Australia has asked the American FBI to help catch computer hackers responsible for one of Australia’s biggest data breaches. Personal details, including home addresses, driver license and passport numbers, of more than 10 million customers of the Singapore-owned telecom giant Optus were stolen.
A massive amount of personal information about Optus customers in Australia was stolen and an extortion threat made to the company. But then there was an apparent twist. An apology was issued on an online forum by an account that investigators believe belonged to the alleged hacker, who had been unnerved by the attention the case had generated.
“Too many eyes,” it read. “We will not sale (sic) data to anyone. Sorry to 10.2m Australians whose data was leaked. Ransom not paid but we don’t care anymore.”
The Australian government has blamed Optus, one of the biggest telecommunications companies in the country, for the breach. Australia’s cybersecurity minister, Clare O’Neil, said the company had made it easy for hackers to get in.
“What is of concern for us is how what is quite a basic hack was undertaken on Optus,” she said. “We should not have a telecommunications provider in this country which has effectively left the window open for data of this nature to be stolen.”
But Optus Chief Executive Officer Kelly Bayer Rosmarin denied the company’s cyber defenses were inadequate. She said the data was encrypted and there were multiple layers of protection. But for many Optus customers, there is deep anxiety that their personal information has been compromised.
The FBI has joined the hunt for the Optus data thieves.
Frank Montoya Jr, a former FBI special agent, told the Australian Broadcasting Corp. that a foreign government could be involved.
“We try to determine if it is a nation state or if it is a criminal enterprise,” he said. “Now, that can be a challenge, too, because sometimes the nation state is the criminal enterprise, and I think of North Korea, for instance, and how they go after these databases for various reasons. But sometimes it is just about selling it on the dark web so they can get access to hard currency.”
Australian cyber security experts have warned that unless companies do more to protect their customers’ personal information, a data breach like the Optus theft could happen again.
With roosters crowing in the background as he speaks from the crowded refugee camp in Bangladesh that’s been his home since 2017, Maung Sawyeddollah, 21, describes what happened when violent hate speech and disinformation targeting the Rohingya minority in Myanmar began to spread on Facebook.
“We were good with most of the people there. But some very narrow minded and very nationalist types escalated hate against Rohingya on Facebook,” he said. “And the people who were good, in close communication with Rohingya. changed their mind against Rohingya and it turned to hate.”
For years, Facebook, now called Meta Platforms Inc., pushed the narrative that it was a neutral platform in Myanmar that was misused by malicious people, and that despite its efforts to remove violent and hateful material, it unfortunately fell short. That narrative echoes its response to the role it has played in other conflicts around the world, whether the 2020 election in the U.S. or hate speech in India.
But a new and comprehensive report by Amnesty International states that Facebook’s preferred narrative is false. The platform, Amnesty says, wasn’t merely a passive site with insufficient content moderation. Instead, Meta’s algorithms “proactively amplified and promoted content” on Facebook, which incited violent hatred against the Rohingya beginning as early as 2012.
Despite years of warnings, Amnesty found, the company not only failed to remove violent hate speech and disinformation against the Rohingya, it actively spread and amplified it until it culminated in the 2017 massacre. The timing coincided with the rising popularity of Facebook in Myanmar, where for many people it served as their only connection to the online world. That effectively made Facebook the internet for a vast number of Myanmar’s population.
More than 700,000 Rohingya fled into neighboring Bangladesh that year. Myanmar security forces were accused of mass rapes, killings and torching thousands of homes owned by Rohingya.
“Meta — through its dangerous algorithms and its relentless pursuit of profit — substantially contributed to the serious human rights violations perpetrated against the Rohingya,” the report says.
A spokesperson for Meta declined to answer questions about the Amnesty report. In a statement, the company said it “stands in solidarity with the international community and supports efforts to hold the Tatmadaw accountable for its crimes against the Rohingya people.”
“Our safety and integrity work in Myanmar remains guided by feedback from local civil society organizations and international institutions, including the U.N. Fact-Finding Mission on Myanmar; the Human Rights Impact Assessment we commissioned in 2018; as well as our ongoing human rights risk management,” Rafael Frankel, director of public policy for emerging markets, Meta Asia-Pacific, said in a statement.
Like Sawyeddollah, who is quoted in the Amnesty report and spoke with the AP on Tuesday, most of the people who fled Myanmar — about 80% of the Rohingya living in Myanmar’s western state of Rakhine at the time — are still staying in refugee camps. And they are asking Meta to pay reparations for its role in the violent repression of Rohingya Muslims in Myanmar, which the U.S. declared a genocide earlier this year.
Amnesty’s report, out Wednesday, is based on interviews with Rohingya refugees, former Meta staff, academics, activists and others. It also relied on documents disclosed to Congress last year by whistleblower Frances Haugen, a former Facebook data scientist. It notes that digital rights activists say Meta has improved its civil society engagement and some aspects of its content moderation practices in Myanmar in recent years. In January 2021, after a violent coup overthrew the government, it banned the country’s military from its platform.
But critics, including some of Facebook’s own employees, have long maintained such an approach will never truly work. It means Meta is playing whack-a-mole trying to remove harmful material while its algorithms designed to push “engaging” content that’s more likely to get people riled up essentially work against it.
“These algorithms are really dangerous to our human rights. And what happened to the Rohingya and Facebook’s role in that specific conflict risks happening again, in many different contexts across the world,” said Pat de Brún, researcher and adviser on artificial intelligence and human rights at Amnesty.
“The company has shown itself completely unwilling or incapable of resolving the root causes of its human rights impact.”
After the U.N.’s Independent International Fact-Finding Mission on Myanmar highlighted the “significant” role Facebook played in the atrocities perpetrated against the Rohingya, Meta admitted in 2018 that “we weren’t doing enough to help prevent our platform from being used to foment division and incite offline violence.”
In the following years, the company “touted certain improvements in its community engagement and content moderation practices in Myanmar,” Amnesty said, adding that its report “finds that these measures have proven wholly inadequate.”
In 2020, for instance, three years after the violence in Myanmar killed thousands of Rohingya Muslims and displaced 700,000 more, Facebook investigated how a video by a leading anti-Rohingya hate figure, U Wirathu, was circulating on its site.
The probe revealed that over 70% of the video’s views came from “chaining” — that is, it was suggested to people who played a different video, showing what’s “up next.” Facebook users were not seeking out or searching for the video, but had it fed to them by the platform’s algorithms.
Wirathu had been banned from Facebook since 2018.
“Even a well-resourced approach to content moderation, in isolation, would likely not have sufficed to prevent and mitigate these algorithmic harms. This is because content moderation fails to address the root cause of Meta’s algorithmic amplification of harmful content,” Amnesty’s report says.
The Rohingya refugees are seeking unspecified reparations from the Menlo Park, California-based social media giant for its role in perpetuating genocide. Meta, which is the subject of twin lawsuits in the U.S. and the U.K. seeking $150 billion for Rohingya refugees, has so far refused.
“We believe that the genocide against Rohingya was possible only because of Facebook,” Sawyeddollah said. “They communicated with each other to spread hate, they organized campaigns through Facebook. But Facebook was silent.”
A top U.N. official last week said the syndicates running Asia’s massive online fraud industry will rotate operations among lawless areas of Southeast Asia unless governments cooperate to bring them down, after Cambodia said it was cracking down on cybercrime compounds.
The networks have swindled hundreds of millions of dollars, regional police have told VOA, setting up fake profiles offering romance, moonshot investment schemes with huge returns or posing as police officers to solicit payoffs. They target residents of countries from China to Taiwan, Vietnam, Thailand, the United States and Australia.
“The response needs to be strategic and regional, because today it might be a location in Cambodia but tomorrow a group uproots under pressure and shifts to Myanmar, Laos or the Philippines,” Jeremy Douglas, the Bangkok-based regional representative of the U.N. Office on Drugs and Crime told VOA.
“Until governments across the region address, disrupt and police the places organized crime groups are using to run online casinos, scams and other illicit businesses, and in particular special economic zones and autonomous regions, the situation won’t fundamentally change,” he said.
Compounds for industrial-scale scamming in are operated in converted casinos in Sihanoukville, Cambodia, as well as special economic zones in Myanmar and Laos by Chinese gangsters who dominate regional gambling but lost their main income source during the pandemic, according to Douglas and victims who spoke to VOA.
The foot soldiers of the operations are young Chinese and Southeast Asians. Some joined willingly, many others thought they had obtained high-paying overseas work in call centers or online sales.
Malaysian, Taiwanese and Thai officials have said hundreds of their citizens remain trapped in a Myanmar border zone tied to scam operations, run by ethnic militias and beyond the law, despite its location a few hundred meters from Thailand.
Chou Bun Eng, vice chair of Cambodia’s National Committee for Counter Trafficking in persons, said Cambodia is a victim of sophisticated criminal gangs and is doing everything it can to put the syndicates out of business.
“We began an operation on August 22 throughout the kingdom,” she told VOA by phone.
“We are aware that there are victims all over the kingdom in what is a new form of crime committed by foreigners. … Cambodia does not serve criminals,” she said.
Social media videos since the crackdown have shown thousands of people apparently leaving several Sihanoukville megacompounds, in images shared by Douglas.
State media in China, the source of most of the workers and the biggest target, said the country is barring its citizens from traveling to Cambodia without good reason and warned telecommunications companies that they could be held responsible for scams carried out over their networks.
On Sept. 23, however, Cambodian authorities said at least one person had died after a boat carrying dozens of Chinese people sank on its way to Sihanoukville. Cambodian state media Fresh News said they had traveled from, Guangdong, hundreds of kilometers away. The incident is suspected of being tied to scam operations and now under investigation.
Ransoms and beatings
Disturbing testimony has emerged from scam agents who tried to leave the compounds, including reports of routine torture, sale to other networks and ransom payments required to gain freedom.
A 26-year-old Thai mother of three, told VOA she asked to quit her job in Manila after six days when she was forced to swindle women online.
She said she took an online sales job in early August, desperate for the $1,000 salary plus commissions. She said she soon realized her real job was to steal the identity of wealthy Thai men and persuade women looking for love to transfer money.
When she refused to work, she was taken to a room with others who had also refused.
“One by one, they took us out to kick, punch, claw our hair and zap us with electric wire,” she said, asking that her name not be used, out of fear of reprisal.
“They forced the head of one of the older women underwater in the bathroom and then beat her some more.”
It took another 14 days for her to get free with a $3,000 payment to break her verbal agreement and she returned to Bangkok on Aug. 27.
Once back, her boyfriend had to sell the equipment for his T-shirt business, sinking them further into money troubles, which had led to her leave Thailand in the first place.
A renewable energy plant being commissioned in Oregon on Wednesday that combines solar power, wind power and massive batteries to store the energy generated there is the first utility-scale plant of its kind in North America.
The project, which will generate enough electricity to power a small city at maximum output, addresses a key challenge facing the utility industry as the U.S. transitions away from fossil fuels and increasingly turns to solar and wind farms for power. Wind and solar are clean sources of power, but utilities have been forced to fill in gaps when the wind isn’t blowing and the sun isn’t shining with fossil fuels like coal or natural gas.
At the Oregon plant, massive lithium batteries will store up to 120 megawatt-hours of power generated by the 300-megawatt wind farms and 50-megawatt solar farm so it can be released to the electric grid on demand. At maximum output, the facility will produce more than half of the power that was generated by Oregon’s last coal plant, which was demolished earlier this month.
On-site battery storage isn’t new, and interest in solar-plus-battery projects in particular has soared in the U.S. in recent years due to robust tax credits and incentives and the falling price of batteries. The Wheatridge Renewable Energy Facility in Oregon, however, is the first in the U.S. to combine integrated wind, solar and battery storage at such a large scale in one location, giving it even more flexibility to generate continuous output without relying on fossil fuels to fill in the gaps.
The project is “getting closer and closer to having something with a very stable output profile that we traditionally think of being what’s capable with a fuel-based generation power plant,” said Jason Burwen, vice president of energy storage at the American Clean Power Association, an advocacy group for the clean power industry.
“If the solar is chugging along and cloud cover comes over, the battery can kick in and make sure that the output is uninterrupted. As the sun goes down and the wind comes online, the battery can make sure that that’s very smooth so that it doesn’t, to the grid operator, look like anything unusual.”
The plant located in a remote expanse three hours east of Portland is a partnership between NextEra Energy Resources and Portland General Electric, a public utility required to reduce carbon emissions by 100% by 2040 under an Oregon climate law passed last year, one of the most ambitious in the nation.
PGE’s customers are also demanding green power — nearly a quarter-million customers receive only renewable energy — and the Wheatridge project is “key to that decarbonization strategy,” said Kristen Sheeran, PGE’s director of sustainability strategy and resource planning.
Under the partnership, PGE owns one-third of the wind output and purchases all the facility’s power for its renewable energy portfolio. NextEra, which developed the site and operates it, owns two-thirds of the wind output and all of the solar output and storage.
“The mere fact that many other customers are looking at these types of facilities gives you a hint at what we think could be possible,” said David Lawlor, NextEra’s director of business development for the Pacific Northwest. “Definitely customers want firmer generation, starting with the battery storage in the back.”
Large-scale energy storage is critical as the U.S. shifts to more variable power sources like wind and solar, and Americans can expect to see similar projects across the country as that trend accelerates. National Renewable Energy Laboratory models show U.S. storage capacity may rise fivefold by 2050, yet experts say even this won’t be enough to prevent extremely disruptive climate change.
Batteries aren’t the only solution that the clean energy industry is trying out. Pumped storage generates power by sending huge volumes of water downhill through turbines and others are experimenting with forcing water underground and holding it there before releasing it to power turbines.
But interest in batteries for clean energy storage has grown dramatically in recent years at the same time that the cost of batteries is falling and the technology itself is improving, boosting interest in hybrid plants, experts say.
Generating capacity from hybrid plants increased 133% between 2020 and 2021 and by the end of last year, there were nearly 8,000 megawatts of wind or solar generation connected to storage, according to the U.S. Department of Energy’s Lawrence Berkeley National Laboratory, which is managed by the University of California.
The vast majority of such projects are solar power with battery storage, largely because of tax credits, but projects in the pipeline include offshore wind-plus-battery, hydroelectric-plus-battery and at least nine facilities like the one in Oregon that will combine solar, wind and storage. Projects in the pipeline between 2023 and 2025 include ones in Washington, California, Arizona, Idaho, Iowa, Illinois and Oregon, according to Berkeley Lab.
Many researchers and pilots are working on alternatives to lithium ion batteries, however, largely because their intrinsic chemistry limits them to around four hours of storage and a longer duration would be more useful.
“There is no silver bullet. There’s no model or prototype that’s going to meet that entire need … but wind and solar will certainly be in the mix,” said PGE’s Sheeran.
“This model can become a tool for decarbonization across the West as the whole country is driving toward very ambitious climate reduction goals.”
A sprawling disinformation network originating in Russia sought to use hundreds of fake social media accounts and dozens of sham news websites to spread Kremlin talking points about the invasion of Ukraine, Meta revealed Tuesday.
The company, which owns Facebook and Instagram, said it identified and disabled the operation before it was able to gain a large audience. Nonetheless, Facebook said it was the largest and most complex Russian propaganda effort that it has found since the invasion began.
The operation involved more than 60 websites created to mimic legitimate news sites including The Guardian newspaper in the United Kingdom and Germany’s Der Spiegel. Instead of the actual news reported by those outlets, however, the fake sites contained links to Russian propaganda and disinformation about Ukraine. More than 1,600 fake Facebook accounts were used to spread the propaganda to audiences in Germany, Italy, France, the U.K. and Ukraine.
The findings highlighted both the promise of social media companies to police their sites and the peril that disinformation continues to pose.
“Video: False Staging in Bucha Revealed!” claimed one of the fake news stories, which blamed Ukraine for the slaughter of hundreds of Ukrainians in a town occupied by the Russians.
The fake social media accounts were then used to spread links to the fake news stories and other pro-Russian posts and videos on Facebook and Instagram, as well as platforms including Telegram and Twitter. The network was active throughout the summer.
“On a few occasions, the operation’s content was amplified by the official Facebook pages of Russian embassies in Europe and Asia,” said David Agranovich, Meta’s director of threat disruption. “I think this is probably the largest and most complex Russian-origin operation that we’ve disrupted since the beginning of the war in Ukraine earlier this year.”
The network’s activities were first noticed by investigative reporters in Germany. When Meta began its investigation it found that many of the fake accounts had already been removed by Facebook’s automated systems. Thousands of people were following the network’s Facebook pages when they were deactivated earlier this year.
Researchers said they couldn’t directly attribute the network to the Russian government. But Agranovich noted the role played by Russian diplomats and said the operation relied on some sophisticated tactics, including the use of multiple languages and carefully constructed imposter websites.
Since the war began in February, the Kremlin has used online disinformation and conspiracy theories in an effort to weaken international support for Ukraine. Groups linked to the Russian government have accused Ukraine of staging attacks, blamed the war on baseless allegations of U.S. bioweapon development and portrayed Ukrainian refugees as criminals and rapists.
Social media platforms and European governments have tried to stifle the Kremlin’s propaganda and disinformation, only to see Russia shift tactics.
A message sent to the Russian Embassy in Washington, D.C., asking for a response to Meta’s recent actions was not immediately returned.
Researchers at Meta Platforms Inc., which is based in Menlo Park, California, also exposed a much smaller network that originated in China and attempted to spread divisive political content in the U.S.
The operation reached only a tiny U.S. audience, with some posts receiving just a single engagement. The posts also made some amateurish moves that showed they weren’t American, including some clumsy English language mistakes and a habit of posting during Chinese working hours.
Despite its ineffectiveness, the network is notable because it’s the first identified by Meta that targeted Americans with political messages ahead of this year’s midterm elections. The Chinese posts didn’t support one party or the other but seemed intent on stirring up polarization.
“While it failed, it’s important because it’s a new direction” for Chinese disinformation operations, said Ben Nimmo, who directs global threat intelligence for Meta.
As military and civilian drones become increasingly popular, there are growing concerns about the threats some of them may pose over places like airports, prisons, and electrical grids. VOA’s Julie Taboh reports on a company that has developed counter-drone technology that can identify and mitigate threats from malicious drones.
VIdeographer: Adam Greenbaum Produced by: Julie Taboh, Adam Greenbaum
Tesla CEO Elon Musk is scheduled to spend the next few days with lawyers for Twitter, answering questions ahead of an October trial that will determine whether he must carry through with his $44 billion agreement to acquire the social platform after attempting to back out of the deal.
The deposition, planned for Monday, Tuesday and a possible extension on Wednesday, will not be public. As of Sunday evening, it was not clear whether Musk will appear in person or by video. The trial is set to begin October 17 in Delaware Chancery Court, where it’s scheduled to last just five days.
Musk, the world’s richest man, agreed in April to buy Twitter and take it private, offering $54.20 a share and vowing to loosen the company’s policing of content and to root out fake accounts. Twitter shares closed Friday at $41.58.
Musk indicated in July that he wanted to back away from the deal, prompting Twitter to file a lawsuit to force him to carry through with the acquisition.
With Russian President Vladimir Putin accelerating war efforts and threatening to use nuclear weapons, White House Bureau Chief Patsy Widakuswara spoke with Anne Neuberger, deputy national security adviser for cyber and emerging technology at the Biden administration’s National Security Council, on the possibility of increased cyber warfare on Ukraine and her allies. Neuberger also spoke of the recent Iranian cyberattacks on Albania, and the administration’s view of NATO’s collective defense principle in cyber warfare.
This interview has been edited for brevity and clarity.
VOA: Anne Nueberger, thank you so much for joining me all today. I’m going to start with Russia. President Vladimir Putin has significantly increased his war efforts. He’s announced mobilization, referendums, threatening nuclear attacks. Are we also expecting an increase in cyberattacks?
DEPUTY NATIONAL SECURITY ADVISER FOR CYBER AND EMERGING TECHNOLOGY ANNE NEUBERGER: So first, thank you so much for having me here. It’s really great to be here. Throughout the conflict, beginning when Russia first did its further invasion of Ukraine, we’ve seen Russia use destructive cyberattacks as well as intelligence collection to advance its war mission. We saw the initial destructive attacks on satellite systems, then later on Ukrainian government systems and additional critical infrastructures systems. So one would expect that as Russia further redouble its efforts, that will include cyberattacks as well.
VOA: Have you actually seen indications of it starting?
NEUBERGER: Of additional cyberattacks?
VOA: Of cyberattacks, yes.
NEUBERGER: It’s been a consistent part of Russia’s war effort in Ukraine. So it’s something we expect. Do we have particular indications of an increase in that way at this time? We don’t.
VOA: How are you helping the Ukrainians defend themselves?
NEUBERGER: Such a great question. So beginning back when Russia first invaded Ukraine in 2015-16 and conducted disruptive cyberattacks against Ukraine’s energy infrastructure, we began to work with Ukraine to really strengthen the resilience of its critical infrastructure. That partnership continued up through the months as we were concerned about heightened war activity, and that included work on cybersecurity resilience of critical infrastructure, included our sending in a team from the U.S. Cyber Command, again to work on cybersecurity, teams from the Department of Energy working closely to improve resilience, and ongoing information sharing regarding tactics and techniques used to conduct malicious cyberattacks. So that remains an ongoing partnership all the way from resilience efforts to practical information sharing to help defense systems.
VOA: Are you also working in terms of strengthening their counterattack systems?
NEUBERGER: We’re very focused on cybersecurity resilience systems.
VOA: In that sense, whether it’s a terrorist offense or counterattacks, we’re hearing a lot about this volunteer hackers called the Ukrainian IT army, and I want to hear what your sense of how good and how successful they have been in deterring or thwarting or even stopping Russian attacks. And what kind of support is the administration providing them?
NEUBERGER: We’ve seen quite a bit of volunteer hacking activity with regard to Ukrainian activity to defend accounts. I don’t think we have really good insights in terms of understanding what’s Ukrainian government versus volunteer hacking activity. And, of course, our assistance is government to government. With regard to, as I mentioned earlier, some of the cybersecurity activities assisting the Ukrainian government to build and strengthen its resilience and its defense.
VOA: So just to be clear, your support and your interaction is with the Zelenskyy government, not with groups outside who are also supporting them, like the Ukrainian IT army.
NEUBERGER: Yes, our support is really, along with all of our security systems, government to government.
VOA: You mentioned earlier that, you know, the Russian attack has been consistent. And we also heard that there’s been warnings of major Russian cyberattacks on Ukrainian infrastructure – critical infrastructure. At the beginning or before the start of the war, we heard warnings that that’s how the war is going to start. I’m not quite sure that actually did happen. And in fact, throughout the war, we haven’t really heard any kind of major cyberattack that’s actually crippling Ukrainian critical infrastructure. Is that the case or are we just not hearing about it? What are your thoughts on this?
NEUBERGER: It’s a good question. So first, as Russia began its further invasion of Ukraine, we did see Russia conduct a destructive attack on Ukrainian communication systems, satellite communications systems, the ground parts, as well as on Ukrainian government websites and government systems. That initial attack, the Ukrainians were able to quickly recover and bring back up those systems. The U.S. government, because there was a ripple effect across Europe from their first Russian destructive attack on communication systems, the U.S. government and the European Union called out that activity and said this is irresponsible activity, but the Ukrainian government was able to quickly recover those websites and quickly recover from those destructive attacks, which is really a tribute to all the cybersecurity resilience and focus they put on improving the security of their systems, disconnecting their energy grid from the Russian grid, reconnecting to the European grid and the work they had done to really harden that. So that preparedness and frankly that partnership between various countries assisting the Ukrainians on that work, although the Ukrainians really led that work, was key to their defense. There have been ongoing Russian cyberattacks. The Ukrainians have been very successful at, you know, catching those, and really remediating and addressing them quickly so that they didn’t have significant impact.
VOA: Is the support given to them, government to government, U.S. to Ukraine, or is it also through NATO?
NEUBERGER: The support is from individual governments, the U.S. government, the European individual governments are providing various cybersecurity assistance.
VOA: OK, on the flipside, what do we know about the Russian cyber operations support? I mean to what extent is Russia getting support from other countries? Do we see a strategic alignment in terms of cyber warfare between Russia, China, North Korea, Iran?
NEUBERGER: Russia has a very capable cyber program and one of our focus areas both for the U.S. and for the Europeans has been to really improve our own preparedness, to ensure we lock our doors, lock our digital windows so that we can prepare in case there are heightened Russian cyberattacks as well. So it’s clearly been a focus for us on the U.S. side.
VOA: Have we seen so far that there are strategic alignments or at least tactical alignments between these adversaries in cyber warfare?
NEUBERGER: In the cyber context, no, we haven’t.
VOA: The war in Ukraine is the first conflict where we see some sort of coordination between cyberattacks and kinetic military assault. So in that sense, what are we learning about this hybrid warfare and what are we learning about the Russian capabilities in that realm?
NEUBERGER: I think we’re fundamentally learning that as countries think about their national defense for crisis or conflict, the digital systems they operate at, whether they’re individuals, whether they’re companies, whether they’re governments … need as much to be defended, and the preparation work to understand what are the most important components of your power systems, your water systems, your oil and gas pipelines, and ensuring that they’re up to snuff. The cybersecurity is capable to defend against a capable adversary. And that’s the core message. That doesn’t happen in a moment because these elements of critical infrastructure were digitized in many countries without necessarily considering security baked in at the beginning. And that’s one of the reasons in the U.S. and with partners around the world we’re working to quickly improve the security of critical infrastructure, recognizing that it’s a component of adversaries work in crisis and conflict to either coerce a population, or coerce the government by potentially destabilizing or disrupting digital systems.
VOA: I want to talk some more about what the U.S. is doing in terms of building this responsible state behavior in the cyber realm, but first I just want to talk a little bit on this Iranian cyberattack on Albania. The administration has slapped fresh sanctions on Iran as punishment, yet that didn’t stop them from launching a second attack. Are we not doing enough? Is there nothing else that we can do to deter them and how are we helping the Albanians?
NEUBERGER: It’s such an interesting question. So cyber deterrence is a very new field, and it draws on lessons and the approach we’ve used in other domains, sea, air. How do we build coalitions among countries regarding what’s responsible state behavior in cyberspace and what’s irresponsible because it’s one global commons at the end of the day. Many countries signed up for the United Nations voluntary norms for peacetime, which include a number of norms, and that was signed in both 2015 and 2019. One of those includes not disrupting critical services. And as such, in order to make forms actually be enforced, it requires countries and as big of a coalition as possible to call out behavior that’s not in alignment with those norms, and when possible to impose consequences. So that’s the reason that when we saw the Iranian government’s attack on the Albanian government, really disrupting Albanian government services for quite a period of time to their citizens, we and other countries came together to call out that activity, to say to the Iranians – to attribute it to the Iranians, and then to impose consequences. The Albanian government imposed consequences, we, the U.S., sanctioned the chief and deputy of an Iranian entity as well. And we do that as part of building cyber deterrence. It won’t happen in one or two cases. It happens if repeatedly, quickly, we did this far more quickly than in the past. Also, to achieve those strategic goals of enforcing international cyber norms. But if we do this repeatedly, as a community of countries, we believe that can build cyber deterrence.
VOA: The fact of the matter is, as you’re trying to build these international cyber regimes, there is no consensus at the U.N. Security Council, obviously Russia and China are a part of it. There are U.N. frameworks that cannot be enforced. So under these circumstances, how do you move forward?
NEUBERGER: So Russia is one of the countries who signed the 2015/2019 Governmental Group of Experts norms. So countries that have agreed to those norms, the key we believe is enforcing those norms. And we believe, as I mentioned, that it’s each time, time by time, pointing to countries when they conduct behavior that’s not aligned with those norms, and then continuing to deepen that coalition so that more countries join it, we do it more quickly, and then we eventually mature to also impose consequences. So we believe it will take some time, but those are the steady steps we’re taking along with partners and allies.
VOA: And so that is behind the strategy of this name and shame that you’re applying?
NEUBERGER: It’s part of a broader strategic effort of moving to where we say, in this global shared space, that is cyberspace, where we need collective defense. One key aspect is, as you noted, improving cybersecurity resilience, locking our digital doors, one key aspect is gaining agreement among countries of what is not appropriate behavior – the framework for responsible state behavior in cyberspace and gaining agreement among more countries to enforce those.
VOA: Beyond your Western allies, is there an understanding of the need to do this from, you know, the rest of the world?
NEUBERGER: We believe so, because in many ways, the weaker countries are the ones who are most vulnerable to being coerced via cyberattacks on their government systems, cyberattacks on companies or theft of intellectual property in that way. So we believe it’s in all countries’ interests, whether large or small, because we’ve all digitized. Clearly, some of us have digitized more than others, but we’ve all digitized to where there’s risk to our citizens if critical services are disrupted or if governments are disrupted in moments of crisis.
VOA: I’m going to go back to Iran and Armenia real quick. Groups associated with Iran penetrated various systems in Armenia, including the prime minister’s emails. Are you concerned that Iran may have gained access to sensitive NATO data via this breach? I mean we also heard about Portugal recently where hundreds of NATO documents may have been stolen as well.
NEUBERGER: So clearly, good cybersecurity practices are needed among all NATO members, right? Every member of NATO has to recognize that they bring risks to the broader member if they don’t put in place adequate cybersecurity practices. That’s one of the reasons that we’ve been working very closely in the NATO context in terms of cybersecurity, and to build incident response capability at NATO to mature NATO cyber capabilities, because, as I mentioned earlier, clearly more work needs to be done. You’ve cited a couple of examples that highlight the need for it. I think there’s now a much deeper recognition at NATO and a much deeper recognition to bring allies together to have in place common thresholds of cybersecurity, for important information.
VOA: And still on NATO, as a NATO ally both Albania and Portugal are technically protected under the collective defense principle. So can you explain what the administration’s view of NATO’s principle, an attack on one is an attack on all, in terms of cyber warfare? At what point does a cyberattack merit a counterattack? Are there any criteria? Is there a red line?
NEUBERGER: So this is an area of evolving policy. It’s a very new area. You’ve seen NATO’s policy that one or more cyberattacks could rise to the level of an armed attack. Clearly, that’s a very high threshold of what that is. The work we’re doing at NATO is focused on, first, cybersecurity resilience. There’ll be a NATO Cyber Defense Pledge conference in Rome that will focus both on what are the standards that NATO members have in place for their critical systems, building an incident response capability at NATO so if an ally is attacked, there is a NATO capability that countries can come together and virtually offer support, as well as then using that as an alliance to enforce international norms, but that’s an area we’re still working to evolve.
VOA: One last question on behalf of the VOA audience who may live in countries where there’s not a lot of internet penetration. Why should they care about cybersecurity?
NEUBERGER: In each of our lives, there’s data that’s really important to us, and there is information related to our work, and our country’s economies that are important to the continued growth of our economies and jobs. So there’s easy steps we can take to ensure that our data is safe and, frankly, our families and our children are safe online as well. And that’s really the core reason: that there’s really more – there is connectivity. Countries want to be connected because of the opportunities, the jobs, the commerce that it enables, so building security in from the beginning is the best way to be safe online.
At a gathering of current and former U.S. officials and private-sector executives Friday in Washington, concern was rampant that the United States has fallen behind China in the development of several key technologies, and that it faces an uncertain future in which other countries could challenge its historic dominance in the development of cutting-edge communications and computing technology.
The gathering was convened by the Special Competitive Studies Project, an effort spearheaded by former Google CEO Eric Schmidt, the stated purpose of which is “to ensure that America is positioned and organized to win the techno-economic competition between now and 2030, the critical window for shaping the future.”
Among attendees, the prevailing sentiment was that the nation’s ability to actually win that competition was under threat.
A few days before the summit, the SCSP issued a report predicting what would happen if China became the global technological leader.
“Understanding the stakes requires imagining a world in which an authoritarian state controls the digital infrastructure, enjoys the dominant position in the world’s technology platforms, controls the means of production for critical technologies, and harnesses a new wave of general purpose technologies, like biotech and new energy technologies, to transform its society, economy and military,” the report said.
The report envisions a future where China, not the U.S., captures the trillions of dollars of income generated by the new technological advances and uses its leverage to make the case that autocracy, not democracy, is the superior form of government.
In the report’s grim vision, China promotes the concept of a “sovereign” internet, where individual countries limit the flow of information to their people, and where China develops and possibly controls the key technology supporting critical infrastructure in countries around the world.
Finally, the report warns that under such a scenario, the U.S. military would lose its technological lead over China and other competitors, and China might be in a position to cut off the supply of “microelectronics and other critical technology inputs.”
‘Nothing is inevitable’
In an address to the summit, White House national security adviser Jake Sullivan appeared to agree that the nation faces significant challenges in keeping pace with China in the development of new technology.
“We know that nothing is inevitable about maintaining America’s core strength and competitive advantage in the world,” Sullivan said. “And we know that it has to be renewed, revitalized and stewarded, and that is especially true when it comes to U.S. technological leadership.”
In China, he said, “we’re facing a competitor that is determined to overtake U.S. technology leadership and is willing to devote nearly limitless resources to do so.”
Sullivan also said, however, that President Joe Biden’s administration is aware of the threat and has been working to meet it. In particular, Sullivan noted the recent passage of the CHIPS Act, which directs more than $50 billion toward establishing advanced microchip fabrication facilities in the U.S.
“We’re making historically unprecedented investments, putting us back on track to lead the industries of the future,” Sullivan said. “We’re doubling down on our efforts to be a magnet for the world’s top technical talent. We’ve adapted our technology protection tools to new geopolitical realities. And most importantly, we’ve done this in a way that is inclusive, force multiplying and consistent with our values.”
Not ‘fast enough’
H.R. McMaster, a retired Army general who served as national security adviser during the Trump administration, appeared as a panelist at the conference. He said that while progress is being made, the pace needs to be quickened.
“It’s not going fast enough, because we’re so far behind, because there’s too many years of complacency based on flawed assumptions about the nature of the post-Cold War world,” McMaster said.
He called for a more active effort to block China’s technological advancement, saying, “We need export controls now, to prevent China from getting a differential advantage, [while] maintaining our competitive advantages.”
China has repeatedly criticized U.S. efforts to impede its technological advancement, an issue that Chinese Foreign Ministry spokesperson Mao Ning addressed this week when asked about U.S. export controls.
“What the U.S. is doing is purely ‘sci-tech hegemony,’ ” she said. “It seeks to use its technological prowess as an advantage to hobble and suppress the development of emerging markets and developing countries. While trumpeting a level playing field and a so-called ‘rules-based order,’ the U.S. cares only about ‘America first’ and believes might makes right. The U.S. probably hopes that China and the rest of the developing world will forever stay at the lower end of the industrial chain. This is not constructive.”
5G as a warning
A recurring theme at the event was the development of 5G wireless internet technology, a field in which Western countries, including the U.S., fell far behind China. With the benefit of favorable treatment from Beijing, Chinese firms, specifically Huawei, developed a dominant global position in the provision of 5G networking equipment.
Concerned that having Chinese-made equipment serve as the backbone of sensitive communications technology could create an espionage or security risk, the U.S. and some of its allies mounted a global campaign to block the installation of Huawei’s equipment, even if that meant significant delays in the rollout of 5G wireless service.
“The key message here is we need to make sure that what happened to us in 5G does not happen again,” said Schmidt. “I cannot say that more clearly. You do not want to work on platform technologies that you use every day that are dominated by nondemocratic, nonopen systems.”
Schmidt said that it would be difficult to stay ahead of China technologically, predicting that Beijing would “double down on competing in the areas that we care about,” including artificial intelligence, quantum computing, biotechnology and others.
Jon Huntsman, a former U.S. ambassador to China, said that Americans are generally uninformed about how far China is ahead of the United States in some technologies. Now the vice chairperson of Ford Motor Company, Huntsman said that in the development of electric vehicles, for example, China is at least five years ahead of the U.S.
He said that the U.S. must walk a fine line to catch up with China in some areas and to maintain its advantage in others. In particular, he stressed the need to retain person-to-person business and other relationships with the Chinese people.
“Decoupling our people is not a good thing,” he said. “We’ll wind up with China right where we are with Russia if we do that.” He added, “Decoupling is only going to create estrangement, misunderstandings and instability, globally, on the security side.”
A U.N. report warns the right to privacy is under siege as an increasing number of governments are using spyware to keep tabs on their people.
The U.N. human rights office said urgent steps are needed to address the spread of spyware. It noted many governments are using modern digital networked technologies to monitor, control and oppress their populations. U.N. officials say the technologies must be reined in and regulated in accord with international human rights laws and standards.
Human rights spokeswoman Liz Throssell said the report details how surveillance tools such as the Pegasus software can turn most smartphones into 24-hour surveillance devices. She said the encroachment into peoples’ privacy is very concerning.
“For example, the smartphones that people have, they can be made into devices that actually offer people insights into what we do, where we go, who we meet with, what we say,” she said. “And that is a very, very powerful tool indeed, which is precisely why we are making these very strong calls in this report today.”
Human rights organizations have accused countries like China of building a vast surveillance and security system to keep close watch on their populations.
The U.N. report does not name the countries that use digital surveillance technologies. However, Throssell notes more than 500 companies reportedly have developed, marketed and sold such spyware to governments. She said governmental authorities often falsify their reasons for acquiring such digital technology.
“While such spyware tools are purportedly deployed to combat terrorism and crime, they have often been used for illegitimate reasons,” Throssell said. “For example, to clamp down on critical or dissenting views and on those who express them including journalists, opposition political figures and human rights defenders.”
U.N. officials are calling for a moratorium on the use and sale of hacking tools until adequate safeguards to protect human rights are in place. They warn the right to privacy is more at risk now than ever and action is needed now to stop the abuse.
Major tech companies on Thursday committed to taking fresh steps to combat online extremism by removing more violent content and promoting media literacy with young users, as part of a White House summit on fighting hate-fueled violence.
Platforms such as Alphabet’s YouTube and Meta’s Facebook have come under fire for years from critics who say the companies have allowed hate speech, lies and violent rhetoric to flourish on their services.
U.S. President Joe Biden earlier Thursday called on Americans to combat racism and extremism during a summit at the White House that gathered experts and survivors and included bipartisan local leaders.
YouTube said it will expand its policies on violent extremism to remove content that glorifies violent acts, even if the creators of the videos are not related to a terrorist organization.
The video streaming site already prohibits violent incitement, but in at least some cases has not applied existing policies to videos promoting militia groups involved with the Jan. 6 storming of the U.S. Capitol.
A report by the Tech Transparency Project in May found 435 pro-militia videos on YouTube, including 85 posted since Jan. 6. Some of the videos gave training advice, like how to carry out guerilla-style ambushes.
YouTube spokesperson Jack Malon declined to say whether the service would change its approach to that content under the new policy but said the update enables it to go further with enforcement than it had previously.
YouTube also said it will launch a media literacy campaign to teach younger users how to spot the manipulation tactics that are used to spread misinformation.
Microsoft said it will make a basic and more affordable version of its artificial intelligence and machine learning tools available to schools and smaller organizations in order to help them detect and prevent violence.
Facebook owner Meta announced it will partner with researchers from the Middlebury Institute of International Studies’ Center on Terrorism, Extremism and Counterterrorism.
Last year, lawmakers grilled the chief executives of Alphabet and Facebook, as well as Twitter, on whether their companies bore some responsibility for the Jan. 6 attack.
India’s ambitions to create a domestic semiconductor manufacturing capability got a boost with this week’s announcement of a $ 19.5 billion investment by Taiwanese electronic company Foxconn and local conglomerate Vedanta.
The companies will set up manufacturing facilities for producing the chips in Prime Minister Narendra Modi’s home state, Gujarat. The plants are expected to be operational by 2024.
Modi called the agreement an important step in “accelerating India’s semi-conductor manufacturing ambitions” in a tweet Tuesday following the announcement.
India has joined the global race to make the chips at the heart of modern electronic devices from smartphones to cars, but for which there have been global shortages since the COVID-19 pandemic caused supply chain constraints.
India announced a $10 billion economic package in December to attract semiconductor makers as it looks to become a production hub for the critical components. It has also promised to expand incentives.
So far manufacturers in a small number of East Asian countries, led by China, Taiwan and South Korea, have supplied most of the world’s semiconductors. Several countries now want to reduce their dependence on global supply chains in critical technologies after the pandemic as well as Russia’s war in Ukraine and growing tensions between Western countries and China highlighted the risks of relying on limited sources of production.
“There are growing concerns of economic wars in the future and overdependence on China, especially for crucial components. So, India is trying to emerge as a production hub for semiconductors,” Sreeram Chaulia, dean of the Jindal School of International Affairs.
“The government believes that India can fill a niche as some countries and companies look to alternatives to China,” he told VOA.
While India has forged ahead in the software technology sector, which does not require physical infrastructure, it has lagged behind in electronic manufacturing partly due to poor infrastructure. The most difficult issue facing manufacturers is the unavailability of large tracts of land.
India also offers some advantages, though, such as the the thousands of semiconductor design engineers working for global companies with research and development offices in the country.
“I can confidently say that within the next five to six years, we will become a great semiconductor design capital of the world. We will use that capability to feed into our semiconductor manufacturing also,” Ashwini Vaishnav, India’s information technology and electronics minister, told a business conference last month.
The Foxconn and Vedanta announcement is the biggest announced in the sector so far.
“India’s own Silicon Valley is a step closer now,” Vedanta group chairman Anil Agarwal tweeted Tuesday. The project is expected to create 100,000 jobs in India.
“The improving infrastructure and the government’s active and strong support increases confidence in setting up a semiconductor factory,” Foxconn Vice President Brian Ho said in a statement.
Singaporean group IGSS Ventures has also signed a memorandum of understanding for a semiconductor plant in Tamil Nadu state.
“Many countries will be a lot more comfortable relying on India, so that gives the government a sense that this could just be the beginning of a flow of foreign funds to promote chip manufacturing,” Chaulia said.
“There also have been discussions at the level of the Quad and other forums for finding reliable sources for some of these components,” he said, referring to the grouping of India, the United States, Japan and Australia.
The push to make semiconductors is also part of a “Make in India” campaign promoted by Modi since he took office eight years ago.
His aim to emulate China’s success in manufacturing had met with a tepid response according to business experts.
New Delhi hopes that will change as companies look at diversifying production bases especially in areas of critical technologies.
U.S. senators expressed empathy with Twitter’s former security chief during a hearing on Tuesday as he outlined serious concerns about the influential social media platform.
“It doesn’t matter who has keys if you don’t have any locks on the doors. And this kind of vulnerability is not in the abstract. It’s not far-fetched to say an employee in the company could take over the accounts of all of the senators in this room,” said Peiter “Mudge” Zatko in testimony before the Senate’s Judiciary Committee.
“Given the real harm to users and national security, I determined it was necessary to take on the personal and professional risk to myself and to my family of becoming a whistleblower.”
Zatko, appearing under subpoena, added he was not making the disclosures “out of spite or to harm Twitter.”
Zatko, who made a number of revelations previously in an 84-page complaint to the Securities and Exchange Commission and other U.S. government regulatory agencies, said that executive incentives compel Twitter executives to prioritize profits over security.
“There was a culture of not reporting bad results up, only reporting good results up,” Zatko told the senators.
Judiciary Committee Chairman Senator Dick Durbin, a Democrat, noted that according to Zatko, “the door to that vault is wide open and that vault contains a lot more information about you than you can imagine.”
Several senators, from both the Democratic and Republican parties, expressed concern that Twitter’s vulnerabilities could constitute a national security threat.
“This data is a gold mine of information that could be used against America’s interest. Twitter has a responsibility to ensure that the data is protected and doesn’t fall into the hands of foreign powers,” said Chuck Grassley, the ranking Republican senator on the committee.
“Your testimony today has legitimized what most of us feel is a process out of control, that the regulatory environment is insufficient to the task,” said Senator Lindsey Graham a Republican. “It’s time to up our game in this country.”
Graham said he is working with Senator Elizabeth Warren, a Democrat, to create a regulatory system that would have “teeth,” similar to what has been enacted in Europe.
“I’m not reaching any conclusions, but clearly what we’re doing right now is not working,” said Richard Blumenthal, a Democrat on the committee, who raised the possibility of creating a new government agency to regulate tech companies and protect consumers.
One senator, Mazie Hirono, a Democrat, appeared exasperated that Twitter has not been held to account even though it has paid a $150 million fine for violating a consent decree with the Federal Trade Commission on protecting users’ data.
“Do people need to go to prison?” she asked Zatko.
“I think holding people accountable is a good start,” he replied.
Zatko, a former high-profile computer hacker who became head of cybersecurity research at a Defense Department research and development agency known as DARPA and subsequently worked at Google before joining Twitter in 2020, also testified there were suspected foreign agents working inside Twitter — from China, India and Nigeria — and that there was no way to track their access to company databases, including those containing users’ personal information.
Zatko said when he raised his concern with another Twitter executive about a particular suspected foreign agent inside the company that person replied: “Well, since we already have one, what does it matter if we have more?”
Twitter’s hiring process is independent of any foreign influence and access to data is managed through measures including background checks, access controls, and monitoring and detection systems and processes, according to a Twitter company spokesman.
“Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies,” a Twitter company spokesperson, who declined to be publicly identified, responded to VOA and did not elaborate.
Twitter Chief Executive Officer Parag Agrawal declined to voluntarily appear before the committee on Tuesday. Durbin and Grassley told reporters they will discuss issuing a subpoena to compel the executive to appear.
Zatko “continues to believe that through this public disclosure process, real world harm for Twitter users may be avoided and our country’s national security better protected,” said his attorney, Alexis Ronickher, in a statement following the hearing.
Following Zatko’s testimony, Twitter announced that its shareholders have approved a $44 billion takeover offer from Tesla Chief Executive Officer Elon Musk. But since making the bid, the billionaire has terminated the agreement, accusing Twitter of misrepresenting the number of authentic users. Twitter has countersued, and the matter is scheduled to be heard in Delaware’s chancery court next month.
A judge in the state of Delaware ruled last week that Zatko’s claims can be included in Musk’s case against Twitter.
Peiter “Mudge” Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress Tuesday.
Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concern over the safety of powerful tech platforms.
It’s Zatko’s second Capitol Hill appearance, and in some ways a 21st-century echo of his first. In 1998, he testified before a Senate panel along with fellow members of a hacker collective who warned about the security dangers of the then-emerging internet age.
Zatko, a respected cybersecurity expert, was Twitter’s head of security until he was fired early this year. He brought the stunning allegations to Congress and federal regulators, asserting that the influential social platform misled regulators about its cyber defenses and efforts to control millions of “spam” or fake accounts.
Sen. Dick Durbin, the Illinois Democrat who chairs the panel, has said that if Zatko’s claims are accurate, “they may show dangerous data privacy and security risks for Twitter users around the world.”
Zatko’s accusations are also playing into billionaire tycoon Elon Musk’s battle with Twitter. The Tesla CEO is trying to get out of his $44 billion bid to buy the company; Twitter has sued to force him to complete the deal. The Delaware judge overseeing that case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial set to start October 17.
The allegation that Twitter engaged in deception in its handling of automated “spam bot” accounts is at the core of Musk’s attempt to back out of the Twitter deal.
At the same time, many of Zatko’s claims are uncorroborated and appear to have little documentary support. In a statement, Twitter has called Zatko’s description of events “a false narrative.”
Also Tuesday, Twitter’s shareholders are scheduled to vote on the company’s pending buyout by Musk. The vote is something of a formality given that the deal is on hold while the court case plays out. But if the measure passes as expected, it would pave the way for a Musk takeover should Twitter prevail in court.
Zatko also filed complaints with the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.
The SEC is questioning Twitter about how it counts fake accounts on its platform. Twitter uses counts of its presumably real users to attract advertisers, whose payments make up about 90% of its revenue. The “spam bots” have no value to advertisers because there’s no person behind them.
San Francisco-based Twitter has an estimated 238 million daily active users worldwide. The company says it removes 1 million spam accounts daily.
Zatko’s 84-page complaint alleges that he found “extreme, egregious deficiencies” on the platform, including issues with “user privacy, digital and physical security, and platform integrity/content moderation.”
It accuses CEO Parag Agrawal and other senior executives and board members of making “false and misleading statements to users and the FTC” about these issues. Twitter denies those claims and has said that Zatko was fired in January for “ineffective leadership and poor performance.” Zatko’s attorneys say the performance claim is false.
Twitter also hinted that Zatko’s complaint might be designed to bolster Musk’s legal fight with the company. Twitter called Zatko’s complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies, and lacks important context.”
News of Zatko’s complaint surfaced August 23, almost two months before the Twitter-Musk trial is scheduled to begin. One of Zatko’s attorneys has said “he’s never met Elon Musk. Doesn’t know Elon Musk. They know people in common.”
The company also says it has significantly tightened security since 2020.
Among Zatko’s specific allegations:
— The company had such poor cybersecurity that it easily could have been exposed to outside attacks or attempts to siphon off its internal data.
—The company lacked effective leadership, with its top executives practicing “deliberate ignorance” of pressing problems. Zatko described former CEO Jack Dorsey as “extremely disengaged” during the last months of his tenure, to the point where he wouldn’t even speak during meetings on complex issues. Dorsey stepped down in November 2021.
—That Twitter knowingly allowed the government of India to place its agents on the company payroll, where they had “direct unsupervised access” to highly sensitive data on users. It makes a parallel but less detailed accusation that Twitter took funding from unidentified Chinese entities who may have gained access enabling them to access the identities and sensitive data of Chinese users who secretly use Twitter, which is officially banned in China.
Better known by his hacker handle “Mudge,” Zatko, 51, first gained prominence in the 1990s. He was the best-known member of the Boston-based collective L0pht, which pioneered ethical hacking, embarrassing companies including Microsoft for poor security. His work raised awareness in the computing world that forced such major companies to take security seriously. He co-founded the consultancy @Stake, which was later acquired by Symantec.
Zatko later worked in senior positions at the Pentagon’s Defense Advanced Research Projects Agency and Google. He joined Twitter at Dorsey’s urging in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, attempting to scam their followers out of bitcoin.
An army of computer programmers scattered across the globe is set to attempt one of the biggest software upgrades the crypto sector has ever seen this week to reduce its environmentally unfriendly energy consumption.
Developers have spent years working on a more energy-efficient version of the ethereum blockchain, a digital ledger that underpins a multibillion-dollar ecosystem of cryptocurrencies, digital tokens (NFTs), games and apps.
Ethereum — the second most important blockchain after bitcoin — burns through more power each year than New Zealand.
Experts say the changeover, expected to take place between Tuesday and Thursday, would slash energy consumption by more than 99%.
Enthusiasts hope a greener ethereum will spur wider adoption, particularly as a way of enabling banks to automate transactions and other processes.
But so far the technology has been used largely to create speculative financial products.
The ING bank said in a recent note that the switchover might help ethereum gain acceptability among policymakers and regulators.
“This in turn may provide a boost to traditional financial institutions’ willingness to develop ethereum-based services,” the bank said.
The switchover, dubbed “the merge,” will change the way transactions are logged.
At the moment, so-called crypto miners use energy-guzzling rigs of computers to solve puzzles that reward them with new coins — a system known as “proof of work.”
The new system will get rid of those miners and their computer stacks overnight.
Instead, “validators” will have to put up 32 ether (worth about $55,000) — ethereum’s cryptocurrency — to participate in the new “proof of stake” system where they earn rewards for their work.
But the merge process will be risky.
Blockchain company Consensys called it a “monumental technological milestone” and the biggest update to ethereum since it was launched in 2015.
Critics have questioned whether such an upgrade will pass off without incident, given the sector’s history of instability.
Ethereum went offline in May for three hours when a new NFT project sparked a surge in buyers that overwhelmed the network.
Several exchanges and crypto companies said they would halt transactions during the merge process.
The upgrade also faces a possible rebellion from crypto mining companies whose business will be severely damaged.
They can try to hijack the process or create a “fork,” basically a smaller blockchain that would continue with the old mechanism.
And even if the “merge” is successful, ethereum will still face major hurdles before it can be more widely adopted.
For example, it is expensive to use and the update will not reduce fees.
And the wider crypto sector is beset by wildly fluctuating prices, security flaws and an array of scams.
Crypto lawyer Charles Kerrigan from the firm CMS told AFP that ethereum was “decentralized and complicated” and had not yet been tested enough for governments and banks to get onboard.
“There have been questions about how easily it could deal with upgrades of the type that traditional software vendors provide to customers,” he said. “A successful merge will answer those questions.”