The recent cyberattack on Colonial Pipeline, the operator of the largest petroleum pipeline in the U.S., shows how internet criminals are increasingly targeting companies and organizations for ransom in what officials and experts term a growing national security threat.These hackers penetrate victims’ computer systems with a form of malware that encrypts the files, then they demand payments to release the data. In 2013, a ransomware attack typically targeted a person’s desktop or laptop, with users paying $100 to $150 in ransom to regain access to their files, according to Michael Daniel, president and CEO of Cyber Threat Alliance.“It was a fairly minimal affair,” said Daniel, who served as cybersecurity coordinator on the National Security Council under U.S. President Barack Obama, at the RSA Cybersecurity Conference this week.In recent years, ransomware has become a big criminal enterprise. Last year, victim organizations in North America and Europe paid an average of more than $312,000 in ransom, up from $115,000 in 2019, according to a recent report by the cybersecurity firm Palo Alto Networks. The highest ransom paid doubled to $10 million last year while the highest ransom demand grew to $30 million, according to Palo Alto Networks.“Those are some very significant amounts of money,” Daniel said. “And it’s not just individuals being targeted but things like school systems.”Last year, some of the largest school districts in the U.S., including Clark County Public Schools in Nevada, Fairfax County Public Schools in Virginia and Baltimore County Public Schools in Maryland, FILE – In this Sept. 12, 2019, photo, County Sheriff Janis Mangum stands in a control room at the county jail in Jefferson, Ga. A ransomware attack in March took down the office’s computer system.Colonial’s payment wasn’t the largest ransom paid by a single organization. Last year, Garmin, the maker of the popular fitness tracker, reportedly FILE – In this Aug. 22, 2019, file photo, signs on a bank of computers tell visitors that the machines are not working at the public library in Wilmer, Texas. Twenty-two local governments in Texas were hit by ransomeware in August 2019.Last month, the U.S. Justice Department created a task force to develop strategies to combat ransomware.“This is something we’re acutely focused on,” Monaco said.In a report to the Biden administration last month, an industry-backed task force called for a more aggressive response to ransomware.“It will take nothing less than our total collective effort to mitigate the ransomware scourge,” the task force wrote.In a typical ransomware attack, hackers lock a user’s or company’s data, offering keys to unlock the files in exchange for a ransom.But over the past year, hackers have adopted a new extortion tactic. Instead of simply encrypting a user’s files for extortion, cyber actors “exfiltrate” data, threatening to leak or destroy it unless a ransom is paid.Using dedicated leak sites, the hackers then release the data slowly in an effort “to increase pressure on the victim organization to pay the extortion, rather than posting all of the exfiltrated data at once.”In March, cybercriminals used this method when they encrypted a large Florida public school district’s servers and stole more than 1 terabyte of sensitive data, demanding $40 million in return.“If this data is published you will be subject to huge court and government fines,” the Conti cybercrime gang warned a Broward County Public Schools official.The district refused to pay.Cybersecurity experts have a term for this tactic: double extortion. The method gained popularity during the COVID-19 pandemic as cyber criminals used it to extort hospitals and other critical service providers.“They’re looking to increase the cost to the victim,” Meyers said at the RSA conference.Recent attacks show cyber criminals are upping their game. In October, hackers struck Finnish psychotherapy service Vastaamo, stealing the data of 400 employees and about 40,000 patients. The hackers not only demanded a ransom from Vastaamo but also smaller payments from individual patients.This was the first notable case of a disturbing new trend in ransomware attacks, according to researchers at Check Point.“It seems that even when riding the wave of success, threat groups are in constant quest for more innovative and more fruitful business models,” the researchers wrote.
…

Apple’s online marketplace would become a “toxic” mess if the iPhone maker were forced to allow third-party apps without reviewing them, chief executive Tim Cook said in testimony at a high-stakes trial challenging the company’s tight control of its platform.Cook, the last scheduled witness in the case brought by Fortnite maker Epic Games, delivered a strong defense of Apple’s procedures for reviewing and approving all the apps it offers for iPhone and iPad users.”We could no longer make the promise … of privacy, safety and security,” Cook said under questioning from Apple attorney Veronica Moye in federal court in California.Cook said Apple’s review process helps keep out malicious software and other problematic apps, helping create a safe place for consumers.Without this review, the online marketplace “would become a toxic kind of mess,” he said.”It would also be terrible for the developer, because the developer depends on the store being a safe and trusted place.”Cook’s testimony caps a high-profile trial which opened earlier this month in which Apple is accused of abusing a monopoly on its marketplace by creating a “walled garden” that squeezes app makers.’Not about money’Under cross-examination, Cook sparred with Epic lawyer Gary Bornstein about the profitability of the App Store.Cook disputed Epic’s contention that its profit margin on apps was some 80%, but the exact figure was not disclosed in court due to confidentiality.The Apple executive said the proprietary payments system challenged by Epic was about convenience for consumers, more than about profits.”We always put the user at the center of everything we do,” Cook said. “It has nothing to do with money.”During his testimony, Cook defended Apple’s policy of barring apps directing consumers to other platforms to purchase subscriptions or credits for games and other services.”It would be akin to Best Buy advertising that you can go across the street to the Apple Store to buy an iPhone,” he said.Epic, maker of the popular Fortnite video game, is seeking to force Apple to open up the marketplace to third parties seeking to circumvent Apple’s procedures and commissions of up to 30%.Apple booted Fortnite from its App Store last year after Epic dodged revenue sharing with the iPhone maker.Apple does not allow users of its popular devices to download apps from anywhere but its App Store, and developers have to use Apple’s payment system, which takes its cut.The Epic lawyer also questioned Cook about Apple’s arrangement with Google to be the default search engine for the iPhone maker’s Safari browser, another area scrutinized by antitrust officials.Cook acknowledged that Google pays for this position but added that Apple made the arrangement “in the best interest of the user.”The case before District Court Judge Yvonne Gonzalez Rogers in Oakland comes with Apple feeling pressure from a wide range of app makers over its control of the App Store, which critics say represents monopolistic behavior.The European Union has formally accused Apple of unfairly squeezing out music streaming rivals based on a complaint brought by Sweden-based Spotify and others, which claim the California group sets rules that favor its own Apple Music.A recently formed Coalition for App Fairness, which includes both Spotify and Epic, have called for Apple to open up its marketplace, claiming its commission is a “tax” on rivals.Closing arguments in the bench trial in California were expected early next week, with the judge expected to rule within several weeks.
…

South Korea requested from the United States incentives such as tax deductions and infrastructure construction to ease the U.S. investment of Korean firms, including leading chipmaker Samsung Electronics, its presidential office said Friday.South Korean President Moon Jae-in, in Washington for a summit with U.S. President Joe Biden, told a gathering of U.S. Secretary of Commerce Gina Raimondo, her South Korean counterpart and CEOs of Qualcomm, Samsung and other companies that both countries can benefit by strengthening supply chain cooperation.Biden has advocated for support for the U.S. chip industry amid a global chip shortage that has hit automakers and other industries.He met with executives from major companies including Samsung in April and previously announced plans to invest $50 billion in semiconductor manufacturing and research.Samsung plans to invest $17 billion for a new plant for chip contract manufacturing in the United States, South Korea’s presidential Blue House added in a statement, confirming plans previously reported.In February, documents filed with Texas state officials showed that Samsung is considering Austin, Texas, as one of the sites for a new $17 billion chip plant that the South Korean firm said could create 1,800 jobs.There has been no new public documentation filed on the potential Texas chip plant application since March, the website for the Texas Comptroller of Public Accounts showed Friday.The U.S. Department of Commerce and the Korean industry ministry agreed Friday that for continuous chip industry cooperation, policy measures such as incentive support, joint research and development, cooperation on setting standards, and manpower training and exchange are needed, the Blue House said.Meanwhile, DuPont announced plans to establish an R&D center in South Korea to develop original chip technologies such as photoresist for extreme ultraviolet (EUV) lithography, the Blue House said.
…

The hackers who carried out the massive SolarWinds intrusion were in the software company’s system as early as January 2019, months earlier than previously known, the company’s top official said Wednesday. SolarWinds had previously traced the origins of the hack to the fall of 2019 but now believes that hackers were doing “very early recon activities” as far back as the prior January, according to Sudhakar Ramakrishna, the company’s president and CEO. “The tradecraft that the attackers used was extremely well done and extremely sophisticated, where they did everything possible to hide in plain sight, so to speak,” Ramakrishna said during a discussion hosted by the RSA Conference. The SolarWinds hack, which was first reported last December and which U.S. officials have linked to the Russian government, is one in a series of major breaches that has prompted a major cybersecurity focus from the Biden administration. By seeding the company’s widely used software update with malicious code, hackers were able to penetrate the networks of multiple U.S. government agencies and private sector corporations in an apparent act of cyber-espionage. The U.S. imposed sanctions against Russia last month. Also Wednesday, Ramakrishna apologized for the way the company blamed an intern earlier this year during congressional testimony for poor password security protocols. That public statement, he said, was “not appropriate.” “I have long held a belief system and an attitude that you never flog failure. You want your employees, including interns, to make mistakes and learn from those mistakes and together we become better,” he added. “Obviously you don’t want to make the same mistake over and over again. You want to improve.” 
…

From earbuds that measure blood pressure to clothing that monitors your heart rate, the latest in health monitoring technology is being included in everyday items such as clothes, rings and glasses. VOA’s Elizabeth Lee has the details.
Camera: Elizabeth Lee
Producer: Elizabeth Lee
…

Ireland’s health service operator shut down all its IT systems Friday to protect them from a ransomware attack, which crippled diagnostic services and disrupted COVID-19 testing.An international cybercrime gang was behind the attack, said Ossian Smyth, Ireland’s minister responsible for e-government. Smyth described it as possibly the most significant cybercrime attempt against the Irish state.Ireland’s COVID-19 vaccination program was not directly affected, but the attack was affecting IT systems serving all other local and national health provisions, the head of the Health Service Executive (HSE) said.Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.No payment”We are very clear we will not be paying any ransom,” Prime Minister Micheál Martin told reporters.The HSE’s chief described the attack as “very sophisticated.” Officials said the gang exploited a previously unknown vulnerability. Authorities shut down the system as a precaution after discovering the attack early Friday morning and will seek to gradually reopen the network, although that will take “some days,” Martin said.The attack was largely affecting information stored on central servers, and officials said they were not aware that any patient data had been compromised. Hospital equipment was not impacted, with the exception of radiography services.”More services are working than not today,” HSE Chief Operations Officer Anne O’Connor told national broadcaster RTE.”However, if this continues to Monday, we will be in a very serious situation and will be canceling many services. At this moment, we can’t access lists of people scheduled for appointments on Monday so we don’t even know who to cancel.”
…

Ireland’s data regulator can resume a probe that may trigger a ban on Facebook’s transatlantic data transfers, the High Court ruled Friday, raising the prospect of a stoppage the company warns would have a devastating impact on its business.
 
The case stems from EU concerns that U.S. government surveillance may not respect the privacy rights of EU citizens when their personal data is sent to the United States for commercial use.
 
Ireland’s Data Protection Commissioner (DPC), Facebook’s lead regulator in the European Union, launched an inquiry in August and issued a provisional order that the main mechanism Facebook uses to transfer EU user data to the United States “cannot in practice be used.”
 
Facebook had challenged both the inquiry and the Preliminary Draft Decision (PDD), saying they threatened “devastating” and “irreversible” consequences for its business, which relies on processing user data to serve targeted online ads.
 
The High Court rejected the challenge Friday. “I refuse all of the reliefs sought by FBI [Facebook Ireland] and dismiss the claims made by it in the proceedings,” Justice David Barniville said in a judgment that ran to nearly 200 pages.
 
“FBI has not established any basis for impugning the DPC decision or the PDD or the procedures for the inquiry adopted by the DPC,” the judgment said.
 
While the decision does not trigger an immediate halt to data flows, Austrian privacy activist Max Schrems, who forced the Irish data regulator to act in a series of legal actions over the past eight years, said he believed the decision made it Inevitable.
 
“After eight years, the DPC is now required to stop Facebook’s EU-U.S. data transfers, likely before summer,” he said.
 
A Facebook spokesman said the company looked forward to defending its compliance with EU data rules as the Irish regulator’s provisional order “could be damaging not only to Facebook, but also to users and other businesses.”
 Privileged access
 
If the Irish data regulator enforces the provisional order, it would effectively end the privileged access companies in the United States have to personal data from Europe and put them on the same footing as companies in other nations outside the bloc.
 
The mechanism being questioned by the Irish regulator, the Standard Contractual Clause (SCC), was deemed valid by the European Court of Justice in a July decision.
 
But the Court of Justice also ruled that, under SCCs, privacy watchdogs must suspend or prohibit transfers outside the EU if data protection in other countries cannot be assured.
 
A lawyer for Facebook in December told the High Court that the Irish regulator’s draft decision, if implemented, “would have devastating consequences” for Facebook’s business, affecting Facebook’s 410 million active users in Europe, hitting political groups and undermining freedom of speech.
 
Irish Data Protection Commissioner Helen Dixon in February said companies more broadly may face massive disruption to transatlantic data flows as a result of the European Court of Justice decision.
 
Dixon’s office welcomed the decision on Friday but declined further comment. 
…

A Russia-linked cyberattack targeting the largest U.S. fuel pipeline system is a “criminal act, obviously,” President Joe Biden said Monday.“The agencies across the government have acted quickly to mitigate any impact on our fuel supply,” the president said at the White House at the start of remarks about his economic agenda.Biden, responding to a reporter’s question after he concluded his prepared statement about whether there is any evidence of involvement of Russia’s government, replied: “I’m going to be meeting with President (Vladimir) Putin. And so far, there is no evidence based on — from our intelligence people that Russia is involved.”Biden added, however, with evidence that the ransomware actors are based in Russia, the government in Moscow has “some responsibility to deal with this.”Rep. Ruben Gallego, D-Ariz., asks a question during a House Natural Resources Committee hearing, July 28, 2020 on Capitol Hill in Washington.A member of the House Armed Services Committee, Arizona Democrat Ruben Gallego, said, “The Russian government cannot give refuge to these cyber terrorists without repercussions.”Colonial Pipeline, headquartered in the state of Georgia, proactively shut down its operations on Friday after ransomware hackers broke into some of its networks, according to U.S. officials.“Colonial is currently working with its private cybersecurity consultants to assess potential damage and to determine when it is safe to bring the pipeline back online,” homeland security adviser and deputy national security adviser Elizabeth Sherwood-Randall told reporters during a briefing prior to the president’s remarks.“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said in a FILE – The J. Edgar Hoover FBI Building is pictured in Washington, Nov. 30, 2017.“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline network,” said the Federal Bureau of Investigation in a statement midday Monday. “We continue to work with the company and our government partners on the investigation.”The FBI has previously advised against paying ransomware. White House officials on Monday said it was up to companies to make that decision and declined to say whether Colonial Pipeline had made a payment to the hackers.”Typically, that is a private sector decision, and the administration has not offered further advice at this time,” deputy national security adviser for cyber and emerging technologies Anne Neuberger told White House reporters. “Given the rise in ransomware, that is one area we are definitely looking at now to say what should be the government’s approach.”Some lawmakers have been calling for stronger protections of critical U.S. energy infrastructure and that has been mentioned as a priority by the Biden administration, which last month launched a new public-private initiative to enhance cybersecurity in the electricity sector.“And we’ll follow that with similar initiatives and natural gas pipelines, water and other sectors,” said Biden on Monday.The emergency declaration, issued by the Transportation Department, effective through at least June 8, calls for increasing alternative transportation routes in the United States for oil and gas and eased driver regulations for overtime hours and minimum sleep for carrying fuel in 17 states across southern and eastern states, as well as the District of Columbia.“We are closely monitoring the ongoing situation involving Colonial Pipeline,” Suzanne Lemieux, operations security and emergency response policy manager for the American Petroleum Institute, told VOA.“Cybersecurity is a top priority for our industry, and our members are engaged on a continuous basis with government agencies, including the Transportation Security Administration, Cyber Security and Infrastructure Security Agency, and the Department of Energy in order to mitigate risk and fully understand the evolving threat landscape,” she added. Concerning speculation that there are links between the hackers and the Russian government, “we can assume anything we want to, which is part of the gamesmanship in cyberwar,” said Justin Pelletier, director of Rochester Institute of Technology’s Global Cybersecurity Institute Cyber Range and Training Center.“I think a better question to ask is who we can cross off the list. There are many beneficiaries of cyber sell-sword (mercenary) activity and probably everyone can think of several organizations that would like to see an America in decline,” Pelletier told VOA.According to Bryson Bort, senior fellow for cybersecurity and emerging threats at the nonprofit R Street public policy research organization, the malicious code used by Darkside “actively checks that the Russian language package isn’t loaded on a host before it ransoms the computer. Clearly, there is a reason the gang is doing that. Is it just to avoid local enforcement?”Bort, an adviser to the Army Cyber Institute, told VOA it is an open question whether Russian intelligence is using the cybercriminals as a proxy.“Considering this was the fourth U.S. company hit in the energy sector in the last six months by this group, it sure looks like a targeted attack to me,” he said.
…

A fully robotic kitchen with a robot chef that can cook thousands of dishes could be a gamechanger in homes and restaurants around the world. VOA’s Julie Taboh has more.Producers: Julie Taboh, Adam Greenbaum   
…

A Russia-linked cyberattack targeting the largest U.S. fuel pipeline system is a “criminal act, obviously,” President Joe Biden said Monday.“The agencies across the government have acted quickly to mitigate any impact on our fuel supply,” the president said at the White House at the start of remarks about his economic agenda.Biden, responding to a reporter’s question after he concluded his prepared statement about whether there is any evidence of involvement of Russia’s government, replied: “I’m going to be meeting with President (Vladimir) Putin. And so far, there is no evidence based on — from our intelligence people that Russia is involved.”Biden added, however, with evidence that the ransomware actors are based in Russia, the government in Moscow has “some responsibility to deal with this.”Rep. Ruben Gallego, D-Ariz., asks a question during a House Natural Resources Committee hearing, July 28, 2020 on Capitol Hill in Washington.A member of the House Armed Services Committee, Arizona Democrat Ruben Gallego, said, “The Russian government cannot give refuge to these cyber terrorists without repercussions.”Colonial Pipeline, headquartered in the state of Georgia, proactively shut down its operations on Friday after ransomware hackers broke into some of its networks, according to U.S. officials.“Colonial is currently working with its private cybersecurity consultants to assess potential damage and to determine when it is safe to bring the pipeline back online,” homeland security adviser and deputy national security adviser Elizabeth Sherwood-Randall told reporters during a briefing prior to the president’s remarks.“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said in a FILE – The J. Edgar Hoover FBI Building is pictured in Washington, Nov. 30, 2017.“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline network,” said the Federal Bureau of Investigation in a statement midday Monday. “We continue to work with the company and our government partners on the investigation.”The FBI has previously advised against paying ransomware. White House officials on Monday said it was up to companies to make that decision and declined to say whether Colonial Pipeline had made a payment to the hackers.”Typically, that is a private sector decision, and the administration has not offered further advice at this time,” deputy national security adviser for cyber and emerging technologies Anne Neuberger told White House reporters. “Given the rise in ransomware, that is one area we are definitely looking at now to say what should be the government’s approach.”Some lawmakers have been calling for stronger protections of critical U.S. energy infrastructure and that has been mentioned as a priority by the Biden administration, which last month launched a new public-private initiative to enhance cybersecurity in the electricity sector.“And we’ll follow that with similar initiatives and natural gas pipelines, water and other sectors,” said Biden on Monday.The emergency declaration, issued by the Transportation Department, effective through at least June 8, calls for increasing alternative transportation routes in the United States for oil and gas and eased driver regulations for overtime hours and minimum sleep for carrying fuel in 17 states across southern and eastern states, as well as the District of Columbia.“We are closely monitoring the ongoing situation involving Colonial Pipeline,” Suzanne Lemieux, operations security and emergency response policy manager for the American Petroleum Institute, told VOA.“Cybersecurity is a top priority for our industry, and our members are engaged on a continuous basis with government agencies, including the Transportation Security Administration, Cyber Security and Infrastructure Security Agency, and the Department of Energy in order to mitigate risk and fully understand the evolving threat landscape,” she added. Concerning speculation that there are links between the hackers and the Russian government, “we can assume anything we want to, which is part of the gamesmanship in cyberwar,” said Justin Pelletier, director of Rochester Institute of Technology’s Global Cybersecurity Institute Cyber Range and Training Center.“I think a better question to ask is who we can cross off the list. There are many beneficiaries of cyber sell-sword (mercenary) activity and probably everyone can think of several organizations that would like to see an America in decline,” Pelletier told VOA.According to Bryson Bort, senior fellow for cybersecurity and emerging threats at the nonprofit R Street public policy research organization, the malicious code used by Darkside “actively checks that the Russian language package isn’t loaded on a host before it ransoms the computer. Clearly, there is a reason the gang is doing that. Is it just to avoid local enforcement?”Bort, an adviser to the Army Cyber Institute, told VOA it is an open question whether Russian intelligence is using the cybercriminals as a proxy.“Considering this was the fourth U.S. company hit in the energy sector in the last six months by this group, it sure looks like a targeted attack to me,” he said.
…

The global shortage of semiconductors, or microchips — the “brains” in all electronic devices, has heightened the geopolitical significance of Taiwan and its chip-making sector. The island is home to the world’s largest contract chipmaker: Taiwan Semiconductor Manufacturing Co (TSMC).Many describe Taiwan’s strength in microchips as its “silicon shield,” which can protect it against Chinese aggression.But others suspect the sector, coveted by China, may also trigger China to accelerate its efforts to take advantage of Taiwan’s tech prowess.‘Not let war happen’When asked to explain the shield, TSMC chairman Mark Liu told CBS News’ “60 Minutes” program last week that it means “the world all needs Taiwan’s high-tech industry support. So, they will not let the war happen in this region because it goes against interest of every country in the world.”While refusing to comment on whether the industry will keep Taiwan safe, Liu added that he hoped no war would occur in Taiwan. It is widely believed that any war fought in Taiwan could disrupt the global supply chains of microchips.More than 1 trillion chips are currently being produced annually. Industry watchers, including the National Bank of Canada estimated earlier that TSMC alone accounts for one-fifth of the world’s chip production and up to 90% of the supply of the most advanced chips.In an “extremely hypothetical scenario,” such a disruption in Taiwan’s chip production could cause $490 billion in annual losses for electronic device makers worldwide, according to estimates by the U.S.-based Semiconductor Industry Association last month.All shut downAmerican tech giants including Apple, major European auto makers and even Chinese companies would have to halt production in the event of a TSMC collapse, said Frank Huang, chairman of Taiwan’s third-largest chipmaker Powerchip Semiconductor Manufacturing Corp.That, he said, will make China think twice about using force against Taiwan, the self-ruled island Beijing views as a renegade province.“China likes [to]… threat [threaten] Taiwan. But realistically without Taiwan, they cannot move either. Their semiconductors also shut down. So, the problem is: can you take over Taiwan without [triggering] impact [on] semiconductors? That is not [going to] happen,” Huang told VOA.The term “silicon shield” was first coined by Craig Addison in late 2000, who argued in his book “Silicon Shield: Taiwan’s Protection Against Chinese Attack” that the island’s rise as the key supplier for the world’s digital economy would serve as “a deterrent against possible Chinese aggression.”FILE – A leaflet that asks employees to protect the company’s confidentiality is seen at a reception in Taiwan Semiconductor Manufacturing Co (TSMC), in Hsinchu, Taiwan, Aug. 31, 2018.The debate over such a deterrent has heated up now that the pandemic has seriously disrupted most supply chains. The U.S. has also placed restrictions on exports of chips and chip-making equipment using U.S. design and technology to China — a development that some observers also fear may end up provoking China to increase aggression toward Taiwan.But Darson Chiu, a research fellow at the Taiwan Institute of Economic Research (TIER) in Taipei, disagreed, saying that he believes the world will stand behind Taiwan.“The world’s superpowers will view TSMC as a key driver behind the future global economic revival, which belongs to no one but the world. Hence the world will not tolerate China’s use of force to control TSMC,” Chiu told VOA over the phone.Double layer of protectionThe island’s dominance in chip-making has fueled the debate over its silicon shield, but the U.S. is more concerned that the shield may “have holes in it” and the technology is being used by China’s military, according to Alexander Neill, a former Shangri-La Dialogue senior fellow for Asia Pacific security at the International Institute for Strategic Studies.An earlier Washington Post report alleged that a Chinese firm had used TSMC chips in the Chinese military’s development of hypersonic missiles. But the company denied the charges.The U.S. is also concerned about vulnerabilities caused by TSMC production being concentrated in Taiwan. The island’s water and electric supply shortages could disrupt production.“What the United States wants to do is to help TSMC diversify its production base so that there’s a double layer of protection. So, if the first shield is being penetrated, the second [reinforcement] shield is to nurture the chip production base in friends and ally countries including the United States,” Neill told VOA over the phone.Surging demandTSMC has planned to invest $100 billion in the next three years on new production facilities including a state-of-the-art wafer fabrication plant in the U.S. state of Arizona and expansions of its Nanjing, China-based fab to produce 28 nanometer chips for auto makers.The move aims to increase TSMC’s capacity, which is currently working at full capacity, to meet surging demand and support future growth in the global economy, TIER’s Chiu said.In a stock exchange filing last month, TSMC said it “is entering a period of higher growth as the multiyear megatrends of 5G and HPC (high performance computer) are expected to fuel strong demand for our semiconductor technologies in the next several years. In addition, the Covid-19 pandemic also accelerates digitalization in every aspect.”But Powerchip’s Huang questions if overseas wafer fabs will be as cost effective as those based in Taiwan. He said that many fabs in the U.S. and Germany have proved to be too expensive to sustain.Expansion in ChinaFor years, China’s attempts to manufacture chips have failed since China lacks access to the intellectual property required for the process.Hence, TSMC’s expansion plan in its Nanjing plant is welcomed by many in China despite worries that the survival of homegrown chipmakers may be threatened by the Taiwanese chipmaker, according to Song Hong, assistant general director at the Institute of World Economics and Politics under the Chinese Academy of Social Sciences.“28nm chips aren’t high-end. But mid- to low-end chips are in higher demand. So, I think this shows TSMC’s optimism in China’s future demand. It is in our hope to bolster homegrown chipmakers, but we also welcome competition,” Song told VOA.Song, however, shrugged off the geopolitical implications of Taiwan’s silicon shield, saying that China views Taiwanese issues as domestic affairs and will not be deterred from its goals by U.S. action. (This article originated in VOA’s Mandarin service.)
…

The recent decision about Facebook and former President Donald Trump sends a signal to world leaders everywhere that to use social media, they have to play by a set of rules that are still forming. Tina Trinh has more.Produced by: Matt Dibble 
…

Sixty years after Alan Shepard became the first American in space, everyday people are on the verge of following in his cosmic footsteps.Jeff Bezos’ Blue Origin used Wednesday’s anniversary to kick off an auction for a seat on the company’s first crew spaceflight — a short Shepard-like hop launched by a rocket named New Shepard. The Texas liftoff is targeted for July 20, the date of the Apollo 11 moon landing. Richard Branson’s Virgin Galactic aims to kick off tourist flights next year, just as soon as he straps into his space-skimming, plane-launched rocketship for a test run from the New Mexico base.And Elon Musk’s SpaceX will launch a billionaire and his sweepstakes winners in September. That will be followed by a flight by three businessmen to the International Space Station in January.”We’ve always enjoyed this incredible thing called space, but we always want more people to be able to experience it as well,” NASA astronaut Shane Kimbrough said from the space station Wednesday. “So I think this is a great step in the right direction.”It’s all rooted in Shepard’s 15-minute flight on May 5, 1961. Shepard was actually the second person in space — the Soviet Union launched cosmonaut Yuri Gagarin three weeks earlier, to Shepard’s everlasting dismay. The 37-year-old Mercury astronaut and Navy test pilot cut a slick sci-fi figure in his silver spacesuit as he stood in the predawn darkness at Cape Canaveral, looking up at his Redstone rocket. Impatient with all the delays, including another hold in the countdown just minutes before launch, he famously growled into his mic: “Why don’t you fix your little problem and light this candle?”His capsule, Freedom 7, soared to an altitude of 116 miles (186 kilometers) before parachuting into the Atlantic.Twenty days later, President John F. Kennedy committed to landing a man on the moon and returning him safely by decade’s end, a promise made good in July 1969 by Apollo 11’s Neil Armstrong and Buzz Aldrin. Shepard, who died in 1998, went on to command Apollo 14 in 1971, becoming the fifth moonwalker — and lone lunar golfer.Since Gagarin and Shepard’s pioneering flights, 579 people have rocketed into space or reached its fringes, according to NASA. Nearly two-thirds are American and just over 20% Soviet or Russian. About 90% are male and most are white, although NASA’s crews have been more diverse in recent decades. A Black community college educator from Tempe, Arizona, sees her spot on SpaceX’s upcoming private flight as a symbol. Sian Proctor uses the acronym J.E.D.I. for “a just, equitable, diverse and inclusive space.”NASA wasn’t always on board with space tourism, but is today.”Our goal is one day that everyone’s a space person,” NASA’s human spaceflight chief, Kathy Lueders said following Sunday’s splashdown of a SpaceX capsule with four astronauts. “We’re very excited to see it starting to take off.” Twenty years ago, NASA clashed with Russian space officials over the flight of the world’s first space tourist.California businessman Dennis Tito paid $20 million to visit the space station, launching atop a Russian rocket. Virginia-based Space Adventures arranged Tito’s weeklong trip, which ended May 6, 2001, as well as seven more tourist flights that followed.”By opening up his checkbook, he kicked off an industry 20 yrs ago,” Space Adventures co-founder Eric Anderson tweeted last week. “Space is opening up more than it ever has, and for all.”There’s already a line.A Russian actress and movie director are supposed to launch from Kazakhstan in the fall. They’ll be followed in December by Space Adventures’ two newest clients, also launching on a Russian Soyuz rocket. SpaceX will be next up in January with the three businessmen; the flight from Florida’s Kennedy Space Center was arranged by Axiom Space, a Houston company run by former NASA employees. And as early as 2023, SpaceX is supposed to take a Japanese entrepreneur and his guests around the moon and back.While no fan of human spaceflight — he prefers robotic explorers — Duke University emeritus history professor Alex Roland acknowledges the emergence of spaceflight companies might be “the most significant change in the last 60 years.” Yet he wonders whether there will be much interest once the novelty wears off and the inevitable fatalities occur.Then there’s the high price of admission.The U.S., Canadian and Israeli entrepreneurs flying SpaceX early next year are paying $55 million — each — for their 1 1/2-week mission.Virgin Galactic’s tickets cost considerably less for minutes versus days of weightlessness. Initially $250,000, the price is expected to go up once Branson’s company starts accepting reservations again.Blue Origin declined Wednesday to give a ticket price for future sales and would not comment on who else — besides the auction winner — will be on board the capsule in July. A couple more crew flights, each lasting minutes, would follow by year’s end.As for SpaceX’s private flight on a fully automated Dragon capsule, tech entrepreneur Jared Isaacman won’t say what he’s paying. He considers his three-day flight a “great responsibility” and is taking no shortcuts in training; he took his crewmates hiking up Mount Rainier last weekend to toughen them up.”If something does go wrong, it will set back every other person’s ambition to go and become a commercial astronaut,” Isaacman said recently.John Logsdon, professor emeritus at George Washington University, where he founded the Space Policy Institute, has mixed feelings about this shift from space exploration to adventure tourism.”It takes the romance and excitement out of going to space,” Logsdon said in an email this week. Instead of the dawn of a new era like so many have proclaimed, it’s “more like the end of the era when space flight was special. I guess that is progress.”
…

Facebook’s oversight board on Wednesday upheld the social media company’s decision to ban former U.S. President Donald Trump from posting comments to his Facebook and Instagram accounts, a measure imposed after he posted incendiary remarks as hundreds of his supporters stormed the U.S. Capitol on January 6.The quasi-independent panel, however, left open the possibility that Trump could eventually return to the popular website, saying it “was not appropriate for Facebook to impose the indeterminate and standardless penalty of indefinite suspension.”   The oversight group gave Facebook executives six months to re-examine the “arbitrary penalty” it imposed the day after the insurrection, when Trump urged followers to confront lawmakers as they certified Joe Biden’s election victory. The review said Facebook executives should decide on another penalty that reflects the “gravity of the violation and the prospect of future harm.” Facebook management responded by saying it “will now consider the board’s decision and determine an action that is clear and proportionate. In the meantime, Mr. Trump’s accounts remain suspended.” Trump reacted angrily at the oversight panel’s decision, saying, “Free Speech has been taken away from the President of the United States because the Radical Left Lunatics are afraid of the truth, but the truth will come out anyway, bigger and stronger than ever before.” 
 
“The People of our Country will not stand for it!” he said. “These corrupt social media companies must pay a political price and must never again be allowed to destroy and decimate our Electoral Process.”  
 
The 45th U.S. president contended that by banning his comments, “what Facebook, Twitter and Google have done is a total disgrace and embarrassment to Our Country.”   
 
Trump, now three-plus months out of office but contemplating another run for the presidency in 2024, unveiled Tuesday morning a new website, “From the Desk of Donald J. Trump,” to communicate with his supporters. It looked much like a Twitter feed, with posts written by Trump that could be shared on Facebook, Twitter and YouTube.During his four years in the White House, Trump broke new ground with thousands of tweets on issues of the day, endorsements of Republican candidates he favored over those who had attacked him, and acerbic comments about opposition Democrats. A letter submitted to the oversight panel on Trump’s behalf asked the board to reconsider the Facebook suspension, contending it was “inconceivable” that either of his January 6 posts “can be viewed as a threat to public safety, or an incitement to violence.”  The letter also claimed all “genuine” Trump supporters at the Capitol on January 6 were law-abiding, and that “outside forces” were involved. However, more than 400 people inside the Capitol that day, including many wearing Trump-emblazoned hats and shirts and carrying pro-Trump flags and signs, have been arrested and charged with an array of criminal offenses. The oversight board found that Trump’s two posts in the midst of the chaos at the Capitol that left five people dead severely violated Facebook’s Community Standards and Instagram’s Community Guidelines. “We love you. You’re very special” in the first post, and “great patriots” and “remember this day forever,” in the second post violated Facebook’s rules prohibiting praise or support of people engaged in violence, the review panel said. The oversight group went on to say that “in maintaining an unfounded narrative of electoral fraud and persistent calls to action, Mr. Trump created an environment where a serious risk of violence was possible. At the time of Mr. Trump’s posts, there was a clear, immediate risk of harm, and his words of support for those involved in the riots legitimized their violent actions.” “As president, Mr. Trump had a high level of influence,” the panel concluded. “The reach of his posts was large, with 35 million followers on Facebook and 24 million on Instagram. “Given the seriousness of the violations and the ongoing risk of violence, Facebook was justified in suspending Mr. Trump’s accounts on January 6 and extending that suspension on January 7,” the panel said. “However, it was not appropriate for Facebook to impose an ‘indefinite’ suspension.” In one of his posts during the insurrection, Trump said, “These are the things and events that happen when a sacred landslide election victory is so unceremoniously viciously stripped away from great patriots who have been badly unfairly treated for so long. Go home with love in peace. Remember this day forever!” Facebook removed the post and decided the next day to extend Trump’s ban indefinitely, at least past Biden’s January 20 inauguration. “His decision to use his platform to condone rather than condemn the actions of his supporters at the Capitol building has rightly disturbed people in the U.S. and around the world,” Facebook chief executive Mark Zuckerberg said in a January 7 statement. “We removed these statements yesterday because we judged that their effect — and likely their intent — would be to provoke further violence.” The 20-member review panel was composed of legal scholars, human rights experts and journalists. A five-member panel prepared a decision, which had to be approved by a majority of the full board, and which Facebook was then required to implement unless the action could violate the law. The board says its mission is to “answer some of the most difficult questions around freedom of expression online: what to take down, what to leave up, and why.” The Facebook Oversight Board was created last October after the company faced criticism it was not quickly and effectively dealing with what some feel has been problematic content. The board announced its first decisions in January, supporting Facebook’s decision to remove content in one case, but overruling the company and ordering it to restore posts in four other cases. 
…

Facebook’s quasi-independent Oversight Board is set to announce Wednesday whether the social media company was correct to indefinitely prohibit former U.S. President Donald Trump from posting to his Facebook and Instagram accounts.The board is made up of 20 members, including legal scholars, human rights experts and journalists. A panel of five members prepares a decision, which must be approved by a majority of the full board, and which Facebook is then required to implement unless the action could violate the law.The board says its mission is to “answer some of the most difficult questions around freedom of expression online: what to take down, what to leave up, and why.”Trump’s ban dates to the January 6 attack on the U.S. Capitol by his supporters that came as members of Congress were meeting to certify the results of the November presidential election.In this Jan. 6, 2021, file photo, Trump supporters participate in a rally in Washington.He made several posts during the attack continuing his false claims that the election was “stolen.” Facebook removed two of Trump’s posts and initially banned him from posting for 24 hours.“These are the things and events that happen when a sacred landslide election victory is so unceremoniously viciously stripped away from great patriots who have been badly unfairly treated for so long,” Trump posted about two hours before police and National Guard troops secured the Capitol. “Go home with love in peace. Remember this day forever!”Facebook decided the next day to extend Trump’s ban indefinitely, at least past the inauguration of President Joe Biden.“His decision to use his platform to condone rather than condemn the actions of his supporters at the Capitol building has rightly disturbed people in the US and around the world. We removed these statements yesterday because we judged that their effect — and likely their intent — would be to provoke further violence,” Facebook CEO Mark Zuckerberg said in a January 7 statement.Twitter instituted a permanent ban against Trump, saying several of his posts “are likely to inspire others to replicate the violent acts that took place on January 6, 2021, and that there are multiple indicators that they are being received and understood as encouragement to do so.”The Facebook Oversight Board was created last October after the company faced criticism it was not quickly and effectively dealing with what some feel is problematic content.The board announced its first decisions in January, supporting Facebook’s decision to remove content in one case, but overruling the company and ordering it to restore posts in four other cases.
…

Billionaire Bill Gates and Melinda Gates said in a joint statement on Monday that they have made the decision to end their marriage. “After a great deal of thought and a lot of work on our relationship, we have made the decision to end our marriage,” the two said in a statement posted by Bill Gates’ Twitter account. “We no longer believe we can grow together as a couple in the next phase of our lives. We ask for space and privacy for our family as we begin to navigate this new life,” their statement said. 
 
…

Facebook’s oversight board will soon be announcing its decision about whether to uphold the company’s ban on former President Donald Trump’s account.The quasi-independent body said the announcement will be made May 5 in a Twitter post.The Oversight Board will announce its decision on the case concerning former US President Trump on its website at https://t.co/NNQ9YCrcrh on May 5, 2021 at approximately 9:00 a.m. EDT.
— Oversight Board (@OversightBoard) May 3, 2021Facebook banned Trump’s account in the wake of the Jan. 6 violent pro-Trump protests at the U.S. Capitol.The board says it has received over 9,000 public comments on the Trump case.The board was created last October after the company faced criticism it was not quickly and effectively dealing with what some feel is problematic content.Decisions by the board are binding and cannot be overturned. 
…

AOL and Yahoo are being sold again, this time to a private equity firm.  
Verizon will sell Verizon Media, which consists of the pioneering tech platforms, to Apollo Global Management in a $5 billion deal.
Verizon said Monday that it will keep a 10% stake in the new company, which will be called Yahoo.
Yahoo at the end of the last century was the face of the internet, preceding the behemoth tech platforms to follow, such as Google and Facebook.  
And AOL was the portal, bringing almost everyone who logged on during the internet’s earliest days.  
Verizon had hoped to ride the acquisition of AOL to a quick entry into the mobile market, spending more than $4 billion on the company in 2015. The plan was to use the advertising platform pioneered by AOL to sell digital advertising. Two years later, it spent even more to acquire Yahoo and combined the two.  
However the speed at which Google and Facebook have grown dashed those hopes and it became clear very quickly that it was unlikely to reach Verizon’s highest aspirations for the two.  
The year after buying Yahoo, Verizon wrote down the value of the combined operation, called “Oath,” by more than the $4.5 billion it had spent on Yahoo.  
As part of the deal announced Monday, Verizon will receive $4.25 billion in cash, preferred interests of $750 million and the minority stake. The transaction includes the assets of Verizon Media, including its brands and businesses such as Yahoo and AOL.
The deal is expected to close in the second half of the year.  
Shares of Verizon Communications Inc., based in New York, rose slightly before the opening bell Monday.
…

On Monday, Apple faces one of its most serious legal threats in recent years: A trial that threatens to upend its iron control over its app store, which brings in billions of dollars each year while feeding more than 1.6 billion iPhones, iPads, and other devices.The federal court case is being brought by Epic Games, maker of the popular video game Fortnite. Epic wants to topple the so-called “walled garden” of the app store, which Apple started building 13 years ago as part of a strategy masterminded by co-founder Steve Jobs.Epic charges that Apple has transformed a once-tiny digital storefront into an illegal monopoly that squeezes mobile apps for a significant slice of their earnings. Apple takes a commission of 15% to 30% on purchases made within apps, including everything from digital items in games to subscriptions. Apple denies Epic’s charge.Apple’s highly successful formula has helped turn the iPhone maker into one of the world’s most profitable companies, one with a market value that now tops $2.2 trillion.Privately held Epic is puny by comparison, with an estimated market value of $30 billion. Its aspirations to get bigger hinge in part on its plan to offer an alternative app store on the iPhone. The North Carolina company also wants to break free of Apple’s commissions. Epic says it forked over hundreds of millions of dollars to Apple before Fortnite was expelled from its app store last August, after Epic added a payment system that bypassed Apple.Epic then sued Apple, prompting a courtroom drama that could shed new light on Apple’s management of its app store. Both Apple CEO Tim Cook and Epic CEO Tim Sweeney will testify in a Oakland, California federal courtroom that will be set up to allow for social distancing and will require masks at all times.Neither side wanted a jury trial, leaving the decision to U.S. District Judge Yvonne Gonzalez Rogers, who already seems to know her ruling will probably be appealed, given the stakes in the case.Much of the evidence will revolve around arcane but crucial arguments about market definitions.Epic contends the iPhone has become so ingrained in society that the device and its ecosystem have turned into a monopoly Apple can exploit to unfairly enrich itself and thwart competition.Apple claims it faces significant competition from various alternatives to video games on iPhones. For instance, it points out that about 2 billion other smartphones don’t run iPhone software or work with its app store — primarily those relying on Google’s Android system. Epic has filed a separate case against Google, accusing it of illegally gouging apps through its own app store for Android devices.Apple will also depict Epic as a desperate company hungry for sources of revenue beyond the aging Fortnite. It claims Epic merely wants to freeload off an iPhone ecosystem in which Apple has invested more than $100 billion over the past 15 years.Estimates of Apple’s app store revenue range from $15 billion to $18 billion annually. Apple disputes those estimates, although it hasn’t publicly disclosed its own figures. Instead, it has emphasized that it doesn’t collect a cent from 85% of the apps in its store.The commissions it pockets, Apple says, are a reasonable way for the company to recoup its investment while financing an app review process it calls essential to preserving the security of apps and their users. About 40% of the roughly 100,000 apps submitted for review each week are rejected for some sort of problem, according to Kyle Andeer, Apple’s chief compliance officer.Epic will try to prove that Apple uses the security issue to disguise its true motivation — maintaining a monopoly that wrings more profits from app makers who can’t afford not to be available on the iPhone.But the smaller company may face an uphill battle. Last fall, the judge expressed some skepticism in court before denying Epic’s request to reinstate Fortnite on Apple’s app store pending the outcome of the trial. At that time, Gonzalez Rogers asserted that Epic’s claims were “at the frontier edges of antitrust law.”The trial is expected to last most of May, with a decision to come in the ensuing weeks. 
…

Videos of kids having fun are among the most popular on YouTube. They are also a fast-growing business, one that critics say comes with little regulation and oversight to protect children on either side of the screen. Michelle Quinn reports.
Producer: Michelle Quinn
…

EU regulators accused Apple on Friday of distorting competition in the music streaming market, siding with Spotify in a case that could lead to a hefty fine and changes in the iPhone maker’s lucrative business practices.
 
The preliminary findings are the first time Brussels has leveled anti-competitive charges against Apple, although the two sides have had bruising clashes in the past, most notably a multibillion-dollar tax dispute involving Ireland.
 
Apple, Spotify and other parties can now respond. If the case is pursued, the EU could demand concessions and potentially impose a fine of up to 10% of Apple’s global turnover – as much as $27 billion, although it rarely levies the maximum penalty.
 
Apple found itself in the European Commission’s crosshairs after Sweden-based Spotify complained two years ago that the U.S. tech giant unfairly restricted rivals to its own music streaming service Apple Music on iPhones.
 
The EU competition enforcer, in its so-called statement of objections setting out the charge, said the issue related to Apple’s restrictive rules for its App Store that force developers to use its own in-app payment system and prevent them from informing users of other purchasing options.
 
European Competition Commissioner Margrethe Vestager said there were clear signs Apple’s App Store rules were affecting music streaming rivals’ business development and affecting app developers more widely.
 
“They [app developers] depend on Apple App Store as a gatekeeper to access users of Apple’s iPhones and iPads. This significant market power cannot go unchecked as the conditions of access to the Apple App Store are key for the success of app developers,” she told a news conference.
 
Vestager said Apple should end restrictive practices and refrain from doing anything that would replicate them.
 
She also said other authorities were looking into the issue. “We have contact with other jurisdictions doing similar
cases, that could be the Dutch, the Australians, the Americans,”she said, adding she  also was interested in the app gaming market, although it was early days.
 
Apple rebuffed the EU charge. “Spotify has become the largest music subscription service in the world, and we’re proud of the role we played in that,” it said in a statement.
 
“They want all the benefits of the App Store but don’t think they should have to pay anything for that. The Commission’s argument on Spotify’s behalf is the opposite of fair competition,” it added.  
 Internet Gatekeepers
 
Spotify welcomed the EU move, describing it as “a critical step toward holding Apple accountable for its anticompetitive behavior, ensuring meaningful choice for all consumers and a level playing field for app developers.”
 
Reuters was first to report about the imminent EU antitrust charge in March.
 
Spotify, one of Europe’s few global success stories in consumer technology, is the market leader in music streaming with 356 million active users and 158 million paid subscribers.  
 
Apple Music, launched more recently in 2015, is estimated to have more than 70 million subscribers although the company does not give a separate figure for that part of its business.
 
Competition between the two companies has intensified in recent weeks, with both seeking to build their customer base via supremacy in the market for podcasts.
 
“Europe’s consumers expect and deserve access to a full range of music streaming services without their choices being restricted or prices being inflated unfairly by internet gatekeepers,” said European consumer organization BEUC.
 
The EU charge comes a week before Apple’s face off with Epic Games in a U.S. antitrust trial following a lawsuit by the “Fortnite” creator alleging that Apple has abused its dominance in the market for mobile apps.
 
Epic has complained to the Commission on the same issues. Last month, the UK Competition and Markets Authority opened an investigation into Apple after complaints the iPhone maker’s terms and conditions for app developers were unfair.
…

Videos of kids having fun are among the most popular on YouTube. They are also a fast-growing business, one that critics say comes with little regulation and oversight to protect children on either side of the screen. Michelle Quinn reports.
Producer: Michelle Quinn
…

For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders.  It is the latest supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a steppingstone to sensitive government and corporate computer networks.  The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it.  More than a dozen federal agencies run Pulse Connect Secure on their networks, according to public contract records. An emergency cybersecurity directive last week demanded that agencies scan their systems for related compromises and report back.  The results, collected Friday and analyzed this week, show evidence of potential breaches in at least five federal civilian agencies, said Matt Hartman, a senior official with the U.S. Cybersecurity Infrastructure Security Agency.  “This is a combination of traditional espionage with some element of economic theft,” said one cybersecurity consultant familiar with the matter. “We’ve already confirmed data exfiltration across numerous environments.”  The Ivanti logo and cyber binary codes are seen in this illustration taken April 20, 2021.The maker of Pulse Connect Secure, Utah-based software company Ivanti, said it expected to provide a patch to fix the problem by this coming Monday, two weeks after it was first publicized. Only a “very limited number of customer systems” had been penetrated, it added.  Over the last two months, CISA and the FBI have been working with Pulse Connect Secure’s maker and victims of the hack to kick out the intruders and uncover other evidence, said another senior U.S. official who declined to be named but is responding to the hacks. The FBI, Justice Department and National Security Agency declined to comment.  The U.S. government’s investigation into the Pulse Connect Secure activity is still in its early stages, said the senior U.S. official, who added the scope, impact and attribution remain unclear.  Security researchers at U.S. cybersecurity firm FireEye and another firm, which declined to be named, say they’ve watched multiple hacking groups, including an elite team they associate with China, exploiting the new flaw and several others like it since 2019.  FILE – Security firm FireEye’s logo is seen outside the company’s offices in Milpitas, California.In a statement last week, Chinese Embassy spokesperson Liu Pengyu said China “firmly opposes and cracks down on all forms of cyberattacks,” describing FireEye’s allegations as “irresponsible and ill-intentioned.”  The use of VPNs, which create encrypted tunnels for connecting remotely to corporate networks, has skyrocketed during the COVID-19 pandemic. Yet with the growth in VPN usage so too has the associated risk.  “This is another example in a recent pattern of cyber actors targeting vulnerabilities in widely used VPN products as our nation largely remains in remote and hybrid work postures,” Hartman said.  Three cybersecurity consultants involved in responding to the hacks told Reuters that the victim list is weighted toward the United States and so far includes defense contractors, civilian government agencies, solar energy companies, telecommunications firms and financial institutions.  The consultants also said they were aware of fewer than 100 combined victims so far between them, suggesting a fairly narrow focus by the hackers.  Analysts believe the malicious operation began around 2019 and exploited older flaws in Pulse Connect Secure and separate products made by cybersecurity firm Fortinet before invoking the new vulnerabilities.  Hartman said the civilian agency hacks date to at least June 2020.  Hacking the supplyA recent report by the Atlantic Council, a Washington think tank, studied 102 supply chain hacking incidents and found they surged the last three years. Thirty of the attacks came from government-backed groups, primarily in Russia and China, the report said.  The Pulse Connect Secure response comes as the government is still grappling with the fallout of three other cyberattacks.  FILE – The SolarWinds logo is seen outside its headquarters in Austin, Texas, Dec. 18, 2020.The first is known as the SolarWinds hack, in which suspected Russian government hackers commandeered the company’s network management program to burrow inside nine federal agencies.  A weakness in Microsoft’s email server software, named Exchange, exploited by a different group of Chinese hackers, also required a massive response effort, although there was ultimately no impact to federal networks, according to U.S. officials.  Then a weakness at a maker of programming tools called Codecov left thousands of customers exposed inside their coding environments, the company disclosed this month.  Some government agencies were among the customers whose credentials were taken by the Codecov hackers for further access to code repositories or other data, according to a person briefed on the investigation. Codecov, the FBI and the Department of Homeland Security declined to comment on that case.  The U.S. plans to address some of these systemic issues with an upcoming executive order that will require agencies to identify their most critical software and promote a “bill of materials” that demands a certain level of digital security across products sold to the government.  “We think [this is] the most impactful way to really impose costs on these adversaries and make it that much harder,” said the senior U.S. official. 
…

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for its use, a top national security official said Wednesday.The department this month announced that it had obtained a warrant from a federal judge in Texas to remove web shells, or malicious code that gives hackers a foothold into networks, from hundreds of vulnerable computers affected by a hack that Microsoft has blamed on a group operating from China.The FBI operation was designed to disrupt the effects of a hack that affected many thousands of servers running the Microsoft Exchange email program. Many victims took steps on their own to safeguard their systems, but for those that who did not, the Justice Department stepped in to do it for them with a judge’s approval.It was the virtual equivalent of police going around the neighborhood locking doors that criminals had opened remotely.”We have a decision to make, which is are we going to go ahead and do that action ourselves or are we just going to leave that malware there, sort of unremediated,” said Assistant Attorney General John Demers, speaking at a virtual discussion hosted by the Project for Media & National Security at George Washington University.He said the operation was one of the very first of its kind and was the subject of extensive discussion by the FBI and the Justice Department. The department is figuring out how it plans to use that capability in the future.”We don’t yet have sort of worked out what our criteria are going to be going forward,” Demers said. “Now that we’ve had this experience, that’s the kind of discussion we’re having internally now.”This is not a tool of first resort that we’re going to be using a couple times a week as different intrusions come up,” he added. “This does require working with the private sector on the right solution. It does require testing to be sure that you’re not going to otherwise disrupt someone’s computer system.”Such operations will be done judiciously in the future, he said.Demers acknowledged concerns from some privacy advocates that the government, without permission of the computer system operators, had gained remote access and removed the web shells.But he pointed out that the department did obtain a judge’s permission and said the government felt compelled to act because, after a period of several weeks, there were still unremediated web shells that continued to serve as access point for “hackers of all stripes.””And so the choice that the government had was just continue to leave those open or take the court-authorized action that we did, and ultimately we decided to move ahead,” Demers said. “But to the extent possible before then, we had been notifying every victim that we could identify of the intrusion.”
…