The Courts

Engineer At Boeing Admits Trying To Sell Space Secrets To Russians (arstechnica.com) 16

An anonymous reader shares an ArsTechnica report: Gregory Allen Justice, a 49-year-old engineer living in Culver City, Calif., has pleaded guilty to charges of attempted economic espionage and attempted violation of the Export Control Act. Justice, who according to his father worked for Boeing Satellite Systems in El Segundo, Calif., was arrested last July after selling technical documents about satellite systems to someone he believed to be a Russian intelligence agent. Instead, he sold the docs to an undercover Federal Bureau of Investigation employee. The sting was part of a joint operation by the FBI and the US Air Force Office of Special Investigations. The documents provided by Justice to the undercover agent included information on technology on the US Munitions List, meaning they were regulated by government International Trade in Arms regulations (ITAR). "In exchange for providing these materials during a series of meeting between February and July of 2016, Justice sought and received thousands of dollars in cash payments," a Justice Department spokesperson said in a statement. "During one meeting, Justice and the undercover agent discussed developing a relationship like one depicted on the television show 'The Americans.'"
Microsoft

Microsoft's New Surface Pro Features Faster Intel Kaby Lake Processor, 13.5 Hours of Battery Life (thurrott.com) 48

On the sidelines of Windows 10 China Government Edition release, Microsoft also announced a new Surface two-in-one laptop. The latest addition to company's hybrid computing line up, the "new Surface Pro" sports an improved design, and houses a newer processor from Intel. From an article: The new Surface Pro features the same 3:2 12.3-inch PixelSense display as its predecessor, providing a resolution of 2736 x 1824 (267 ppi) and 10 point multi-touch capabilities. Surface Pro is based on faster and more reliable Intel "Kaby Lake" chipsets in Core m3-7Y30 with HD Graphics 615, Core i5-7300U with HD Graphics 620, and Core i7-7660U with Iris Plus Graphics 640 variants, which should make for a better experience. As with the previous version, the Core m3 version of the new Surface Pro is fanless and thus silent. But this is new: The Core i5 versions of the new Surface Pro are also fanless and silent. And a new thermal design helps Microsoft claim that the i7 versions are quieter than ever, too. The new Surface Pro is rated at 13.5 hours of battery life (for video playback), compared to just 9 hours for Surface Pro 4. That's a 50 percent improvement. urface Pro can be had with 4, 8, or 16 GB of 1866Mhz LPDDR3 RAM. The new Surface Pro is built around the USB 3-based Surface Connect connector and features one full-sized USB 3 port and one miniDisplayPort port. Microsoft also announced a new Surface Pen (sold separately), and claims that the new pen is twice as accurate (compared to the previous version). No word on the pricing but it will be available in all major global markets in the "coming weeks." The new Surface ships with Windows 10 Pro. (Side note: Earlier Microsoft used to market the Surface Pro devices as tablets that could also serve as laptops. The company is now calling the Surface Pro laptops that are also tablets.)
Microsoft

Microsoft Announces 'Windows 10 China Government Edition', Lets Country Use Its Own Encryption (windows.com) 95

At an event in China on Tuesday, Microsoft announced yet another new version of Windows 10. Called Windows 10 China Government Edition, the new edition is meant to be used by the Chinese government and state-owned enterprises, ending a standoff over the operating system by meeting the government's requests for increased security and data control. In a blog post, Windows chief Terry Myerson writes: The Windows 10 China Government Edition is based on Windows 10 Enterprise Edition, which already includes many of the security, identity, deployment, and manageability features governments and enterprises need. The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.
Power

Switzerland Votes To Abandon Nuclear Power In Favor of Renewables (bbc.com) 350

Slashdot reader bsolar writes: Swiss voters approved a new energy strategy proposed by the government. Under this new policy no new nuclear power plant will be built and the five existing nuclear power plants will continue operating and will be shut down at the end of their operating life (expected to last about 20-30 years). The plan is to offset the missing nuclear energy production by renewables and lower energy consumption.
Though one-third of the country's power comes from nuclear energy, the BBC reports that more than 58% of the voters "backed the move towards greener power sources." One Swiss news site notes that "regions where the country's five nuclear reactors are situated rejected the reform with clear majorities."
Government

Julian Assange Still Faces Legal Jeopardy In Three Countries (chicagotribune.com) 222

Though Sweden dropped an investigation into rape allegations against Julian Assange, "I can conclude, based on the evidence, that probable cause for this crime still exists," chief prosecutor Marianne Ny told reporters in Stockholm. An anonymous reader quotes Newsweek: Ny stressed in her statement Friday that the investigation could be reopened before the statute of limitations on the case expires in 2020. If Assange "went into British custody, then the Swedes may well revisit their decision ⦠as extradition is suddenly easier", tweeted legal expert David Allen Green. Assange failed to answer a bail hearing when he took refuge in the embassy, resulting in an active warrant for his arrest by London's Metropolitan Police, punishable by up to a year in prison. Foremost of Assange's concerns is possible extradition to the U.S., where he he could be detained on espionage charges... Ecuador has offered Assange asylum should he be able to leave Britain.
Meanwhile, The Chicago Tribune reports that "a federal inquiry is widely assumed to be underway by prosecutors in Virginia." According to a former senior Justice Department official, who requested anonymity to discuss the Assange case, American authorities are now presented with a "cat and mouse game." "The decision on whether to indict him rests largely on whether they can get their hands on him," the former official said. Indicting the head of an organization such as WikiLeaks presents a huge number of First Amendment issues, but the Trump White House has indicated such issues may be less of a hurdle than during previous administrations. Prosecutors could seek a sealed indictment -- or may have one already -- to be unveiled if and when Assange strays within reach of American law enforcement, the former official said.
Open Source

Why The US Government Open Sources Its Code (opensource.com) 58

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.

Code.gov points potential contributors to their code repository on GitHub.
China

Did China Hack The CIA In A Massive Intelligence Breach From 2010 To 2012? (ibtimes.com) 112

schwit1 quotes the International Business Times: Both the CIA and the FBI declined to comment on reports saying the Chinese government killed or imprisoned 18 to 20 CIA sources from 2010 to 2012 and dismantled the agency's spying operations in the country. It is described as one of the worst intelligence breaches in decades, current and former American officials told the New York Times.

Investigators were uncertain whether the breach was a result of a double agent within the CIA who had betrayed the U.S. or whether the Chinese had hacked the communications system used by the agency to be in contact with foreign sources. The Times reported Saturday citing former American officials from the final weeks of 2010 till the end of 2012, the Chinese killed up to 20 CIA sources.

Communications

FCC Won't Release DDoS Logs, And Will Probably Honor Fake Comments (zdnet.com) 82

An anonymous reader quotes ZDNet on the alleged denial of service attack which blocked comments supporting net neutrality. In a ZDNet interview, FCC chief information officer David Bray said that the agency would not release the logs, in part because the logs contain private information, such as IP addresses. In unprinted remarks, he said that the logs amounted to about 1 gigabyte per hour during the alleged attack... The log files showed that non-human [and cloud-based] bots submitted a flood of comments using the FCC's API. The bot that submitted these comments sparked the massive uptick in internet traffic on the FCC by using the public API as a vehicle...

Bray's comments further corroborate a ZDNet report (and others) that showed unknown anti-net neutrality spammers were behind the posting of hundreds of thousands of the same messages to the FCC's website using people's names and addresses without their consent -- a so-called "astroturfing" technique -- in an apparent attempt to influence the results of a public solicitation for feedback on net neutrality. Speaking to reporters last week, FCC chairman Ajit Pai hinted that the agency would likely honor those astroturfed comments, nonetheless.

Transportation

Texas Legislature Clears Road For Uber and Lyft To Return To Austin (austinmonitor.com) 105

schwit1 shared this article from the Austin Monitor: The Texas Legislature has cleared the road for Uber and Lyft to return to Austin on their own terms. On Wednesday, the state Senate overwhelmingly approved House Bill 100 on second and third readings, sending the statewide ride-hailing regulations to Governor Greg Abbott's desk for his signature. If Abbott signs it, as he is expected to do, the new law will preempt regulations City Council passed in December 2015 that both Uber and Lyft deemed too restrictive on transportation network companies such as themselves.
The new rules still require criminal background checks, but drop the requirement for fingerprinting. "We find it unfortunate that the 36 lobbyists deployed by the Silicon Valley giants were effective in convincing the State Legislature that there was a need to overrule the Austin voters," said a local ride-sharing company, which vowed to continue operating -- and to at least continue fingerprinting their own drivers. Houston's mayor complained the new statewide rules handed down are "another example of the legislature circumventing local control to allow corporations to profit at the expense of public safety."
Government

Indian Election Officials Challenges Critics To Hack Electronic Voting Machine (thehindu.com) 51

Slashdot reader erodep writes: Following the recent elections in India, there have been multiple allegations of electoral fraud by hacking of Electronic Voting Machines... Two weeks ago, a party even "demonstrated" that these machines can be hacked. The Election Commission of India has rubbished these claims and they have thrown an open challenge, starting June 3rd to hack these EVMs using WiFi, Bluetooth or any internet device. This is a plea to the hackers of Slashdot to help secure the future of the largest democracy on the planet.
Each party can nominate three experts -- though India's Aam Aaadmi Party is already complaining that there's too many terms and conditions. And party leader Sanjay Singh has said he also wants paper ballots for all future elections, arguing "All foreign countries like America, Japan, Germany and Britain have gone back to ballot paper."
Power

Possible Radioactive Leak Investigated At Washington Nuclear Site (upi.com) 93

Authorities are investigating radioactive material found on a worker's clothing one week after a tunnel collapse at the waste nuclear waste site in the state of Washington. Around 7 p.m. Thursday, Washington River Protection Solutions, a government contractor contractor in charge of all 177 underground storage tanks at the nuclear site. detected high radiation readings on a robotic device that seven workers were pulling out of a tank. Then, contamination was also discovered on the clothing of one worker -- on one shoe, on his shirt and on his pants in the knee area.

"Radiological monitoring showed contamination on the unit that was three times the planned limit. Workers immediately stopped working and exited the area according to procedure," said Rob Roxburgh, deputy manager of WRPS Communications & Public Relations said to KING-TV. Using leak-detection instruments, WRPS said it did not find liquid escaping the tank. "Everybody was freaked, shocked, surprised," said a veteran worker, who was in direct contact with crew members. "[The contamination] was not expected. They're not supposed to find contamination in the annulus [safety perimeter] of the double shell tanks."

Washington's attorney general, urging a federal clean-up of the site, insists "This isn't the first potential leak and it won't be the last."
Security

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (bleepingcomputer.com) 115

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload.

EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received.

Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo.

Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."
EU

EU Passes 'Content Portability' Rules Banning Geofencing (torrentfreak.com) 119

Long-time Slashdot reader AmiMoJo writes: The European Parliament has passed draft rules mandating 'content portability', i.e. the ability to take your purchased content and services across borders within the EU. Freedom of movement rules, which allow EU citizens to live and work anywhere in the EU, require that the individual is able to take their life with them -- family, property, and services. Under the new rules, someone who pays for Netflix or BBC iPlayer and then moves to another EU country will retain access to those services and the same content they had previously. Separately, rules to prevent geofencing of content within the EU entirely are also moving forward.
United States

Is Russia Conducting A Social Media War On America? (time.com) 460

An anonymous reader writes: Time magazine ran a cover story about "a dangerous new route for antidemocratic forces" -- social media. "Using these technologies, it is possible to undermine democratic government, and it's becoming easier every day," says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology." The article cites current and former FBI and CIA officials who now believe Russia's phishing emails against politicians were "just the most visible battle in an ongoing information war against global democracy." They cite, for example, a March report by U.S. counterintelligence which found "Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department." Each message contained links tailored to the interests of the recipient, but "When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow's hackers to take control of the victim's phone or computer -- and Twitter account...

"In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States?" The article also notes how algorithms now can identify hot-button issues and people susceptible to suggestion, so "Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior. That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia's influence operations tell Time."

The article describes a Russian soldier in the Ukraine pretending to be a 42-year-old American housewife. Meanwhile, this week Time's cover shows America's White House halfway-covered with Kremlin-esque spires -- drawing a complaint from the humorists at Mad magazine, who say Time copied the cover of Mad's December issue.
United States

Aftermath From The Net Neutrality Vote: A Mass Movement To Protect The Open Internet? (mashable.com) 128

After Thursday's net neutrality vote, two security guards pinned a reporter against a wall until FCC Commissioner Michael O'Rielly had left the room, the Los Angeles Times reports. The Writers Guild of America calls the FCC's 2-to-1 vote to initiate a repeal of net neutrality rules a "war on the open internet," according to The Guardian. But the newspaper now predicts that online activists will continue their massive campaign "as the month's long process of reviewing the rules begins." The Hill points out that Mozilla is already hiring a high-profile tech lobbyist to press for both cybersecurity and an open internet, and in a blog post earlier this week the Mozilla Foundation's executive director sees a larger movement emerging from the engagement of millions of internet users. Today's support for net neutrality isn't the start of the Internet health movement. People have been standing up for an open web since its inception -- by advocating for browser choice, for open source practices, for mass surveillance reform. But net neutrality is an opportunity to propel this movement into the mainstream... If we make Internet health a mainstream issue, we can cement the web as a public resource. If we don't, mass surveillance, exclusion and insecurity can creep into every aspect of society. Hospitals held hostage by rogue hackers can become the status quo.
Meanwhile, The Guardian reports that it's not till the end of the FCC's review process that "a final FCC vote will decide the future of internet regulation," adding that however they vote, "court challenges are inevitable."
Earth

Arctic Stronghold of World's Seeds Flooded After Permafrost Melts (theguardian.com) 173

An anonymous reader quotes a report from The Guardian: It was designed as an impregnable deep-freeze to protect the world's most precious seeds from any global disaster and ensure humanity's food supply forever. But the Global Seed Vault, buried in a mountain deep inside the Arctic circle, has been breached after global warming produced extraordinary temperatures over the winter, sending meltwater gushing into the entrance tunnel. The vault is on the Norwegian island of Spitsbergen and contains almost a million packets of seeds, each a variety of an important food crop. When it was opened in 2008, the deep permafrost through which the vault was sunk was expected to provide "failsafe" protection against "the challenge of natural or man-made disasters". But soaring temperatures in the Arctic at the end of the world's hottest ever recorded year led to melting and heavy rain, when light snow should have been falling. "It was not in our plans to think that the permafrost would not be there and that it would experience extreme weather like that," said Hege Njaa Aschim, from the Norwegian government, which owns the vault. "A lot of water went into the start of the tunnel and then it froze to ice, so it was like a glacier when you went in," she told the Guardian. Fortunately, the meltwater did not reach the vault itself, the ice has been hacked out, and the precious seeds remain safe for now at the required storage temperature of -18C. But the breach has questioned the ability of the vault to survive as a lifeline for humanity if catastrophe strikes.
Government

UK Conservatives Pledge To Create Government-Controlled Internet (independent.co.uk) 186

Martin S. writes: Theresa May, the leader of the UK Conservative Party has pledged to create new internet that would be controlled and regulated by government on re-election. An early lead in the polls appears to be slipping but not slowly enough to change the result. Social Media has rapidly become an intense political battlefield. Known as #Mayhem in some circles, but seemingly able to command significant support from new and old media. Also, applying new social media analytics. According to the manifesto, the plans will allow Britain to become "the global leader in the regulation of the use of personal data and the internet." It states, "Some people say that it is not for government to regulate when it comes to technology and the internet... We disagree."
Government

CIA Co-Developed 'Athena' Windows Malware With US Cyber Security Company, WikiLeaks Reveals (bleepingcomputer.com) 103

An anonymous reader writes: Today, WikiLeaks leaked documentation about a tool called Athena. According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant -- a CIA technical term for "malware" -- that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version. Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS. [...] The documents reveal that CIA had received help from a non-government contractor in developing the malware. The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.
Government

Apple Is Lobbying Against Your Right To Repair iPhones, New York State Records Confirm (vice.com) 235

An anonymous reader quotes a report from Motherboard: Lobbying records in New York state show that Apple, Verizon, and the tech industry's largest trade organizations are opposing a bill that would make it easier for consumers and independent companies to repair your electronics. The bill, called the "Fair Repair Act," would require electronics companies to sell replacement parts and tools to the general public, would prohibit "software locks" that restrict repairs, and in many cases would require companies to make repair guides available to the public. Apple and other tech giants have been suspected of opposing the legislation in many of the 11 states where similar bills have been introduced, but New York's robust lobbying disclosure laws have made information about which companies are hiring lobbyists and what bills they're spending money on public record. According to New York State's Joint Commission on Public Ethics, Apple, Verizon, Toyota, the printer company Lexmark, heavy machinery company Caterpillar, phone insurance company Asurion, and medical device company Medtronic have spent money lobbying against the Fair Repair Act this year. The Consumer Technology Association, which represents thousands of electronics manufacturers, is also lobbying against the bill. The records show that companies and organizations lobbying against right to repair legislation spent $366,634 to retain lobbyists in the state between January and April of this year. Thus far, the Digital Right to Repair Coalition -- which is generally made up of independent repair shops with several employees -- is the only organization publicly lobbying for the legislation. It has spent $5,042 on the effort, according to the records.
Security

Any Half-Decent Hacker Could Break Into Mar-a-Lago (alternet.org) 327

MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."

Slashdot Top Deals