the Visa case where it was held that the defendant did not have the ability to remove pirate websites from the Internet or block the distribution of infringing images on third party sites. Finally, the remaining claims of unfair competition and contributory trademark infringement proved to be insufficient too, awarding a clear win to Juicyads. The present ruling is only tentative. This means that ALS Scan still has the opportunity to argue against it during a scheduled hearing. If they don’t, the ruling becomes final. For now, however, JuicyAds’ legal team is quite pleased with the decision. “The defense team views this decision as a victory for both JuicyAds and for the online advertising industry,” JuicyAds’ lawyer Lawrence Walters told Xbiz in a comment. “Unchecked efforts to hold distant online service providers responsible for indirect copyright infringement has the potential to stifle innovation,” he adds. CDN provider CloudFlare has also submitted a motion to dismiss the complaint. This is still under review and Judge Wu is expected to issue a ruling during the weeks to come. Source: https://torrentfreak.com/u-s-judge-advertiser-is-not-liable-for-pirate-sites-161005/
  13. Rightscorp, a prominent piracy monitoring firm that works with Warner Bros. and other copyright holders, claims that 140 U.S. ISPs are actively disconnecting repeat copyright infringers. While these numbers sound rather impressive, there's a lot more to the story. For more than a decade copyright holders have been sending ISPs takedown notices to alert account holders that their connections are being used to share copyrighted material. These notices are traditionally nothing more than a warning, hoping to scare file-sharers into giving up their habit. However, anti-piracy outfit Rightscorp has been very active in trying to make the consequences more serious. The company monitors BitTorrent networks for people who download titles owned by the copyright holders they work for, and then approaches these alleged pirates via their Internet providers. The ISPs are asked to forward Rightscorp’s settlement demands to the alleged infringer, which is usually around $20 per shared file. The settlement approach is a bigger stick than the standard warnings and according to Rightscorp it’s superior to the six-strikes scheme. And there’s more. The company also wants Internet providers to disconnect subscribers whose accounts are repeatedly found sharing copyrighted works. Christopher Sabec, CEO of Rightscorp, says that they have been in talks with various Internet providers urging them to step up their game. Thus far a total of 140 ISPs are indeed following this disconnection principle. “We push ISPs to suspend accounts of repeat copyright infringers and we currently have over 140 ISPs that are participating in our program, including suspending the accounts of repeat infringers,” Sabec says. During a presentation at the Anti-Piracy Summit in Los Angeles Rightscorp recently pitched this disconnection angle to several interested parties. Rightscorp presentation slide By introducing disconnections Rightcorp hopes to claim more settlements to increase the company’s revenue stream. They offer participating ISPs a tool to keep track of the number of warnings each customer receives, and the providers are encouraged to reconnect the subscribers if the outstanding bills have been paid. “All US ISPs have a free Rightscorp website dashboard that identifies these repeat infringers and notifies the ISPs when they have settled their cases with our clients. We encourage the ISPs to restore service once the matter has been settled and there is no longer an outstanding legal liability,” Sabec told TorrentFreak. Cutting off repeat infringers is also in the best interests of ISPs according to Rightscorp, who note that it is a requirement for all providers if they are to maintain their DMCA safe harbor. Nevertheless, Rightscorp claims that their approach has been a great success and proudly reports that 140 ISPs are actively disconnecting subscribers. So does this mean that all U.S. Internet subscribers are at risk of receiving a settlement request or losing their Internet access? However, legal experts and Internet providers interpret the term “repeat infringer” differently. For example, AT&T previously said that it would never terminate accounts of customers without a court order, arguing that only a court can decide what constitutes a repeat infringement. Comcast on the other hand, previously told us that they are disconnecting repeat infringers, although it’s not clear after how many warnings that is. Nevertheless, Rightscorp claims that their approach has been a great success and proudly reports that 140 ISPs are actively disconnecting subscribers. So does this mean that all U.S. Internet subscribers are at risk of receiving a settlement request or losing their Internet access? Well, not really. Most of the larger Internet providers appear to ignore Rightscorp’s settlement notices. Comcast, for example, does forward the notice but takes out the settlement offer. Verizon, AT&T and other major ISPs appear to do the same. Thus far, Charter seems to be the only major provider that forwards Rightscorp’s requests in full. The 140 ISPs Rightscorp is referring to are mostly smaller, often local ISPs, who together hold a tiny market share. Not insignificant perhaps, but it’s a nuance worth adding. Source
×
×
  • Create New...