The company sent an alert to the Democratic National Committee on Friday warning about attempts, the Wall Street Journal reported. 

The hacking campaign is a stark reminder that basic security steps like two-factor authentication are strong and important defenses against even nationally sponsored operations.

The targets: Tom Burt, Microsoft’s vice president of security and trust, wrote that the Iranians failed in their attempt to hack US presidential campaign and government officials. The hackers made “more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts.”

Burt and Microsoft said they will not identify the victims of the hacking campaign. US presidential campaigns have been targets and victims of hacking for years, most notably Democrat officials during the 2016 campaign. Such activity extends back at least to 2008, when both candidates suffered breaches.

Sticking to the basics: The Iranian hacking group, code-named Phosphorous, gathered information about targets and then tried to manipulate password reset and account recovery features in attempts to take over accounts.

“For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account,” Burt wrote. “In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

The attacks are not technically sophisticated. They had none of the headline-grabbing exploits that can excite observers and dominate the news. Instead, this operation illustrates how important the fundamentals of cybersecurity are for both attackers and their targets.

Microsoft encouraged all users to set up multi-factor authentication through solutions like the passwordless Microsoft Authenticator.

A long trail: Phosphorous has been active for at least six years. They have long been known to target businesses, government agencies, journalists, and activists involved in the Middle East. 

Earlier this year, Microsoft used a court order to shut down dozens of websites used by the hacking group to spoof well-known companies and trick victims. It’s a legal tactic the company has used repeatedly, against actors including the Russian hacking group known as Fancy Bear.

Share

Link

Author

Patrick Howell O'Neill

ImagePhoto: Tom Lohdan/CC BY 2.0

How it worked: Thibault had surgery to place two implants, each containing 64 electrodes, on the parts of the brain that control movement. Software then translated the brain waves read by these implants into instructions for movement. The development of the exoskeleton, by Clinatec and the University of Grenoble, is described in a paper in The Lancet this week.

Herculean effort: Thibault trained for months, using his brain signals to control a video game avatar in order to hone the skills required to operate exoskeleton, which was held up by a ceiling-mounted harness. He was able to walk slowly in the suit and then stop, as he chose.

The future: The hope is that one day similar technology could eventually let people in wheelchairs move them using their minds. It’s an impressive breakthrough, but the device is many years away from being publicly available. For example, researchers need to find a way to get the suit to safely balance itself before it can be used outside the laboratory.

Sign up here for our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.

Share

Link

Author

Charlotte Jee

Why? The politicians say they are worried that the added privacy will make it harder for law enforcement agencies to find illegal activity conducted on Facebook, like terrorism or child sexual exploitation. They want to ensure that these agencies can decrypt messages during their investigations. This has been coming: Barr raised the issue in a speech in July.

Facebook’s response: In a statement, company officials wrote: “We believe people have the right to have a private conversation online, wherever they are in the world.” They added: “We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”

Facebook is correct. If you start weakening encryption by creating backdoors, it degrades security for everyone—whether they have good motives or bad. A backdoor is a backdoor, and once created, there’s a risk it will be used by the very same criminals politicians are trying to stop. Indeed, we have already seen this happen when Microsoft worked with the NSA to build backdoors into its products. That decision led to crippling, costly ransomware attacks like WannaCry. Not only that, but in many places in the world protesters and activists use encrypted messaging to organize against repressive regimes. Building backdoors that the government can access would render the services useless.

Despite that, the US Justice Department has been pushing against encryption for over a decade now, saying it allows criminals to “go dark.” It’s an argument that has been going on for some time, and it is unlikely to end here.

And why all this now? Facebook already provides end-to-end encryption by default in WhatsApp, but it has promised to expand this to its other platforms, like Facebook Messenger and messaging on Instagram. It says this is part of a shift to become a “privacy-focused communications platform.” However, it also looks rather like an effort to integrate its disparate units more tightly, thus making it harder for regulators to break the company up (leaked recordings show how deeply concerned Zuckerberg is about this prospect.)

Sign up here for our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.

Share

Link

Author

Charlotte Jee

ImageAssociated Press