Day: December 22, 2017

IPhone owners from several states sued Apple Inc. for not disclosing sooner that it issued software updates deliberately slowing older-model phones so aging batteries lasted longer, saying Apple’s silence led them to wrongly conclude that their only option was to buy newer, pricier iPhones.

The allegations were in a lawsuit filed Thursday in Chicago federal court on behalf of five iPhone owners from Illinois, Ohio, Indiana and North Carolina, all of whom say they never would have bought new iPhones had Apple told them that simply replacing the batteries would have sped up their old ones. The suit alleges Apple violated consumer fraud laws.

A similar lawsuit was filed Thursday in Los Angeles. Both suits came a day after Apple confirmed what high-tech sleuths outside the company already observed: The company had deployed software to slow some phones. Apple said it was intended as a fix to deal with degraded lithium-ion batteries that could otherwise suddenly die.

“Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices,” an Apple statement said. It said it released the fix for iPhone 6, iPhone 6s and iPhone SE and later extended it to iPhone 7. Apple didn’t respond to a message Friday seeking comment.

The Chicago lawsuit suggests Apple’s motive may have been sinister, though it offers no evidence in the filing.

“Apple’s decision to purposefully … throttle down these devices,” it says, “was undertaken to fraudulently induce consumers to purchase the latest” iPhone.

Plaintiff Kirk Pedelty, of North Carolina, contacted Apple as his frustration grew. However, the lawsuit says: “Nobody from Apple customer support suggested that he replace his battery to improve the performance of his iPhone. … Frustrated by slowdowns and intermittent shutdowns of his iPhone 7, Pedelty purchased an iPhone 8.”

The lawsuit seeks class-action status to represent thousands of iPhone owners nationwide.

Creative Strategies analyst Carolina Milanesi said she believes the tech giant was seeking to help consumers extend the lives of the older phones — though it would have been better to disclose what it was doing and why right away.

“Even if you are trying to do something good for your customers, it is going to be perceived as you are sneaking around behind their backs if you don’t tell them about it first,” she said.
…

Indonesia’s foremost hard-line Islamist group, the Islamic Defenders Front (FPI), has announced a Christmas Day boycott of Facebook and the Whatsapp instant messaging service, as well as a live protest at Facebook’s Indonesia office in the near future.

They say Facebook — like other major social media outlets such as Twitter and Instagram — has blocked several FPI accounts, and that Facebook allows pro-LGBT and anti-Sharia pages to stay on its site. The group also plans to protest at Indonesia’s Ministry of Communications and Information in the new year.

While the boycott is unlikely to make a major impact on Facebook, it underscores that FPI’s official accounts are blocked on many major platforms, leading some to speculate the move was at the national government’s request.

That’s unlikely, said Ross Tapsell, who researches media in Southeast Asia at Australian National University.

“There is a misperception, both within FPI and outside of it, that the Indonesian government calls up social media companies like Facebook and Twitter and asks for certain pages to be taken down and these companies simply comply,” he said. “That isn’t how this works. Social media companies have their own codes of conduct and it is through fairly extensive and rigorous internal debates that these decisions are ultimately made.”

He suggested that Facebook likely shut down FPI’s pages, which have in the past engaged in hate speech and advocated for violence, for violating its terms and policies.

This is an ambiguous moment for the FPI, which has risen rapidly from a fringe group, founded in 1999 after the fall of Suharto, to a mainstream organization that swayed the Jakarta gubernatorial election.

In late 2016, the FPI organized mass protests in Jakarta against its Chinese Christian governor, Basuki Tjahaja Purnama, for allegedly insulting the Quran. The eventually triumphant candidate, Governor Anies Baswedan, openly allied with the FPI during his campaign.

Crackdown on Islamist groups

“On the issue of internal regulation, Twitter and Facebook have involved many social organizations from Indonesia to become their trusted flaggers [of problematic content], not only the government,” said Damar Juniarto, a coordinator of the Southeast Asia Freedom of Expression Network. He suggested the decision to block FPI happened after numerous complaints from different sources.

“Various FPI members have posted videos of violence, bullying and harassing people who criticized them or their leader in 2017, and these videos would have been given as evidence for the need to ban them on Facebook,” Tapsell said.

In June, a Chinese-Indian teenager in Jakarta was physically abused by FPI members for posting memes about its leader.

Facebook and Twitter could not be immediately reached for comment.

Beyond social media, other Indonesian hard-liners have been the target of crackdowns this year. In July, the government banned the international Islamist organization Hizbut Tahrir because it threatened the nation’s pluralist state ideology, known as Pancasila. Hizbut Tahrir advocates for a global Islamic caliphate.

​Vague leadership

Today, FPI’s leader, Habib Rizieq Shihab, is a fugitive in Saudi Arabia; he was charged shortly after the Jakarta election under the nation’s pornography law for allegedly texting explicit photos with a woman who is not his wife. It is a far cry from late 2016, when he enthralled hundreds of thousands of Muslims who brought Jakarta to a grinding halt to attend the “peaceful actions” that Rizieq and FPI organized against the governor.

FPI also has had trouble expanding its brand beyond Java, like in West Kalimantan province in Borneo, where the group failed to hold a similar rally last summer.

Support for FPI increased from 15.6 percent to 23.6 percent between June 2016 and August 2017, according to a recent report from researchers Marcus Mietzner, Burhanuddin Muhtadi and Rizka Halida.

As the year draws to a close, FPI’s agenda is once more trained on local and domestic actions, where it started as Indonesia’s unofficial moral police. For instance, it has promised to raid establishments that make their staff wear Christmas hats. It remains to be seen whether FPI will return to influence the national political discourse in the new year, or whether the group’s stature has peaked.
…

Toshiba Corp.’s energy systems unit on Friday unveiled a long telescopic pipe carrying a pan-tilt camera designed to gather crucial information about the situation inside the reactor chambers at Japan’s tsunami-wrecked Fukushima nuclear plant.

The device is 13 meters (43 feet) long and designed to give officials a deeper view into the nuclear plant’s Unit 2 primary containment vessel, where details on melted fuel damage remain largely unknown.

The Fukushima plant had triple meltdowns following the 2011 quake and tsunami. Finding details about the fuel debris is crucial to determining the right method and technology for its removal at each reactor, the most challenging process during the plant’s decades-long decommissioning.

Toshiba officials said the new device will be sent inside the pedestal, a structure directly below the core, to investigate the area and hopefully to find melted debris. The mission could come as soon as late January.

The device looks like a giant fishing rod about 12 centimeters (4.7 inches) in diameter, from which a unit housing the camera, a dosimeter and thermometer slowly slides down. The probe, attached by a cable on the back, can descend all the way to the bottom of the reactor vessel if it can avoid obstacles, officials said.

Two teams of several engineers will be tasked with the mission, which they will remotely operate from a radiation-free command center at the plant. 

A simpler predecessor to the pipe unveiled Friday had captured a limited view of the vessel during a preparatory investigation in February. A crawling robot sent in later in February struggled with debris on the ground and stalled in the end due to higher-than-expected radiation, its intended mission incomplete.   

The upgraded probe has been co-developed by Toshiba ESS and International Research Institute for Nuclear Decommissioning, a government-funded unit of construction and nuclear technology companies over the past nine months.
…

Bitcoin plunged by a quarter to below $12,000 on Friday as investors dumped the cryptocurrency in manic trading after its blistering ascent to a peak close to $20,000 prompted warnings by experts of a bubble.

It capped a brutal week that had been touted as a new era of mainstream trading for the volatile digital currency when bitcoin futures debuted on CME Group Inc, the world’s largest derivatives market on Sunday.

Friday’s steep fall bled into the U.S. stock market, where shares of companies that have recently lashed their fortunes to bitcoin or blockchain — its underlying technology — took a hard knock in early trading.

The biggest and best-known cryptocurrency had seen a staggering twentyfold increase since the start of the year, climbing from less than $1,000 to as high as $19,666 on the Luxembourg-based Bitstamp exchange on Sunday and to over $20,000 on other exchanges.

Bitcoin has fallen each day since, with losses accelerating on Friday.

In the futures market, bitcoin one-month futures on Cboe Global Markets were halted due to the steep price drop, while those trading on the CME hit the limit down threshold.

In the spot market, bitcoin fell to as low as $11,159, down more than 25 percent on the Luxembourg-based Bitstamp exchange, its largest one-day drop in nearly three years. For the week, it was down around a third — its worst performance since April 2013.

“After its parabolic-like rally, a crash was imminent and so it has proved,” said Fawad Razaqzada, market analyst at Forex.com in London. “Investors may have also been put off buying bitcoin at those elevated levels amid repeated warnings from experts about the way it had climbed near $20,000.”

“A manic upward swing led by the herd will be followed by a downturn as the emotional sentiment changes,” said Charles Hayter, founder and chief executive of industry website Cryptocompare in London. “A lot of traders have been waiting for this large correction.”

“With the end of the year in sight a lot of investors will be taking profits and saying thank you very much and closing their books for the holiday period,” he added.

Warnings about the risks of investing in the unregulated market have increased — Denmark’s central bank governor called it a “deadly” gamble —  and there have been worries about the security of exchanges on which cryptocurrencies are bought and sold.

South Korean cryptocurrency exchange Youbit said on Tuesday it is shutting down and is filing for bankruptcy after it was hacked for the second time this year.

Coinbase, a U.S. company that runs one of the biggest exchanges and provides digital “wallets” for storing bitcoins, said on Wednesday it would investigate accusations of insider trading, following a sharp increase in the price of a bitcoin spin-off hours before it announced support for it.

Crypto-rivals

As rival cryptocurrencies slid along with bitcoin, the total estimated value of the crypto market fell to as low as $440 billion, according to industry website Coinmarketcap, having neared $650 billion just a day earlier.

But other cryptocurrencies surged this week, with investors moving into cheaper digital coins, rather than cashing out of the sector.

Ethereum, the second-biggest cryptocurrency by market size, soared to almost $900 earlier in the week, from around $500 a week earlier. Ripple, the third-biggest, has more than quadrupled in price since Monday.

Stephen Innes, head of trading in Asia-Pacific for retail FX broker Oanda in Singapore, said that there have also been moves out of bitcoin into Bitcoin Cash, a clone of the original cryptocurrency. Oanda does not handle trading in bitcoin.

“Most of it is unsophisticated retail traders getting burned badly,” Innes said on bitcoin’s recent retreat.

While some say the launch by CME and its rival Cboe Global Markets of bitcoin futures over the last two weeks has given the digital currency some perceived legitimacy, many policymakers remain skeptical.

Bitcoin is known to go through wild swings. In November, it tumbled almost 30 percent in four days from $7,888 to $5,555. In September, it fell 40 percent from $4,979 to $2,972.

Reporting by Gertrude Chavez-Dreyfuss in New York and Jemima Kelly in London; Additional reporting by Shinichi Saoshiro in Tokyo; Editing by Keith Weir and Susan Thomas.
…

Russian television anchor Pavel Lobkov was in the studio getting ready for his show when jarring news flashed across his phone: Some of his most intimate messages had just been published to the web.

Days earlier, the veteran journalist had come out live on air as HIV-positive, a taboo-breaking revelation that drew responses from hundreds of Russians fighting their own lonely struggles with the virus. Now he’d been hacked.

“These were very personal messages,” Lobkov said in a recent interview, describing a frantic call to his lawyer in an abortive effort to stop the spread of nearly 300 pages of Facebook correspondence, including sexually explicit messages. Even two years later, he said, “it’s a very traumatic story.”

The Associated Press found that Lobkov was targeted by the hacking group known as Fancy Bear in March 2015, nine months before his messages were leaked. He was one of at least 200 journalists, publishers and bloggers targeted by the group as early as mid-2014 and as recently as a few months ago.

The AP identified journalists as the third-largest group on a hacking hit list obtained from cybersecurity firm Secureworks, after diplomatic personnel and U.S. Democrats. About 50 of the journalists worked at The New York Times. Another 50 were either foreign correspondents based in Moscow or Russian reporters like Lobkov who worked for independent news outlets. Others were prominent media figures in Ukraine, Moldova, the Baltics or Washington.

The list of journalists provides new evidence for the U.S. intelligence community’s conclusion that Fancy Bear acted on behalf of the Russian government when it intervened in the U.S. presidential election. Spy agencies say the hackers were working to help Republican Donald Trump. The Russian government has denied interfering in the American election.

Previous AP reporting has shown how Fancy Bear — which Secureworks nicknamed Iron Twilight — used phishing emails to try to compromise Russian opposition leaders, Ukrainian politicians and U.S. intelligence figures, along with Hillary Clinton campaign chairman John Podesta and more than 130 other Democrats.

Lobkov, 50, said he saw hacks like the one that turned his day upside-down in December 2015 as dress rehearsals for the email leaks that struck the Democrats in the United States the following year.

“I think the hackers in the service of the Fatherland were long getting their training on our lot before venturing outside.”

‘Classic KGB tactic’

New Yorker writer Masha Gessen said it was also in 2015 — when Secureworks first detected attempts to break into her Gmail — that she began noticing people who seemed to materialize next to her in public places in New York and speak loudly in Russian into their phones, as if trying to be overheard. She said this only happened when she put appointments into the online calendar linked to her Google account.

Gessen, the author of a book about Russian President Vladimir Putin’s rise to power, said she saw the incidents as threats.

“It was really obvious,” she said. “It was a classic KGB intimidation tactic.”

Other U.S.-based journalists targeted include Josh Rogin, a Washington Post columnist, and Shane Harris, who was covering the intelligence community for The Daily Beast in 2015. Harris said he dodged the phishing attempt, forwarding the email to a source in the security industry who told him almost immediately that Fancy Bear was involved.

In Russia, the majority of journalists targeted by the hackers worked for independent news outlets like Novaya Gazeta or Vedomosti, though a few — such as Tina Kandelaki and Ksenia Sobchak — are more mainstream. Sobchak has even launched an improbable bid for the Russian presidency.

Investigative reporter Roman Shleynov noted that the Gmail hackers targeted was the one he used while working on the Panama Papers, the expose of international tax avoidance that implicated members of Putin’s inner circle.

Fancy Bear also pursued more than 30 media targets in Ukraine, including many journalists at the Kyiv Post and others who have reported from the front lines of the Russia-backed war in the country’s east.

Nataliya Gumenyuk, co-founder of Ukrainian internet news site Hromadske, said the hackers were hunting for compromising information.

“The idea was to discredit the independent Ukrainian voices,” she said.

The hackers also tried to break into the personal Gmail account of Ellen Barry, The New York Times’ former Moscow bureau chief.

Her newspaper appears to have been a favorite target. Fancy Bear sent phishing emails to roughly 50 of Barry’s colleagues at The Times in late 2014, according to two people familiar with the matter. They spoke on condition of anonymity to discuss confidential data.

The Times confirmed in a brief statement that its employees received the malicious messages, but the newspaper declined to comment further.

Some journalists saw their presence on the hackers’ hit list as vindication. Among them were CNN security analyst Michael Weiss and Brookings Institution visiting fellow Jamie Kirchick, who took the news as a badge of honor.

“I’m very proud to hear that,” Kirchick said.

The Committee to Protect Journalists said the wide net cast by Fancy Bear underscores efforts by governments worldwide to use hacking against journalists.

“It’s about gaining access to sources and intimidating those journalists,” said Courtney C. Radsch, the group’s advocacy director.

In Russia, the stakes are particularly high. The committee has counted 38 murders of journalists there since 1992.

Many journalists told the AP they knew they were under threat, explaining that they had added a second layer of password protection to their emails and only chatted over encrypted messaging apps like Telegram, WhatsApp or Signal.

Fancy Bear target Ekaterina Vinokurova, who works for regional media outlet Znak, said she routinely deletes her emails.

“I understand that my accounts may be hacked at any time,” she said in a telephone interview. “I’m ready for them.” 

‘I’ve seen what they could do’

It’s not just whom the hackers tried to spy on that points to the Russian government.

It’s when.

Maria Titizian, an Armenian journalist, immediately found significance in the date she was targeted: June 26, 2015.

“It was Electric Yerevan,” she said, referring to protests over rising energy bills that she reported on. The protests that rocked Armenia’s capital that summer were initially seen by some in Moscow as a threat to Russian influence.

Titizian said her outspoken criticism of the Kremlin’s “colonial attitude” toward Armenia could have made her a target.

Eliot Higgins, whose open source journalism site Bellingcat repeatedly crops up on the target list, said the phishing attempts seemed to begin “once we started really making strong statements about MH17,” the Malaysian airliner shot out of the sky over eastern Ukraine in 2014, killing 298 people. Bellingcat played a key role in marshaling the evidence that the plane was destroyed by a Russian missile — Moscow’s denials notwithstanding.

The clearest timing for a hacking attempt may have been that of Adrian Chen.

On June 2, 2015, Chen published a prescient expose of the Internet Research Agency, the Russian “troll factory” that won fresh infamy in October over revelations that it had manufactured make-believe Americans to pollute social media with toxic rhetoric.

Eight days after Chen published his big story, Fancy Bear tried to break into his account.

Chen, who has regularly written about the darker recesses of the internet, said having a lifetime of private messages exposed to the internet could be devastating.

“I’ve covered a lot of these leaks,” he said. “I’ve seen what they could do.”
…

The toys your kids unwrap this Christmas could invite hackers into your home.

That Grinch-like warning comes from the FBI, which said earlier this year that toys connected to the internet could be a target for crooks who may listen in on conversations or use them to steal a child’s personal information.

The bureau did not name any specific toys or brands, but it said any internet-connected toys with microphones, cameras or location tracking might put a child’s privacy or safety at risk. That could be a talking doll or a tablet designed for kids. And because some of the toys are being rushed to be made and sold, the FBI said, security safeguards might be overlooked.

Security experts say the only way to prevent a hack is to not keep the toy. But if you decide to let a kid play with it, there are ways to reduce the risks:  

Do your research

Before opening a toy, search for it online and read reviews to see whether there are any complaints or past security problems. If there have been previous issues, you may want to rethink keeping it.

Reputable companies will also explain how information is collected from the toy or device, how the data are stored and who has access to the data. Usually that type of information is found on the company’s website, typically under its privacy policy. If you can’t find it, call the company. If there isn’t a policy, that’s a bad sign.

“You shouldn’t use it,” said Behnam Dayanim, a partner at the Paul Hastings law office in Washington and co-chair of its privacy and cybersecurity practice.

Companies can change their privacy policies, so read them again if you’re notified of a change. 

Use secure Wi-Fi

Make sure the Wi-Fi the toy will be connected to is secure and has a hard-to-guess password. Weak passwords make it easier for hackers to access devices that use the network. Never connect the toy to free Wi-Fi that’s open to the public. And if the toy itself allows you to create a password, do it. 

Power it off

When the toy is not being used, shut it off or unplug it so it stops collecting data. 

“They become less of an attractive target,” said Alan Brill, who is a cybersecurity and investigations managing director at consulting firm Kroll in Secaucus, New Jersey. 

If the item has a camera, face it toward a wall or cover it with a piece of tape when it’s not being used. Toys with microphones can be thrown in a chest or drawer where it’s harder to hear conversations, Brill said.

Register, but don’t give away info

A software update may fix security holes, and you don’t want to miss that fix, Brill said.

But when registering, be stingy with the information you hand over; all they need is contact information to let you know about the update. If they require other information, such as a child’s birthday, make one up. “You’re not under oath,” said Brill. “You can lie.”

Be vigilant

If the toy or device allows kids to chat with other people playing with the same toy or game, explain to children that they can’t give out personal information, said Liz Brown, a business law professor at Bentley University in Waltham, Massachusetts, who focuses on technology and privacy law.

Discussions are not enough; check the chat section to make sure children aren’t sending things they shouldn’t be, Brown said. People could be pretending to be kids to get personal information. “It can get creepy pretty fast,” said Brown.

Reputable companies that make toys with microphones will offer ways for parents to review and delete stored information. Take advantage of that.

Report breaches

If a toy was compromised by a hacker, the FBI recommends reporting it online through its internet crime complaint center at IC3.gov.
…