Could MIT's AI headset transcribe your future strategy straight from your brain? →

April 6, 2018 Jonathan Greig

Scientists created a computer interface that can pick up on internal verbalizations based on neuromuscular signals in the jaw and face.

Researchers at MIT's Media Lab announced the creation of AlterEgo, a computer system that can transcribe the words you say in your head, according to an MIT News report. Using hardware that can detect neuromuscular signals in the jaw and face through electrodes, the system can pick up on things that are "undetectable to the human eye."

The system has tied specific neural signals to certain words, the report said, allowing it to decipher the minuscule physical messages your body sends when you internally verbalize something.

Other professors and researchers say this technology could be applied in a number of ways. Thad Starner, a professor at Georgia Tech's College of Computing, told MIT's News Office that the tech would be great in any situation where people need to communicate clearly in loud environments, like airport tarmacs or soldiers and police in tactical situations.

"You can imagine all these situations where you have a high-noise environment, like the flight deck of an aircraft carrier, or even places with a lot of machinery, like a power plant or a printing press," Starner told MIT News. "This is a system that would make sense, especially because oftentimes in these types of or situations people are already wearing protective gear."

Part of the researchers' goal for the project was to make wearable technology that could understand minute signals and create a system where artificial intelligence (AI) worked to enhance the human mind, according to the report.

"The motivation for this was to build an IA device — an intelligence-augmentation device," Arnav Kapur, an MIT graduate student told the campus publication. Mr. Kapur lead the research and development of the system. "Our idea was: Could we have a computing platform that's more internal, that melds human and machine in some ways and that feels like an internal extension of our own cognition?"

Kapur and his thesis advisor, media arts and sciences professor Pattie Maes, said many people are inextricably attached to their smartphones, for better or for worse. Their research team was interested in finding a way to make the vast amount of information on the internet easily accessible and less cumbersome.

"At the moment, the use of those devices is very disruptive. If I want to look something up that's relevant to a conversation I'm having, I have to find my phone and type in the passcode and open an app and type in some search keyword, and the whole thing requires that I completely shift attention from my environment and the people that I'm with to the phone itself," Maes told MIT News.

Instead, Maes and her students have been working on tech tools that can allow a user to access all the information available online while remaining "in the present," she told MIT News.

They initially tested the software during a chess game, with the user silently verbalizing his opponents' moves and an AI algorithm responding with moves the user should make. The devices are constantly learning, correlating more neuromuscular signals with more words and phrases.

The team behind AlterEgo first needed to figure out which part of the face and jaw had the strongest signals so they knew where to put the device. In their paper on the study, they describe the prototype as "a wearable silent-speech interface, which wraps around the back of the neck like a telephone headset and has tentacle-like curved appendages that touch the face at seven locations on either side of the mouth and along the jaws."

Tests indicated that they could get the same results with fewer electrodes on only one side of the face. Further experiments found that, on average, the system transcribed words accurately 92% of the time, the report said. As the device and AI learn more human speech, the accuracy will increase, Kapur said, noting that his own device, which he had been using extensively, had a higher accuracy rate than those used for brief periods by test subjects.

In addition to communication in loud environments, Professor Starner wondered whether the technology could be used for those with speaking disabilities or those who have suffered an illness that ends their ability to speak.

"I think that they're a little underselling what I think is a real potential for the work," Starner told MIT News. "The last one is people who have disabilities where they can't vocalize normally. For example, Roger Ebert did not have the ability to speak anymore because lost his jaw to cancer. Could he do this sort of silent speech and then have a synthesizer that would speak the words?"

*this article was featured on the Tech Republic website on April 6, 2018: https://www.techrepublic.com/article/mit-researchers-develop-tech-to-transcribe-the-words-youre-thinking/

Thousands of Sears, Delta customers affected by data breach →

April 5, 2018 Jonathan Greig

A third-party vendor used by both companies announced that its system had been breached for two weeks starting in September 2017.

Delta Air Lines and Sears Holdings Corp. revealed yesterday that one of its third-party vendors managing online customer chat services had been hacked in September 2017, leaving the credit card information of hundreds of thousands of people open to cybercriminals for more than two weeks.

Questions remain unanswered about why it took so long for the hack to be noticed, and why Delta and Sears were only notified of the data breach in mid-March 2018, months after the initial hack took place.

[24]7.ai, the vendor that was hacked, said in a statement that it was "working diligently with our clients to determine if any of their customer information was accessed." They did not answer multiple questions from the media about why they waited so long to tell the companies about what happened.

The hack began on September 26, 2017 and was discovered by [24]7.ai two weeks later on October 12, 2017.

Sears and Delta said they were working with federal law enforcement and credit card companies to deal with the breach, but gave conflicting information on whether they believe information was stolen or accessed during the two-week window.

"At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised," Delta said in its statement, stressing that no passport information or government IDs were impacted by the hack.

Sears, on the other hand, said, "we believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised," but claimed none of its stores or Sears-branded credit cards had been affected.

"Data security is of critical importance to our company, and we take any matter related to customer's personal information very seriously," Sears said, adding that Kmart customers were also affected by the hack.

Delta would not say how many customers were affected, only referring to it as a "small subset," while Sears said it was less than 100,000. The information that was breached included credit card numbers, addresses, expiration dates, and CVV numbers.

This latest hack comes just days after high-end retailers Lord & Taylor and Saks Fifth Avenue revealed that its systems had been breached. The credit card data of millions is now being sold on the dark web due to the hack.

Like Saks and Lord & Taylor, Delta and Sears have set up websites and hotlines for concerned customers. Both companies also plan to contact customers who they are certain were affected by the hack and reminded their buyers that no one is liable for unauthorized or fraudulent account activity.

*this article was featured on the Tech Republic site on April 5, 2018: https://www.techrepublic.com/article/thousands-of-sears-delta-customers-affected-by-data-breach/

Google employees demand end to company's AI work with Defense Department →

April 5, 2018 Jonathan Greig

More than 3,000 Google employees signed a letter criticizing the company for assisting with Project Maven, a Pentagon initiative involving AI and drone footage.

Google is facing heavy criticism from its own employees following revelations that the tech company is working with the Department of Defense on Project Maven, an effort to use artificial intelligence (AI) image recognition software to sort through drone and security footage.

"We cannot outsource the moral responsibility of our technologies to third parties," they wrote in a letter signed by 3,100 employees. "Building this technology to assist the US Government in military surveillance - and potentially lethal outcomes - is not acceptable."

Outrage has been growing within Google since the pact with the Pentagon was announced last year. The deal involves Google's TensorFlow software, which the letter says is being adapted into "a customized AI surveillance engine that uses 'Wide Area Motion Imagery' data captured by US Government drones to detect vehicles and other objects, track their motions, and provide results to the Department of Defense."

In a statement, Google said the project is for "non-offensive purposes" and was only intended "to save lives and save people from having to do highly tedious work."

"Any military use of machine learning naturally raises valid concerns," Google said in the statement. "We're actively engaged across the company in a comprehensive discussion of this important topic and also with outside experts, as we continue to develop our policies around the development and use of our machine learning technologies."

Both Google and the Pentagon have stressed that the technology is not ready to be used in combat situations, with Marine Corps Col. Drew Cukor telling the audience at the 2017 Defense One Tech Summit audience that "AI will not be selecting a target [in combat] ... any time soon. What AI will do is [complement] the human operator."

But Col. Cukor also said that he believes the Defense Department is "in an AI arms race," and acknowledged that "the big five Internet companies are pursuing this heavily."

Cukor later added: "Key elements have to be put together...and the only way to do that is with commercial partners alongside us."

According to the Wall Street Journal, the Defense Department spent $7.4 billion on technology involving AI last year, and Google, Microsoft, and Amazon are openly battling for a variety of defense contracts involving cloud computing and other software.

But the employee letter argues that Google is damaging its brand by working on Project Maven and contributing to "growing fears of biased and weaponized AI."

"The argument that other firms, like Microsoft and Amazon, are also participating doesn't make this any less risky for Google," the letter said. "Google's unique history, its motto Don't Be Evil, and its direct reach into the lives of billions of users set it apart."

Project Maven began in April last year, with the stated goal of utilizing machines to capitalize on the Defense Department's massive troves of data collected through drone footage and surveillance operations. AI is already used by other parts of the military, and since 2014 has been used widely in law enforcement.

The Justice Department now promotes the use of AI software to do "risk assessments" on how likely a person on trial is of committing a future crime. The scores are often handed to judges and affect sentencings in states across the country, having disastrous effects. Black defendants were 77% more likely to be pegged as "at higher risk of committing a future violent crime" and 45% were "more likely to be predicted to commit a future crime of any kind," according to ProPublica.

Google has tried to tamp down concerns about handing over vital AI recognition software to the Defense Department, with former Alphabet Executive Chairman Eric Schmidt admitting last year in an interview that "there's a general concern in the tech community of somehow the military-industrial complex using their stuff to kill people incorrectly, if you will."

But Schmidt went on to say in that interview that it was vital that he and other tech industry leaders stay in communication with the military "to keep the country safe."

Yet many of Google's employees disagreed, starting the letter off with: "We believe that Google should not be in the business of war."

*this article was featured on the Tech Republic site on April 5, 2018: https://www.techrepublic.com/article/google-employees-demand-end-to-companys-ai-work-with-defense-department/

Hackers hit Saks Fifth Avenue and Lord & Taylor, stealing credit card data of millions →

April 2, 2018 Jonathan Greig

Russian-speaking hackers compromised systems at the luxury retail outlets in May 2017, and are now offering the data of millions on the dark web.

Hackers have put the credit card data of 125,000 people up for sale on the dark web and have the information of another 5 million people after infiltrating the systems of high-end retailers Saks Fifth Avenue and Lord & Taylor.

Both stores are owned by Canada-based Hudson's Bay Company, which only confirmed the hack after cybersecurity firm Gemini Advisory released information on the breach in coordination with a number of affected financial institutions. The Gemini Advisory report estimates that the breach first occurred in May 2017, but was only detected after the hackers announced details of their attack in March 2018.

On Wednesday, March 28, infamous hacking syndicate JokerStash, also known as Fin7, announced that it had information from 5 million credit and debit cards, which it was offering for sale on the dark web.

According to Gemini Advisory, the financial institutions involved have confirmed that the credit and debit card numbers are real and say most were stolen from stores in New York and New Jersey. The data was stolen through malware that was installed on cash registers and was still funneling card numbers to the hacking group until last month, the report said.

In a statement, Saks Fifth Avenue said they "took steps to contain" the hack and "believe it no longer poses a risk to customers shopping at our stores."

"Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring," Saks Fifth Avenue wrote in the statement, adding that their e-commerce sites had not been affected by the hack.

But Gemini said the hackers are openly offering about 35,000 card numbers for sale from Saks Fifth Avenue and about 90,000 from Lord & Taylor, with almost 5 million more they can continue to sell for years.

"The theft of five million payment cards is undoubtedly among the most significant credit card heists in modern history, and will negatively affect a large number of consumers in North America," Gemini Advisory wrote.

"Cardholders who frequently shop at luxury retail chains like Saks Fifth Avenue are more likely to purchase high-ticket items regularly; therefore, it will be extremely difficult to distinguish fraudulent transactions from those of a legitimate nature, allowing criminals to abuse stolen payment cards and remain undetected for a longer period of time," Gemini Advisory continued.

JokerStash is well known for its hacks of many stores and outlets, including Whole Foods, Chipotle, Omni Hotels & Resorts, and Trump Hotels, the report said.

The hack comes on the heels of other major security breaches at companies across the country in the last five years. Just last year, credit reporting company Equifax admitted that data—including social security numbers, addresses, tax ID numbers, and driver's license information—from 145.5 million Americans had been stolen. Additionally, 56 million card numbers were stolen from Home Depot in 2014 and 40 million from Target in 2013.

Sportswear company Under Armour admitted on Friday that hackers had broken into their system and stolen data from the MyFitnessPal fitness-tracking app, exposing information from 150 million users.

Gemini urged all brick-and-mortar stores to switch from magnetic stripe card machines to Europay Mastercard and Visa, or EMV, terminals, which are able to verify purchases through a microchip in the physical card itself.

*This story was featured on Tech Republic’s website on April 2, 2018: https://www.techrepublic.com/article/hackers-hit-saks-fifth-avenue-and-lord-taylor-stealing-card-data-of-millions/

SpaceX plan for global satellite internet service approved by FCC →

March 30, 2018 Jonathan Greig

SpaceX is seeking to create a 4,425-satellite broadband network that the FCC believes will provide internet to underserved parts of America and the rest of the world.

The FCC has put its weight behind a plan by aerospace manufacturer SpaceX to cover large swathes of the United States with broadband internet through a large constellation of satellites, according to an official document released Thursday.

The plan, named "Starlink" by SpaceX founder and CEO Elon Musk, was heavily criticized by a number of satellite companies, including OneWeb, Telesat, and ViaSat, for a variety of reasons. The companies were concerned about the interference caused by such a massive constellation of new satellites in a space that is already crowded with many objects. According to the FCC authorization memorandum, they even filed petitions to deny theSpaceX Application.

They also expressed worry about SpaceX's plan for the falling orbital debris that will inevitably come from their proposal, and were even backed up by NASA on the issue, according to the memorandum.

"The National Aeronautics and Space Administration (NASA) also raises the general concern, mainly in response to SpaceX's satellite constellation, that NGSO applicants seeking to deploy a large number of satellites (i.e., over 4,000) may need to ensure a higher degree of reliability in their post-mission disposal operations than NASA's current 90% reliability standard," the FCC wrote in the memorandum.

But SpaceX assured their competitors and NASA that it would fully comply with any FCC rulings on the issue, provide updates to the debris plan closer to the launch date, would share the location data of their satellites with other companies and "has designed its spacecraft with the capability to avoid potential collisions, which it can use as necessary to ensure safe operating distances," as noted in the memorandum.

FCC Commissioner Jessica Rosenworcel attached a statement to the memorandum addressing the issue of orbital debris and other problems that may hinder activities in space.

"A next-generation space race is unfolding. However, this rush to develop new space opportunities requires new rules," Rosenworcel said in the statement. "Despite the revolutionary activity in our atmosphere, the regulatory frameworks we rely on to shape these efforts are dated. They were designed for a time when going to space was astronomically expensive and limited to the prowess of our political superpowers."

Rosenworcel added: "Today, the risk of debris-generating collusions is reasonably low. But they've already happened—and as more actors participate in the space industry and as more satellites of smaller size that are harder to track are launched, the frequency of these accidents is bound to increase. Unchecked, growing debris in orbit could make some regions of space unusable for decades to come."

Despite the complaints, the FCC hailed the decision to approve the plan as a massive step forward and FCC Chairman Ajit Pai personallypraised the idea in February, highlighting how the move will help rural communities gain greater access to the internet.

"To bridge America's digital divide, we'll have to use innovative technologies. Satellite technology can help reach Americans who live in rural or hard-to-serve places where fiber optic cables and cell towers do not reach," Pai said. "If adopted, it would be the first approval given to an American-based company to provide broadband services using a new generation of low-Earth orbit satellite technologies."

CEO Musk wrote on Twitter that the "Starlink constellation will serve least served" and SpaceX COO Gwynne Shotwell told TechCrunch that their planwill create "a next-generation satellite network that can link the globe with reliable and affordable broadband service, especially reaching those who are not yet connected."

According to the memorandum, SpaceX will need to have at least 50% of its satellites "in the assigned orbits, and operate them in accordance with the station authorization no later than March 29, 2024."

SpaceX petitioned for more time, claiming the deadline would require "a launch cadence of more than 60 satellites per month, beginning on the day the Commission grants a license, which would be impractical, and that deployment of its full constellation is not necessary to allow it to commence delivery of broadband service."

The FCC denied their petition for a waiver, but left the door open for SpaceX to submit another waiver request once it had a better understanding of how much time it needed to get all of the satellites into orbit.

SpaceX launched test versions of the satellites in February and hopes to eventually offer a subscription-based internet service.

*this article was featured on the Tech Republic website on March 30, 2018: https://www.techrepublic.com/article/spacex-plan-for-global-satellite-internet-service-approved-by-fcc/

Microsoft inches closer to commercially-viable quantum computing →

March 29, 2018 Jonathan Greig

Microsoft's quest to create a powerful quantum computer comes closer to reality with the help of an elementary particle.

Microsoft is slowly making headway in the race toward commercially-viable quantum computing, tapping into the unique properties of a certain particle to address issues engineers at many tech companies have been struggling with for decades.

Alphabet, IBM, and a number of smaller companies are all competing for "quantum supremacy," a disputed term referring to the point at which quantum computers will be able to handle calculations beyond the capacity of the world's best supercomputers.

"[Quantum supremacy] is very catchy, but it's a bit confusing and oversells what quantum computers will be able to do," Simon Benjamin, a quantum expert at Oxford University, told MIT's Technology Review. He added that even as the abilities of quantum computers improve, classic computers will still be faster and cheaper.

"Using a quantum computer would be like chartering a jumbo jet to cross the road," Benjamin said.

Quantum computing relies on quantum bits or qubits, which store information. Classic computers store information as either 1s or 0s, but qubits are special because they "can exist in multiple states of 1 and 0 at the same time—a phenomenon known as superposition," according to MIT's Technology Review.

"What this boils down to is that even though a few extra bits make only a modest difference to a classical computer's power, adding extra qubits to a quantum machine can increase its computational power exponentially," they wrote. "That's why, in principle, it doesn't take all that many qubits to outgun even the most powerful of today's supercomputers."

The problems come in creating and maintaining qubits, which require conditions akin to outer space and can lose their fragile quantum state, making them more likely to be significantly error-prone, according to MIT While scientists and engineers are working to deal with this through software and additional qubits, the exponential errors that come with higher numbers of qubits have kept commercially-viable quantum computing a distant dream.

"If you had 50 or 100 qubits and they really worked well enough, and were fully error-corrected—you could do unfathomable calculations that can't be replicated on any classical machine, now or ever," Robert Schoelkopf, a Yale professor and founder of a company called Quantum Circuits, told the MIT Technology Review. "The flip side to quantum computing is that there are exponential ways for it to go wrong."

Alphabet announced earlier this month, at the annual American Physical Society meeting in Los Angeles, that their quantum computing chip "Bristlecone" had 72 qubits, surpassing IBM's 50-qubit processor released last year. But the more qubits you add, the more potential errors that come along with it, leading some researchers to ask how the computers can be trusted with calculations that cannot be checked by any other machine.

Alphabet has tried to address this issue by performing calculations right at the edge of what most supercomputers are capable of, believing that if they can show they can get that far, the addition of even one more qubit would prove the quantum computer could vastly outperform a classic computer.

Microsoft is trying something different than the other companies, focusing their attention on Majorana fermions, particles that can be their own antiparticle, according to Bloomberg. When these particles are used in quantum computers, the error rates are significantly lower than those of the machines heralded by Alphabet and IBM.

The goal, according to Microsoft, is to eventually rent access to quantum computers for a variety of purposes, including artificial intelligence (A), drug design through chemistry, and financial industry models. While Alphabet and IBM are racing to get to quantum supremacy first, Microsoft is focusing on how to make quantum computers viable machines that can be used in any number of fields and produce accurate information, the Bloomberg report noted.

Microsoft has not even been able to create a qubit yet, but they believe that once they can, their quantum computer will be 10,000 times more accurate than anything currently being produced by Alphabet, IBM, and D-Wave Systems Inc., which was the first company to sell limited-application quantum computers.

Todd Holmdahl, a Microsoft executive, told Bloomberg that they are at most five years away from producing a quantum computer that could be sold on the market.

*this article was featured on the Tech Republic website on March 29, 2018: https://www.techrepublic.com/article/microsoft-inches-closer-to-commercially-viable-quantum-computing/

Baltimore emergency 911 dispatch hacked, taken offline for 17 hours →

March 28, 2018 Jonathan Greig

The cyberattack slowed emergency response times as dispatchers had to resort to manual methods.

Government officials in Baltimore recently confirmed that their emergency dispatch system was infiltrated by unknown hackers around 8 am on Sunday, forcing the city to shut the entire system down and handle emergency calls manually for nearly 17 hours.

The office of Baltimore Mayor Catherine Pugh confirmed the hack yesterday and the city's CIO, Frank Johnson, told the Baltimore Sun that instead of emergency calls being "being relayed to dispatchers electronically, they were relayed by call center support staff manually."

Hackers breached the city's CAD system, which manages 911 and 311 calls, and city officials quickly took the affected server offline, Johnson told the Baltimore Sun. City officials didn't comment in detail on the situation, although they confirmed that the police department and the FBI became involved almost immediately. The system was eventually restored at 2 am on Monday.

The story of what happened in Baltimore gained prominence this week as Atlanta also struggled with a similar but even more widespread hacking event, as reported by our sister site ZDNet.

Since Thursday, all of Atlanta's government computers were shut down during a ransomware attack by notorious hacking group SamSam. Just last year, the group hacked into the Dallas emergency system and set off tornado sirens, according to the New York Times.

In Atlanta this weekend, the group demanded a $51,000 payment in Bitcoin in exchange for releasing all of the government's files and threatened to destroy them if they weren't paid. Details on the resolution are murky due to the ongoing government investigation, but Atlanta city officials were able to use their computers again on Tuesday, the Times reported. At a press conference, Atlanta Mayor Keisha Lance Bottoms called the multi-day hack a "hostage situation."

Law enforcement officials across the country have been raising the alarm about possible cyberattacks to government entities, highlighting the fact that hackers have been upping the ante against hospitals and emergency services, believing them to be the parts of government that can least afford to be down for long periods of time.

CIOs in a number of states said in a 2016 ICMA survey that local governments needed to prioritize cybersecurity like any other service, due to the rapidly rising number of attacks.

"The survey...found that about one-quarter of local governments reported that they were experiencing attacks of one kind or another, successful or not, at least as often as once an hour," the New York Times wrote. But they added that only about a third of local governments had a detailed plan to handle hacking situations.

"A smart local government will have fire, police and cybersecurity at the same level," David Jordan, CISO for Arlington County, VA, told the New York Times.

*this article was featured on the Tech Republic website on March 28, 2018: https://www.techrepublic.com/article/baltimore-emergency-911-dispatch-hacked-taken-offline-for-17-hours/

Google's move to mobile-first indexing means solid mobile development is a necessity →

March 27, 2018 Jonathan Greig

As mobile searches overshadow desktop searches, Google's indexing and ranking system will now rely on the mobile version of a company's website.

Google officially announced that it was migrating all websites to mobile-first indexing, meaning their indexing and ranking system will now use the mobile version of a website as opposed to the desktop version, the firm announced in a press release.

The move comes in response to the rise in Google searches on mobile devices, the release said. Mobile searches now far exceed desktop searches, and for more than a year Google has been experimenting with mobile-first indexing.

"To recap, our crawling, indexing, and ranking systems have typically used the desktop version of a page's content, which may cause issues for mobile searchers when that version is vastly different from the mobile version,"Google noted in the release. "Mobile-first indexing means that we'll use the mobile version of the page for indexing and ranking, to better help our - primarily mobile - users find what they're looking for."

Mobile-first indexing allows Google to provide people searching for things with websites that are specifically optimized for the platform they are searching on. Many website now have mobile-friendly, responsive versions of their website that are tailored for smartphones or tablets.

In its press release, Google said that while the change will not affect rankings, developers and businesses are encouraged to make their websites more mobile-friendly.

Companies in all industries should take this change seriously, as their ranking in the search engine could directly impact their business. Google also announced in 2016 that it was prioritizing sites built with the open source Accelerated Mobile Pages (AMP) in mobile search, so that may be a good place to start in developing a mobile strategy.

Google has already notified some businesses and websites of the changes through their Search Console, the release noted. Even though rankings will not be affected, since 2015 Google has included a website's mobile-friendliness into its index, and mobile-friendly websites do perform better in searches on mobile devices. Websites that load faster also do better in Google's rankings.

"Mobile-first indexing is about how we gather content, not about how content is ranked. Content gathered by mobile-first indexing has no ranking advantage over mobile content that's not yet gathered this way or desktop content," the released noted. "Moreover, if you only have desktop content, you will continue to be represented in our index."

*this article was featured on the Tech Republic website on March 27, 2018: https://www.techrepublic.com/article/googles-move-to-mobile-first-indexing-means-solid-mobile-development-is-a-necessity/

Could Facebook's data debacle force more companies to act like Apple on privacy? →

March 26, 2018 Jonathan Greig

Apple CEO Tim Cook called on Congress to create tougher measures protecting people's data and privacy.

At a recent forum in Beijing, Apple CEO Tim Cook called on US legislators to address digital privacy issues, highlighting the need for corporations to let their customers know how, when, and why their data is being used.

"The ability of anyone to know what you've been browsing about for years, who your contacts are, who their contacts are, things you like and dislike and every intimate detail of your life—from my own point of view, it shouldn't exist," he told the crowd at the annual China Development Forum on Saturday.

Cook later added: "I think that this certain situation is so dire and has become so large that probably some well-crafted regulation is necessary."

Facebook is reeling from revelations aired last week that the company had been allowing third-party app makers, developers, and others widespread access to significant amounts of their data. Many users have complained that they were not aware of Facebook's use of their personal data, 'like' history, and other profile features.

The news has prompted a growing #DeleteFacebook movement, wreaking havoc on Facebook's stock market position and forcing CEO Mark Zuckerberg to release multiple apologies, even acquiescing to possible legislation by Congress.

"We've worried for a number of years that people in many countries were giving up data probably without knowing fully what they were doing and that these detailed profiles that were being built of them, that one day something would occur and people would be incredibly offended by what had been done without them being aware of it," Cook said, according to Bloomberg. "Unfortunately that prediction has come true more than once."

British news outlet Channel 4 released a series of videos and stories last weekillustrating how political consulting firm Cambridge Analytica used over 50 million American Facebook profiles to craft and bombard people with hyper-specific political messaging, some of which they openly admitted was propaganda and false information.

Both US and EU lawmakers are scrutinizing Cambridge Analytica's actions as well as Facebook's privacy policies concerning how they store and market access to people's data.

In an attempt to address this very issue, the EU passed the General Data Protection Regulation (GDPR), a set of rules designed specifically to protect data collected by any company that does business in any EU nation. The 2016 legislation comes into effect on May 25, and companies are scrambling to comply with it.

"Under the GDPR, before processing any personal data, a business must ask for explicit permission from the subject. The request must use clear language. The provisions of the regulation specifically outlaw the use of long documents filled with legalese, so hiding permissions within a tome called Terms and Conditions or Privacy Policy will not suffice," according to Tech Republic. "The consent must be given for a specific purpose and must be requested separately from other documents and policy statements."

Cook's predecessor, Steve Jobs, called on companies in 2010 to do many of the things listed in the GDPR themselves, warning of privacy issues that may crop up in the future.

"Privacy means people know what they're signing up for, in plain English, and repeatedly," Jobs said in a speech, according to TechCrunch. "I'm an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data."

*this article was featured on the Tech Republic website on March 26, 2018: https://www.techrepublic.com/article/could-facebooks-data-debacle-force-more-companies-to-act-like-apple-on-privacy/

Report: Cryptojacking exploded 8,500% in 2017 as Bitcoin gained value →

March 23, 2018 Jonathan Greig

Security provider Symantec said that nearly a quarter of the attacks it blocked in December 2017 were related to cryptojacking.

The rise in value and popularity of Bitcoin at the end of 2017 corresponded with a massive spike in blocked cryptojacking attempts, according to cybersecurity software firm Symantec.

In their report on the cybersecurity threat landscape in 2017, Symantec found that the number of attempted cryptojackings—wherein someone attempts to hijack your computing device to mine for cryptocurrency—skyrocketed by 8,500% in the last three months of 2017.

"Cyber criminals use coinminers to steal victims' computer processing power and cloud CPU usage to mine cryptocurrencies," Symantec wrote in their report. "Cyber criminals started trying to make money this way primarily because there was a huge rise in the value of cryptocurrencies in the last quarter of 2017, making this type of cyber crime extremely profitable."

Mining for cryptocurrencies requires a significant amount of processing power and ancillary costs that can be too expensive for the average person, prompting many hackers and cybercriminals to create coinminers that can hijack someone else's computer, often without their knowledge.

These coinminers bleed your computer's energy dry, slow down your computer and can cause the batteries in your device to break down. For large companies or corporations, the discovery of a coinminer in your system may result in massive CPU costs and require network shutdowns to remedy.

Sweden, which is attempting to become the first country with its own cryptocurrency, saw a 10,000% jump in cryptojacking attempts at the end of 2017, according to the TheLocal.se.

Another security firm, Check Point, said in January that it too had found a massive increase in cryptomining malware. The research found that "the tools can be hacked to dominate more power and generate more revenue, using as much as 65% of the end-users' CPU power," according to a report.

Kaspersky Lab's Yaroslava Ryabova noted that "Over the past six months, cybercriminals have raked in more than $7 million through injecting cryptominers."

Just last month, Tesla was forced to address this issue after a security firm found that their cloud environment was being used by hackers to mine cryptocurrency. The same security company, Redlock, found coinminers using the cloud at two other companies in October.

"The message from this research is loud and clear — the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities," Redlock's CTO and head of the CSI team, Gaurav Kumar, said in a statement to Finance Magnates.

In its report, Symantec also noted that while most coinmining apps are used to hijack computers or phones, some have started to attack IoT (Internet of Things) devices as well.

"We observed a 600 percent increase in overall attacks on IoT devices in 2017, showing that while they didn't make headlines like they did thanks to the Mirai botnet in 2016, they are still very much a target for cyber criminals," Symantec said in the report.

The numbers will only rise as more criminals look to use the processing power of other devices to mine for more cryptocurrency, Symantec's director of security response Kevin Haley told The Verge.

"While a great portion of these threats are browser-based, hijacking PCs, Macs and smartphones, attackers are moving to obtain more processing power to drive greater profit," he said.

*this article was featured on the Tech Republic website on March 23, 2018: https://www.techrepublic.com/article/report-cryptojacking-exploded-8500-in-2017-as-bitcoin-gained-value/

IoT security spending to hit $1.5B in 2018 as targeted cyberattacks grow rampant

March 21, 2018 Jonathan Greig

Spending on security for smart devices will see a 28% increase from last year, eventually hitting $3 billion by 2021.

As Internet of Things (IoT) devices like Apple's HomePod and Amazon's Echo become more popular, attempts to hack these devices have also increased, prompting industry leaders to spend more time and money on security in an effort to address the issue.

Some 20% of organizations have experienced at least one IoT attack in the last three years, according to a new report from Gartner. While spending on security for smart devices will reach more than $1.5 billion this year, the firm predicts, the inability of the industry to prioritize and implement "security best practices" is hampering efforts to tackle the problem, according to a press release.

"Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed," Ruggero Contu, research director at Gartner, said in the release. "However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider's alliances with partners or the core system that the devices are enhancing or replacing."

The entire IoT industry is in need of better regulation, Gartner said in the report, and as more smart devices are weaved into other heavily regulated industries such as healthcare and automotives, companies will be forced to comply with more stringent security rules.

"This innovation, often described as Industrial Internet of Things (IIoT) or Industry 4.0, is already impacting security in industry sectors deploying operational technology (OT), such as energy, oil and gas, transportation, and manufacturing," Contu said in the release.

The tech industry has been grappling with the security of IoT devices for years, most notably since a massive cyber attack in the fall of 2016 left many of the internet's biggest websites down for hours across the globe.

The attack featured the use of the " Mirai botnet" which focused specifically on targeting IoT devices, giving it access to thousands of different entry points into a system.

David Fidler, an adjunct senior fellow for cybersecurity at the Council on Foreign Relations, told The Guardian in 2016 that he couldn't remember a hacking attempt even half the size of the Mirai attack.

"We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it. The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible," Fidler told The Guardian.

"Imagine what a well-resourced state actor could do with insecure IoT devices," he added.

More and more governments are integrating smart technology and IoT devices into every aspect of daily life, but the security is often an afterthought.

Despite many new regulations aimed specifically at IoT deployment, few, if any companies, governments and people take the time to secure their devices, according to a report from Future Markets Research.

"Although a number of governing authorities have issued guidelines to be followed by IoT device manufacturers so as to protect against cyber-attacks on IoT networks and devices, many device manufacturers and users are not strictly adhering to these guidelines," they wrote in the report, which focused on IoT security between 2017 and 2027.

"Non-adherence to these guidelines results in security lapses, which cyber attackers can take advantage of and this creates challenges for IoT security solution providers. This factor is expected to hamper growth of the IoT security product market to a large extent," they said.

*this article was featured on the Tech Republic website on March 21, 2018: https://www.techrepublic.com/article/iot-security-spending-to-hit-1-5b-in-2018-as-targeted-cyberattacks-grow-rampant/