Posts Tagged ‘LinkedIn’

Chinese Foreign Ministry denies claims that intelligence services used LinkedIn to gather information

December 11, 2017

 Image result for logo for LinkedIn shown in California,, picture

The logo for LinkedIn shown in California, US. PHOTO: REUTERS

Speaking at a regular press briefing in Beijing on Monday (Dec 11), Chinese Foreign Ministry spokesman Lu Kang said the accusations were baseless.

“We hope the relevant German organisations, particularly government departments, can speak and act more responsibly, and not do things that are not beneficial to the development of bilateral relations,” he said.

Germany’s intelligence service had earlier published the details of social network profiles which it says were fronts faked by Chinese intelligence to gather personal information about German officials and politicians.

The BfV domestic intelligence service took the unusual step of naming individual profiles it says were fake and fake organisations to warn public officials about the risk of leaking valuable personal information via social media.

“Chinese intelligence services are active on networks like LinkedIn and have been trying for a while to extract information and find intelligence sources in this way,” including seeking data on users’ habits, hobbies and political interests, they said.

Nine months of research had found that more than 10,000 German citizens had been contacted on the LinkedIn professional networking site by fake profiles disguised as headhunters, consultants, think-tankers or scholars, the BfV said.

“There could be a large number of target individuals and fake profiles that have not yet been identified,” they added.

Among the faked profiles whose details were published were that of “Rachel Li”, identified as a “headhunter” at “RiseHR”, and an “Alex Li”, a “Project Manager at Center for Sino-Europe Development Studies”.

Many of the profile pictures show stylish and visually appealing young men and women. The picture of “Laeticia Chen”, a manager at the “China Center of International Politics and Economy” was nicked from an online fashion catalogue, an official said.

A Reuters review of the profiles showed that some were connected to senior diplomats and politicians from several European countries. There was no way to establish whether contacts had taken place beyond the initial social media “add”.

The warning reflects growing concern in European and western intelligence circles at Chinese covert activities in their countries and follows warnings from the US Central Intelligence Agency over attempts by the economic giant’s security services to recruit US citizens as agents.

The BfV invited concerned users to contact them if they encountered social media profiles that seemed suspect.

Advertisements

Moscow says Twitter to store user data in Russia

November 8, 2017

AFP

© AFP/File / by Anna SMOLCHENKO | Social media sites Twitter and Facebook are widely used by the opposition to Russian President Vladimir Putin to coordinate protests and make political statements
MOSCOW (AFP) – Russia’s telecoms watchdog said Wednesday that Twitter had agreed to store the personal data of Russian nationals on servers located in Russia by mid-2018 to avoid the prospect of a ban.

The statement from Roskomnadzor came after pro-government newspaper Izvestia earlier Wednesday reported that Twitter had agreed to comply with Russian legislation and was now looking for sites for its servers in Russia.

“On April 13, 2017 Roskomnadzor received a letter from Twitter confirming its readiness to locate servers in Russia by the middle of 2018,” the telecoms watchdog said in a statement sent to AFP.

 Image result for Roskomnadzor, photos

The watchdog had received the letter following a meeting between Twitter representatives and Roskomnadzor officials in March, it said, adding it was monitoring the implementation of the agreement.

There was no official comment from Twitter but a source close to the matter told AFP that Twitter had only agreed to “review” the law.

Twitter is “only reviewing users with ‘commercial relationships’ – that is, advertisers only and no decision has been made,” the source said.

The company wants to ensure that the storage of data in separate locations (outside the United States) “does not create a security risk or any vulnerability for Russian users and their accounts,” the source added.

A 2014 law requiring foreign messaging services, search engines and social networking sites to store the personal data of Russian users inside the country has caused widespread concern as it was seen as putting the information at risk of being accessed by Russian intelligence services.

Twitter and Facebook are widely used by the opposition to President Vladimir Putin to coordinate protests and make political statements.

Russia is gearing up for a presidential election in March.

– Facebook’s Russia branch? –

Russia’s telecoms regulator has repeatedly warned Facebook and Twitter they could be banned in 2018 unless they comply with the law.

Roskomnadzor also said Wednesday that Facebook had not told it whether it planned to store the personal data of Russian nationals on Russian servers.

Izvestia, citing sources familiar with the situation, said Facebook was gearing up to open a branch in Russia.

“This could mean that the company has decided to develop business in our country according to the norms of Russian legislation. Including the implementation of the norms of legislation about personal data,” the Russian watchdog said.

“This can only be welcomed.”

The watchdog said it would in the near future conduct a probe to see if Facebook complied with Russian legislation, threatening to take action in case of violations.

Russian internet providers last year blocked the LinkedIn professional networking site after Roskomnadzor said it broke the law on personal data storage.

Russia also fined the popular Telegram messenger app last month for failing to provide the country’s security services with encryption keys to read users’ messaging data.

Image result for Roskomnadzor, photos

Last month Twitter banned advertisements from Russia’s state-controlled RT and Sputnik media outlets in response to US intelligence findings that they sought to spread misinformation during the 2016 presidential election.

In June, China implemented a controversial cybersecurity law that tightens restrictions on online freedom of speech and imposes new rules on service providers, including one requiring tech companies to store user data inside the country.

by Anna SMOLCHENKO

Russia threatens to ban Facebook in 2018 over data law

September 26, 2017

AFP

© AFP/File | A controversial law passed in 2014 requires foreign messaging services, search engines and social networking sites to store the personal data of Russian users inside Russia

MOSCOW (AFP) – Russia’s internet watchdog on Tuesday warned Facebook it would be banned in 2018 unless it complies with a law on storing local users’ data.”The law is compulsory for all,” the head of Roskomnadzor telecoms watchdog Alexander Zharov told journalists in Moscow, quoted by Interfax news agency.

“We will work on getting Facebook to observe the law,” Zharov said. “This will all happen in 2018 definitely.”

A controversial law passed in 2014 requires foreign messaging services, search engines and social networking sites to store the personal data of Russian users inside Russia.

The law, which was fiercely opposed by the telecommunications industry, is an apparent move to pressure sites such as Facebook and Twitter into handing over user information.

“In any case we will either get the law carried out or the company will stop working in Russia, as unfortunately happened to LinkedIn,” Zharov said.

“There are no exceptions here,” he added.

Russian internet providers last year blocked the LinkedIn professional networking site after Roskomnadzor said it broke the law on personal data storage.

Zharov’s comments came after Facebook revealed that Russia-linked fake accounts paid for ads that may have influenced last year’s US election.

Facebook said it was sharing its findings with the US authorities.

The threat of a ban also comes as Russia is gearing up for presidential elections in March next year. Facebook is widely used by the opposition to President Vladimir Putin to coordinate protests and make political statements.

Opposition leader Alexei Navalny, who intends to stand against Putin but will almost certainly be barred, uses Facebook to communicate with supporters.

The online platform allows him to bypass state television, which only gives him negative coverage.

“We understand very well that Facebook has a significant number of users in Russia, but on the other hand, we understand that it’s not a unique service, there are other social media sites,” said Zharov.

 

Related:

Russian cybercriminals — Young, rich, dangerous and driving everyone nuts

July 28, 2017

MOSCOW — Five alleged Russian cybercriminals have been arrested across Europe in American-initiated operations in the past nine months. Here’s a look at who they are, how they were caught and what they’re accused of doing.

— Pyotr Levashov, 36, is accused by U.S. prosecutors of being “one of the world’s most notorious criminal spammers.” Law enforcement and security researchers have linked Levashov, via his alias “Peter Severa,” to a series of powerful botnets — networks of hijacked computers carrying names like Storm, Waledec and Kelihos and capable of pumping out more than a billion emails a day. He was arrested in April when the AirBNB apartment he was sharing with his family in Barcelona was raided by police. He is fighting extradition; his wife says he’s innocent.

— Evgeny Nikulin, 29, is accused by U.S. prosecutors of penetrating computers at Silicon Valley firms including LinkedIn and Dropbox in 2012, around the time both companies reported massive breaches affecting tens of millions of users. A Lamborghini-lover who ran a popular Instagram account devoted to sports cars, Nikulin socialized with children of the Kremlin’s elite, including the daughter of Russian Defense Minister Sergei Shoigu. He was arrested at a Prague restaurant in October and is currently appealing the decision of a Czech court to OK his extradition. Russia has lodged a counter-extradition request in a bid to bring him home.

Image result for Lamborghini

— Alexander Vinnik, 38, is accused by U.S. prosecutors of running of major bitcoin exchange that “helped to launder criminal proceeds from syndicates around the world.” He was arrested earlier this week on the grounds of his hotel near Ouranoupolis in northern Greece — an area popular with Russian tourists. Vinnik, who was on vacation with his wife and two young children, was distracted by an innocuous question from a policeman while a second officer came up from the side and snatched his phone. The exchange he’s alleged to have run, BTC-e, is currently out of commission.

Image result for bitcoins, photos

— Stanislav Lisov, 31, is accused by U.S. prosecutors of developing malicious software called NeverQuest which stole information on banking clients and financial websites and caused almost $1 million in losses in the United States. Lisov, from the small resort town of Taganrog in southern Russia, was detained at Barcelona airport in January while in the middle of a European honeymoon. He has said he was formerly employed by IT company Ogetto that did work for the Russian government. Lisov had an extradition hearing in Madrid last week and is awaiting a ruling.

— Yury Martyshev, 35, is accused by U.S. prosecutors of running a “counter antivirus service” where cybercriminals could test whether their malware would be blocked by computer security products. He was extradited to the United States from Latvia after being detained on a train from Russia in April. He recently pleaded not guilty before a judge in Alexandria, Virginia.

*******************************************

Russian Espionage Piggybacks on a Cybercriminal’s Hacking

To the F.B.I., Evgeniy M. Bogachev is the most wanted cybercriminal in the world. The bureau has announced a $3 million bounty for his capture, the most ever for computer crimes, and has been trying to track his movements in hopes of grabbing him if he strays outside his home turf in Russia.

He has been indicted in the United States, accused of creating a sprawling network of virus-infected computers to siphon hundreds of millions of dollars from bank accounts around the world, targeting anyone with enough money worth stealing — from a pest control company in North Carolina to a police department in Massachusetts to a Native American tribe in Washington.

In December, the Obama administration announced sanctions against Mr. Bogachev and five others in response to intelligence agencies’ conclusions that Russia had meddled in the presidential election. Publicly, law enforcement officials said it was his criminal exploits that landed Mr. Bogachev on the sanctions list, not any specific role in the hacking of the Democratic National Committee.

But it is clear that for Russia, he is more than just a criminal. At one point, Mr. Bogachev had control over as many as a million computers in multiple countries, with possible access to everything from family vacation photographs and term papers to business proposals and highly confidential personal information. It is almost certain that computers belonging to government officials and contractors in a number of countries were among the infected devices. For Russia’s surveillance-obsessed intelligence community, Mr. Bogachev’s exploits may have created an irresistible opportunity for espionage.

Russia used Facebook to try to spy on Macron campaign – sources

July 27, 2017

Reuters

By Joseph Menn

July 27, 2017

SAN FRANCISCO (Reuters) – Russian intelligence agents attempted to spy on President Emmanuel Macron’s election campaign earlier this year by creating phony Facebook personas, according to a U.S. congressman and two other people briefed on the effort.

About two dozen Facebook accounts were created to conduct surveillance on Macron campaign officials and others close to the centrist former financier as he sought to defeat far-right nationalist Marine Le Pen and other opponents in the two-round election, the sources said. Macron won in a landslide in May.

Facebook said in April it had taken action against fake accounts that were spreading misinformation about the French election. But the effort to infiltrate the social networks of Macron officials has not previously been reported.

Image may contain: 2 people, closeup

Russia has repeatedly denied interfering in the French election by hacking and leaking emails and documents. U.S. intelligence agencies told Reuters in May that hackers with connections to the Russian government were involved, but they did not have conclusive evidence that the Kremlin ordered the hacking.

Facebook confirmed to Reuters that it had detected spying accounts in France and deactivated them. It credited a combination of improved automated detection and stepped-up human efforts to find sophisticated attacks.

Company officials briefed congressional committee members and staff, among others, about their findings. People involved in the conversations also said the number of Facebook accounts suspended in France for promoting propaganda or spam – much of it related to the election – had climbed to 70,000, a big jump from the 30,000 account closures the company disclosed in April.

Facebook did not dispute the figure.

No automatic alt text available.

Seeking Friends of Friends

The spying campaign included Russian agents posing as friends of friends of Macron associates and trying to glean personal information from them, according to the U.S. congressman and two others briefed on the matter.

Facebook employees noticed the efforts during the first round of the presidential election and traced them to tools used in the past by Russia’s GRU military intelligence unit, said the people, who spoke on condition they not be named because they were discussing sensitive government and private intelligence.

Facebook told American officials that it did not believe the spies burrowed deep enough to get the targets to download malicious software or give away their login information, which they believe may have been the goal of the operation.

The same GRU unit, dubbed Fancy Bear or APT 28 in the cybersecurity industry, has been blamed for hacking the Democratic National Committee during the 2016 U.S. presidential election and many other political targets. The GRU did not respond to a request for comment.

Image may contain: 1 person, closeup

Fancy Bear

Email accounts belonging to Macron campaign officials were hacked and their contents dumped online in the final days of the runoff between Macron and Le Pen.

French law enforcement and intelligence officials have not publicly accused anyone of the campaign attacks.

Mounir Mahjoubi, who was digital director of Macron’s political movement, En Marche, and is now a junior minister for digital issues in his government, told Reuters in May that some security experts blamed the GRU specifically, though they had no proof.

Mahjoubi and En Marche declined to comment.

There are few publicly known examples of sophisticated social media spying efforts. In 2015, Britain’s domestic security service, MI5, warned that hostile powers were using LinkedIn to connect with and try to recruit government workers.

The social media and networking companies themselves rarely comment on such operations when discovered.

Facebook, facing mounting pressure from governments around the world to control “fake news’ and propaganda on the service, took a step toward openness with a report in April on what it termed “information operations.”

The bulk of that document discussed so-called influence operations, which included “amplifier” accounts that spread links to slanted or false news stories in order to influence public opinion.

Reporting by Joseph Menn in San Francisco; Additional reporting by Michel Rose in Paris and Jack Stubbs in Moscow.; Editing by Jonathan Weber and Ross Colvin

Protecting Your Internet Presence in the Age of Donald Trump

December 1, 2016

NBC News

He starts petty fights on Twitter, he’s cool with Vladimir Putin, and when he takes the oath of office on January 20, President Donald J. Trump will assume control of the most advanced internet surveillance system the world knows about.

The relationship between politics and technology is increasingly volatile, dynamic, and important. President-Elect Trump’s perspectives betray severe misunderstandings of that relationship. In calling for an Apple boycott while the company resisted FBI efforts to break encryption on a phone belonging to one of the San Bernardino shooters, Trump outed himself as an enemy of the fundamental technology that makes it possible to securely transmit information online. From a 2015 debate stage, he suggested “closing the internet up” as a means to fight radical Islam, which is as impractical as it is impossible and hyperbolic.

A supporter photographs Republican U.S. Presidential nominee Donald Trump during a campaign event at Briar Woods High School in Ashburn
A supporter photographs Republican U.S. Presidential nominee Donald Trump during a campaign event at Briar Woods High School in Ashburn, Virginia, on Aug. 2. Eric Thayer / Reuters

Far from outlining specific technology directives beyond a soundbyte, or offering any other consistent policy,the Trump administration-to-come should raise anxious question marks about one’s personal information security. In 2013, notorious NSA whistleblower Edward Snowden acted through a series of journalists to expose secretive government programs with names like PRISM and XKeyscore, making it plain to the world that the U.S. government had significant means to spy on its citizens’ internet and phone activity. Snowden’s politics-rattling revelations helped elevate conversations about formerly niche tech topics like encryption, but according to one tech professional, there’s still work to be done to make the masses care.

Related: Will the Future of Tech Be a ‘Disaster’ Under Trump?

“Security is not an app you can download,” says Dan Guido, CEO of New York-based cybersecurity research firm Trail of Bits, whose client list runs from Facebook to DARPA. “Keeping yourself safe on the internet means thinking about what you’re keeping yourself safe from.” Guido’s cheeky suggestion to those seeking to make their online activity completely invisible to third parties: Give up the internet altogether.

“It’s hardest to steal data that does not exist,” he says. “If you can’t tolerate having it stolen or snooped on, then don’t use a computer or phone to send it.”

NSA Protest
NSA surveillance protesters, organized by the “Stop Watching Us” coalition, march from Union Station to the U.S. Capitol on Saturday, Oct. 26, 2013, to voice opposition to government’s surveillance of online activity and phone calls. Bill Clark / CQ-Roll Call,Inc.

There are still seats to fill in Trump’s cabinet, and several high-profile names are rumored for Director of National Intelligence, including former NYC mayor Rudy Giuliani and CNN national security commentator Mike Rogers. One of the strongest candidates might be a different Mike Rogers, the Navy admiral and current director of the National Security Agency — the same federal arm Snowden shook up by exposing its domestic spying program.

Depending on your political attitudes, you may not be agreeable to the notion of your internet activity being easily monitored, whether it’s by a garden variety hacker in search of credit card numbers, or your own government seeking information to foil a terrorist plot. For as long as there has been an internet, there have been people violating others’ privacy — it’s just that now, there are greater ramifications.

Whether your motivations are political or protective, it requires nothing less than the adoption of a new mindset if you want to meaningfully push back against those seeking to follow your internet footprints. We asked the experts for instruction on how to significantly close the security gap for John and Jane Internet-User. Here are their guidelines.

Use Messaging Apps Built on Strong Encryption

A variety of chat apps offer high-powered security features, like the Snowden-approved Signal and the government-riling Telegram.

Founded in 2013 by Russian entrepreneur Pavel Durov, Telegram has its roots in a project designed specifically to avoid government surveillance. When Durov’s former business VKontakte ruffled the Kremlin’s feathers in a significant way, he and his brother designed a system for undetectable communication.

Related: Could One Person Take Down the Internet?

“We developed Telegram as an encrypted communications tool in order to avoid eavesdropping by Russian security agencies while we were running the largest social networking service in Russia,” Durov says. “When we left Russia, we realized the problem of eavesdropping was global,” so they formalized the project and released it as a free app presently used around the world.

Use a Password Manager

Software like LastPass and 1Password can run as an extension in your web browser, automatically generating complex, symbol-filled keys sure to pass any security requirements. These solutions remember your passwords for you, then automatically fill them out and log you in when you visit the appropriate page later.

With one login into the manager, you never need to type another password. And as your password keystrokes are never actually generated by the user, they effectively don’t exist and are therefore incredibly difficult to steal. “I use 1Password,” Guido says, “but any reputable service will do as long as you use it consistently.”

The New Digital Commons Space At Martin Luther King, Jr Memorial Library
People use computers in the new Digital Commons space At Martin Luther King, Jr Memorial Library on Thursday, August 8, 2013, in Washington, DC. The Washington Post / The Washington Post/Getty Images

Use Two-Factor Authentication When Available

Google and other major platforms now make use of your cellphone number to enable an additional layer of security on your accounts. When Google texts you a security code after you log in on your computer, it’s confirming that you have both the password and the phone associated with the account.

A strong password is its own strong defense, but two-factor authentication makes your digital security barrier more physical. Consider the example of Wall Street Journal reporter Christopher Mims, who publicly shared his Twitter password a couple years ago. He emerged unscathed from the infosec stunt and retained control of his account, with his only saving grace being that he still possessed his smartphone.

“Two-factor authentication will keep your data safe even if you lose your password,” Guido says.

Decline Often

Location Services wants to know where you are. A webpage would like to initiate an unprompted download. These external requests execute locally on our devices because we grant them permission, so train yourself to be skeptical in going along with the dialogs that pop up on our devices and ask permission to carry out a process. Short of knowing exactly what that process is or asking for it yourself, the better answer is often no.

Durov suggests you “tap ‘Decline’ every time your mobile OS suggests you to opt in to something that is not 100 percent necessary.”

Have a Plan

How well-prepared are you if someone gains access to your bank account? Your email address? Your smart home? Skilled cyberthieves can steal your frequent flier miles, your health insurance, or open credit cards in your name. As more and more of the infrastructure we rely on to manage our daily lives moves to the internet, security compromises can have significant real-world impacts. The nature of what it means to “get hacked” is beginning to change.

Related: How Scientists Confirmed One of Einstein’s Controversial Theories

“For most people, getting hacked means resetting a password, getting mailed a new credit card, or another minor inconvenience,” Guido says. “I think people will care more when getting their information stolen or abused causes more harm. Consumer attitudes about security will likely shift as we see more inventive methods of abusing data.”

Keep Calm and Carry On

We won’t know what Trump’s technology policies are like until we’re living under his administration. Will things proceed as they always have? Or in an emotional rage, will he block Twitter, just as Russia blacklisted LinkedIn from its own internet earlier this month?

While it remains impossible for any single person to dismantle the internet or seriously change how it works, an exception is perhaps possible if that person is President of the United States.

http://www.nbcnews.com/mach/technology/protecting-your-internet-presence-age-donald-trump-n689826

U.S., Russia want to questions renown hacker — NYT says President Obama has not done enough about cyberattacks and hacking

November 24, 2016

The United States and Russia have both requested the extradition of a Russian arrested in Prague and indicted in the U.S. for hacking computers of social media companies, the Czech justice ministry said on Wednesday.

The ministry will review the requests for the extradition of Yevgeniy Nikulin, who a U.S. federal grand jury said had hacked into the U.S.-based social media companies LinkedIn, Dropbox and Formspring. The requests will then be referred to a Prague court, a spokeswoman said.

If the court determines both requests are valid, the justice minister would make the extradition decision, she added.

Czech police detained Nikulin in October in Prague, where he remains in custody. His arrest was carried out in cooperation with the U.S. Federal Bureau of Investigation.

A federal grand jury in Oakland, California, indicted him on Oct. 21.

LinkedIn Corp has said the arrest was related to a 2012 breach at the social networking company that might have compromised the credentials of 100 million users, prompting it to launch a massive password reset operation.

Russia’s foreign ministry has criticized the arrest, saying it showed Washington was mounting a global manhunt against Russian citizens.

The U.S. government had accused Russia of a campaign of cyber attacks against Democratic Party organizations before the Nov. 8 presidential election. Russian President Vladimir Putin has said a hacking scandal would not be in Russia’s interests.

(Reporting by Jason Hovet and Petra Vodstrcilova; Editing by Tom Heneghan)

*************************

The Opinion Pages | EDITORIAL

Warning Russia on Hacking Isn’t Enough

After the stunning disclosures last month that Russia had tried to interfere with the election by hacking the Democratic National Committee, the Obama administration hinted at some kind of retaliation. So far, however, its only known response has been to publicly identify the Russians as the culprits and warn them against interfering again in America’s democratic processes.

President Obama should not stop there, as some administration officials suggest he might. Doing so would allow Russia to believe it can operate with impunity in cyberspace and could even invite further hacking. Because Donald Trump, an outspoken admirer of Vladimir Putin, is unlikely to act, it is up to Mr. Obama to hold the Russian president to account. (Even after intelligence briefings confirming Moscow’s involvement, Mr. Trump refused to blame the Russians and said, “Maybe there is no hacking.”)

A stronger White House response would begin with Mr. Obama revealing more information about how the hacking was done and by whom. He could also decide to disclose Russian computer codes, embarrass wealthy Kremlin officials by exposing their overseas bank accounts and even disable Russian networks. And he could impose sanctions on Russians who were responsible for the hacking or on military leaders who are bombing civilians in Syria. Whatever he decides, the trick will be to do it without igniting a cyberwar.

The hacking involved emails from the Democratic National Committee and from John Podesta, Hillary Clinton’s campaign chairman, which were then leaked to WikiLeaks. Democratic leaders were embarrassed, and Mr. Trump’s campaign gained an advantage. “This was a conscious effort by a nation-state to attempt to achieve a specific effect,” Adm. Michael Rogers, the director of the National Security Agency, said last week.

Mr. Obama is said to have chosen a conservative response to this behavior because he did not wish to invite further Russian interference in the election. Nor did he wish to be seen as acting for political reasons. At least for now, the warnings appear to have halted further Russian cyberattacks. And there is an understandable reluctance in the White House to pre-empt Mr. Obama’s successor by taking additional action.

Americans cannot know for certain that the hacking has ended. Many experts doubt that warnings alone will be enough to deter Mr. Putin, who has shown no hesitation in challenging America during the postelection transition by continuing to bomb Aleppo, in Syria, and by installing new nuclear-capable missiles in Kaliningrad, Russia, near the NATO border.

Senator Lindsey Graham has called for congressional hearings to broadly examine Russia’s relationship with the United States, including its role in the hacking, while Senator Ben Cardin has suggested imposing new sanctions. Regardless of what Mr. Obama decides, Congress has a responsibility to pursue paths to ensure that the country’s electoral system is not similarly compromised in the future.

Facebook Made Censorship Tools for China’s Internet

November 23, 2016

BBC News

“Facebook would be trading in their principles in exchange for access to the market. It would have tremendous implications for human rights.”

Facebook CEO Mark Zuckerberg, center, waits on stage before the start of a panel discussion held as part of the China Development Forum at the Diaoyutai State Guesthouse in Beijing, Saturday, March 19, 2016.

Facebook chief Mark Zuckerberg recently spent time with China’s leader Xi Jinping, as well as taking time to learn Mandarin. AP photo

Facebook worked on special software so it could potentially accommodate censorship demands in China, according to a report in the New York Times.

The social network refused to confirm or deny the software’s existence, but said in a statement it was “spending time understanding and learning more” about China.

No decisions about the company’s approach in the country had yet been made, a spokeswoman said.

The Electronic Frontier Foundation, a group which campaigns for better privacy online, told the BBC the project sounded “extremely disturbing”.

“Kudos to the Facebook employees who brought this to the attention of the New York Times,” said the EFF’s global policy analyst Eva Galperin.

“It’s very nice to know there are some principled people still working there.”

The sources quoted by the New York Times – both current and former employees – stressed that like many pieces of software worked on internally, it may never be implemented.

Censorship concessions

Since 2009, the only way to access Facebook in China has been via a virtual private network – software designed to “spoof” your real location and avoid local internet restrictions.

Facebook, which has 1.8 billion active users, is aggressively looking to expand in parts of the world beyond its existing markets.

In the developing world, that means experimenting with new technology to connect rural areas.

Facebook

Image copyright AFP

And in China, it appears the site is at the very least considering making concessions to China’s notoriously tightly-monitored internet.

According to employees quoted anonymously by the New York Times’ reporter Mike Isaac, Facebook founder Mark Zuckerberg was questioned about the plans in an all-staff meeting earlier this summer.

“It’s better for Facebook to be a part of enabling conversation, even if it’s not yet the full conversation,” he is reported to have said while stressing it was early days.

Facebook’s spokeswoman would not confirm or deny the quote was accurate.

Mr Zuckerberg recently spent time with China’s leader, Xi Jinping, as well as taking time to learn Mandarin.

Third-party company

Facebook regularly removes content from the network at the request of governments.

It makes this process relatively public with a yearly report detailing the quantity and nature of take-down requests.

Where this software would differ is in that it would enable a third-party, likely a Chinese company working with Facebook, to prevent messages from appearing in the first place.

The range of topics censored in mainland China is vast. Most famously, searches related to the Tiananmen Square yield no results relating to the 1989 massacre.

Facebook isn’t the first first Silicon Valley giant to grapple with the moral maze of doing business in China.

Google famously pulled out of mainland China after a backlash surrounding the censorship of search results. It now routes all traffic to Google Hong Kong.

LinkedIn, the network for professionals, does censor some content – although as the firm isn’t typically seen as a host of public debate, the move is not seen as being nearly as contentious.

If Facebook follows LinkedIn’s lead, the EFF’s Ms Galperin said “Facebook would be trading in their principles in exchange for access to the market. It would have tremendous implications for human rights.”

Follow Dave Lee on Twitter @DaveLeeBBC and on Facebook

http://www.bbc.com/news/technology-38073949

Related:

*********************************

Facebook Said to Create Censorship Tool to Get Back Into China

点击查看本文中文版
By MIKE ISAAC

The New York Times
NOV. 22, 2016

President Xi Jinping of China, center, speaking with Mark Zuckerberg, right, the chief executive of Facebook, and Lu Wei, China’s Internet czar at the time, in 2015 at a gathering at Microsoft’s campus in Redmond, Wash. Credit Pool photo by Ted S. Warren

Read the rest: http://www.nytimes.com/2016/11/22/technology/facebook-censorship-tool-china.html

Amnesty International: Facebook, Microsoft, LinkedIn and others must resist China’s Orwellian vision of the internet

November 18, 2016

By Roseann Rife, East Asia Research Director at Amnesty International.

Facebook, Microsoft, and LinkedIn are among the tech firms expected to be on a charm offensive with Chinese officials at the World Internet Conference in Wuzhen, which starts today.

China has made clear to Western companies what tune they must dance to if they want to gain or keep access to the riches of the Chinese market, currently dominated by national players like Tencent and Sina.

chinese china internet online

A new Cyber Security Law passed in China last week goes further than ever before in tightening the government’s already repressive grip on the internet, embodied by its “Great Firewall”. It is a vast human and technological system of Internet censorship without parallel in the world. The new law codifies existing abusive practices and seeks to turn tech companies operating in China into de-facto state surveillance agents.

The new law forces companies to pass on vast amounts of data, including personal information and to censor users’ posts with insufficient safeguards to protect freedom of expression and the right to privacy. Companies would be liable for substantial penalties if they fail to do so and there is no transparency about how the data will be used by the authorities.

President Xi Jinping has insisted that “no cyber security means no national security”, but companies do not have to look far to see the chilling reality of what “national security” can mean under China’s broad and vague legal provisions. Over the years the government has detained hundreds, if not thousands, of people on national security charges, often solely for expressing views online critical of the government.

In a case that demonstrates the government’s renewed intransigence, bloggers Lu Yuyu and Li Tingyu were criminally detained this year on the implausible charges of “picking quarrels and provoking trouble” for compiling and posting publicly available data on social protests in China.

For the Tibetan blogger Drulko, a simple internet posting commenting on a picture showing a heavy presence of armed soldiers at an important Tibetan Buddhist site triggered his arrest. For this and reposting a news report about talks between the Chinese government and the Dalai Lama, he was sentenced to three years imprisonment under the pretext of having “incited separatism”.

The new law substantially expands the state’s internet policing power. Information internet companies are required to remove and report to authorities would include items such as the data about protests in the blogs of Lu Yuyu and Li Tingyu, and Druklo’s messages about religious freedom, together with personal information, even before the police request it. This practice is not limited to people like Lu Yuyu, Li Tingyu and Druklo, who were on the government’s radar but also includes those whose activities have not yet attracted the authorities’ attention.

li tingyu

Li Tingyu. Photo: China Change.

It is an Orwellian vision of the internet, a dragnet to trap those the government views as troublemakers, where the right to freedom of expression exists only at the discretion of the censors. Given the current political hardening under President Xi Jinping and the absence of an independent judiciary, there is no saying where the government will draw the line tomorrow.

Tech companies should use the opportunity of the gathering in Wuzhen to seriously question whether they are willing to do business on these terms. Are they prepared to be complicit in the abuse of individuals’ rights to freedom of expression and privacy online?

To avoid fines, suspension or termination of business or the shutting down of websites, the law will require internet companies to self-censor, or censor their own users, to an extent not previously seen, even in China.

If internet companies follow the letter of the new law, users who refuse to sign up to real name registration will have no access to phone networks, the internet, social media or instant messaging services. Censorship will not stop at social media posts but includes private messages as well.

xi jinping

The Chinese government has justified these draconian regulations by invoking the need to protect the country’s “internet sovereignty” and manage “threats from outside”. While governments must protect people from genuine security threats, “internet sovereignty” goes much further and threatens the very principles of a global and open internet.

Technology companies have a responsibility to respect the right to privacy and freedom of expression. They should challenge the new law and make known to the government the company’s principled opposition to implementing any requests or directives which violate fundamental human rights.

It is not easy for companies to navigate the often fraught and complex negotiations with the Chinese government, and many have been burnt before. But the message they must deliver to Chinese officials this week is that principles and people come first and the terms laid out in the Cyber Security Law are not ones they are prepared to sign up to.

https://www.hongkongfp.com/2016/11/16/facebook-microsoft-linkedin-and-others-must-resist-chinas-orwellian-vision-of-the-internet/

Related:

Time to register your Internet domain in China — World’s biggest Internet market

April 10, 2016

.

By Oiwan Lam
Hong Kong Free Press

The barriers to entering the world’s biggest Internet market — China — just got a little higher for foreign technology companies.

At first, China demanded that user data be stored within its borders. Then it extended this requirement to apply to online content. And now, it is preparing new rules that will require all websites hosted in China to register their domain names within the country.

China revised its Internet Domain Name Management Rules and posted a draft online on March 25 for a one-month consultation period. The new requirement stipulates that all websites hosted in China must register their domain names with authorized domestic domain name service providers in order to gain access to the Chinese network.

china internet censorship

Photo: Methodshop, via Flickr.

In February 2016, China released new Administrative Regulations for Online Publishing Services requiring all foreign-owned media which has mainland Chinese people as part of their target audience to host all of their content — “text, maps, games, cartoons and audio files” — on servers located inside China. The only alternative for foreign media companies would be to distribute their contents through project-based cooperation with local partners with prior approval from the State Administration of Press, Publication, Radio, Film and Television.

The regulation not only bolsters the legality of the Great Firewall, a mechanism that blocks overseas websites, but also raises the threshold for foreign media companies that want to enter the Chinese market.

Foreign tech companies under China’s thumb

This is just another measure of success that Chinese authorities have had in pressuring IT companies to “respect” national and local rules. Since 2014, the foreign IT companies have been compelled to sign a pledge known as the Information Technology Product Supplier Declaration of Commitment to Protect User Security. The pledge requires technology companies to store user data within China’s borders. Since its inception, IT giants including Apple, Microsoft and LinkedIn have started storing their user data in local data centers. Even more companies have joined the China market clubs in the past two years. Establishing content servers was just another step in the same direction.

But the new Internet Domain Name Management Rules take this regime of control to a new level, as they require all websites hosted in China to have their domain names registered in domestic DNS service providers. Companies that fail to do this will simply not be connected to China’s domestic network.

Article 37 of the draft reads:

Domain names that connect to the network from within the borders shall have services provided by domestic domain name registration service bodies, and domestic domain name registration management bodies shall carry out operational management.

For domain names that connect to the network from within the borders, but which are not managed by domestic domain name registration service bodies, Internet access service providers may not provide network access services.

When the new regulations is enacted, leading foreign companies including Microsoft and Apple will have to register their sites’ domain names with local DNS providers in order to remain accessible in China.

And this won’t just affect foreign companies. Today, even some big-name Chinese corporations have their domain names registered with overseas domain name service providers, including Taobao and Baidu.

google beijing

Google in Beijing, China. Photo: Wikicommons.

The changes of course will not affect websites that do not have servers hosted in China, such as Facebook, Google, and Twitter. As usual, these major sites will continue to be blocked in the country.

“If [foreign companies] want to develop their business in China, [they’d] better cooperate with domestic authorities”

Jiang Bojing, an IT analyst explained to a party affiliated news outlet, the Paper, the rationality behind the regulation:

First of all, it further bans those harmful and dangerous websites from connecting to the domestic network. Secondly, it promotes China’s top domain name. Thirdly, it sends a signal to overseas corporates that if they want to develop their business in China, better cooperate with domestic authorities.

Tech blogger William Long pointed out that if all websites hosted in China are to register their domain names in China, they would have to face both political and technical risk as the authorities have the power to suspend a domain name under “client hold” because of the appearance of sensitive contents in the website. Moreover, the DNS registration in China operates using a real-name system, which makes it more difficult for the clients to relocate their DNS servers.

One must also bear in mind that the top-level domain .CN is under the management of China Internet Network Information Center (CNNIC) which is responsible for issuing security certificates to Internet service providers. Last year, Google and Mozilla found out that CNNIC had issued certificates to a corporate entity that subsequently launched a man-in-the-middle attack intercepting connections between users and their intended destinations by directing the users to another website — one that was disguised to look like their destination, but was in fact an entirely different site. The periodic recurrence of such “errors” over the past few years have left some wondering if registering a domain name under CNNIC could result in a security breach.

While the regulation specifies that Internet service providers should not give access to overseas registered domain name websites with servers in China, it does not specify whether ISPs can continue to provide access to non-sensitive foreign websites with both servers and DNS hosted overseas. Critically, some worry that the regulation will eventually cut China off from the global Internet altogether. The Ministry of Industry and Information Technology has stressed that the regulation only applies to websites hosted in China and will not affect the normal development of business for overseas companies in China, but some have their doubts.

A source who had participated in the drafting of the regulation told Wall Street Journal (via China Digital Times):

No one in China will have trouble visiting whitehouse.gov. The White House will not have to submit network access information to the authorities, because it has nothing to do with China […] Still, the rule could affect larger foreign companies that have or want to set up a website or other online service aimed at Chinese consumers.

All of this means that foreign technology companies must now pay a price for entering the Chinese market. We can only expect that the number on the price tag will get higher and higher over time.

What is the Domain Name System (DNS?)

A decentralized naming system for computers, websites, or any resource connected to the Internet, the DNS translates more readily memorized domain names (i.e. “globalvoices.org”) to the numerical IP addresses (i.e. 25.19.45.126) needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality of the Internet. (modified explanation from Wikipedia)

https://www.hongkongfp.com/2016/04/10/wanna-reach-the-chinese-internet-market-time-to-register-your-domain-in-china/

Related: