U.S. tech giants eye Artificial Intelligence key to unlock China push

A Google sign is seen during the WAIC (World Artificial Intelligence Conference) in Shanghai, China, September 17, 2018. REUTERS/Aly Song

By Cate Cadell

SHANGHAI (Reuters) – U.S. technology giants, facing tighter content rules in China and the threat of a trade war, are targeting an easier way into the world’s second-largest economy – artificial intelligence.

Google, Microsoft Inc and Amazon Inc showcased their AI wares at a state-backed forum held in Shanghai this week against the backdrop of Beijing’s plans to build a $400 billion AI industry by 2025.

China’s government and companies may compete against U.S. rivals in the global AI race, but they are aware that gaining ground won’t be easy without a certain amount of collaboration.

“Hey Google, let’s make humanity great again,” Tang Xiao’ou, CEO of Chinese AI and facial recognition unicorn Sensetime, said in a speech on Monday.

Amazon and Microsoft announced plans on Monday to build new AI research labs in Shanghai. Google also showcased a growing suite of China-focused AI tools at its packed event on Tuesday.

Google in the past year has launched AI-backed products including a translate app and a drawing game, its first new consumer products in China since its search engine was largely blocked in 2010.

The World Artificial Intelligence Conference, which ends on Wednesday, is hosted by China’s top economic planning agency alongside its cyber and industry ministries. The conference aims to show the country’s growing might as a global AI player.

China’s ambition to be a world leader in AI has created an opening for U.S. firms, which attract the majority of top global AI talents and are keen to tap into China’s vast data.

The presence of global AI research projects is also a boon for China, which aims to become a global technology leader in the next decade.

Liu He, China’s powerful vice premier and the key negotiator in trade talks with the United States, said his country wanted a more collaborative approach to AI technology.

“As members of a global village, I hope countries can show inclusive understanding and respect for each other, deal with the double-sword technologies can bring, and embrace AI challenges together,” he told the forum.

Beijing took an aggressive stance when it laid out its AI roadmap last year, urging companies, the government and military to give China a “competitive edge” over its rivals.

STATE-BACKED AI

Chinese attendees at the forum were careful to cite the guiding role of the state in the country’s AI sector.

“The development of AI is led by government and executed by companies,” a Chinese presenter said in between speeches on Monday by China’s top tech leaders, including Alibaba Holding Ltd chairman Jack Ma, Tencent Holdings Ltd chief Pony Ma and Baidu Inc CEO Robin Li.

While China may have enthusiasm for foreign AI projects, there is little indication that building up local AI operations will open doors for foreign firms in other areas.

China’s leaders still prefer to view the Internet as a sovereign project. Google’s search engine remains blocked, while Amazon had to step back from its cloud business in China.

Censorship and local data rules have also hardened in China over the past two years, creating new hoops for foreign firms to jump through if they want to tap the booming internet sector.

Nevertheless, some speakers paid tribute to foreign AI products, including Xiami Corp chief executive Lei Jun, who hailed Google’s Alpha Go board game program as a major milestone, saying he was a fan of the game himself.

Alibaba’s Ma said innovation needed space to develop and it was not the government’s role to protect business.

“The government needs to do what the government should do, and companies need to do what they should do,” he said.

(Reporting by Cate Cadell; Editing by Adam Jourdan and Darren Schuettler)

Russian hackers targeted U.S. Senate, think tanks: Microsoft

FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Phot

By Brendan O’Brien

(Reuters) – Microsoft Corp charged that hackers linked to Russia’s government sought to launch cyber attacks on the U.S. Senate and conservative American think tanks, warning that Moscow is broadening attacks ahead of November’s congressional elections.

The world’s biggest software company said late on Monday that it last week took control of six web domains that hackers had created to mimic sites belonging to the Senate and the think tanks. Users who visited the fake sites were asked to enter login credentials.

It is the latest in a string of actions Microsoft has taken to thwart what it charges are Russian government hacking attempts. The company said it has shut down 84 fake websites in 12 court-approved actions over the past two years.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith said in a blog post.

Microsoft said it had no evidence that the hackers had succeeded in compromising any user credentials before it took control of the malicious sites.

The Kremlin rejected the Microsoft allegations and said there was no evidence to support them.

“We don’t know what hackers they are talking about,” Kremlin spokesman Dmitry Peskov told reporters. “Who exactly are they talking about? We don’t understand what the proof and the basis is for them drawing these kind of conclusions. Such information (proof) is lacking.”

Moscow has repeatedly dismissed allegations that it has used hackers to influence U.S. elections and political opinion.

The targets, Microsoft said, included the International Republican Institute, whose high-profile Republican board members include Senator John McCain of Arizona, who has criticized U.S. President Donald Trump’s interactions with Russia and Moscow’s rights record.

The Hudson Institute, another target, has hosted discussions on topics including cyber security, according to Microsoft. It has also examined the rise of kleptocracy, especially in Russia, and has been critical of the Russian government.

Other malicious domains were used to mimic legitimate sites used by the U.S. Senate and Microsoft’s Office software suite, the company said.

CYBER TENSIONS

Microsoft’s report came amid increasing tensions between Moscow and Washington ahead of midterm elections in November.

A U.S. federal grand jury indicted 12 Russian intelligence officers in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.

Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether Trump’s campaign worked with Russians to sway the vote. Russia denies interfering in the elections and Trump has denied any collusion.

The type of attack is known as “spear fishing,” in which the hackers trick victims into entering their username and password into a fake site in order to steal their credentials.

Facebook Inc said late last month it had removed 32 pages and fake accounts from its platforms in a bid to combat foreign meddling ahead of the U.S. votes.

The company stopped short of identifying the source of the misinformation. But members of Congress who had been briefed by Facebook on the matter said the methodology of the influence campaign suggested Russian involvement.

(Reporting by Brendan O’Brien; Additional reporting by Andrew Osborn and Tom Balmforth in Moscow; Editing by Jim Finkle and Steve Orlofsky)

Nasdaq surges at open after strong Amazon, Microsoft earnings

(Reuters) – The tech-heavy Nasdaq opened 1 percent higher on Friday after stellar results from Amazon, Microsoft and Intel, while a 3 percent drop in Exxon weighed on the Dow and S&P.

The Dow Jones Industrial Average rose 19.80 points, or 0.08 percent, at the open to 24,342.14. The S&P 500 opened higher by 8.53 points, or 0.32 percent, at 2,675.47. The Nasdaq Composite gained 76.84 points, or 1.08 percent, to 7,195.52 at the opening bell.

(Reporting by Sruthi Shankar in Bengaluru; Editing by Shounak Dasgupta)

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)

Social media companies accelerate removals of online hate speech

A man reads tweets on his phone in front of a displayed Twitter logo in Bordeaux, southwestern France, March 10, 2016. REUTERS/Regis

By Julia Fioretti

BRUSSELS (Reuters) – Social media companies Facebook, Twitter and Google’s YouTube have accelerated removals of online hate speech in the face of a potential European Union crackdown.

The EU has gone as far as to threaten social media companies with new legislation unless they increase efforts to fight the proliferation of extremist content and hate speech on their platforms.

Microsoft, Twitter, Facebook and YouTube signed a code of conduct with the EU in May 2016 to review most complaints within a 24-hour timeframe. Instagram and Google+ will also sign up to the code, the European Commission said.

The companies managed to review complaints within a day in 81 percent of cases during monitoring of a six-week period towards the end of last year, EU figures released on Friday show, compared with 51 percent in May 2017 when the Commission last examined compliance with the code of conduct.

On average, the companies removed 70 percent of the content flagged to them, up from 59.2 percent in May last year.

EU Justice Commissioner Vera Jourova has said that she does not want to see a 100 percent removal rate because that could impinge on free speech.

She has also said she is not in favor of legislating as Germany has done. A law providing for fines of up to 50 million euros ($61.4 million) for social media companies that do not remove hate speech quickly enough went into force in Germany this year.

Jourova said the results unveiled on Friday made it less likely that she would push for legislation on the removal of illegal hate speech.

‘NO FREE PASS’

“The fact that our collaborative approach on illegal hate speech brings good results does not mean I want to give a free pass to the tech giants,” she told a news conference.

Facebook reviewed complaints in less than 24 hours in 89.3 percent of cases, YouTube in 62.7 percent of cases and Twitter in 80.2 percent of cases.

“These latest results and the success of the code of conduct are further evidence that the Commission’s current self-regulatory approach is effective and the correct path forward.” said Stephen Turner, Twitter’s head of public policy.

Of the hate speech flagged to the companies, almost half of it was found on Facebook, the figures show, while 24 percent was on YouTube and 26 percent on Twitter.

The most common ground for hatred identified by the Commission was ethnic origin, followed by anti-Muslim hatred and xenophobia, including expressions of hatred against migrants and refugees.

Pressure from several European governments has prompted social media companies to step up efforts to tackle extremist online content, including through the use of artificial intelligence.

YouTube said it was training machine learning models to flag hateful content at scale.

“Over the last two years we’ve consistently improved our review and action times for this type of content on YouTube, showing that our policies and processes are effective, and getting better over time,” said Nicklas Lundblad, Google’s vice president of public policy in EMEA.

“We’ve learned valuable lessons from the process, but there is still more we can do.”

The Commission is likely to issue a recommendation at the end of February on how companies should take down extremist content related to militant groups, an EU official said.

(Reporting by Julia Fioretti; Additional reporting by Foo Yun Chee; Editing by Grant McCool and David Goodman)

Tech companies wage war on disease-carrying mosquitoes

Researcher Ethan Jackson places the Project Premonition mosquito trap in the wild in this handout photo obtained by Reuters June 30, 2017. Microsoft/Handout via REUTERS

By Julie Steenhuysen

CHICAGO (Reuters) – American technology companies are bringing automation and robotics to the age-old task of battling mosquitoes in a bid to halt the spread of Zika and other mosquito-borne maladies worldwide.

Firms including Microsoft Corp and California life sciences company Verily are forming partnerships with public health officials in several U.S. states to test new high-tech tools.

In Texas, Microsoft is testing a smart trap to isolate and capture Aedes aegypti mosquitoes, known Zika carriers, for study by entomologists to give them a jump on predicting outbreaks.

Verily, Alphabet’s life sciences division based in Mountain View, California, is speeding the process for creating sterile male mosquitoes to mate with females in the wild, offering a form of birth control for the species.

While it may take years for these advances to become widely available, public health experts say new players brings fresh thinking to vector control, which still relies heavily on traditional defenses such as larvicides and insecticides. “It’s exciting when technology companies come on board,” said Anandasankar Ray, an associate professor of entomology at the University of California, Riverside. “Their approach to a biological challenge is to engineer a solution.”

SMART TRAPS

The Zika epidemic that emerged in Brazil in 2015 and left thousands of babies suffering from birth defects has added urgency to the effort.

While cases there have slowed markedly, mosquitoes capable of carrying the virus – Aedes aegypti and Aedes albopictus – are spreading in the Americas, including large swaths of the southern United States.

(For a map of U.S. mosquito territory, see http://tmsnrt.rs/2tqlJHa)

The vast majority of the 5,365 Zika cases reported in the United States so far are from travelers who contracted the virus elsewhere. Still, two states – Texas and Florida – have recorded cases transmitted by local mosquitoes, making them prime testing grounds for new technology.

In Texas, 10 mosquito traps made by Microsoft are operating in Harris County, which includes the city of Houston.

Roughly the size of large birdhouses, the devices use robotics, infrared sensors, machine learning and cloud computing to help health officials keep tabs on potential disease carriers.

Texas recorded six cases of local mosquito transmission of Zika in November and December of last year. Experts believe the actual number is likely higher because most infected people do not develop symptoms.

Pregnant women are at high risk because they can pass the virus to their fetuses, resulting in a variety of birth defects. Those include microcephaly, a condition in which infants are born with undersized skulls and brains. The World Health Organization declared Zika a global health emergency in February 2016.

Most conventional mosquito traps capture all comers – moths, flies, other mosquito varieties – leaving a pile of specimens for entomologists to sort through. The Microsoft machines differentiate insects by measuring a feature unique to each species: the shadows cast by their beating wings. When a trap detects an Aedes aegypti in one of its 64 chambers, the door slams shut.

The machine “makes a decision about whether to trap it,” said Ethan Jackson, a Microsoft engineer who is developing the device.

The Houston tests, begun last summer, showed the traps could detect Aedes aegypti and other medically important mosquitoes with 85 percent accuracy, Jackson said.

The machines also record shadows made by other insects as well as environmental conditions such as temperature and humidity. The data can be used to build models to predict where and when mosquitoes are active.

Mustapha Debboun, director of Harris County’s mosquito and vector control division, said the traps save time and give researchers more insight into mosquito behavior. “For science and research, this is a dream come true,” he said.

The traps are prototypes now. But Microsoft’s Jackson said the company eventually hopes to sell them for a few hundred dollars each, roughly the price of conventional traps. The goal is to spur wide adoption, particularly in developing countries, to detect potential epidemics before they start.

“What we hope is (the traps) will allow us to bring more precision to public health,” Jackson said.

SORTING MOSQUITOES WITH ROBOTS

Other companies, meanwhile, are developing technology to shrink mosquito populations by rendering male Aedes aegypti mosquitoes sterile. When these sterile males mate with females in the wild, their eggs don’t hatch.

The strategy offers an alternative to chemical pesticides. But it requires the release of millions of laboratory-bred mosquitoes into the outdoors. Males don’t bite, which has made this an easier sell to places now hosting tests.

Oxitec, an Oxford, England-based division of Germantown, Maryland-based Intrexon Corp, is creating male mosquitoes genetically modified to be sterile. It has already deployed them in Brazil, and is seeking regulatory approval for tests in Florida and Texas.

MosquitoMate Inc, a startup formed by researchers at the University of Kentucky, is using a naturally occurring bacterium called Wolbachia to render male mosquitoes sterile.

One of the biggest challenges is sorting the sexes.

At MosquitoMate’s labs in Lexington, immature mosquitoes are forced through a sieve-like mechanism that separates the smaller males from the females. These mosquitoes are then hand sorted to weed out any stray females that slip through.

“That’s basically done using eyeballs,” said Stephen Dobson, MosquitoMate’s chief executive.

Enter Verily. The company is automating mosquito sorting with robots to make it faster and more affordable. Company officials declined to be interviewed. But on its website, Verily says it’s combining sensors, algorithms and “novel engineering” to speed the process.

Verily and MosquitoMate have teamed up to test their technology in Fresno, California, where Aedes aegypti arrived in 2013.

Officials worry that residents who contract Zika elsewhere could spread it in Fresno if they’re bitten by local mosquitoes that could pass the virus to others.

“That is very much of a concern because it is the primary vector for diseases such as dengue, chikungunya and obviously Zika,” said Steve Mulligan, manager of the Consolidated Mosquito Abatement District in Fresno County.

The study, which still needs state and federal approval, is slated for later this summer.

(Editing by Marla Dickerson)

Russia causing cyber mayhem, should face retaliation: ex-UK spy chief

The director of Britain's GCHQ Robert Hannigan delivers a speech at Government Communications Headquarters in Cheltenham, November 17, 2015.

By Michael Holden

LONDON (Reuters) – Russia is causing cyberspace mayhem and should face retaliation if it continues to undermine democratic institutions in the West, the former head of Britain’s GCHQ spy agency said on Monday.

Russia denies allegations from governments and intelligence services that it is behind a growing number of cyber attacks on commercial and political targets around the world, including the hackings of recent U.S. and French presidential election campaigns.

Asked if the Russian authorities were a threat to the democratic process, Robert Hannigan, who stepped down as head of the UK’s intelligence service in March, said: “Yes … There is a disproportionate amount of mayhem in cyberspace coming from Russia from state activity.”

In his first interview since leaving GCHQ, Hannigan told BBC radio that it was positive that French President Emmanuel Macron and German Chancellor Angela Merkel had publicly “called this out recently”.

Standing alongside Russian President Vladimir Putin in May, Macron said state-funded Russian news outlets had sought to destabilize his campaign while the head of Germany’s domestic intelligence agency said last week it was expecting Russia to try to influence the German election in September.

“Ultimately people will have to push back against Russian state activity and show that it’s unacceptable,” he said.

“It doesn’t have to be by cyber retaliation, but it may be that is necessary at some time in the future. It may be sanctions and other measures, just to put down some red lines and say that this behavior is unacceptable.”

Hannigan also said it would be a mistake to force social media companies to allow intelligence agencies to access services protected by encryption through so-called “back door” access.

“The best you can do with end-to-end encryption is work with companies in a cooperative way to find ways around it frankly,” he said. He said such “back doors” would weaken systems.

Hannigan also said governments should wait to see how a global working group on tackling online extremism established by Facebook, Google’s YouTube, Twitter and Microsoft performed before seeking new laws.

“Legislation is a blunt last resort because frankly extremism is very difficult to define in law and you could spend all your time in court arguing about whether a particular video crosses the line or not,” he said.

Last month, Germany approved a plan to fine social media networks up to 50 million euros ($57 million) if they failed to remove hateful postings promptly. Britain has also mooted bringing in possible sanctions for tech firms that failed to remove extremist content.

 

 

(Editing by Raissa Kasolowsky)

 

Security experts find clues to ransomware worm’s lingering risks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

(Corrects spelling of first name in paragraph 22 of this May 18 story to Salim from Samil)

By Eric Auchard

FRANKFURT (Reuters) – Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.

Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia, believing that identifying “patient zero” could help catch its criminal authors.

They are having more luck dissecting flaws that limited its spread.

Security experts warn that while computers at more than 300,000 internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.

“Some organizations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are short-staffed,” said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit.

“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.

WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7, said Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity.

Data from BitSight covering 160,000 internet-connected computers hit by WannaCry, shows that Windows 7 accounts for 67 percent of infections, although it represents less than half of the global distribution of Windows PC users.

Computers running older versions, such as Windows XP used in Britain’s NHS health system, while individually vulnerable to attack, appear incapable of spreading infections and played a far smaller role in the global attack than initially reported.

In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.

Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, BitSight estimated.

COMPUTER BASICS

Any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical” when it was released on March 14 on all computers on their networks are immune, experts agree.

Those hit by WannaCry also failed to heed warnings last year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.

“Clearly people who run supported versions of Windows and patched quickly were not affected”, Trustwave’s Mador said.

Microsoft has faced criticism since 2014 for withdrawing support for older versions of Windows software such as 16-year-old Windows XP and requiring users to pay hefty annual fees instead. The British government canceled a nationwide NHS support contract with Microsoft after a year, leaving upgrades to local trusts.

Seeking to head off further criticism in the wake of the WannaCry outbreak, the U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers.(http://reut.rs/2qvSPUR)

Microsoft declined to comment for this story.

On Sunday, the U.S. software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet (http://reut.rs/2qAOdLm).

Half of all internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 percent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.(http://tmsnrt.rs/2qIUckv)

DUMB AND SOPHISTICATED

The ransomware mixes copycat software loaded with amateur coding mistakes and recently leaked spy tools widely believed to have been stolen from the U.S. National Security Agency, creating a vastly potent class of crimeware.

“What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption”, said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.

Last Friday, the company’s British-based 22-year-old data breach research chief, Marcus Hutchins, created a “kill-switch”, which security experts have widely hailed as the decisive step in halting the ransomware’s rapid spread around the globe.

WannaCry appears to target mainly enterprises rather than consumers: Once it infects one machine, it silently proliferates across internal networks which can connect hundreds or thousands of machines in large firms, unlike individual consumers at home.

An unknown number of computers sit behind the 300,000 infected internet connections identified by Kryptos.

Because of the way WannaCry spreads sneakily inside organization networks, a far larger total of ransomed computers sitting behind company firewalls may be hit, possibly numbering upward of a million machines. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday.

Liran Eshel, chief executive of cloud storage provider CTERA Networks, said: “The attack shows how sophisticated ransomware has become, forcing even unaffected organizations to rethink strategies.”

ESCAPE ROUTE

Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.

However, a bug in WannaCry code means the attackers cannot use unique bitcoin addresses to track payments, security researchers at Symantec found this week. The result: “Users unlikely to get files restored”, the company’s Security Response team tweeted.

The rapid recovery by many organizations with unpatched computers caught out by the attack may largely be attributed to back-up and retrieval procedures they had in place, enabling technicians to re-image infected machines, experts said.

While encrypting individual computers it infects, WannaCry code does not attack network data-backup systems, as more sophisticated ransomware packages typically do, security experts who have studied WannaCry code agree.

These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.

Less than 300 payments worth around $83,000 had been paid into WannaCry blackmail accounts by Thursday (1800 GMT), six days after the attack began and one day before the ransomware threatens to start locking up victim computers forever. (Reuters graphic: [http://tmsnrt.rs/2rqaLyz)

The Verizon 2017 Data Breach Investigations Report, the most comprehensive annual survey of security breakdowns, found that it takes three months before at least half of organizations install major new software security patches.

WannaCry landed nine weeks after Microsoft’s patch arrived.

“The same things are causing the same problems. That’s what the data shows,” MWR research head Pratley said.

“We haven’t seen many organizations fall over and that’s because they did some of the security basics,” he said.

For a graphic on WannaCry worm, click http://fingfx.thomsonreuters.com/gfx/rngs/CYBER-ATTACK/010041552FY/index.html

(Editing by Philippa Fletcher)

More disruptions feared from cyber attack; Microsoft slams government secrecy

Indonesia's Minister of Communications and Information, Rudiantara, speaks to journalists during a press conference about the recent cyber attack, at a cafe in Jakarta, Indonesia

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware worm that disrupted operations at car factories, hospitals, shops and schools, while Microsoft on Sunday pinned blame on the U.S. government for not disclosing more software vulnerabilities.

Cyber security experts said the spread of the worm dubbed WannaCry – “ransomware” that locked up more than 200,000 computers in more than 150 countries – had slowed but that the respite might only be brief amid fears new versions of the worm will strike.

In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the U.S. National Security Agency, that leaked online in April.

“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. He added that governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.

Economic experts offered differing views on how much the attack, and associated computer outages, would cost businesses and governments.

The non-profit U.S. Cyber Consequences Unit research institute estimated that total losses would range in the hundreds of millions of dollars, but not exceed $1 billion.

Most victims were quickly able to recover infected systems with backups, said the group’s chief economist, Scott Borg.

California-based cyber risk modeling firm Cyence put the total economic damage at $4 billion, citing costs associated with businesses interruption.

U.S. President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an “emergency meeting” to assess the threat posed by the global attack, a senior administration official told Reuters.

Senior U.S. security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the NSA were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

The investigations into the attack were in the early stages, however, and attribution for cyber attacks is notoriously difficult.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet last month by a hacking group known as the Shadow Brokers.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

MONDAY MORNING RUSH?

Monday was expected to be a busy day, especially in Asia, which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.

“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

The attack hit organizations of all sizes.

Renault said it halted manufacturing at plants in France and Romania to prevent the spread of ransomware.

Other victims include is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and international shipper FedEx Corp

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records.

Account addresses hard-coded into the malicious WannaCry virus appear to show the attackers had received just under $32,500 in anonymous bitcoin currency as of (1100 GMT) 7 a.m. EDT on Sunday, but that amount could rise as more victims rush to pay ransoms of $300 or more.

The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm’s spread by registering a web address to which he noticed the malware was trying to connect.

Security experts said his move bought precious time for organizations seeking to block the attacks.

(Additional reporting by Jim Finkle, Neil Jerome Morales, Masayuki Kitano, Kiyoshi Takenaka, Jose Rodriguez, Elizabeth Piper, Emmanuel Jarry, Orathai Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold, Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen and Nick Zieminski; Editing by Mark Heinrich and Peter Cooney)

‘Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president

microsoft president brad smith

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

Countries need to develop and abide by global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two, Smith said. Technology companies, he added, need to preserve trust and stability online by pledging neutrality in cyber conflict.

“We need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a blog post.

Smith outlined his proposal during keynote remarks at this week’s RSA cybersecurity conference in San Francisco, following a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.

Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Smith said President Donald Trump has an opportunity to build on those agreements by sitting down with Russian President Vladimir Putin to “hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.”

A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.

(Reporting by Dustin Volz; Editing by Dan Grebler)