FTC settles with Lenovo over a built-in snooping software, $3.5 million fine

SAN FRANCISCO —  Lenovo, the world’s second largest computer manufacturer, has settled with the Federal Trade Commission over charges it shipped some of its laptops preloaded with software that compromised security protections in order to deliver ads to consumers. The company will also pay $3.5 million to 32 states that were part of the settlement.

The VisualDiscovery program caused pop-up ads to appear on the user's screen whenever his or her cursor hovered over a similar-looking product on a website. While only information about websites the user visited was transmitted, the program had the ability to access all of a consumer’s sensitive personal information transmitted over the Internet, including login credentials, Social Security numbers, medical information, and financial and payment information, the FTC alleged.

Consumers are frequently shown ads the correspond to their search or viewing history, but it's done via ad tracking software or cookies, which can be turned off on Facebook and Google or by deleting cookies. In the case of the VisualDiscovery software, the software hijacked encrypted web sessions.

“It’s the online equivalent of someone intercepting your mail, opening it, reading it, closing it back up and then putting it back in your mailbox,” said FTC acting chair Maureen Ohlhausen.

The program was created by an third-party advertising software company Superfish that was founded in Israel but headquartered in Palo Alto, Calif. It has since shut its doors.

As many as 750,000 laptops sold in the United States had the program installed from 2014 through 2015, the FTC says.

The FTC alleges that beginning in August of 2014, China-based Lenovo began selling laptops in the United States that came pre-installed with the software program. Consumers weren’t told the software was on their systems.

Beijing-based Lenovo made headlines in 2005 when it purchased IBM’s personal computing division for $1.75 billion, an acquisition that at the time was controversial as many feared it was a beachhead for other Chinese businesses. Today it is the world’s second-largest PC maker, with 20.4% of the global market, very close behind HP which has 21.8%, according to research firm IDC. In 2016 Lenovo's revenue was $43 billion.

Lenovo has published a list of computers that came with the software installed. Its popular ThinkPad laptops were not affected.
“Egregious does describe it,” said Eugene Spafford, founder of the Center for Education and Research in Information Assurance and Security at Purdue University.

“Sadly, other vendors may be doing something similar as the competition for ad revenue is huge, and the mechanisms are not that difficult to build in (or get prepackaged),” he said.

The snooping software was first discovered by and reported by Chris Palmer from the Google Chrome security team.

As part of the settlement, Lenovo must now get consumers' permission before pre-installing any software that injects advertising into consumers' Internet browsing sessions or that transmits sensitive information from their systems to third parties. Lenovo must also implement a comprehensive software security program to test all software the comes preloaded onto its laptops, and that security program will be subject to third-party audits.

In a statement, Lenovo said it "disagrees" with allegations contained in these complaints but is pleased to bring the matter to a close.
In order to be able to show pop-up ads on encrypted websites, the VisualDiscovery program used an insecure method to replace the digital certificates for the websites with its own certificates. VisualDiscovery did not adequately verify that the websites’ digital certificates were valid before replacing them, and used the same, easy-to-crack password on all affected laptops rather than using unique passwords for each laptop, the FTC said.

That meant that even if a consumer went to a website that began with https://, which would lead them to believe they were on a secure and encrypted site, in fact the security had been breached.
“The harm was consumers were buying computers whose basic security features were undermined without their knowledge or consent,” said Ohlhausen.
Lenovo stopped installing the software over a year ago, and many antivirus programs were updated to identify the program and remove it was news about the insecurity broke.

Still, it’s possible that it still exists on some laptops, the FTC said. Lenovo has published instructions on how to remove the Superfish software on its website.

Neither Lenovo nor the FTC are aware of any actual instances of a third party exploiting the vulnerabilities the VisualDiscovery software created to steal user’s communications.

Read More >>

Read More

No more ransomware: How one website is stopping the crypto-locking crooks in their tracks

No More Ransom launched a year ago: here's the story of how cybersecurity firms and law enforcement are working together to bring down ransomware.

Law enforcement organisations and cybersecurity companies around the world have attempted to do what they can to disrupt ransomware -- whether through takedowns of cybercriminal gangs by the authorities or security companies finding and providing decryption keys.
But this disjointed approach can only get so far in the modern hyper-connected world in which criminals cooperate across international borders and time zones.

It's why the No More Ransom initiative was launched a year ago, with the idea of bringing together law enforcement and private industry to combine efforts in the fight against cybercrime.
"It's the idea of everyone bringing what they're best at to the table to jointly try and tackle the biggest threat that we see out there," says Steve Wilson, head of Europol's Cybercrime Centre (EC3).

Launched jointly by Europol, the Dutch National Police, McAfee (then Intel Security), and Kaspersky Lab on July 25 2016, No More Ransom provided keys to unlocking encrypted files, as well as information on how to avoid succumbing to ransomware in the first place.

The portal initially provided decryption tools for four ransomware families: Shade, Rannoh, Rakhn, and CoinVault. It was collaborative work on decrypting CoinVault that led to the creation of a precursor to No More Ransom.
"We were working on CoinVault and did a lot of work with the Dutch police, and we were able to identify the command and control servers the cybercriminals were using," says David Emm, principal security researcher, Kaspersky Lab.

The operation led to Kaspersky uploading free-to-use decryption keys to a website and it took off from there. "It was really successful and this was just one and part of a wider trend, so we wanted to establish wider involvement," he says.

McAfee agreed that this collaboration -- both between competing private firms and the authorities -- was the way forward in the fight against the escalation of ransomware.

"There was just a sense that what would be nice would be to have an initiative to collaborate and work together on. But also to have a single point that people could go to when we create free decryption tools," says Raj Samani, chief scientist at McAfee.

That single place was the No More Ransom portal, which since its launch has been hosted by Amazon Web Services and Barracuda Networks -- and if it wasn't for cloud-hosting, the website would have been overwhelmed on its first day.

"Part of my responsibility was to find a hosting provider and I remember at the time I was asked how many HTTPs requests do you think you'll get a day and I thought 12,000 a day would be reasonable," says Samani.

"On day one we had 2.7 million -- then during one day, the weekend of WannaCry, we had eight million hits in a single day, so it's much bigger than we ever thought."

Following the initial success of the initiative, seven more cybersecurity firms have since joined as associate partners -- Bitdefender, Check Point, Trend Micro, Emisoft, ElevenPaths, Avast and Cert.PL -- each contributing to the development of decryption keys.

Dozens of law enforcement agencies -- including Interpol, Enisa and the NCA -- have also become actively involved in the scheme, which also receives additional support from dozens of security firms. There's now 109 partners in total and for Wilson, the more involved, the merrier: "The more people we get to contribute, the better this resource is going to be," he says.

Cybercrime is a global problem, but while there is more international cooperation between law enforcement agencies than there's been before, rules and regulations mean that sometimes the authorities can't act as quickly as they'd like.

That's a disadvantage against global crime gangs, but private cybersecurity firms can be more flexible, enabling the No More Ransom operation to take the fight to cybercriminals at a faster pace by releasing decryption tools as and when they're developed.

"Law enforcement agencies have restrictions that criminals don't -- they have the logistics of paperwork. Whereas at least under the umbrella of a project like this, there's nothing to slow it down," says Emm.

It's difficult to quantify the exact number of decryptions which have occurred thanks to downloads from No More Ransom -- the portal just provides links, it doesn't monitor what happens next -- but it's thought that over 28,000 decryptions have taken place using the tools, saving millions from being paid to cybercriminals in the process.

"It really strongly justified a single response to this rather than over each country trying to develop something themselves," says EC3's Wilson.

No More Ransom doesn't discriminate about what decryption tools are added to the portal -- sometimes these come in batches, sometimes individual decryptors are uploaded as and when they're made available -- but how does this happen?

There are a number of ways. The first is if encryption keys simply get leaked. Indeed, an example of this occurred just hours after the launch of No More Ransom when the cybercriminal gang behind the Petya ransomware -- long before it caused a global incident -- leaked 3,500 decryption keys for a competing form of ransomware, Chimera. "We were able to grab them and create a tool," says Samani.

But most of the time, decrypting ransomware comes down to hard work, with cybersecurity firms and the authorities working together in order to identify ransomware variants and crack codes.

"Working with law enforcement, we identify the infrastructure, go through the proper legal process to seize the key server and extract the decryption keys," says Samani. That's how Shade ransomware was decrypted, resulting in 165,000 decryption keys being made available.

That's where the aid of law enforcement especially comes in -- a cybersecurity firm can't walk in and seize a botnet, but they can aid in its takedown, as was the case with Operation Avalanche, which took down a prominent malware botnet.

"On the offensive side from us, tackling the actual business model of ransomware-as-a-service and very much going after the large scale perpetrators of cybercrime is very much what we're trying to do," says Wilson.

Naturally, the very existence of No More Ransom has irked malicious actors. "Analysis of the chatter on underground forums shows how angry they are," says McAfee's Samani. "We even had a ransomware variant named after us -- there's an extension that had been encrypted as NoMoreRansom."

So the portal is required to have the best defences possible in order to prevent attacks against it.

"We've got to do all the normal housekeeping things to keep it secure. We've got to pen test it to ensure that it's as secure as we can make it. People are going to want to stop it, we need to make it as resilient as we can," says David Emm.

That's where Barracuda Networks and Amazon Web Services come in -- both powering the portal and keeping it safe from attackers -- in the spirit of cooperation on which No More Ransom is based.

"I'm blown away by how open and collaborative we've been. AWS, for example, hosting it for free, it's incredible, it's probably the most targeted website in the world and they've said OK, no arguments," says Samani.

A year on from the launch of No More Ransom, what's the project's future? An anniversary update includes more decryption tools and the website translated into even more languages to reflect the global interest in the project and to help users and businesses around the world.

The platform is now available in 26 languages, with the most recent additions Bulgarian, Chinese, Czech, Greek, Hungarian, Indonesian, Malay, Norwegian, Romanian, Swedish, Tamil and Thai.

Ransomware is a major problem and while no one is under any illusion that the project is going to eliminate the problem, those behind it are doing all they can to educate against the dangers of ransomware and provide aid against it.

"We totally accept that this isn't a panacea; there's always going to be a lag time between us being able to assist, but we're trying to make that difference," says Wilson.

That's no small task, given ransomware is ever-evolving - and things are likely to get worse before they get better.

Read More >>

Read More

The Petya ransomware is starting to look like a cyberattack in disguise

The ransomware that wasn’t

The haze of yesterday’s massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hack’s reach touched some of the country’s most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual.

The ostensible purpose of all that damage was to make money — and yet there’s very little money to be found. Most ransomware flies under the radar, quietly collecting payouts from companies eager to get their data back and decrypting systems as payments come in. But Petya seems to have been incapable of decrypting infected machines, and its payout method was bizarrely complex, hinging on a single email address that was shut down almost as soon as the malware made headlines. As of this morning, the Bitcoin wallet associated with the attack had received just $10,000, a relatively meager payout by ransomware standards.

“THERE’S NO FUCKING WAY THIS WAS CRIMINALS.”
It leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to Ukraine? It’s not the first time the country has come under cyberattack. (These attacks have typically been attributed to Russia.) But it would be the first time such an attack has come in the guise of ransomware, and has spilled over so heavily onto other countries and corporations.

Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program’s decryption failure in a post today, Comae’s Matthieu Suiche concluded a nation state attack was the only plausible explanation. “Pretending to be a ransomware while being in fact a nation state attack,” Suiche wrote, “ is in our opinion a very subtle way from the attacker to control the narrative of the attack.”

Another prominent infosec figure put it more bluntly: “There’s no fucking way this was criminals.”


There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

THE INFECTIONS SEEM TO TARGET UKRAINE’S MOST VITAL INSTITUTIONS
In each case, the infections seem to specifically target Ukraine’s most vital institutions, rather than making a broader attempt to find lucrative ransomware targets. These initial infections are particularly telling because they were directly chosen by whoever set the malware in motion. Computer viruses often spread farther than their creators intended, but once Petya was on the loose, the attackers would have had no control over how far it reached. But the attackers had complete control over where they planted Petya initially, and they chose to plant it by some of the most central institutions in Ukraine.

The broader political context makes Russia a viable suspect. Russia has been engaged in active military interventions in Ukraine since former president Viktor Yanukovych was removed from power in 2014. That has included the annexation of Crimea and the active movement of troops and equipment in the eastern region of the country, but also a number of more subtle activities. Ukraine’s power grid came under cyberattack in December 2015, an attack many interpreted as part of a hybrid attack by Russia against the country’s infrastructure. That hybrid-warfare theory extends to more conventional guerrilla attacks: the same day that Petya ripped through online infrastructure, Ukrainian colonel Maksim Shapoval was killed by a car bomb attack in Kiev.

“I THINK ULTIMATELY IT’S ABOUT MONEY.”
All that evidence is still circumstantial, and there’s no hard link between yesterday’s attacks and any nation state. It could be Ukraine simply presented a soft target, and the attackers screwed up their payment and decryption systems out of simple carelessness. Functional or not, the software involved still has strong ties to traditional ransomware systems, and even if the attackers didn’t make much money off ransom payments, Petya was still collecting credentials and other data from infected machines, which could be valuable fodder for future attacks. That has led researchers like F-Secure’s Sean Sullivan to hold off on nation-state suspicions. “Maybe there’s multiple ways they’re working the money angle, but I think ultimately it’s about money,” Sullivan told me. “Tigers don’t change their stripes.”

Still, the line between common criminals and state agents can be difficult to parse. A recent indictment in the Yahoo hacking case charged Russian officials alongside freelance hackers, and the division of labor was often unclear. Criminals can be enlisted as privateers, or agents can adopt criminal tactics as a way of disguising themselves. If the suspicions around Petya are correct, that line may be growing even thinner, as globe-spanning attacks get lost in the fog of war. With no clear path to a firm attribution, we may never be able to prove who was responsible for this week’s attacks, or what they hoped to achieve. For anyone digging out a Petya-bricked computer system, that clean getaway is adding insult to injury.The haze of yesterday’s massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hack’s reach touched some of the country’s most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual.

The ostensible purpose of all that damage was to make money — and yet there’s very little money to be found. Most ransomware flies under the radar, quietly collecting payouts from companies eager to get their data back and decrypting systems as payments come in. But Petya seems to have been incapable of decrypting infected machines, and its payout method was bizarrely complex, hinging on a single email address that was shut down almost as soon as the malware made headlines. As of this morning, the Bitcoin wallet associated with the attack had received just $10,000, a relatively meager payout by ransomware standards.

“THERE’S NO FUCKING WAY THIS WAS CRIMINALS.”
It leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to Ukraine? It’s not the first time the country has come under cyberattack. (These attacks have typically been attributed to Russia.) But it would be the first time such an attack has come in the guise of ransomware, and has spilled over so heavily onto other countries and corporations.

Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program’s decryption failure in a post today, Comae’s Matthieu Suiche concluded a nation state attack was the only plausible explanation. “Pretending to be a ransomware while being in fact a nation state attack,” Suiche wrote, “ is in our opinion a very subtle way from the attacker to control the narrative of the attack.”

Another prominent infosec figure put it more bluntly: “There’s no fucking way this was criminals.”


There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

THE INFECTIONS SEEM TO TARGET UKRAINE’S MOST VITAL INSTITUTIONS
In each case, the infections seem to specifically target Ukraine’s most vital institutions, rather than making a broader attempt to find lucrative ransomware targets. These initial infections are particularly telling because they were directly chosen by whoever set the malware in motion. Computer viruses often spread farther than their creators intended, but once Petya was on the loose, the attackers would have had no control over how far it reached. But the attackers had complete control over where they planted Petya initially, and they chose to plant it by some of the most central institutions in Ukraine.

The broader political context makes Russia a viable suspect. Russia has been engaged in active military interventions in Ukraine since former president Viktor Yanukovych was removed from power in 2014. That has included the annexation of Crimea and the active movement of troops and equipment in the eastern region of the country, but also a number of more subtle activities. Ukraine’s power grid came under cyberattack in December 2015, an attack many interpreted as part of a hybrid attack by Russia against the country’s infrastructure. That hybrid-warfare theory extends to more conventional guerrilla attacks: the same day that Petya ripped through online infrastructure, Ukrainian colonel Maksim Shapoval was killed by a car bomb attack in Kiev.

“I THINK ULTIMATELY IT’S ABOUT MONEY.”
All that evidence is still circumstantial, and there’s no hard link between yesterday’s attacks and any nation state. It could be Ukraine simply presented a soft target, and the attackers screwed up their payment and decryption systems out of simple carelessness. Functional or not, the software involved still has strong ties to traditional ransomware systems, and even if the attackers didn’t make much money off ransom payments, Petya was still collecting credentials and other data from infected machines, which could be valuable fodder for future attacks. That has led researchers like F-Secure’s Sean Sullivan to hold off on nation-state suspicions. “Maybe there’s multiple ways they’re working the money angle, but I think ultimately it’s about money,” Sullivan told me. “Tigers don’t change their stripes.”


Still, the line between common criminals and state agents can be difficult to parse. A recent indictment in the Yahoo hacking case charged Russian officials alongside freelance hackers, and the division of labor was often unclear. Criminals can be enlisted as privateers, or agents can adopt criminal tactics as a way of disguising themselves. If the suspicions around Petya are correct, that line may be growing even thinner, as globe-spanning attacks get lost in the fog of war. With no clear path to a firm attribution, we may never be able to prove who was responsible for this week’s attacks, or what they hoped to achieve. For anyone digging out a Petya-bricked computer system, that clean getaway is adding insult to injury.

Read More >>

Read More

Cyberattack Hits Ukraine Then Spreads Internationally

Several companies have been affected by the Petya cyberattack, including, from left, Rosneft, the Russian energy giant; Merck, a pharmaceutical company; and Maersk, a shipping company. Credit Left, Sergei Karpukhin/Reuters; center, Matt Rourke/Associated Press; right, Enrique Castro Sanchez/Agence France-Presse — Getty Images

Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was like a recent assault that crippled tens of thousands of machines worldwide.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world, from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States, were scrambling to respond.

It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after breaking away from the Soviet Union. It spread from there, causing collateral damage around the world.

This outbreak is the latest and perhaps the most sophisticated in a series of attacks that make use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.

Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same N.S.A. hacking tool, Eternal Blue, that was used in the WannaCry incident, and two other methods to promote its spread, according to researchers at the computer security company Symantec.

The N.S.A. has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.

”The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used N.S.A. hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.

The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of organizations around the world failed to properly install the fix.

“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president of security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”

Because the ransomware used at least two other ways to spread on Tuesday, even those who used the Microsoft patch could be vulnerable, according to researchers at F-Secure, the Finnish cybersecurity firm.

A Microsoft spokesman said the company’s latest antivirus software should protect against the attack.

The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.

Ukrainian officials pointed a finger at Russia on Tuesday, though Russian companies were also affected. Home Credit bank, one of Russia’s top 50 lenders, was paralyzed, with all of its offices closed, according to the RBC news website. The attack also affected Evraz, a steel manufacturing and mining company that employs about 80,000 people, the RBC website reported.

In the United States, DLA Piper, the multinational law firm, also reported being hit. Hospitals in Pennsylvania were being forced to cancel surgeries after the attack hit computers at Heritage Valley Health Systems, a Pennsylvania health care provider, and its hospitals in Beaver and Sewickley, Penn., and satellite locations across the state.

A spokesman for the N.S.A. referred questions about the attack to the Department of Homeland Security. “The Department of Homeland Security is monitoring reports of cyber attacks affecting multiple global entities and is coordinating with our international and domestic cyber partners,” Scott McConnell, spokesman for D.H.S., said in a statement.

Computer specialists said the ransomware was very similar to a virus that first emerged last year called Petya. Petya means “Little Peter,” in Russian, leading some to speculate the name referred to Sergei Prokofiev’s 1936 symphony “Peter and the Wolf,” about a boy who captures a wolf.

Reports that the computer virus was a variant of Petya suggest the attackers will be hard to trace. Petya was for sale on the so-called dark web, where its creators made the ransomware available as “ransomware as a service” — a play on Silicon Valley terminology for delivering software over the internet, according to the security firm Avast Threat Labs.

That means anyone could launch the ransomware with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the payment.

That distribution method means that pinning down the people responsible for Tuesday’s attack could be difficult.

The attack is “an improved and more lethal version of WannaCry,” according to Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware when he created a kill switch that stopped the attacks.

In just the last seven days, Mr. Suiche noted that WannaCry had tried to hit an additional 80,000 organizations, but was prevented from executing attack code because of the kill switch. Petya does not have a kill switch.

A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.

Petya also encrypts and locks entire hard drives, while the earlier ransomware attacks locked only individual files, said Chris Hinkley, a researcher at Armor, the security firm.

The hackers behind Petya demanded $300 worth of the cybercurrency Bitcoin to unlock victims’ machines. By Tuesday afternoon, online records showed that 30 victims had paid the ransom, though it was not clear whether they regained access to their files. Other victims may be out of luck, after Posteo, the German email service provider, shut down the hackers’ email account.

In Ukraine, people turned up at post offices, A.T.M.s and airports to find blank computer screens, or signs about closures. At Kiev’s central post office, a few bewildered customers milled about, holding parcels and letters, looking at a sign that said, “closed for technical reasons.”

The hackers compromised Ukrainian accounting software mandated to be used in various industries in the country, including government agencies and banks, according to researchers at Cisco Talos, the security division of the computer networking company. That allowed them to unleash their ransomware when the software, which is also used in other countries, was updated.

The ransomware spread for five days across Ukraine, and around the world, before activating Tuesday evening.

“If I had to guess, I would think this was done to send a political message,” said Craig Williams, the senior technical researcher at Talos.

One Kiev resident, Tetiana Vasylieva, was forced to borrow money from a relative after failing to withdraw money at four automated teller machines. At one A.T.M. in Kiev belonging to the Ukrainian branch of the Austrian bank Raiffeisen, a message on the screen said the machine was not functioning.

Ukraine’s Infrastructure Ministry, the postal service, the national railway company, and one of the country’s largest communications companies, Ukrtelecom, had been affected, Volodymyr Omelyan, the country’s infrastructure minister, said in a Facebook post.

Officials for the metro system in Kiev said card payments could not be accepted. The national power grid company Kievenergo had to switch off all of its computers, but the situation was under control, according to the Interfax-Ukraine news agency. Metro Group, a German company that runs wholesale food stores, said its operations in Ukraine had been affected.

At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, though all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually.

Cybersecurity researchers questioned whether collecting ransom was the true objective of the attack.

“It’s entirely possible that this attack could have been a smoke screen,” said Justin Harvey, the chief security officer for the Fidelis cybersecurity company. “If you are an evil doer and you wanted to cause mayhem, why wouldn’t you try to first mask it as something else?”

Read More >>

Read More

Global Cyberattack: What We Know and Don’t Know

A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.

A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry.

What We Know

• Several private companies have confirmed that they were hit by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, the French multinational Saint-Gobain and the Russian steel, mining and oil companies Evraz and Rosneft.

• Photographs and videos of computers affected by the attack show a message of red text on a black screen. The message read: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

• Kaspersky Lab, a cybersecurity firm based in Moscow, reported that about 2,000 computer systems had been affected by the new ransomware.

• Cybersecurity researchers first called the new ransomware attack Petya, as it bore similarities to a ransomware strain known by that name, which was first reported by Kasperksy in March 2016. But Kaspersky later said that its investigation into the new attack found that it was a type of ransomware that had never been seen before.

• ESET, a Slovakia-based cybersecurity company, said the first known infection occurred early on June 27, through a Ukrainian software company called MeDoc. MeDoc denied that its program was the initial infection point. In a Facebook post, the firm wrote, “At the time of updating the program, the system could not be infected with the virus directly from the update file,” though an earlier message confirmed that its systems had been compromised.

• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.

• Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries.

• ESET and several other cybersecurity companies have identified at least one other exploit used in the attack known as PsExec, which takes advantage of a single computer that has not been updated with the latest software in a network to spread infections by looking for — and using — administrative credentials. By using PsExec, the ransomware continued spreading across systems that had been updated, or patched, after the WannaCry outbreak last month.

• Several cybersecurity researchers have identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some of the victims appear to be paying the ransom, even though the email address used by the attackers has been shut down. That removes the possibility that the attackers could restore a victim’s access to their computer networks, even once ransom is paid.

What We Don’t Know

• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.

• The motives for the attack. Cybersecurity researchers ask why, if the goal of the attack was to force victims to pay ransom, more care was not taken to protect the email address through which attackers could communicate with their victims, or to provide multiple avenues for payment.

• How much bigger this attack will get. Cybersecurity researchers say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again.

What Is Ransomware?

• Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims email that includes a link or a file that appears innocuous but contains dangerous malware.

• Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders and drives on that computer. In some cases, the entire network the computer is connected to can become infected.

• The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency.

Read More >>

Read More

Afghanistan and Pakistan Hit by Huge Earthquake

KABUL, Afghanistan — A deadly earthquake hit northern Afghanistan and Pakistan on Monday afternoon, registering a preliminary magnitude of 7.5 and causing heavy damage in one of the world’s most impoverished and war-torn regions.

At least 122 people were reported killed, with 100 or more of them in Pakistan, and that figure seemed likely to rise significantly, officials in both countries said.

The quake, which struck at 1:39 p.m., was centered in the Hindu Kush mountain range, about 28 miles southwest of the district of Jurm in Afghanistan and about 160 miles northeast of Kabul, the Afghan capital. The quake’s depth was reported at 132 miles, the United States Geological Survey said, and its effects were felt as far away as New Delhi.

People poured into the streets of Kabul, where buildings shook for at least two minutes, and similar scenes played out in Islamabad and Peshawar in Pakistan. Officials in both countries declared emergencies, and military units were ordered to join the response.

In Pakistan, provincial authorities in Peshawar said at least 63 people had been killed in surrounding Khyber-Pakhtunkhwa Province. Severe tolls were also expected in other remote regions of the north, including in the Federally Administrated Tribal Areas, but no immediate confirmation of exact numbers was available because of a breakdown in communications systems.

Reverberations were felt across several provinces in Afghanistan, particularly in northern areas that had already been in turmoil because of a widespread Taliban offensive. There, too, the shaking damaged communication lines, making initial damage difficult to assess.

In Islamabad, the Pakistani capital, people ran out into the open as the earthquake rattled the city. Panic was widespread in neighborhoods with high-rises and multistory apartment blocks, and hundreds of shopkeepers and customers swarmed the main avenue in Blue Area, a commercial neighborhood.

In the northern city of Peshawar, Mehreen Ali, 30, a dentist, said she was sitting in a car outside a shopping plaza when the vehicle started shaking.

“I thought the car was shaking as the driver was leaning against it,” Ms. Ali said. “Then suddenly, people started coming out of the building in front. People were staring at the building as if it was about to fall as it shook.”

In the northern valley of Swat, at least 35 people were killed, local officials said. At least 100 houses were damaged.

Shazia Bibi, 34, said a wall of her house collapsed, injuring her on the head and back. “I was rushing out of the house when the wall collapsed,” Ms. Bibi said from a hospital bed.

Zahir Shah, a resident of Mingora in Swat Valley, said he was sitting in a vehicle with a friend when buildings around them started to shake. They quickly sped away and into an open area for safety. Mr. Shah said he could not reach his relatives in remote areas of the valley as mobile and landline phones were not working.

Hospital officials in Swat said at least 250 people had been brought in for treatment by Monday evening.

Landslides were reported in the mountainous Pakistani regions of Gilgit and Chitral, as boulders fell on to the roads, cutting off many areas. Damage was reported in more central parts of the country as well: In Punjab Province, at least 10 people were wounded when a school wall collapsed in the city of Sargodha.

In Afghanistan, the country’s chief executive, Abdullah Abdullah, called an emergency meeting of senior officials to respond to the disaster. “This is the strongest earthquake that has happened in our country in recent years,” Mr. Abdullah said, warning of the possibility of aftershocks.

Telephone services were disrupted across a wide section of northern Afghanistan. The roll call of affected provinces closely mirrored those hardest hit by surging Taliban attacks in recent months.

In Takhar Province, the collapse of a school building left 12 students dead and 40 others injured, according to Sunatullah Taimoor, a spokesman for the Takhar provincial governor. Some of the victims, all girls aged 6 to 16, were killed in a stampede, he said.

In Baghlan Province, 12 students were injured after a high school collapsed in the city of Pul-i-Kumri, according to Mohammad Nasir Kohzad, the provincial head of national disaster management. Extensive damage was also reported in the areas of Borka and Aq Kotal.

In Nangarhar Province, health officials said seven people were killed and 77 others injured.

In Parwan Province, three people were killed and 13 injured, and 50 houses collapsed, according to Bahauddin Jilani, the leader of the provincial council.

South Asia, where the Indian tectonic plate collides with the Eurasian plate, has a history of devastating earthquakes. In April, more than 8,700 people were killed in Nepal’s worst earthquake in 80 years. And in 2005, tens of thousands were killed in a 7.6 magnitude earthquake centered in the Kashmir region.

Read More >>

Read More

MasterCard Tests 'Selfie Pay' Technology

MasterCard may soon roll out a new feature on its smartphone app that lets users pay for online purchases by taking "selfies."

The financial services company is testing technology that allows customers to authorize transactions using photos of themselves instead of passwords, the company announced in a news release in August.

Some 200 employees of the First Tech Federal Credit Union are currently taking part in a two-month "selfie pay" pilot program, which runs through October, USA Today reports. Another trial is underway in the Netherlands.

Ajay Bhalla, president of MasterCard's security company Enterprise Solutions, has called the technology convenient and secure.

"Passwords are a pain," Bhalla said in a news release when the feature was announced. "They’re easy to forget, they waste our time and they’re not very safe. Biometrics are making online transactions as secure and simple as purchases in person."

If a purchase requires identity verification, customers can hold up their phone cameras, blink and let the app verify with a facial scan, according to USA Today. Blinking safeguards against thieves who might try to bypass security with a photo of the cardholder.

MasterCard is also working to implement voice recognition and even heartbeat recognition to verify a person’s identity, USA Today reports.
Visa is considering a feature similar to "selfie pay." The competing corporation has developed a blueprint to enable biometrics like fingerprints to verify on site transactions, according to USA Today.
Read More >>

Read More

Dutch Investigators Say MH17 Downed by Russian-Made Missile

GILZE-RIJEN AIR BASE, Netherlands—Investigators probing the downing of Malaysia Airlines Flight 17 concluded that a sophisticated, Russian-made antiaircraft missile struck the Boeing Co. 777 jetliner, causing it to break apart in midair and plummet for up to a minute and a half before the wreckage hit the ground.

The Buk missile was fired from eastern Ukraine, said Tjibbe Joustra, chairman of the Dutch Safety Board, as the agency, which is leading the crash investigation, published its final report into the crash that killed all 298 people on board.

It is the first time those involved in the probe have publicly endorsed the long-held view that such a missile was used to shoot down the passenger plane. Ukraine has accused Russian-backed militants operating in the area, while the rebels have suggested Ukrainian forces were responsible.

The crash investigators weren't assigning blame for who fired the missile. Further forensic analysis would be required to determine the exact launch location within a 320-square-kilometer (124-square-mile) area, Mr. Joustra said, adding that such efforts lay outside the scope of the crash probe.

A separate criminal probe investigating culpability is continuing. The Dutch National Public Prosecution Service said its probe, which will run into next year, so far echoes the crash report. “Persons of interest” key to the investigation have been identified, it said, without giving details. It added that investigating and eventually arresting perpetrators can take time.

Accident investigators also concluded that the Ukrainian government should have closed the airspace over the embattled east where the country’s armed forces were battling the separatists. Mr. Joustra said there were sufficient indications commercial flights were at risk after several military planes had been shot down.

The head of Ukraine’s air traffic control service rejected that argument. Before the downing of Flight 17 “no one could imagine that such powerful facilities, powerful equipment such as a Buk could be used against the civil aircraft,” Dmytro Babeichuk said at a news conference.

The Dutch Safety Board urged governments and airlines to do more to reduce the risk of flying over conflict areas, arguing in its 279-page report that the current system “does not work as it should.” It issued several recommendations for change, which represent a boost to a global push to share information about hazards to commercial flights.

That was echoed by Ukraine’s Mr. Babeichuk. “There are no unified, world-wide practices about the total closure of the airspace in such areas,” he said, adding that “one of the examples is Syria, where the airspace still is not closed completely.”

The Dutch safety board is leading the investigation into the cause of the crash because 193 Dutch citizens were on board the flight from Amsterdam to Kuala Lumpur when it was downed while cruising at 33,000 feet on July 17, 2014.

Even after investigators finish their probe, finding justice through the international system could be difficult. Russia in July vetoed a United Nations Security Council resolution to establish a criminal tribunal to investigate the downing.

Malaysia’s transport minister Liow Tiong Lai said his country and other states are trying to set up an independent international court to prosecute those found responsible and that “our fight for justice is far from over.”

Many family and friends of passengers said the investigation didn’t provide the comfort they were hoping for and voiced fears that those responsible will never be punished.

“I’m afraid this will become a political game that will never result in the prosecution of the perpetrators,” said Sigrid Huisman, whose friend Tamara Ernst was on her way to Bali for a backpacking trip. “Are these people still even traceable?”

The Russian maker of the antiaircraft missile tried to cast doubt on the Dutch findings in advance. Almaz Antey gathered hundreds of journalists Tuesday morning in a complex in outer Moscow, where Chief Executive Yan Novikov argued its experiments showed that if MH17 was downed by a Buk system, it was by a different type of missile than Dutch investigators specified.

Dutch authorities established the type of missile based on the pattern of distinctively shaped fragments found in both the wreckage and the bodies from the cockpit, which investigators concluded match only a specific type of Buk warhead.

The missile warhead detonated outside the airplane on the left of the cockpit, spraying hundreds of fragments and killing the three crew members. The forward section of the plane then broke off as the jetliner lost structural integrity, Mr. Joustra said.

It took between a minute and 1 1/2 minutes before the wreckage hit the ground. The report said investigators found no indications that passengers took “conscious actions” after impact. “There may have been reflexive actions such as clutching the armrests of the seat,” the report said.

The blast from the warhead was detected on the cockpit voice recorder.

Russia described the report as politically motivated. Deputy Foreign Minister Sergei Ryabkov told journalists it reflected an “attempt to come to a biased conclusion and carry out political orders,” state news agency Tass reported.

No scenario other than the use of a Buk missile can explain the evidence found, Mr. Joustra said. The main theory propagated in Russia after the crash was that Ukrainian jet fighters shot down MH17, but Mr. Joustra said the wreckage showed clearly that an air-to-air attack didn't down the Boeing 777.

Crash investigators said Malaysia Airlines complied with international air safety rules in planning the flight. On the day of the crash, until the airspace was closed after the shootdown, 160 airliners traversed the skies of eastern Ukraine.

The airline said it welcomed the publication of the report and would continue to work with authorities and support families of those who died in the crash.

Last week, air safety authorities issued a warning to airlines after Russia fired a barrage of cruise missiles from the Caspian Sea against targets in Syria. Several carriers, including Malaysia Airlines, have rerouted planes in response.

The Dutch Safety Board urged airlines to undertake their own risk assessments. “Operators will have to gather information about conflict areas more actively and share relevant information on threats with each other,” it said.

Governments that have information about potential threats should also do more to disseminate that information, crash investigators said. International rules on how risks are judged should be tightened, the investigators advised.

Read More >>

Read More

The United Nations has a radical, dangerous vision for the future of the Web

It may not have intended to, precisely, but the United Nations just took sides in the Internet’s most brutal culture war.

On Thursday, the organization’s Broadband Commission for Digital Development released a damning “world-wide wake-up call” on what it calls “cyber VAWG,” or violence against women and girls. The report concludes that online harassment is “a problem of pandemic proportion” — which, nbd, we’ve all heard before.

But the United Nations then goes on to propose radical, proactive policy changes for both governments and social networks, effectively projecting a whole new vision for how the Internet could work.

Under U.S. law — the law that, not coincidentally, governs most of the world’s largest online platforms — intermediaries such as Twitter and Facebook generally can’t be held responsible for what people do on them. But the United Nations proposes both that social networks proactively police every profile and post, and that government agencies only “license” those who agree to do so.

“The respect for and security of girls and women must at all times be front and center,” the report reads, not only for those “producing and providing the content,” but also everyone with any role in shaping the “technical backbone and enabling environment of our digital society.”

How that would actually work, we don’t know; the report is light on concrete, actionable policy. But it repeatedly suggests both that social networks need to opt-in to stronger anti-harassment regimes and that governments need to enforce them proactively.

At one point toward the end of the paper, the U.N. panel concludes that “political and governmental bodies need to use their licensing prerogative” to better protect human and women’s rights, only granting licenses to “those Telecoms and search engines” that “supervise content and its dissemination.”


In other words, the United Nations believes that online platforms should be (a) generally responsible for the actions of their users and (b) specifically responsible for making sure those people aren’t harassers.

Regardless of whether you think those are worthwhile ends, the implications are huge: It’s an attempt to transform the Web from a libertarian free-for-all to some kind of enforced social commons.

This question, of course, mirrors other, larger debates playing out across the culture, including tiffs over academic “trigger warnings” and debates about Reddit’s foggy future. Writing at Breitbart several weeks ago, the conservative columnist Allum Bokhari described a growing social movement that he dubs “cultural libertarianism”: the rejection of any and all limitations on absolute free expression.


It’s no coincidence that the “cultural libertarians” Bokhari cites are all leading figures in Gamergate, just as it’s no coincidence that the U.N. report references Zoe Quinn, the first victim of that movement. Well over a year after Quinn’s harassment became international news, we still haven’t answered these fundamental questions about what values the Internet should protect and who is responsible for it.

This U.N. report gets us no closer, alas: all but its most modest proposals are unfeasible. We can educate people about gender violence or teach “digital citizenship” in schools, but persuading social networks to police everything their users post is next to impossible. And even if it weren’t, there are serious implications for innovation and speech: According to the Electronic Frontier Foundation, CDA 230 — the law that exempts online intermediaries from this kind of policing — is basically what allowed modern social networks (and blogs, and comments, and forums, etc.) to come into being.

As reports like this are making increasingly clear, however, these platforms were developed by people who never imagined the struggles that women face online. We’re using tools that weren’t designed for us; they had other people and values and priorities in mind.


Is a reckoning — or at least rebalancing — imminent? The United Nations suggests it has to be. But it certainly won’t look like the model dreamt up in this report. For better or worse, that’s several steps too revolutionary.
Read More >>

Read More

Strong Solar Flare Captured in NASA Image; Some Radio Communication Impacted

A moderate solar flare was unleashed by the sun Monday, and NASA's Solar Dynamics Observatory (SDO) captured an image of the stunning event.

Classified as a mid-level solar flare, it peaked at 10:58 a.m. EDT on Monday morning, according to NASA. It was an M7.6 flare, which is more than seven times as strong as an M1 flare. M-class flares are only 10 percent as strong as X-class flares, NASA said, but they still rank on the higher end of moderate flares.

"The moderate eruption is unlikely to cause space weather strong enough to affect Earth, but scientists at the National Oceanic and Atmospheric Administration's Space Weather Prediction Center will nonetheless monitor the after-effects of the flare," said UPI.com in its report.

(MORE: Cold 'Blob' a Reason for Concern)

Scientists do not believe this solar flare is strong enough to turn loose a coronal mass ejection, where gas violently erupts from the sun and eventually hits Earth, according to Space.com. The flare did, however, lead to interference with low-frequency radio communications in South America and over the Atlantic Ocean, and there's a possibility of additional flares in the coming days, the report added.

While a solar flare cannot harm humans on Earth, the larger ones are capable of wreaking havoc on forms of technology and communication. An intense flare could affect the power grid as well as satellite communications, GPS or otherwise, UPI.com added.

The SDO is a relatively young branch of NASA; it was opened in 2010 to help scientists closer study the sun's electromagnetic patterns and how these flares affect us, UPI.com also said.


Read More >>

Read More

Nearly 20 Million People Were Displaced Last Year Because of Extreme Weather

Extreme natural disasters like floods, storms and earthquakes displaced nearly 20 million people in 2014, a new report by the Norwegian Refugee Council (NRC) has found.

Since 2008, an average of 26 million people have been forced to flee their homes every year, due to disasters brought on by natural hazards. That's equivalent to one person being displaced every second, the report said.

However, Mother Nature isn't the only factor to be blamed for the severity of the crisis. Often, the weather or earthquake isn't dangerous in and of itself, but when coupled with poor housing and or infrastructure in densely populated areas, can cause immense damage to life and property.

"A flood is not in itself a disaster, the catastrophic consequences happen when people are neither prepared nor protected when it hits," Jan Egeland, Secretary General of NRC, said in a statement. The NRC is an independent foundation focusing on protecting the rights of refugees and internally displaced people through aid distribution and advocacy.

People around the world are now sixty percent more likely to be displaced by a natural disaster than four decades ago. The reasons vary, but the authors said rapid urbanization and population growth in hazard-prone areas were the key drivers behind increased vulnerability

"The urban population in developing countries has increased by 326 percent since 1970," lead author Michelle Yonetani wrote in the report. "This rapid growth has for the most part been unplanned and poorly governed, leading to high exposure and vulnerability."

Yonetani and her co-authors compiled data from a wide range of sources, including governments, the United Nations, nonprofit organizations, and media reports.

Weather-related disasters, floods in particular, had the largest impact — displacing 17.5 million last year, while geophysical hazards such as earthquakes made 1.7 million people homeless.

According to the Intergovernmental Panel on Climate Change (IPCC), increasing levels of greenhouse gases in the atmosphere will lead to higher global temperatures, raising the risk of more intense droughts and storms, including tropical cyclones with higher wind speeds, a wetter Asian monsoon, and, possibly, more violent mid-latitude storms.

The NRC report says 1998 was the peak year for displacement — a year that coincides with the strongest recorded El Niño — a warming of the central and eastern tropical Pacific Ocean.

El Niños formations are a natural phenomenon that usually occur every two to seven years and can drastically change weather patterns across the globe. El Niño conditions currently exist in the Pacific and many scientists project this year's could be one of the strongest ever. It has already been identified as a major contributing factor in the recent wildfires stretching from California to Alaska and the heavy rainfalls in California.

Kristie Ebi, a professor at University of Washington's global health department, studies the impacts climate change, including extreme events, and how nations might better prepare for them.

"There has been big shift over the last few years in disaster risk management and adaptation to climate change; they have been running along parallel tracks," Ebi told VICE News. "We are now looking at how climate change is affecting how many disasters there could be and how intense they could be."

Related: 'Seek Higher Ground Immediately': Sifting Through the Wreckage of Texas' Deadly Floods

The IPCC in its 2001 report had stated that global warming could cause sea levels to rise 0.11 to 0.77 meters (0.36 to 2.5 feet) by 2100. This alone can lead to massive flooding and can submerge entire coastal cities. Many coastal towns and cities have their hospitals and other disaster relief infrastructure situated near the coast, Ebi said. "In many Pacific islands, the hospitals are in coastal region… If you look at long term projections for sea levels rise and much larger storm surges, you need to move those structures."

The NRC concurs with Ebi that smart infrastructure investment is crucial. The authors found that in Chile, which had one of the largest displacements of 2014, owing to an 8.2 magnitude offshore earthquake, investing in disaster prevention and preparedness paid off brilliantly. Around 970,000 people had to flee low-lying coastal areas in response to a tsunami warning following the tremor, but most were able to return home the following day.

Asia is home to 60 per cent of the world's population, but accounted for 87 percent of the world's displaced people in 2014. China, India, and the Philippines experienced the highest levels of displacement in absolute terms, both in 2014 and for the period from 2008-2014.

At the same time, Europe experienced double its average level of displacement for the past seven years, with 190,000 people displaced, mostly due to the flooding in the Balkans.

The link between extreme weather events and climate change also has some unforeseen consequences. Daniel Chapman, a graduate student at University of Massachusetts Amherst's

Psychological and Brain Sciences Department, has found that linking the two when making appeals for humanitarian relief can make some people, particularly climate change skeptics, view a disaster event and its victims unfavorably.

"While it is true that there is increasing scientific research on the link between disaster trends and climatic changes, in the aftermath of any single disaster it is difficult, if not impossible, to make this connection reliably."


Therefore, he added, "if the purpose of a group's message is to increase humanitarian relief, connecting a disaster with climate change may not be a good option."

Read More >>

Read More

Putin Rules Out Russian Troops Fighting in Syria After Meeting With Obama

Hours after President Barack Obama and Russian President Vladimir Putin exchanged barbs during the UN General Assembly on Monday, the two leaders met for 90 minutes inside the UN Security Council.

The bilateral meeting, held in the company of ministers and advisers, including Secretary of State John Kerry, was perhaps the most eagerly anticipated conclave during this year's General Debate, which began earlier in the day. The topic of discussion was largely expected to be Syria's civil war, where Russia has recently increased its military presence, sending personnel, planes, and vehicles.

Related: Why the Hell Did Russia Intervene in Syria?

The Obama administration has insisted Syrian President Bashar al-Assad must not remain part of any political transition, while Putin says Assad should be offered support as part of efforts to dismantle the so-called Islamic State (IS). That discrepancy was on full display during the speeches the two leaders delivered earlier in the day.

After leaving the Council chambers, Putin bypassed an expectant group of international reporters and gave a press conference exclusively for Russian media, which was broadcast and translated live by RT, the Kremlin's English language media outlet.

According to the translation, Putin called the meeting "very constructive, practical and surprisingly frank."

"We've found a lot of common ground, but there are differences as well," he said.

Putin did not rule out the use of warplanes in Syria, but he did say, however, that Russian troops would not be deployed in fighting, saying "ground operations, involving Russian units, Russian troops — this is out of the question."

Another expected topic of discussion, which American officials insisted earlier in the week would be raised, is the conflict in Ukraine. Moscow annexed the country's Crimea region last year, and Russian soldiers have been documented inside separatist-controlled territory in eastern Ukraine. The Kremlin has insisted that its forces are not in the country.

There was no immediate word from American officials on the content of the discussion on Monday night.

Related: Obama and Putin Talk Trash and Clink Glasses at UN Ahead of Private Meeting

The hour and a half encounter was the second of the day for Obama and Putin. Earlier, the two men sat at the same table during a luncheon hosted by UN Secretary General Ban Ki Moon. The two men clinked glasses during a toast but did not appear to speak to each other.

Asked about the incident, Putin said "this was just a protocol event nothing more."

"You journalists, you really surprise… you are very interesting people," he added.

Follow Samuel Oakford on Twitter: @samueloakford

Read More >>

Read More

Israel adds voice to concerns over Russia's role in Syria

Israel has joined a growing chorus of concern over a reported Russian military buildup in Syria in support of the beleaguered regime of President Bashar al-Assad.

Speaking to reporters, Moshe Ya’alon, the Israeli defence minister, echoed claims by western sources that Moscow has in recent days dispatched military advisers and equipment with the main goal of setting up an airbase in the Syrian government-controlled area around Latakia.

“As far as we understand, at this stage we are talking about a limited force that includes advisers, a security team and preparations for operating planes and combat helicopters,” Ya’alon said in a briefing on Thursday.

Ya’alon’s comments follow statements of concern on Wednesday from the secretary general of Nato, Jens Stoltenberg, and the US secretary of state, John Kerry, who phoned his counterpart in Moscow, Sergei Lavrov, to reiterate his concerns over recent Russian activity.

The information divulged in Ya’alon’s briefing closely resembles comments by US defence officials this week who said the US had seen a variety of Russian military assets flown into the airfield south of Latakia, including troops capable of protecting Russian forces there and modular housing units capable of accommodating up to 1,000 troops.

One US official said the movements indicated that the Russians were preparing for some sort of air operations.

Responding on Thursday, Lavrov defended Russian military assistance to Syria, saying Moscow wanted to avoid a repeat of the “Libyan scenario” in Syria and would therefore provide greater military assistance to the Syrian president if requested.

“We helped, are continuing to help and will help the Syrian government when it comes to supplying the Syrian army with everything it needs,” he said.

Lavrov has said that Russian aircraft flying into Syria have been delivering military supplies and humanitarian aid.

“The planes the Russian Federation is sending to Syria are carrying military items, in accordance with the contracts we have, and humanitarian aid,” he said. “Depending on what cargo the plane is carrying, we request the proper clearance, in full accordance with international law.”

Russia has also reportedly been seeking permissions to use military airspace through Iran. Bulgaria refused permission for its airspace to be used for Russian military traffic seeking to fly to Syria.

Kerry told Lavrov on Wednesday that if the reports were found to be true “it could lead to greater violence” – a message reinforced by the foreign ministries of Germany and France.


Russia complains of 'strange hysteria' over its presence in Syria
 Read more
The claims of an expanding role for Russia in Syria have come as Assad’s forces suffered a series of setbacks, including the loss of a key airfield.

Moscow has backed Assad throughout the nation’s civil war, which has resulted in the deaths of more than 250,000 people. Vladimir Putin, the Russian president, has sought to cast arms supplies to Assad’s government as part of international efforts to combat Islamic State (Isis) and other militant organisations in Syria.

On Wednesday, three unnamed Lebanese officials told Reuters that a small number of Russian advisers were already participating in military operations in Syria in support of regime forces.

Ya’alon described the Russian move as significant and said if the Russians planned on carrying out airstrikes against Isis militants, they would have to coordinate it with a US-led campaign.

The Israeli minister added that Russia’s first goal was likely to protect its interests in Syria, namely the navy base of Tartus on the Mediterranean Sea. Ya’alon did not elaborate on how Israel knew of the Russian deployment in Syria.

In Moscow, Putin recently hinted that Russia might be planning to expand its assistance to Assad. Asked if Russia could deploy its troops to Syria to help fight Isis, Putin said last week that Russia was “looking at various options” but it was too early to talk about it. Dmitry Peskov, Putin’s spokesman, said on Thursday that nothing had changed and Putin’s comments still stood.

Read More >>

Read More

Russian fighter jets enter Syria with transponders off

Washington (CNN)A U.S. official told CNN Thursday that Russian fighter jets turned off their transponders as they flew into Syria in an apparent attempt to avoid detection. The official said the fighters flew very close to a transport plane that had its transponder on and functioning.

U.S. satellites rapidly saw that the aircraft were there, according to the official.

The assessment over the weekend was that the fighter jets were on their way. The same official said the Russians have begun flying drones around the coastal city of Latakia.

Russia launches drones in Syria

With no ISIS fighters in the area, the move raises serious questions about the Russians' intentions with their military buildup, which the U.S. has questioned the purpose of and watched with wariness. The action points to a higher likelihood that the Russian plan is to prop up Syrian President Bashar al-Assad rather than fight the terror group.

Is Russia preparing to move troops to 2 new Syria bases?

The U.S. has its own effort underway to defeat ISIS but has also said that Assad must go.

Asked about what the U.S. can do about the situation, Defense Secretary Ashton Carter told CNN at a press conference Thursday that "it's a matter of seeing what the Russians do."


Carter said he hopes the Russians will fight ISIS, "but if it's a matter of pouring gasoline on the civil war in Syria, that is certainly not productive from our point of view."

Read More >>

Read More

France launches airstrikes against ISIL in Syria

France on Sunday said it launched its first airstrikes against the Islamic State group in Syria.

French President Francois Hollande earlier this month said his country will have to carry out airstrikes against the militants, also known as ISIL and ISIS, in the war-torn country, days after France ordered surveillance flights over ISIL positions there.

Hollande said there was proof that attacks were planned from Syria against several countries including France, and blamed ISIL for Europe's refugee crisis, the largest the continent has faced since World War II.

Announcing the airstrikes, Hollande's office said in a statement Sunday: "Our country thus confirms its resolute commitment to fight against the terrorist threat represented by Daesh (the Arabic acronym for ISIL). We will strike each time that our national security is at stake."

Also Sunday, Iraq's military said it reached a deal to share intelligence with Russia, Iran and Syria in the fight against ISIL, CNN reported. The statement cited "the increasing concern from Russia about thousands of Russian terrorists committing criminal acts within ISIS," according to the broadcaster.

France did not previously carry out airstrikes against ISIL in Syria because it feared such action could maintain the regime of Syrian President Bashar al-Assad. It has however, carried out airstrikes in Iraq. A U.S.- led coalition is carrying out airstrikes against ISIL in both countries.

British Prime Minister David Cameron is expected to drop his opposition to Assad playing a role in any Syrian transitional government when he meets leaders from around the world at the United Nations in New York City on Sunday, the BBC reported.

The broadcaster said Cameron will call for a new diplomatic drive to end the war, which started in 2011, but is expected to insist that Assad stand down.

Millions of refugees from countries including Syria and Iraq, where ISIL has seized vast swaths of territory, have fled to neighboring countries and to Europe. Sunday, an official said at least 17 Syrians drowned after their boat sank off the Turkish coast on the way to the Greek island of Kos, the Anadolu news agency reported.

French security forces had been on high alert since Islamic extremist gunmen, one of whom pledged allegiance to ISIL, carried out a series of attacks in Paris in January that left 20 people dead.

In an Islamist terror attack in June, a man was decapitated at a gas factory in the southeastern city of Lyon. In a separate incident, a gunman on a train heading from Amsterdam to Paris was tackled and subdued by passengers including three Americans in August as he apparently prepared to open fire on passengers.


USA TODAY reporter Kim Hjelmgaard traveled the land route taken by many migrants from Lesbos, Greece, to Berlin. Follow his journey on Twitter and here:

Read More >>

Read More

Russian troops in Syria could end up helping Isis, report claims

The deployment of Russian troops in Syria could end up helping Islamic State as they have been sent to areas where they are most likely to fight other groups opposed to Isis, according to a new report.

The Royal United Services Institute (Rusi) report comes ahead of a US-Russian summit meeting at the UN on Monday, when Barack Obama will question Vladimir Putin on the intention behind Russia’s deepening military involvement in Syria, according to US officials.

The Iranian president, Hassan Rouhani – also in New York for the UN general assembly meeting – rejected suggestions that his country was operating in concert with Russia against Isis. “I do not see a coalition between Iran and Russia on fighting terrorism in Syria,” Rouhani said.

The Rusi report, titled Inherently Unresolved, assesses the global effort to counter the spread of Isis, and warns that Iraq and Syria may not survive as unitary states. It includes a section on Russian aims, particularly those underpinning Putin’s despatch this month of warplanes and troops to Tartus and Latakia in support of Bashar al-Assad’s regime.

Igor Sutyagin, a Russian strategic analyst, said there was an air regiment at Latakia with 28 planes, a battalion of motorised infantry and military engineers as well as a marine battalion at the naval base in Tartus.

The deployment, Sutyagin said, “underlines the contradictions of the Kremlin’s policy”, because the troops were in areas where Isis is not present.

“In this way, Russian troops are backing Assad in the fight against groups such as Jabhat al-Nusra and Ahrar al-Sham, which are themselves opposed to Isis. If Russian troops do eventually join combat, therefore, they would also – technically – be assisting Isis,” Sutyagin argued.


The report says the Russian deployment should not therefore be seen as a change of policy towards fighting Isis directly, but a largely political move designed to save Assad and consolidate Russia’s hold over its naval base at Tartus and its newly built air base in Latakia, while currying favour with the west and the Gulf Arab states who are themselves reluctant to fight Isis on the ground.

“Indeed, the Kremlin may well be hoping that the west will show its appreciation by lifting the sanctions imposed in response to the situation in Ukraine,” Sutyagin said.

The tensions hanging over the Obama-Putin meeting on Monday were highlighted by discord between Washington and Moscow in describing the summit. US officials said it had been requested by Putin. A Russian spokesman insisted it was Obama who asked to meet. The White House said the meeting would address both the conflicts in Ukraine and Syria. The Kremlin said Ukraine would only be raised “if there was time”.

Celeste Wallander, the White House National Security Council’s senior director for Russia, said that Obama would press Putin on his objectives in Syria.


“There’s a lot of talk, and now it’s time for clarity and for Russia to come clear – come clean and come clear on just exactly how it proposes to be a constructive contributor to what is already an ongoing multi-nation coalition,” Wallander told journalists.

Putin meanwhile told CBS News: “There is no other solution to the Syrian crisis than strengthening the effective government structures and rendering them help in fighting terrorism. But at the same time, urging them to engage in positive dialogue with the rational opposition and conduct reform.”

The White House argues that the Russian strategy of entrenching Assad will only serve to deepen the roots of extremism in Syria. Ben Rhodes, a White House spokesman, said that at the UN meeting “the president will have the opportunity to make clear to President Putin that we share the determination to counter Isil [Isis], that we welcome constructive contributions to counter Isil. But at the same time, we believe that one of the principal motivating factors for people who are fighting with Isil is the Assad regime.”

The Rusi report said that it would be “perfectly feasible” to defeat Isis if Turkey and Iran were also engaged in the search for a regional solution. It advised US policymakers to “not give up on the possibility of maintaining the unity of Iraq and Syria, but not be beholden or obsessed with this idea either”.


“If the US could ‘father’ two brand-new states in the Balkans during the 1990s, there is no reason why Washington should not tolerate at least the informal emergence of new states in the Middle East,” the report argued.

Read More >>

Read More