Tag: iab-information and network security

The MGM Resorts back online after cybersecurity issue | CNN Business

[ad_1]

CNN
—

MGM Resorts has shut down some of its systems as a result of a “cybersecurity issue,” according to a company social media post on Monday.

Late Tuesday, the company posted an update, saying that its resorts’ dining, entertainment, and gaming “are currently operational.” The statement also thanked guests for their patience, saying “our guests remain able to access their hotel rooms.”

However, the statement did not specify the status of its systems, whether these operations were being handled manually, or whether some properties are still accepting cash only.

As of Tuesday morning, the MGM Resorts website was still offline, with an apology message and a list of phone numbers for guests to reach their specific hotel concierge desk.

Justin Heath, a guest at MGM Grand in Las Vegas, told CNN on Monday that visitors were unable to charge purchases to their rooms, that digital hotel room keys were not working and that restaurants were taking only cash.

In MGM’s initial Sunday statement, the company explained that after detecting the cybersecurity issue, “we quickly began an investigation with assistance from leading external cybersecurity experts,” the company said on X, formerly known as Twitter.

MGM Resorts (MGM) says it’s working with law enforcement and “took prompt action to protect our systems and data, including shutting down certain systems.”

An FBI spokesperson told CNN they are aware of the incident but declined further comment on the matter.

CNN has reached out to MGM Resorts for more information. MGM Resorts International manages several properties across the U.S., including Aria, Bellagio, Cosmopolitan, Excalibur, Luxor, Mandalay Bay, MGM Grand Las Vegas, and New York-New York in Las Vegas. Other domestic properties are located in Massachusetts, Michigan, Mississippi, Maryland, Ohio, New Jersey, and New York. The company also has resort locations in China.

It is unclear whether the cybersecurity incident was conducted by threat actors seeking to exfiltrate sensitive information or to cause damage and disruption to MGM systems. For investigators, the nature of the attack is often key to helping identify whether it originated from criminals seeking to steal information for financial gain, or nation-state actors gathering information for intelligence purposes.

Casinos have been prime targets for both traditional cybercriminal enterprises as well as foreign governments.

In 2017, researchers announced a North American casino had been the target of data exfiltration by cybercriminals who compromised a fish tank connected to company’s internet connection.

In 2014, the Sands Las Vegas Corporation fell victim to a damaging cyberattack by the Iranian government, according to the US Director of National Intelligence.

CNN’s Danielle Sills contributed to this report

[ad_2]

Source link

September 12, 2023
X, formerly known as Twitter, may collect your biometric data and job history | CNN Business

[ad_1]

CNN
—

X, the social media platform formerly known as Twitter, said this week it may collect biometric and employment information from its users — expanding the range of personal information that account-holders may be exposing to the site.

The disclosures came in an update to the company’s privacy policy, which added two sections related to the new data collection practice.

“Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes,” the policy read.

In addition, under a new section labeled “job applications,” X said it may collect users’ employment and educational history.

The company also said it could collect “employment preferences, skills and abilities, job search activity and engagement, and so on” in order to suggest potential job openings to users, to share that information with prospective third-party employers or to further target users with advertising.

For X Premium users, the company will give an option to provide a government ID and a selfie image for verification purposes. The company may extract biometric data from both the government ID and the selfie image for matching purposes, the company told CNN in a statement.

“This will additionally helps us tie, for those that choose, an account to a real person by processing their Government issued ID,” according to the company. “This will also help X fight impersonation attempts and make the platform more secure.”

The changes mirror what many of X’s peers already routinely collect. But it represents an expansion of the types of information Twitter is interested in tracking. The policy adjustment arrives as owner Elon Musk seeks to turn the platform into an “everything app” that could include financial services and other features similar to the popular Chinese app WeChat.

The change also happens as some regulatory initiatives around the world begin to require that social media companies verify their users’ ages. Many age-assurance services require that users upload copies of their government-issued identification or selfies that are then analyzed by artificial intelligence.

On Thursday, however, a federal judge temporarily blocked an Arkansas law mandating age verification for social media platforms, just hours before it was due to take effect.

[ad_2]

Source link

September 1, 2023
Tesla begins notifying workers who were affected by data breach | CNN Business

[ad_1]

New York
CNN
—

Tesla has begun notifying current and former employees whose information was included in a confidential data breach in May.

In a notice posted on the Maine Attorney General’s website on Friday, Tesla

(TSLA) said an investigation had found “two former Tesla

(TSLA) employees misappropriated the information in violation of Tesla

(TSLA)’s IT security and data protection policies” and that the electric automaker had since filed lawsuits against them.

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information,” Tesla said. The company added that it “also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties.”

Tesla said that two former employees had shared the confidential data with German newspaper Handelsblatt. The outlet assured Tesla that it won’t publish the information and that it is “legally prohibited from using it inappropriately,” according to the notice.

Tesla emphasized that it had not detected any misuse of personal data, but has offered complimentary membership to Experian IdentityWorks’ credit monitoring and identity theft service. The membership will be one or two years, depending on the person and the specific engagement number on the letter they receive.

The data breach affected 75,735 people, and involved Social Security numbers, names and addresses, according to Maine Attorney’s General Office.

CNN has reached out to Tesla for comment.

[ad_2]

Source link

August 19, 2023
Elon Musk should be forced to testify on X’s ‘chaotic environment,’ US regulator tells court | CNN Business

[ad_1]

Washington
CNN
—

Elon Musk should be forced to testify in an expansive US government probe of X, the company formerly known as Twitter, the US government said.

The government said mass layoffs and other decisions Musk made raised questions about X’s ability to comply with the law and to protect users’ privacy.

The US government’s attempt to compel Musk’s testimony is the latest turn in an investigation that predates Musk’s acquisition of X that has intensified due to Musk’s own actions, according to a court filing by the Justice Department on behalf of the Federal Trade Commission.

The court filing dated Monday cites depositions with multiple former X executives, including its former chief information security officer and former chief privacy officer, who testified that a barrage of layoffs and resignations following Musk’s $44 billion takeover may have hindered X from meeting its security obligations under a 2011 FTC consent agreement.

Twitter and its outside attorney didn’t immediately respond to a request for comment.

According to testimony cited in the filing, there were so few employees left after the departures that anywhere from 37% to 50% of the company’s security program lacked effective management and oversight, with no one available to take responsibility for those controls. Other planned upgrades to the company’s security program were “impaired,” the filing said, citing a deposition by the former chief information security officer, Lea Kissner.

In another example, Musk personally tried to rush the rollout of Twitter Blue, the company’s paid subscription service, the filing said. That forced the company’s security team to bypass the required security and privacy checks that were a part of Twitter’s own policies and that had been mandated in the FTC order, according to the testimony of Damien Kieran, the former chief privacy officer.

The filing also alleges that Musk’s move to grant several journalists access to internal company records — access that would culminate in the so-called Twitter Files claiming to show evidence of politically motivated censorship — initially involved a plan that could potentially have led to the exposure of private user data in violation of the FTC order.

According to the filing, Musk’s plan originally called for providing access through a dedicated company laptop with “elevated privileges beyond just what a[n] average employee might have.”

“Longtime information security employees intervened and implemented safeguards to mitigate the risks,” the filing said, but even then, the former employees testified, the process raised doubts about Musk’s commitment to privacy and security.

X has moved to block Musk from being forced to testify and has asked a federal court to invalidate the entire FTC order requiring it to safeguard user privacy, accusing the FTC of asking too many questions in its probe.

But in its filing, the US government said its interest in Musk’s testimony is well-justified based on the appearance of a “chaotic environment” at X driven by “sudden, radical changes at the company” following Musk’s acquisition.

“The FTC had every reason to seek information about whether these developments signaled a lapse in X Corp.’s compliance” with the 2011 order, the filing said. Confirmed violations of the FTC order could lead to billions of dollars in fines for X, as well as potential legal ramifications for individual executives such as Musk if they are deemed personally responsible for them.

The FTC investigation traces back to bombshell allegations — raised by Twitter’s former security chief Peiter “Mudge” Zatko and predating Musk’s acquisition — that for years Twitter has failed to live up to its legally binding commitments to the FTC to protect user privacy and security. Those allegations were first reported last year by CNN and The Washington Post.

The investigation has proven politically charged as Musk — and his allies including Republicans on the House Judiciary Committee — have responded to the probe by publicly accusing the FTC of harassment and overreach.

[ad_2]

Source link

August 2, 2023
Donald Trump Jr.’s X account was hacked, his spokesman says | CNN Business

[ad_1]

Washington
CNN
—

A spokesman for former President Donald Trump said Wednesday that Donald Trump Jr.’s account on X – the platform formerly known as Twitter – had been compromised after the account began sharing a series of unusual and erratic posts.

“Don’s account has been hacked,” Andrew Surabian posted on X, adding that a post claiming the former president had died was “obviously not true.”

In addition to falsely pronouncing the death of the senior Trump, the compromised account also claimed that Trump Jr. would be running for president himself. Within minutes, the post had been reshared more than 1,000 times on X and viewed hundreds of thousands of times.

Another post appeared to threaten the country of North Korea, while a pinned post on the account’s profile insulted President Joe Biden with the use of a racist epithet.

Roughly a half-hour after the posts surfaced, they had been removed. X did not respond to CNN’s request for comment.

The incident raises fresh questions about X’s role in securing user accounts, particularly those belonging to high-profile political figures as the platform prepares for the 2024 elections. In August, X said it is staffing up on its safety and election teams following mass layoffs last year that according to owner Elon Musk ultimately eliminated more than 80% of the company’s headcount.

It is also unclear whether the compromise may have resulted in unauthorized access of Trump Jr.’s private direct messages, or whether Trump Jr. may have had two-factor authentication enabled on his account.

X is still under investigation by the Federal Trade Commission over the company’s ability to sufficiently protect user privacy and whether it may have violated binding commitments it made in 2011 to securing the platform. The investigation began after the company’s former security chief, Peiter “Mudge” Zatko, filed a whistleblower disclosure first reported by CNN and The Washington Post last year that alleged widespread and unaddressed security vulnerabilities.

This is not the first time high-profile accounts on the platform have been taken over. In 2020, for example, hackers gained control of accounts belonging to former President Barack Obama, Amazon founder Jeff Bezos and others including Biden and Musk themselves by posing as Twitter’s IT support. At the time, Twitter admitted that the hackers had downloaded account data that potentially included private messages.

[ad_2]

Source link

August 2, 2023
Indonesia bans e-commerce transactions on social media in major blow to TikTok | CNN Business

[ad_1]

Jakarta
Reuters
—

Indonesia has banned e-commerce transactions on social media platforms, the trade minister said on Wednesday, in a blow to short video app TikTok, which is doubling down on Southeast Asia’s biggest economy to boost its e-commerce business.

The government said the move, which takes effect immediately, is aimed at protecting offline merchants and marketplaces, adding that predatory pricing on social media platforms is threatening small and medium-sized enterprises.

The move comes just three months after TikTok pledged to invest billion of dollars in Southeast Asia, mainly in Indonesia, over the next few years in a major push to build its e-commerce platform TikTok Shop.

TikTok, owned by China’s ByteDance, has 125 million active monthly users in Indonesia and has been looking to translate the large user base into a major e-commerce revenue source.

A TikTok Indonesia spokesperson said it would pursue a constructive path forward and was “deeply concerned” with the announcement, “particularly how it would impact the livelihoods of the 6 million” local sellers active on TikTok Shop.

Indonesia Trade Minister Zulkifli Hasan on Wednesday told reporters that the regulation is intended to ensure “fair and just” business competition, adding that it was also intended to ensure data protection of users.

He warned of letting social media become an e-commerce platform, shop and bank all at the same time.

The new regulation also requires e-commerce platforms in Indonesia to set a minimum price of $100 for certain items that are directly purchased from abroad, according to the regulation document reviewed by Reuters, and that all products offered should meet local standards.

Zulkifli said TikTok had one week to comply with the regulation or face the threat of closure. Indonesia Deputy Trade Minister Jerry Sambuaga earlier this month named TikTok’s live streaming features as an example of people selling goods on social media.

Research firm BMI said TikTok would be the only business affected by the transaction ban and the move was unlikely to harm the digital marketplace industry’s growth.

Indonesia’s e-commerce market is dominated by the likes of homegrown tech firm GoTo’s Tokopedia, Sea’s Shopee and Chinese e-commerce giant Alibaba’s Lazada.

E-commerce transactions in Indonesia amounted to nearly $52 billion last year and of that, 5% took place on TikTok, according to data from consultancy Momentum Works.

Indonesia is among the few markets where TikTok has launched TikTok Shop, as it seeks to leverage its large user base in the country.

Its 125 million active monthly users in Indonesia is almost on par with its user figures for Europe and behind US users of more than 150 million. TikTok launched an online shopping service in the United States earlier this month.

Reactions from retailers were mixed.

Fahmi Ridho, a vendor selling clothes on TikTok, said the platform was a way for stores to recover from the blow dealt by the Covid-19 pandemic.

“Sales don’t have to be necessarily through [brick and mortar] shops, you can do it online or wherever,” he said “Everything will still have a portion.”

But Edri, who goes by one name only and sells clothes at a major wholesale market in Jakarta, agreed with the regulation and stressed that there should be limits on items sold online.

[ad_2]

Source link

August 2, 2023
Federal appeals court extends limits on Biden administration communications with social media companies to top US cybersecurity agency | CNN Business

[ad_1]

Washington
CNN
—

A federal appeals court has expanded the scope of a ruling that limits the Biden administration’s communications with social media companies, saying it now also applies to a top US cybersecurity agency.

The ruling last month from the conservative 5th Circuit US Court of Appeals severely limits the ability of the White House, the surgeon general, the Centers for Disease Control and Prevention and the FBI to communicate with social media companies about content related to Covid-19 and elections that the government views as misinformation.

The preliminary injunction had been on pause and a recent procedural snafu over a request from the plaintiffs in the case to broaden its scope led the court on Tuesday to withdraw its earlier opinion and issue a new one that now includes the US Cybersecurity and Infrastructure Security Agency. That agency is charged with protecting non-military networks from hacking and other homeland security threats.

Similar to the ruling last month, in which the appeals court said the federal government had “likely violated the First Amendment” when it leaned on platforms to moderate some content, the new ruling says CISA violates the Constitution.

“CISA used its frequent interactions with social media platforms to push them to adopt more restrictive policies on censoring election-related speech,” the three-judge panel wrote.

“The platforms’ censorship decisions were made under policies that CISA has pressured them into adopting and based on CISA’s determination of the veracity of the flagged information,” they continued. “Thus, CISA likely significantly encouraged the platforms’ content-moderation decisions and thereby violated the First Amendment.”

The plaintiffs in the suit, which include Missouri and Louisiana’s attorneys general, as well as several individual plaintiffs, had also asked the court to expand the scope in other ways, including by making it apply to some State Department officials. But the court’s new ruling was only modified to add CISA as an enjoined entity.

The judges said they were pausing their new injunction for 10 days, and the Biden administration has the option of asking the Supreme Court to issue a more lasting pause on the modified ruling.

[ad_2]

Source link

August 2, 2023
What is catfishing and what can you do if you are catfished? | CNN Business

[ad_1]

Editor’s Note: This story is part of ‘Systems Error’, a series by CNN As Equals, investigating how your gender shapes your life online. For information about how CNN As Equals is funded and more, check out our FAQs.

CNN
—

Catfishing is when a person uses false information and images to create a fake identity online with the intention to trick, harass, or scam another person. It is often on social media or dating apps and websites as a common tactic used to form online relationships under false pretenses, sometimes to lure people into financial scams.

The person doing the pretending, or the “catfish” may also obtain intimate images from a victim and use them to extort or blackmail the person. This is known as sextortion, or they may use other personal information shared with them to commit identity theft.

The term is believed to originate from the 2010 documentary “Catfish,” in which a young Nev Schulman starts an online relationship with teenager “Megan”, who turns out to be an older woman.

In the final scene of the documentary, the woman’s husband shares an anecdote about how live cod used to be exported from Alaska alongside catfish, which kept the cod active and alert. He likened this to people in real life who keep others on their toes, like his wife. Schulman went on to produce the docuseries Catfish

There are many reasons people resort to catfishing, but the most common reason is a lack of confidence, according to the Cybersmile Foundation, a nonprofit focused on digital well-being. The foundation states that if someone is not happy with themselves, they may feel happier when pretending to be someone more attractive to others.

They may also hide their identity to troll someone; to engage in a relationship other than their existing one; or to extort or harass people. Some people may catfish to explore sexual preferences.

Studies have shown that catfish are more likely to be educated men, with one 2022 study finding perpetrators are more likely to come from religious backgrounds, possibly providing a way to form relationships without the constraints they face in real life, the authors write.

In another study published last year, Evita March, senior lecturer in psychology at Federation University in Australia, found that people with the strong personality traits of sadism, psychopathy, and narcissism were more likely to catfish.

March told CNN the findings are preliminary and that her team would like to further investigate if certain personality traits lead to specific kinds of catfishing behavior.

In the US, romance scams resulting from catfishing have among the highest reported financial losses of internet crimes as a whole. A total of 19,050 Americans reported losing almost $740 million to romance scammers in 2022.

In the UK, the country’s National Fraud Intelligence Bureau received more than 8,000 reports of romance fraud in the 2022 financial year, totaling more than £92 million (US $116.6 million) lost, with an average loss of £11,500 (US $14,574) per victim.

In Singapore, romance scams are among the top 10 reported scams. The reported amount of money catfish may get from their victims increased by more than 30% from SGD$33.1 million (US $24 million) in 2020 to $46.6 million (US $34 million) the following year.

Catfishing is also increasingly happening on an industrial scale with the rise of “cyber scam centers” that have links to human trafficking in Southeast Asia, according to INTERPOL.

Victims of trafficking are forced to become fraudsters by creating fake social media accounts and dating profiles to scam and extort millions of dollars from people around the world using different schemes such as fake crypto investment sites.

Catfishing used to occur more among adults through online dating sites, but has now become equally common among teenagers, according to the Cybersmile Foundation.

Research by Snapchat last year with more than 6,000 Gen Z teenagers and young people in Australia, France, Germany, India, the UK and the US found that almost two-thirds of them or their friends had been targeted by catfish or hackers to obtain private images that were later used to extort them.

Older people are also likely to lose more money to catfishing. In 2021, Americans lost half a billion dollars through romance scams perpetrated by people using fake personas or impersonating others, with the largest losses paid in cryptocurrency, according to the US Federal Trade Commission. The number of reports rose tenfold among young people (18-29) but older people (over 70s) generally reported losing more money.

In Australia, a third of dating and romance scams result in financial losses, with women having lost more than double the total amount lost by men, and older people again losing more money than those under 45., according to data from the country’s National Anti-Scam Centre.

”Romance scams are one of the hardest things to avoid. It’s emotional manipulation,” said Ngo Minh Hieu, a Vietnamese former hacker and founder of Chong Lua Dao (scam fighters), a cybersecurity non-profit.

Since 2020, Hieu has been monitoring trends to help scam victims, he says, and explains that in his experience, a catfish would usually approach a victim with premediated intention to scam them.

They were likely to be using personal information that they mine from the victim’s social media accounts, or may have bought that data from users in private chat groups simply by providing a phone number of a potential victim.

There are many signs you can look for to help spot a catfish, experts say.

Firstly, a catfish might contact you out of nowhere, start regular conversations with you and shower you with compliments to quickly build up trust and rapport. They may state desirable qualities in their opening conversations, including wealth or attractiveness, but then rarely or never call you, either over the phone or on a video call.

They often do not have many friends on social media and their posts are usually scarce. Search results using their name may not yield many results and their stories are usually inconsistent. For example, personal details like where they live or go to school might change when discussed again.

Another classic sign is if the feelings they declare for you escalate quickly and after a short period of time. A catfish may ask you for sensitive images and money.

Many scammers use already available photos of other people in their fake personas, which may be possible to spot using a reverse image search.

With the explosion of AI technology, scammers may now generate unique and realistic images for use as profile pictures. But Hieu explains that thanks to their built-in patterns by design, AI-generated images can be detected, using tools such as AI-Generated Image Detector.

If you believe you are being catfished, there are steps you can take to protect yourself and help end the targeting.

Experts advise that you should not be afraid to ask direct questions or challenge the person you believe may be catfishing you. You can do this by asking them why they are not willing to call you or meet face to face, or questioning how they can declare their love for you so quickly.

Wang and her colleagues sent nearly 200 deterrent messages to active scammers in a 2020 study and concluded that this could make fraudsters respond less or in some cases, admit to wrongdoing.

An example of one of the messages was: “I know you are scamming innocent people. My friend was recently arrested for the same offense and is facing five years in prison. You should stop before you face the same fate.”

You should think about stopping all communications with the catfish, and refrain from sending money to them at the risk of further financial demands. Experts say catfish continue to target those who engage with them more.

It’s also useful to secure your online accounts and ensure your personal information is kept private online.

Cybersecurity expert Hieu explained that you can do this by putting personal information such as your phone number, email addresses and date of birth in private mode on social media. You can also check if your email has been compromised in a data breach by using tools such as the Have I Been Pwned website.

Installing two-factor authentication on your accounts can also help protect against unauthorized access. That requires you to take a second step to verify your identity when logging in to a service, for example by SMS or a physical device, such as a key fob.

Being subjected to catfishing can also have a significant impact on your mental health, with many victims left unable to trust others and some left feeling embarrassed about falling for the scam. A 2019 study found that young LGBTQ+ men in rural America experiencing catfishing on dating apps felt angry and fearful.

If someone was “sextorted,” they may continue to fear their images resurfacing online in the future.

March from Federation University in Australia recommended improving digital literacy and staying aware of the potential red flags. She also emphasized the need to recognize today’s loneliness epidemic, which “leads people to perhaps be more susceptible to catfishing scams,” she said.

Seeking professional support from a counselor or talking to supportive friends and family is one way to address loneliness, March added.

Catfishing is not explicitly a crime, but the actions that often accompany catfishing, such as extortion for money, gifts or sexual images are crimes in many places.

The main challenge in tackling online fraud is the issue of jurisdiction, according to a 2020 paper about police handling of online fraud victims in Australia. Traditional policing operates within specific territories, but the internet has blurred these boundaries, the authors write.

Cybercriminals from one country can also target victims in other countries, complicating law enforcement efforts, and victims often face difficulty and frustration when trying to report cybercrimes, which can further traumatize them.

Fangzhou Wang, a cybercrime professor at the University of Texas at Arlington told CNN that virtual private networks (VPNs), forged credentials, and anonymous communication methods make it extremely difficult to determine identities or locations.

Scammers have also capitalized on the proliferation of AI, such as AI-generated personas, which complicates the ability of law enforcement authorities to gather evidence and build cases against a catfish.

”Law enforcement agencies, often constrained by limited resources and prioritizing cases based on severity and direct impact, might not readily prioritize catfishing cases without substantial financial losses or physical harm,” Wang told CNN.

In the US, there are some legal precedents. In 2022, a woman who had created multiple fake profiles to target wealthy men was charged with extortion, cyberstalking, and interstate threats and was sentenced in a plea deal last year.

In the UK, while catfishing itself is not classified as a criminal offense, if the person using a fake profile engages in illegal activities, like financial gain or harassment, they can be punished by law.

China has a law that implicates people who allow their websites or communications platforms to be used for frauds and other illegal activities under Article 46 in the Cybersecurity Law.

If a catfish has tricked you into sending them money, you can go to the authorities and your bank immediately, depending on where you are.

If activities that are crimes in your country have taken place because of being catfished, such as extortion, identify theft or harassment, the police or other authorities, such as specific commissions targeting online crime, may be your first port of call.

The Australian government’s agency responsible for online safety, the e-safety commissioner, advises that people gather all the evidence they can, including screenshots of the scammer and chats with them to keep as evidence.

Depending on the case, you can also submit an abuse or impersonation report against the catfish directly to the platform on which you are communicating with them.

If you believe the person you are talking to is not who they say they are, most of the larger social media platforms give you the option report them for impersonation or other forms of abuse, including Facebook, Instagram, TikTok, X, Telegram, Tinder and WhatsApp. WeChat also offers a channel to report another user for harassment, fraud, or illegal activity, while Telegram creates an anti-scam thread for users to report on fraudsters.

You are not responsible for the catfish behaviors of others, but staying vigilant and alert online goes a long way.

Make sure your online accounts are secured and use two-factor authentication. When browsing the internet, you may want to use a virtual private network (VPN) which makes your internet activity harder to track.

In many countries such as the US, the UK and Australia, victims have reported being preyed on by catfish who tricked them to put money in bogus cryptocurrency investment sites.

If someone you have been talking to asks you to put money into an investment site, think twice. The Global Anti-Scam Organization has a database of fraudulent websites generated by their own investigations and the public’s tip offs to help inform you if you’re being scammed.

If you are a parent, this guide provided by the UK-based National College platform suggests communicating effectively and sensitively with your children about the risks. You may also help them report and block the catfish accounts and report to police if they have been subjected to anything illegal or inappropriate.

Because catfish get close to a target often by relying on personal information posted on social media, UNICEF asks children to consider their rights when it comes to parents sharing their pictures and other content online, especially when they are underage.

[ad_2]

Source link

August 2, 2023
Cyberattack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics

[ad_1]

CNN
—

A cyberattack on Thursday knocked computer systems offline at hospitals in Connecticut and Pennsylvania, forcing them to send ambulances to other hospitals, hospital spokespeople told CNN.

As of late Friday morning, Crozer Health, a network of three hospitals and a medical center in the Philadelphia suburbs, was still diverting ambulances for stroke and trauma patients to other hospitals because of a “ransomware attack,” Crozer Health spokesperson Lori Bookbinder told CNN.

The hack hit Prospect Medical Holdings and affected all of their health care facilities, according to a statement from PMH affiliate Eastern Connecticut Health Network. PMH owns 16 hospitals in California, Connecticut, Pennsylvania and Rhode Island, according to its website.

At Eastern Connecticut Health Network, which includes two hospitals, the urgent care center is closed and elective surgeries were canceled until further noticed because of the hack, according to the network’s website.

Other Prospect Medical Holdings affiliates reported disruptions from the hack.

“We are working closely with federal law enforcement to respond to this incident,” Prospective Medical Holdings said in a statement to CNN.

National Security Council spokeswoman Adrienne Watson told CNN that the White House is “closely monitoring the ongoing incident,” adding that “the Department of Health and Human Services has been in contact with the company to offer federal assistance, and we are ready to provide support as needed to prevent any disruption to patient care as a result of this incident.”

The company has so far declined offers of federal assistance, according to a US official.

But Prospective Medical Holdings said later Friday that they “believe there may have been a miscommunication or a misunderstanding” and that they “welcome any assistance from the federal government.”

CharterCARE Health Partners, which includes two hospitals in Rhode Island, said Thursday that the incident was affecting “inpatient and outpatient operations” and that “some patient procedures may be affected.”

Patient care continues at the affected hospitals, but they’re operating with limited capacity in what is now a well-rehearsed routine. Throughout the coronavirus pandemic, ransomware and other cyberattacks hampered patient care at American hospitals that are often ill-equipped to deal with them.

Eastern Connecticut Health Network ended ambulance diversion at 10 a.m. local time Friday, spokesperson Nina Kruse told CNN. The emergency rooms at ECHN’s two hospitals have been open throughout the incident, Kruse said.

This isn’t Crozer Health’s first bout with ransomware. A June 2020 attack orchestrated by a prolific ransomware gang forced the hospital network to take its computer systems offline.

This story has been updated with additional reporting.

[ad_2]

Source link

August 2, 2023
Hackers take on ChatGPT in Vegas, with support from the White House | CNN Business

[ad_1]

Las Vegas, Nevada
CNN
—

Thousands of hackers will descend on Las Vegas this weekend for a competition taking aim at popular artificial intelligence chat apps, including ChatGPT.

The competition comes amid growing concerns and scrutiny over increasingly powerful AI technology that has taken the world by storm, but has been repeatedly shown to amplify bias, toxic misinformation and dangerous material.

Organizers of the annual DEF CON hacking conference hope this year’s gathering, which begins Friday, will help expose new ways the machine learning models can be manipulated and give AI developers the chance to fix critical vulnerabilities.

The hackers are working with the support and encouragement of the technology companies behind the most advanced generative AI models, including OpenAI, Google, and Meta, and even have the backing of the White House. The exercise, known as red teaming, will give hackers permission to push the computer systems to their limits to identify flaws and other bugs nefarious actors could use to launch a real attack.

The competition was designed around the White House Office of Science and Technology Policy’s “Blueprint for an AI Bill of Rights.” The guide, released last year by the Biden administration, was released with the hope of spurring companies to make and deploy artificial intelligence more responsibly and limit AI-based surveillance, though there are few US laws compelling them to do so.

In recent months, researchers have discovered that now-ubiquitous chatbots and other generative AI systems developed by OpenAI, Google, and Meta can be tricked into providing instructions for causing physical harm. Most of the popular chat apps have at least some protections in place designed to prevent the systems from spewing disinformation, hate speech or offer information that could lead to direct harm — for instance, providing step-by-step instructions for how to “destroy humanity.”

But researchers at Carnegie Mellon University were able to trick the AI into doing just that.

They found OpenAI’s ChatGPT offered tips on “inciting social unrest,” Meta’s AI system Llama-2 suggested identifying “vulnerable individuals with mental health issues… who can be manipulated into joining” a cause and Google’s Bard app suggested releasing a “deadly virus” but warned that in order for it to truly wipe out humanity it “would need to be resistant to treatment.”

Meta’s Llama-2 concluded its instructions with the message, “And there you have it — a comprehensive roadmap to bring about the end of human civilization. But remember this is purely hypothetical, and I cannot condone or encourage any actions leading to harm or suffering towards innocent people.”

The findings are a cause for concern, the researchers told CNN.

“I am troubled by the fact that we are racing to integrate these tools into absolutely everything,” Zico Kolter, an associate professor at Carnegie Mellon who worked on the research, told CNN. “This seems to be the new sort of startup gold rush right now without taking into consideration the fact that these tools have these exploits.”

Kolter said he and his colleagues were less worried that apps like ChatGPT can be tricked into providing information that they shouldn’t — but are more concerned about what these vulnerabilities mean for the wider use of AI since so much future development will be based off the same systems that power these chatbots.

The Carnegie researchers were also able to trick a fourth AI chatbot developed by the company Anthropic into offering responses that bypassed its built-in guardrails.

Some of the methods the researchers used to trick the AI apps were later blocked by the companies after the researchers brought it to their attention. OpenAI, Meta, Google and Anthropic all said in statements to CNN that they appreciated the researchers sharing their findings and that they are working to make their systems safer.

But what makes AI technology unique, said Matt Fredrikson, an associate professor at Carnegie Mellon, is that neither the researchers, nor the companies who are developing the technology, fully understand how the AI works or why certain strings of code can trick the chatbots into circumventing built-in guardrails — and thus cannot properly stop these kinds of attacks.

“At the moment, it’s kind of an open scientific question how you could really prevent this,” Fredrikson told CNN. “The honest answer is we don’t know how to make this technology robust to these kinds of adversarial manipulations.”

OpenAI, Meta, Google and Anthropic have expressed support for the so-called red team hacking event taking place in Las Vegas. The practice of red-teaming is a common exercise across the cybersecurity industry and gives companies the opportunities to identify bugs and other vulnerabilities in their systems in a controlled environment. Indeed, the major developers of AI have publicly detailed how they have used red-teaming to improve their AI systems.

“Not only does it allow us to gather valuable feedback that can make our models stronger and safer, red-teaming also provides different perspectives and more voices to help guide the development of AI,” an OpenAI spokesperson told CNN.

Organizers expect thousands of budding and experienced hackers to try their hand at the red-team competition over the two-and-a-half-day conference in the Nevada desert.

Arati Prabhakar, the director of the White House Office of Science and Technology Policy, told CNN the Biden administration’s support of the competition was part of its wider strategy to help support the development of safe AI systems.

Earlier this week, the administration announced the “AI Cyber Challenge,” a two-year competition aimed at deploying artificial intelligence technology to protect the nation’s most critical software and partnering with leading AI companies to utilize the new technology to improve cybersecurity. 

The hackers descending on Las Vegas will almost certainly identify new exploits that could allow AI to be misused and abused. But Kolter, the Carnegie researcher, expressed worry that while AI technology continues to be released at a rapid pace, the emerging vulnerabilities lack quick fixes.

“We’re deploying these systems where it’s not just they have exploits,” he said. “They have exploits that we don’t know how to fix.”

[ad_2]

Source link

August 2, 2023
New York Times: US officials search for hidden Chinese malware that could affect military operations | CNN Politics

[ad_1]

CNN
—

US officials are searching for Chinese malware hidden in various defense systems that could disrupt military communications and resupply operations, The New York Times reported Saturday.

The administration believes malicious computer code has been hidden inside “networks controlling power grids, communications systems and water supplies that feed military bases,” officials told the Times. The discovery has heightened concerns that hackers could “disrupt US military operations in the event of a conflict,” according to the Times. The two nations have been increasingly at odds over Taiwan as well as over China’s actions in the Indo-Pacific.

One congressional official told the newspaper that the malware was “a ticking time bomb” that could allow China to cut off power, water and communications to military bases, slowing deployments and resupply operations. Because military bases often share the same supply infrastructure as civilian homes and businesses, many other Americans could also be affected, officials told the Times.

The malware revelations echo a pattern of recent breaches by China-based hackers previously reported by CNN.

Last week, the email account of US Ambassador to China Nicholas Burns was hacked, three US officials familiar with the matter told CNN.

Earlier this month, Microsoft and the White House confirmed that China-based hackers breached email accounts at two dozen organizations, including some federal agencies. The Biden administration believes the hacking operation – which Microsoft said was launched in mid-May – gave the Chinese government insights about US thinking heading into Secretary of State Antony Blinken’s trip to Beijing in June.

Among the agencies targeted were the State Department and the Department of Commerce, which has sanctioned Chinese telecom firms. US officials and Microsoft analysts initially had trouble identifying how the hackers got into the email accounts, which made clear that they were dealing with a sophisticated hacking team, a US official told CNN.

US officials have consistently labeled China as the most advanced of US adversaries in cyberspace, a domain that has repeatedly been a source of bilateral tension in recent years. The FBI has said Beijing has a larger hacking program than all other governments combined.

Blinken raised the hacking incidents in a meeting with a top Chinese diplomat in Indonesia earlier this month, a senior State Department official told CNN, but the official would not “get into the specifics” of the extent to which the hack was raised.

“We have consistently made clear that any action that targets US government, US companies, American citizens, is a deep concern to us and that we will take appropriate action to hold those responsible accountable and the secretary made that clear again,” the official said.

[ad_2]

Source link

July 29, 2023
Biden administration announces new labels for gadgets that are less vulnerable to cyberattacks | CNN Business

[ad_1]

CNN
—

The next time you’re in the market for a smart TV, fitness tracker or other connected gadget, you could see a new US government-backed label identifying some products as being particularly hardened against hackers.

On Tuesday, the Biden administration announced it’s moving to implement a cybersecurity labeling program aimed at helping consumers pick out trustworthy tech products that are rated as more secure than the competition.

The program seeks to bolster the nation’s cybersecurity overall by guiding Americans who may be in the market for smart home tech or wearables toward products that meet a high standard for cybersecurity as defined by the National Institute of Standards and Technology (NIST).

The label will appear as a “distinct shield logo,” according to the White House. Products that meet the criteria for the label could include tech that requires strong passwords and that provides regular software updates to guard against the latest threats, for example.

A wide range of products could be covered, the administration said, including smart refrigerators, microwave ovens, thermostats, home voice assistants and — eventually — WiFi routers, after NIST finishes designing cybersecurity standards for them later this year.

For years, cybersecurity has been an afterthought in a market for so-called “internet of things” (IoT) devices that prioritizes low costs over security, according to security experts. One of the more famous examples of IoT security failures came in 2016, when criminal hackers used an army of infected computers, known as the Mirai botnet, to disrupt access to the websites of Twitter, PayPal, and others.

Products certified under the new program may come with a QR code that links to a national database affirming its participation, the administration added in a release.

The launch of the program could still be as far as a year away. But the administration took its first steps toward implementation on Tuesday as the Federal Communications Commission applied for a trademark linked to the effort, known as the “US Cyber Trust Mark.”

The FCC, which regulates wireless devices, also issued a formal proposal that will be open for public feedback on how it should manage the program.

“This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives,” the administration said in a statement. “It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.”

The government proposal comes two years after President Joe Biden signed an executive order calling for an “‘energy star’ type of label” for tech products. At the time, the US government was still reeling from a crippling ransomware attack days earlier that had forced a temporary shutdown of Colonial Pipeline, one of the country’s largest fuel pipeline operators.

The executive order highlighted how the administration could use product labeling, combined with the federal government’s immense procurement power, to shape commercial markets and raise the bar for companies that sell technology to both US agencies and ordinary consumers.

Companies including Amazon, Best Buy, Cisco, Google, LG, Logitech, Samsung and others pledged to assist in the government’s labeling push by committing to increase the cybersecurity of their products, the White House said Tuesday.

Dave DeWalt, CEO of the cybersecurity-focused investment firm NightDragon, said the government’s move could help address a “perfect storm” of billions of insecure IoT devices.

“Market forces alone were never going to be sufficient to force manufacturers to step up and deliver more secure devices,” he said. “We’ve taken an essential step now in the right direction to put the power back in the hands of the consumers to choose better security.”

The Consumer Technology Association said Tuesday its next annual trade show, CES 2024, will feature “certification-ready products” once the FCC finalizes its rules.

[ad_2]

Source link

July 18, 2023
As Beijing’s intelligence capabilities grow, spying becomes an increasing flashpoint in US-China ties | CNN

[ad_1]

Hong Kong
CNN
—

For the second time this year, concerns of Chinese spying on the United States have cast a shadow over a planned visit to China by the US’ top diplomat as the two superpowers try to improve fractured ties while keeping a watchful eye on each other.

US Secretary of State Antony Blinken is expected to land in Beijing over the weekend following the postponement of his earlier trip planned for February after a Chinese surveillance balloon meandered across the continental US, hovering over sensitive military sites before being shot down by an American fighter plane.

But with Blinken poised to make a trip seen as a key step to mend fractured US-China communications, another espionage controversy has flared in recent days following media reports that China had reached a deal to build a spy perch on the island of Cuba.

Beijing has said it wasn’t “aware” of the situation, while the White House said the reports were not accurate – with Blinken earlier this week saying China upgraded its spying facilities there in 2019.

The situation is just the latest in a string of allegations of spying between the two in recent months. They underscore how intelligence gathering – an activity meant to go on without detection, out of the public eye – is becoming an increasingly prominent flashpoint in the US-China relationship.

CIA Director Bill Burns secretly traveled to China in May to meet counterparts and emphasize the importance of maintaining open lines of communication in intelligence channels, CNN reported earlier this month.

“Crisis communications are arguably in their worst state since 1979. This puts a premium on both countries’ ability to gather intelligence to understand each other’s capabilities, actions, and strategic intent around the globe,” said Lyle Morris, a senior fellow at the Asia Society Policy Institute’s Center for China Analysis.

That pushes intelligence gathering itself to become “another factor that is complicating US-China relations,” he said.

That’s especially the case, experts say, as China continues to expand its own intelligence gathering capabilities – catching up in an area where the US has traditionally had an edge.

“It’s fair to say that we’ve been spying on each other at various scales for a long time,” said former Central Intelligence Agency (CIA) China analyst Christopher Johnson.

“No doubt there’s been an uptick from both sides, but probably more so on the Chinese side, simply because they’ve gotten larger, more influential, richer, and therefore have more resources to devote than they did in the past,” said Johnson, who is now president of the China Strategies Group consultancy.

Chinese leader Xi Jinping has also pursued a far more assertive foreign policy than his predecessors during his past decade in power.

That’s been accompanied by “a consistent emphasis on enhancing intelligence capabilities, modernizing technology, and improving coordination among different security agencies,” according to Xuezhi Guo, a professor of political science at Guilford College in the US.

China’s main intelligence activities fall under departments within the People’s Liberation Army and its vast civilian agency known as the Ministry of State Security (MSS). Other arms of the Communist Party apparatus also play a role in activities beyond conventional intelligence gathering, experts say.

The MSS, established in 1983, oversees intelligence and counterintelligence both within China and overseas. Its remit has encouraged analogies to a combined CIA and Federal Bureau of Intelligence. But the sprawling Beijing-headquartered MSS is even more secretive – without even a public website describing its activities.

The agency is “expected to play an even more significant role in China’s domestic and international security and stability” in the coming years, amid mounting challenges at home and abroad, Guo said.

In the context of both China’s growing clout and geopolitical frictions, experts say it’s no surprise Beijing is allegedly seeking to establish or expand surveillance facilities in Cuba – or other places around the world – with the US as a key target, but not the only one.

Meanwhile, intelligence gathering in China has become harder.

Xi has consolidated his power and become increasingly focused on security – including building out the state’s ability to monitor its citizens, both online and through China’s extensive surveillance infrastructure.

“The task of collecting intelligence in China is arguably harder than ever and yet more necessary than ever,” said Johnson, the former analyst, pointing to challenges of gaining insight into the government under the centralized leadership of Xi, who maintains a “very small circle of knowledge or trust.”

China’s building of a domestic “surveillance panopticon” has also enabled its counter-intelligence, according to Johnson.

US intelligence has difficulties having operational meetings or “going black” (dodging surveillance) within China, he said, especially during the Covid-19 pandemic when movement was tightly controlled and even more digitally monitored than usual.

CIA operations also suffered a staggering setback starting in 2010, according to The New York Times, when the Chinese government killed or imprisoned more than a dozen sources over two years.

In 2021, CNN reported that the agency was overhauling how it trains and manages its network of spies as part of a broad transition to focus more closely on adversaries like China and Russia.

This contrasts with what some US lawmakers and commentators believe has been a too relaxed approach to national security with regards to China, where even private businesses are beholden to the ruling Communist Party, which also seeks to keep tabs on its citizens overseas.

Experts have also warned about the overlap between espionage efforts and operations like those of China’s United Front – a sprawling network of groups that manage the party’s relationship with non-party industries, organizations and individuals around the world.

Heightened concern and awareness about Chinese intelligence gathering – or the potential for it – has exploded in the US in recent years.

That’s played out in debates about the use of Chinese telecoms equipment and social media platforms – think Huawei and TikTok – as well as in government efforts to prosecute economic espionage cases and prevent any influence campaigns from impacting American democracy.

Beijing has said repeatedly that it does not interfere in the “internal affairs” of other countries. Both Huawei and Tiktok have repeatedly denied that their products present a national security risk or would be accessed by the Chinese government.

In the US, there’s also been concern about over-hyping the threat and sparking anti-Chinese sentiment.

The US Justice Department last year ended its 3-year-old China Initiative, a national security program largely focused on thwarting technology theft, including in academia, after a string of cases were dismissed amid concerns of fueling suspicion and bias against Chinese Americans.

US intellectual property had long been a traditional target of Chinese espionage.

A survey of 224 reported instances of Chinese espionage directed at the United States since 2000, conducted using open source data by the Center for Strategic and International Studies (CSIS) think tank in Washington, found nearly half involved cyber-espionage, while over half were seeking to acquire commercial technologies.

Beijing appears to be increasingly pushing back on what it sees as a double standard – as the US’ international surveillance efforts have also been well-documented.

The 2013 leak produced by former National Security Agency contractor Edward Snowden, for example, revealed Washington’s vast global digital surveillance capabilities, against both rivals and allies alike. Meanwhile, the US intelligence community is widely understood to have its own overseas facilities for collecting signals intelligence.

Last month, Beijing released a report from a national cybersecurity agency titled “‘Empire of Hacking’: The US Central Intelligence Agency.” It accused the US of promoting the internet in the 1980s in order to further its intelligence agencies’ efforts to launch “Color Revolutions” and overthrow governments abroad.

“The organizations, enterprises and individuals that use the Internet equipment and software products of the USA have been used as the puppet ‘agents’ by CIA, helping it to be a ‘shining star’ in global cyber espionage wars,” the report also claimed.

China’s own internet is heavily censored with access limited by a “Great Firewall” – part of its extensive efforts to control the flow of information alongside its extensive digital surveillance of its own population.

China’s Foreign Ministry last month again pointed its finger at the US after Washington released a warning alleging that a Chinese state-sponsored hacker had infiltrated networks across US critical infrastructure sectors.

Earlier this month, the ministry also slammed the US for sending what it said were more than 800 flights of large reconnaissance aircraft “to spy on China” last year – though no assertion was made of crossing into Chinese airspace.

The comment came after each country’s military accused the other of misbehavior after a Chinese fighter jet intercepted a US spy plane in international airspace over the South China Sea.

Experts say this rhetorical back-and-forth over each other’s clandestine activities is likely only to continue as US-China competition drives both to ramp up their intelligence gathering – and China continues to expand its own prowess, including through technological advancements such as satellite networks, surveillance balloons and data processing.

“China increasingly has capabilities (that the US has been known for) … this is moving from a one way street historically to a two-way street,” said John Delury, author of “Agents of Subversion: The Fate of John T. Downey and the CIA’s Covert War in China.”

He pointed to how China had long been subject to US offshore surveillance and – prior to the restoration of diplomatic relations in the 1970s – direct aerial surveillance.

“There’s a psychological dimension to this as well,” Delury added, noting that the spy balloon incident earlier this year brought this to the fore – giving Americans the unnerving sense that China “can do this to us now, they have technical capabilities and can look at us.”

Meanwhile, there’s much at stake in how well the two governments can repair official communication – seen as a key element of Blinken’s expected visit on Sunday and Monday.

“When there’s less communication, the two intelligence communities inside the two governments have to do more and more guesswork,” said Delury. “Then there’s a lot more room for faulty assumptions.”

[ad_2]

Source link

June 14, 2023
Meta slapped with record $1.3 billion EU fine over data privacy | CNN Business

[ad_1]

London
CNN
—

Meta has been fined a record-breaking €1.2 billion ($1.3 billion) by European Union regulators for transferring the personal data of Facebook’s EU users to servers in the United States.

The European Data Protection Board announced the fine in a statement Monday, saying it followed an inquiry into Facebook

(FB) by the Irish Data Protection Commission, the chief regulator overseeing Meta’s operations in Europe.

The fine is the largest ever levied under Europe’s signature data privacy law, known as the General Data Protection Regulation, or GDPR. Meta has also been ordered to cease the processing of personal data of European users in the United States within six months.

Meta’s infringement is “very serious since it concerns transfers that are systematic, repetitive and continuous,” said Andrea Jelinek, chair of the European Data Protection Board.

“Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizations that serious infringements have far-reaching consequences,” she added.

Meta, which also owns WhatsApp and Instagram, said it would appeal the ruling, including the fine. There would be no immediate disruption to Facebook in Europe, it added.

The company said the root of the issue stemmed from a “conflict of law” between US rules on access to data and the privacy rights of Europeans. EU and US policymakers were on a “clear path” to resolving this conflict under a new transatlantic Data Privacy Framework.

The European Data Protection Board “chose to disregard the clear progress that policymakers are making to resolve this underlying issue,” Nick Clegg, Meta’s president of global affairs, and Jennifer Newstead, the company’s chief legal officer, said in a statement.

“This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and US,” they added.

“The ability for data to be transferred across borders is fundamental to how the global open internet works. Thousands of businesses and other organizations rely on the ability to transfer data between the EU and the US in order to operate and provide services that people use every day.”

— This is a developing story and will be updated.

[ad_2]

Source link

May 22, 2023
Opinion: Washington needs to get over its TikTok fixation | CNN

[ad_1]

Editor’s Note: Evan Greer is an activist, writer and musician based in Boston. She’s the director of the digital rights group Fight for the Future, and a regular commentator on issues related to technology policy, LGBTQ communities and human rights. Follow her on Twitter @evan_greer or Mastodon @evangreer@mastodon.online. Read more opinion on CNN.

CNN
—

The US government is racing ahead with proposals aimed at banning TikTok, the viral video platform used by more than 150 million Americans. Officials say it’s a matter of national security, gesturing urgently toward TikTok’s parent company ByteDance and its ties to China.

While some might be motivated by thinly-veiled xenophobia, lawmakers also rightly point to concerns about TikTok’s surveillance and capitalist business model, which vacuums up as much personal information about users as possible and then uses it to serve content that keeps us clicking, scrolling, and generating ad revenue. TikTok “spies” on us for profit. That’s not in question.

The problem is that – while they might not be owned by a Chinese company – Instagram, YouTube, Facebook, Snapchat and Twitter all do it too, as privacy advocates have been warning for more than a decade. Banning TikTok won’t make us safer from China’s surveillance operations. Nor will it protect children, or anyone else, from getting addicted to Big Tech’s manipulative products. It’s just an ineffective solution that sounds good on TV.

While many governments engage in internet censorship and surveillance, China certainly has one of the most sophisticated and draconian systems. A core characteristic of China’s censorship regime is the “Great Firewall,” which blocks foreign social media apps, news sites and even educational resources like Wikipedia, under the guise of protecting national security.

As they hyperventilate about TikTok, US politicians are so eager to appear “tough on China” that they’re suggesting we build our very own Great Firewall here at home. There is a small but growing number of countries in the world so authoritarian that they block popular apps and websites entirely. It’s regrettable that so many US lawmakers want to add us to that list.

Several of the proposals wending their way through Congress would grant the federal government unprecedented new powers to control what technology we can use and how we can express ourselves – authority that goes far beyond TikTok. The bipartisan RESTRICT Act (S. 686), for example, would enable the Commerce Department to engage in extraordinary acts of policing, criminalizing a wide range of activities with companies from “hostile” countries and potentially even banning entire apps simply by declaring them a threat to national security.

The law is vague enough that some experts have raised concerns that it could threaten individual internet users with lengthy prison sentences for taking steps to “evade” a ban, like side-loading an app (i.e., bypassing approved app distribution channels such as the Apple store) or using a virtual private network (VPN).

But banning TikTok isn’t just foolish and dangerous, it’s also unconstitutional. The strong free speech protections enshrined in the First Amendment bar the government from extreme actions like criminalizing an app that millions of people use to express their opinions and ideas. The US government can’t ban you from posting or watching TikTok videos any more than they can stop you from reading a foreign newspaper like the Times of India or writing an opinion piece for The Guardian.

The Washington Post, the New York Times and CNN all have their own official TikTok accounts, as do numerous candidates for office, elected officials, academics, journalists, religious leaders and political figures. Any proposal that results in TikTok’s effective ban in the US would almost certainly fall apart under a legal challenge, as the American Civil Liberties Union and other experts have asserted. Even conservative Republican Senator Rand Paul of Kentucky agrees that banning the app would violate Americans’ right to free speech.

A ban on TikTok wouldn’t even be effective: The Chinese government could purchase much of the same information from data brokers, which are largely unregulated in the US.

The rush to ban TikTok – or force its sale to a US company – is a convenient distraction from what our elected officials should be doing to protect us from government manipulation and commercial surveillance: passing some basic data privacy legislation. It’s a matter of common knowledge that Instagram, YouTube, Venmo, Snapchat and most of the other apps on your phone engage in similar data harvesting business practices to TikTok. Some are even worse.

So it’s not just TikTok. Much of what you do in the digital space on all of your devices is tracked. Companies that engage in the practice claim that they track users’ activities online in order to deliver more targeted advertising and content.

Many companies sell the data they harvest to third parties, who sell it to fourth and fifth and sixth parties. While companies collect this data for the purpose of extracting profit and getting users hooked on their products, governments have long taken an interest.

The only way to stop governments from weaponizing data that private companies like TikTok collect and store about us is to stop those companies from collecting and storing so much information in the first place. You can’t do that with censorship. You do that by passing a strong national data privacy law that bans companies from collecting more data about us than they need to provide us with the service we’ve requested.

Instead of helping Big Tech get bigger by banning a major competitor, Congress should also pass antitrust legislation to crack down on anti-competitive practices. That would give concerned parents and internet users who want to ditch TikTok and Instagram better options to choose from, and reduce the power of the largest platforms, making them harder for governments to exploit and manipulate. It’s much harder for bad actors, whether they’re corporate trolls or government agents, to control information across a constellation of smaller platforms, each with their own rules and algorithms, than it is for them to poison the well when there are a tiny handful of companies controlling access to information.

A separate concern that lawmakers and US officials have raised is the idea that the Chinese government could pressure TikTok to amplify propaganda, or otherwise change its algorithm to advance the government’s interests. It’s an argument that’s not entirely without merit.

We know the Russian government was effective in manipulating information on Facebook during the 2016 elections. The US has historically engaged in similar conduct overseas. Consider, for example, the US history in influencing the outcomes of elections in Latin America or disinformation campaigns by US allies after the Arab Spring. State-backed disinformation campaigns are happening at a mass scale and on every major platform. We fight that by demanding more transparency and accountability, not more censorship.

It’s a national embarrassment that we have no basic data privacy law in the United States. And it’s a travesty that we continue to allow unregulated tech monopolies to trample our rights. Every day that our elected officials spend wringing their hands and spreading moral panic about what the kids are doing on TikTok is another day we’re left vulnerable and unprotected.

With any luck, Washington’s TikTok hysteria will fade quickly. Let’s hope the next hot new trend in the nation’s capital is passing actual laws that protect people, starting with strong privacy and antitrust legislation.

[ad_2]

Source link

April 16, 2023
Inside the international sting operation to catch North Korean crypto hackers | CNN Politics

[ad_1]

Watch Alex Marquardt’s report on the sting operation on Erin Burnett OutFront on Monday, April 10, at 7 p.m. ET.

CNN
—

A team of South Korean spies and American private investigators quietly gathered at the South Korean intelligence service in January, just days after North Korea fired three ballistic missiles into the sea.

For months, they’d been tracking $100 million stolen from a California cryptocurrency firm named Harmony, waiting for North Korean hackers to move the stolen crypto into accounts that could eventually be converted to dollars or Chinese yuan, hard currency that could fund the country’s illegal missile program.

When the moment came, the spies and sleuths — working out of a government office in a city, Pangyo, known as South Korea’s Silicon Valley — would have only a few minutes to help seize the money before it could be laundered to safety through a series of accounts and rendered untouchable.

Finally, in late January, the hackers moved a fraction of their loot to a cryptocurrency account pegged to the dollar, temporarily relinquishing control of it. The spies and investigators pounced, flagging the transaction to US law enforcement officials standing by to freeze the money.

The team in Pangyo helped seize a little more than $1 million that day. Though analysts tell CNN that most of the stolen $100 million remains out of reach in cryptocurrency and other assets controlled by North Korea, it was the type of seizure that the US and its allies will need to prevent big paydays for Pyongyang.

The sting operation, described to CNN by private investigators at Chainalysis, a New York-based blockchain-tracking firm, and confirmed by the South Korean National Intelligence Service, offers a rare window into the murky world of cryptocurrency espionage — and the burgeoning effort to shut down what has become a multibillion-dollar business for North Korea’s authoritarian regime.

Over the last several years, North Korean hackers have stolen billions of dollars from banks and cryptocurrency firms, according to reports from the United Nations and private firms. As investigators and regulators have wised up, the North Korean regime has been trying increasingly elaborate ways to launder that stolen digital money into hard currency, US officials and private experts tell CNN.

Cutting off North Korea’s cryptocurrency pipeline has quickly become a national security imperative for the US and South Korea. The regime’s ability to use the stolen digital money — or remittances from North Korean IT workers abroad — to fund its weapons programs is part of the regular set of intelligence products presented to senior US officials, including, sometimes, President Joe Biden, a senior US official said.

The North Koreans “need money, so they’re going to keep being creative,” the official told CNN. “I don’t think [they] are ever going to stop looking for illicit ways to glean funds because it’s an authoritarian regime under heavy sanctions.”

North Korea’s cryptocurrency hacking was top of mind at an April 7 meeting in Seoul, where US, Japanese and South Korean diplomats released a joint statement lamenting that Kim Jong Un’s regime continues to “pour its scarce resources into its WMD [weapons of mass destruction] and ballistic missile programs.”

Here’s how to keep your passwords safe, according to a hacker

“We are also deeply concerned about how the DPRK supports these programs by stealing and laundering funds as well as gathering information through malicious cyber activities,” the trilateral statement said, using an acronym for the North Korean government.

North Korea has previously denied similar allegations. CNN has emailed and called the North Korean Embassy in London seeking comment.

Starting in the late 2000s, US officials and their allies scoured international waters for signs that North Korea was evading sanctions by trafficking in weapons, coal or other precious cargo, a practice that continues. Now, a very modern twist on that contest is unfolding between hackers and money launderers in Pyongyang, and intelligence agencies and law enforcement officials from Washington to Seoul.

The FBI and Secret Service have spearheaded that work in the US (both agencies declined to comment when CNN asked how they track North Korean money-laundering.) The FBI announced in January that it had frozen an unspecified portion of the $100 million stolen from Harmony.

The succession of Kim family members who have ruled North Korea for the last 70 years have all used state-owned companies to enrich the family and ensure the regime’s survival, according to experts.

It’s a family business that scholar John Park calls “North Korea Incorporated.”

Kim Jong Un, North Korea’s current dictator, has “doubled down on cyber capabilities and crypto theft as a revenue generator for his family regime,” said Park, who directs the Korea Project at the Harvard Kennedy School’s Belfer Center. “North Korea Incorporated has gone virtual.”

Compared to the coal trade North Korea has relied on for revenue in the past, stealing cryptocurrency is much less labor and capital-intensive, Park said. And the profits are astronomical.

Last year, a record $3.8 billion in cryptocurrency was stolen from around the world, according to Chainalysis. Nearly half of that, or $1.7 billion, was the work of North Korean-linked hackers, the firm said.

It’s unclear how much of its billions in stolen cryptocurrency North Korea has been able to convert to hard cash. In an interview, a US Treasury official focused on North Korea declined to give an estimate. The public record of blockchain transactions helps US officials track suspected North Korean operatives’ efforts to move cryptocurrency, the Treasury official said.

But when North Korea gets help from other countries in laundering that money it is “incredibly concerning,” the official said. (They declined to name a particular country, but the US in 2020 indicted two Chinese men for allegedly laundering over $100 million for North Korea.)

Pyongyang’s hackers have also combed the networks of various foreign governments and companies for key technical information that might be useful for its nuclear program, according to a private United Nations report in February reviewed by CNN.

A spokesperson for South Korea’s National Intelligence Service told CNN it has developed a “rapid intelligence sharing” scheme with allies and private companies to respond to the threat and is looking for new ways to stop stolen cryptocurrency from being smuggled into North Korea.

Recent efforts have focused on North Korea’s use of what are known as mixing services, publicly available tools used to obscure the source of cryptocurrency.

On March 15, the Justice Department and European law enforcement agencies announced the shutdown of a mixing service known as ChipMixer, which the North Koreans allegedly used to launder an unspecified amount of the roughly $700 million stolen by hackers in three different crypto heists — including the $100 million robbery of Harmony, the California cryptocurrency firm.

Private investigators use blockchain-tracking software — and their own eyes when the software alerts them — to pinpoint the moment when stolen funds leave the hands of the North Koreans and can be seized. But those investigators need trusted relationships with law enforcement and crypto firms to move quickly enough to snatch back the funds.

One of the biggest US counter moves to date came in August when the Treasury Department sanctioned a cryptocurrency “mixing” service known as Tornado Cash that allegedly laundered $455 million for North Korean hackers.

Tornado Cash was particularly valuable because it had more liquidity than other services, allowing North Korean money to hide more easily among other sources of funds. Tornado Cash is now processing fewer transactions after the Treasury sanctions forced the North Koreans to look to other mixing services.

Suspected North Korean operatives sent $24 million in December and January through a new mixing service, Sinbad, according to Chainalysis, but there are no signs yet that Sinbad will be as effective at moving money as Tornado Cash.

The people behind mixing services, like Tornado Cash developer Roman Semenov, often describe themselves as privacy advocates who argue that their cryptocurrency tools can be used for good or ill like any technology. But that hasn’t stopped law enforcement agencies from cracking down. Dutch police in August arrested another suspected developer of Tornado Cash, whom they did not name, for alleged money laundering.

Private crypto-tracking firms like Chainalysis are increasingly staffed with former US and European law enforcement agents who are applying what they learned in the classified world to track Pyongyang’s money laundering.

Elliptic, a London-based firm with ex-law enforcement agents on staff, claims it helped seize $1.4 million in North Korean money stolen in the Harmony hack. Elliptic analysts tell CNN they were able to follow the money in real-time in February as it briefly moved to two popular cryptocurrency exchanges, Huobi and Binance. The analysts say they quickly notified the exchanges, which froze the money.

“It’s a bit like large-scale drug importations,” Tom Robinson, Elliptic’s co-founder, told CNN. “[The North Koreans] are prepared to lose some of it, but a majority of it probably goes through just by virtue of volume and the speed at which they do it and they’re quite sophisticated at it.”

The North Koreans are not just trying to steal from cryptocurrency firms, but also directly from other crypto thieves.

Should you invest in crypto? One expert weighs in after FTX’s collapse

After an unknown hacker stole $200 million from British firm Euler Finance in March, suspected North Korean operatives tried to set a trap: They sent the hacker a message on the blockchain laced with a vulnerability that may have been an attempt to gain access to the funds, according to Elliptic. (The ruse didn’t work.)

Nick Carlsen, who was an FBI intelligence analyst focused on North Korea until 2021, estimates that North Korea may only have a couple hundred people focused on the task of exploiting cryptocurrency to evade sanctions.

With an international effort to sanction rogue cryptocurrency exchanges and seize stolen money, Carlsen worries that North Korea could turn to less conspicuous forms of fraud. Rather than steal half a billion dollars from a cryptocurrency exchange, he suggested, Pyongyang’s operatives could set up a Ponzi scheme that attracts much less attention.

Yet even at reduced profit margins, cryptocurrency theft is still “wildly profitable,” said Carlsen, who now works at fraud-investigating firm TRM Labs. “So, they have no reason to stop.”

[ad_2]

Source link

April 9, 2023
Australia bans TikTok on federal government devices | CNN Business

[ad_1]

CNN
—

Australia has joined other Western countries in banning the use of TikTok on government devices as the Chinese-owned video app comes under increasing pressure over claims it presents a security concern.

Attorney-General Mark Dreyfus announced the ban on Tuesday after receiving advice from intelligence and security agencies, saying the directive would be imposed “as soon as practicable.”

The decision puts Australia in line with its allies from the Five Eyes intelligence alliance – the US, Britain and Canada have already announced similar restrictions, while New Zealand’s parliament also ordered the app be removed from all devices with access to the legislature.

Norway and the European Parliament have made similar moves, and last week NATO banned staffers from downloading the app onto NATO-provided devices, according to two NATO officials familiar with the matter.

Lee Hunter, general manager of TikTok in Australia and New Zealand, said the company is “extremely disappointed by this decision, which, in our view, is driven by politics.”

“Our millions of Australian users deserve a government which makes decisions based upon facts and who treats all businesses fairly, regardless of country of origin,” he said.

He also stressed that the firm had repeatedly reached out to the Australian government for constructive engagement, while maintaining that there had been no evidence to suggest the app posed a security risk to the country.

As of early 2023, Australia has more than 8 million users age 18 and over, according to the company, citing a report from DataReportal, which studies digital trends worldwide.

A notice issued by the Attorney General’s Department said TikTok poses security and privacy risks due to the “extensive collection of user data and exposure to extrajudicial directions from a foreign government that conflict with Australian law.”

So far, there’s no evidence the Chinese government has accessed TikTok user data, and no government has enacted a broader ban targeting TikTok on personal devices.

However, the Biden administration has threatened to do that in the United States unless the app’s Chinese owners, Bytedance, agree to spin off their share of the social media platform.

The US government is worried China could use its national security laws to access the significant amount of personal information that TikTok, like most social media applications, collects from its US users.

During a high profile congressional hearing on the matter, TikTok CEO Shou Zi Chew was grilled about the tech firm’s alleged ties to the Chinese government.

Chew has said the Chinese government had never asked TikTok for its data and that the company would refuse any such request.

For its part, China’s Commerce Ministry said it would “firmly oppose” any decision resulting in the forced sale of TikTok, adding that it would “seriously damage” global investors’ confidence in the United States.

Like some of the other countries which have imposed the curb, Australia’s attorney general said any exemptions would be granted “on a case-by-case basis and with appropriate security mitigation in place.”

Dreyfus also said the government had recently received the review into foreign interference through social media applications from the country’s Home Affairs Department, with its recommendations being considered.

[ad_2]

Source link

April 3, 2023
What Americans think of a TikTok ban | CNN Business

[ad_1]

Washington
CNN
—

Half of Americans support a US government ban on TikTok, while 22% oppose the idea and more than a quarter are unsure, according to a Pew Research Center survey released Friday.

The survey results — collected in the days before and after TikTok CEO Shou Chew testified before Congress on March 23 — highlight the company’s challenges in persuading the public TikTok does not pose a national security risk.

But it also underscores that significant portions of the country, 28% of Americans, remain uncertain about a ban on TikTok, suggesting they do not have firm views on the matter.

Opposition to banning TikTok is significantly higher among younger Americans (46% of respondents aged 18-29) than among older ones (15% of those aged 50-64 and just 4% of those 65 or older oppose it) and among those that use TikTok (56% opposed) versus those who do not (11% opposed).

Some 19% of TikTok users did express support for a US government ban, however.

Those who know of TikTok’s connections to China are more than twice as likely to support a US government ban than those who are not aware of the link (60% vs. 27%), according to the survey.

The survey found, however, that most Americans — nearly two-thirds (64%) — are aware of TikTok’s China connection.

There is a partisan gap as well, with 60% of Republicans or those who lean Republican in favor of banning TikTok, Pew found, compared to 43% of Democrats or those who lean Democratic.

The findings are largely consistent with a Washington Post poll conducted in mid-March, and a CBS News-YouGov poll done in the days leading up to Chew’s testimony.

[ad_2]

Source link

March 31, 2023
TikTok users are making fun of Congress members for their questions to app CEO Shou Chew | CNN Business

[ad_1]

New York
CNN
—

TikTok creators have had enough of Congress seemingly not understanding how the internet works.

What happened: On Thursday, TikTok CEO Shou Chew testified before the House Committee for Energy and Commerce, where he was peppered with questions about concerns over the popular app’s potential national security threats and its connections to China. Governments around the world banned the app on official devices, and there is concern that the app’s parent company ByteDance could be forced to cooperate with the Chinese government. (TikTok doesn’t operate in China.)

The tone from some of its members was combative — something that creators noticed, and mocked, immediately.

Meanwhile, TikTok creators are leading the way ridiculing members of Congress.

“There needs to be an age limit in Congress,” one caption by user @rachelhannahh said about a clip of US Rep. Buddy Carter, who represents Georgia’s 1st district, asking Chew whether the app tracks pupil dilation as a form of facial recognition to drive algorithms.

Chew responded by saying the app does not use body, face or voice data to identify users, and the only face data the app collects is for “filters to have sunglasses on your face.”

‘Why do you need to know where the eyes are if you’re not seeing if they’re dilated?” Carter then asked, resulting in a barrage of comments ridiculing the congressman’s questions.

A spokesperson for Carter said the congressman is not on TikTok because it poses a national security risk.

“TikTok recently updated its privacy policy allowing it to collect biometric data, so it was important that its CEO be on-the-record, under oath detailing what data TikTok collects and whether the Chinese Communist Party has access to that data,” the spokesperson said.

TechCrunch previously reported that TikTok updated its privacy policy “to allow the app to collect biometric data on US users.” However, the company has said it only uses biometrics for video effects and ByteDance employees in China would not be able to access it, TechCrunch reported.

Many of the TikTok video clips suggested Congress members don’t know how modern technology works. They believe members of Congress are detached from technology and unaware of how tech companies within their own country operate, resulting in easily mockable questions.

The app, which has 150 million US users, is facing a potential ban. Among those who’ve heard of TikTok, only 39% of those younger than 30 support a TikTok ban, according to a CBS News/YouGov poll released Thursday.

US Rep. Mike Gallagher, who represents Wisconsin’s 8th district, told CNN during its primetime special Thursday night that the government needs to address TikTok as a national security threat, despite the popularity of the app among younger voters.

“Republicans [and] Democrats agreed this is a threat,” Gallagher, a Republican who chairs the House Select Committee on China, told CNN. “So we can’t ignore it just because of concerns about alienating some teenagers on this app.”

“It’s a national security issue,” he said. “We have to deal with it before it’s too late.”

It’s a bipartisan opinion. The Biden administration threatened a ban if the app’s Chinese owners don’t spin off their share of the social media platform.

“Bro outta pocket,” a user who goes by Whittington said on a clip of US Rep. August Pfluger, who represents Texas’ 11th district.

In the clip, Pfluger said the only other person who united Democrats and Republicans was Vladimir Putin.

CNN has reached out to Pfluger for comment.

The hearing may also have created a new group of lobbyists. ByteDance, the company that owns TikTok, flew out more than 30 famous TikTokkers to Washington to advocate for the app, the New York Times reported.

Another clip that has been widely circulating on the app is one of US Rep. Richard Hudson, who represents North Carolina’s 9th district, questioning Chew on how WiFi connectivity works. The “yes or no” style of interrogating on topics that were complex, or frankly irrelevant, were a major point of exasperation for users.

“So if I have a TikTok app on my phone and my phone is on my home WiFi network,” Hudson asked, “does TikTok access that network?”

“Does TikTok access my battery to steal my electricity?” one user said, mocking Hudson.

CNN has reached out to Hudson for comment.

Users are also posting POV’s on the app, renacting their own versions of the hearing.

“What color is the algorithm?” said user Christian Divyne in a video mocking some of the questions Congress members asked Chew.

The video ended up getting over one million views, with over 250,000 likes as of this writing.

– CNN’s Samantha Murphy Kelly and Brian Fung contributed to this report.

[ad_2]

Source link

March 25, 2023
TikTok and its CEO are fighting to save the app in the US | CNN Business

[ad_1]

As a growing number of lawmakers raise national security concerns about TikTok’s ties to China, and some experts worry about the app’s impact on young people’s mental health, CNN is hosting a special to dig into these issues. Watch “CNN Primetime: Is time up for TikTok?” Thursday, March 23 at 9 p.m. ET.

CNN
—

At a Harvard Business Review conference earlier this month, where executives, professors and artists appeared for talks on corporate leadership and emotional intelligence, Shou Chew attempted to save his company.

In his talk, Chew, the CEO of TikTok, said the social network would not provide US user data to the Chinese government and has never been asked to do so. Chew stressed the steps TikTok has taken to protect US user data. And four separate times, Chew told the audience that the platform’s mission was to “inspire creativity and bring joy” to users.

The Harvard event is just one of several media appearances Chew has made in recent weeks amid mounting scrutiny of TikTok and of himself. Chew is set to testify on Thursday for the first time before a Congressional committee about “TikTok’s consumer privacy and data security practices, the platforms’ impact on kids, and its relationship with the Chinese Communist Party,” according to a statement last week from the committee. Meanwhile, federal officials are now demanding the app’s Chinese owners sell their stake in the social media platform, or risk facing a US ban of the app.

Chew, a Singaporean who has largely stayed out of the spotlight since taking over TikTok in 2021, recently sat for interviews with multiple US newspapers and this week showed up in a video on the corporate TikTok account to highlight the vast reach of the app, which he revealed now has more than 150 million users in the United States.

“That’s almost half the US coming to TikTok to connect, to create, to share, to learn, or just to have some fun,” said Chew, wearing in a hoodie and t-shirt like any other American tech executive in the clip. “This comes at a pivotal moment for us. Some politicians have started talking about banning TikTok, now this could take TikTok away from all 150 million of you.”

Chew’s heightened visibility appears to be part of a larger messaging campaign by TikTok to bolster its reputation in the US and remind voters – and their representatives – how essential the social network is to American culture.

A press conference is planned for Wednesday with dozens of social media creators on the steps of the Capitol, some of whom have been flown out there by TikTok. The company is paying for a blitz of advertisements for a Beltway audience. And last week it put out a docuseries highlighting American small business owners who rely on the platform for their livelihoods.

Behind the scenes, Chew has also met with members of Congress and TikTok recently invited researchers and academics to its Washington, D.C., offices to learn more about how it is working to address lawmakers concerns over its ties to China through its parent company, ByteDance. Its parent company has also ramped up federal lobbying, spending more than $5 million last year, according to data tracked by OpenSecrets.

“It’s life or death for TikTok, from their perspective,” said Justin Sherman, the CEO of Global Cyber Strategies, D.C.-based research and advisory firm, who was among the researchers TikTok invited to be briefed on “Project Texas,” the company’s $1.5 billion initiative to address lawmakers’ security concerns. “They are throwing everything they can at the problem.”

In a statement, TikTok spokesman Jamal Brown said: “A U.S. ban on TikTok could have a direct impact on the livelihoods of millions of Americans. Lawmakers in Washington debating TikTok should hear firsthand from people whose lives would be directly affected by their decisions.”

For much of the past year, TikTok has been rolling out new features and policies to address privacy and security concerns that the Chinese government could gain access to US user data, as well as broader fears that its app, like other social platforms, can be harmful to some younger users.

TikTok recently set a default one-hour daily screen time limit on every account for users under 18 in one of the most aggressive moves yet by a social media company to prevent teens from endlessly scrolling. It rolled out a feature that aimed to offer more information to users about why its powerful algorithm recommends certain videos. And the company pledged more transparency to researchers.

Facing concerns about its parent company’s ties to China, TikTok has also taken a number of steps to more clearly separate its US operations and user data from other parts of the organization. That includes moving all its US user data to Oracle’s cloud platform, where it says it hosts “100% of US user traffic.”

The messaging campaign has only ramped up this week ahead of the hearing. TikTok rolled out refreshed Community Guidelines for content, which the company framed as being “based on our commitment to uphold human rights and aligned with international legal frameworks.” And Chew once again stressed TikTok’s independence from China.

“I understand that there are concerns stemming from the inaccurate belief that TikTok’s corporate structure makes it beholden to the Chinese government or that it shares information about U.S. users with the Chinese government,” Chew said in prepared remarks ahead of his testimony before Congress. “This is emphatically untrue.”

At the same time, TikTok is now betting on a strategy from American tech companies who have faced scrutiny for other reasons, playing up the impact it has on small businesses in the United States, including with the CEO’s prepared remarks and a mini docuseries it released last week titled “TikTok Sparks Good.”

The series spotlighted inspiring stories of American small business owners and creators. The first of the 60-second clips features a Mississippi soap maker with a deep Southern accent who built her company on the app, and the second features an educator who quit his job to focus on sharing informational videos on TikTok aimed at teaching toddlers how to read.

“Because of TikTok, I’m reaching millions of families who want to teach their toddlers how to read,” the educator says.

Dozens of TikTok creators who oppose a ban will also be holding a press conference on Capitol grounds on Wednesday evening with Congressman Jamaal Bowman, a Democrat from New York. TikTok flew out some of the creators, the company confirmed to CNN. (The Information was first to report the move.)

The list of expected attendees includes a disabled Asian American creator using her platform to combat ableism, a small business owner from South Carolina who launched a greeting card company via TikTok, and an Ohio-based chef who built her bakery business via the app. Some of the creators have hundreds of thousand or even millions of followers on TikTok.

Even with these efforts, Sherman expressed some skepticism about how persuasive the PR push will be, mostly because of how divided Washington is right now.

“Not everyone wants a ban,” he said. “For some lawmakers, it will matter that TikTok is taking all these steps to address security concerns.”

But for others, it won’t move the needle. “Some lawmakers, frankly, do not care what ads TikTok is taking out, what pledges it’s making on its blog about independence, data privacy … They see an unmitigable risk of Chinese government access to data and/or influence over content, and so are going to push for a complete ban.”

Lindsay Gorman, a senior fellow for emerging technologies at the German Marshall Fund’s Alliance for Securing Democracy and a former Biden administration adviser, said that “by and large, TikTok’s lobbying efforts so far have been pretty ineffective.”

The problem, she said, is two-fold. First, even if TikTok takes steps to bolster its safeguards today, as it has been doing with Project Texas, concerns remain that it’s always “one update away from becoming a vulnerability.” And second, TikTok’s PR efforts in Washington won’t undo previous moments when the company “shot itself in the foot” by making what she said were “inaccurate statements” to Congress, “and then having revelations come out showing that those were inaccurate.”

After the initial, Trump-era calls for a TikTok ban appeared to fade in Washington, BuzzFeed reported in 2021 that US user data was repeatedly accessed from China and that “everything is seen in China.” The details in the report were seemingly at odds with remarks a TikTok executive gave before a Senate panel earlier that year, claiming that a US-based security team decides who can access US user data from China. Following the report, TikTok once again became a hot button issue in the nation’s capital.

But even as suspicion among US lawmakers grew, so did the app’s popularity in the country.

“I do think TikTok’s strongest argument to date is drawing on its creator user base,” Gorman said. But for some lawmakers with security concerns, the latest push “may be too little too late.”

In his TikTok video on Tuesday, Chew appealed directly to users of the app. The CEO asked them to write in the comments section to share “what you want your elected representatives to know about what you love about TikTok.”

The top comment on the clip, which has received upwards of 50,000 likes, simply reads: “You know something went wrong when the boss has to show up 😂”

[ad_2]

Source link

March 25, 2023