In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year.
Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and defense contractors — first uncovered in December. The hackers sent malicious Word document by email that would when opened run macro-code to download a second-stage implant, dubbed Rising Sun, which the hackers used to conduct reconnaissance and steal user data.
The Lazarus Group, a hacker group linked to North Korea, was the prime suspect given the overlap with similar code previously used by hackers, but a connection was never confirmed.
Now, McAfee says it’s confident to make the link.
“This was a unique first experience in all my years of threat research and investigations,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee, told TechCrunch in an email. “In having visibility into an adversary’s command-and-control server, we were able to uncover valuable information that lead to more clues to investigate,” he said.
The move was part of an effort to better understand the threat from the nation state, which has in recent years been blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017, as well as more targeted attacks on global businesses.
In the new research seen by TechCrunch out Sunday, the security firm’s examination of the server code revealed Operation Sharpshooter was operational far longer than first believed — dating back to September 2017 — and targeted a broader range of industries and countries, including financial services and critical infrastructure in Europe, the U.K. and the U.S.
The research showed that server, operating as the malware’s command and control infrastructure, was written in the PHP and ASP web languages, used for building websites and web-based applications, making it easily deployed and highly scalable.
The back-end has several components used to launch attacks on the hackers’ targets. Each component has a specific role, such as the implant downloader, which hosts and pulls the implant from another downloader; and the the command interpreter, which operates the Rising Sun implant through an intermediate hacked server to help hide the wider command structure.
The researchers say that the hackers use a factory-style approach to building the Rising Sun, a modular type of malware that was pieced together different components over several years. “These components appear in various implants dating back to 2016, which is one indication that the attacker has access to a set of developed functionalities at their disposal,” said McAfee’s research. The researchers also found a “clear evolutionary” path from Duuzer, a backdoor used to target South Korean computers as far back as 2015, and also part of the same family of malware used in the Sony hack, also attributed to North Korea.
Although the evidence points to the Lazarus Group, evidence from the log files show a batch of IP addresses purportedly from Namibia, which researchers can’t explain.
“It is quite possible that these unobfuscated connections may represent the locations that the adversary is operating from or testing in,” the research said. “Equally, this could be a false flag,” such as an effort to cause confusion in the event that the server is compromised.
The research represents a breakthrough in understanding the adversary behind Operation Sharpshooter. Attribution of cyberattacks is difficult at best, a fact that security researchers and governments alike recognize, given malware authors and threat groups share code and leave red herrings to hide their identities. But obtaining a command and control server, the core innards of a malware campaign, is telling.
Even if the goals of the campaign are still a mystery, McAfee’s chief scientist Raj Samani said the insight will “give us deeper insights in investigations moving forward.”
This is the real voice behind Google Assistant
When using Google Assistant, most of us don’t even consider who the voice is coming from — after all, it’s artificial intelligence, not a real person. Our virtual assistants, be it Siri, Alexa, or Google Assistant, are always at our beck and call, but we (for the most part) remain well-aware of the fact that they’re just lines of code and intricate algorithms. But how would you feel if you knew that Google Assistant has a very human backstory?
In an interview with The Atlantic, James Giangola, the lead conversation and persona designer at Google, spoke about the Assistant at great length. When the team set out to create its AI-based assistant, they knew that the line between a cool, futuristic feature and a mildly creepy if uncanny voice bot is very, very thin. Google Assistant was never meant to seem human — that would just be disturbing — but she was meant to be just human enough to make us feel comfortable. To achieve that elusive feeling of somewhat reserved comfort, Giangola and his team went to great lengths to perfect the Assistant.
You’d think that just hiring a skilled voice actor would be enough, but there was much more to consider than just finding a pleasant voice. James Giangola set out on a quest to make the Google Assistant sound normal and to hide that alien feeling of speaking to a robot. In order to do this, he made up a lengthy backstory for the Assistant.
A robot with an extensive backstory
When searching for the right voice actress and then training her later on, The Atlantic notes that James Giangola came up with a very specific backstory for the AI. He did so because he wanted Google Assistant to appear real, and in order to give it a distinct personality, he gave the voice actress a lengthy background on the Assistant. First and foremost, the Assistant comes from Colorado, which gives her a neutral accent.
She comes from a well-read family and is the youngest daughter of a physics professor (who has a B.A. in art history from Northwestern University, no less) and a research librarian. She once worked for “a very popular late-night-TV satirical pundit” as a personal assistant. She was always a smart kid, she won $100,000 on the Kids Edition of “Jeopardy.” Oh, and she also likes kayaking. Let’s not forget: She’s not real.
The need to create such a specific backstory may seem questionable, and it actually was questioned by James Giangola’s colleagues. However, Giangola was able to prove his point during the audition process. When a colleague asked him how does anyone even sound like they’re into kayaking, Giangola fired back: “The candidate who just gave an audition — do you think she sounded energetic, like she’s up for kayaking?” And she didn’t, which to Giangola meant that she wasn’t the right voice.
Google aimed for ‘upbeat geekiness’
Aside from nailing the exact tone of her voice, which The Atlantic described as “upbeat geekiness,” the Assistant had to be trained to sound human not just by voice, but also by speech patterns and rhythms. In the interview, James Giangola talks about some of the different small changes that were made to take the Assistant from robotic to almost natural.
To illustrate the example, Giangola played a recording in which the AI had to contradict a user who wanted to book something on June 31. It had to be done in a delicate, natural-sounding manner that still delivers the required information. When prompted, the Assistant replied: “Actually, June has only 30 days,” achieving the level of vocal realism Giangola was looking for.
Although the Assistant’s intricate backstory may seem overkill, it seems to have helped Google find the right voice actress. According to Tech Bezeer, the main voice of the Assistant is Antonia Flynn, who was cast back in 2016. However, Google is not very forthcoming with information about who exactly voices each version of the Assistant, so this needs to be taken with a grain of salt. The information originates from Reddit, where a user was able to track Flynn down based on her voice, but only Google knows whether she really is the friendly AI inside our mobile devices.
Microsoft’s post-Windows Phone vision leaks, but don’t get your hopes up
While Microsoft’s Windows Phone ambitions are well and truly dead at this point, there was a time when the company was plotting a follow-up to the ill-fated mobile operating system. That follow-up was known internally as Andromeda OS, and it was being developed as the operating system for the Surface Duo. Sadly, Microsoft’s plan to create a version of Windows for dual-screen devices never saw the light of day, but today we’re getting a look at an internal build of Andromeda OS and what could have been.
That look comes from Zac Bowden at Windows Central, who managed to get a build of Andromeda OS up and running on a Lumia 950. Even though Andromeda OS was intended for the Surface Duo, Microsoft apparently conducted internal testing on Lumia 950 devices, making it a solid choice for this hands-on.
In both his write-up and the video you see embedded below, Bowden is very clear that this is not some leak of a work-in-progress mobile operating system. Andromeda OS is dead and not in active development, so there’s no real hope of seeing a more fully-featured version launch on Microsoft’s mobile hardware at any point in the future. Despite that rather grim reality, this is a good look at the progress Microsoft made before it ultimately decided to ship the Surface Duo with Android.
Though the hands-on shows us an operating system that is very rough-around-the-edges and somewhat clunky, it’s immediately obvious that Microsoft planned Andromeda OS with inking capabilities at the center. For instance, the lock screen doubles as an inking space, allowing users to jot quick notes down on it that persist until they’re erased or the lock screen is cleared entirely.
Just as well, unlocking the device takes you to a home screen that also doubles as a journal. As with the lock screen, you can use this page to take notes, but you can also do things like paste stuff from the clipboard or insert an image for markup. Having the phone unlock to what is essentially a blank canvas instead of a home screen full of app icons is an interesting idea and one that we’re probably never going to see on other devices.
Andromeda OS also features a Start menu reminiscent of Windows Phone, which means that it has those familiar Live Tiles. Bowden also shows off the various gesture controls included in Andromeda OS, swiping from the left to summon the aforementioned Start menu and from the right to bring up Cortana and notifications. Swiping down pulls up the Control Center, which will look familiar to those who are currently using Windows 11.
We’re also given a brief demo of what Andromeda OS might have looked like on an actual dual-screen device, but since that demo is also on a Lumia 950, we sadly don’t get the full experience. Still, it’s interesting to see what might have been before Microsoft decided to can Andromeda OS entirely and switch to Android for the Surface Duo.
While there’s no chance we’ll see this project revived for future Microsoft hardware, there is always the chance that some individual features could make their way to the Surface Duo. Even then, it’s probably best to appreciate this as a relic of the past rather than something that might inform Microsoft’s future efforts, as disappointing as that may be for those who miss Windows Phone and Windows 10 Mobile.
Google just got terrible news in Europe – and it could get much worse
Google was just hit by some very bad news coming from Europe, but the news may be even worse for website owners than for Google itself. In an unprecedented case, the court in Austria has just ruled that Google Analytics is in violation with the European data protection laws. As a result, Google Analytics has been made illegal in Austria.
It all comes back to the General Data Protection Regulation (GDPR) observed in Europe. Implemented in 2018, GDPR was created to give European citizens more control over their personal data, both online and offline. Unfortunately, the GDPR and US surveillance laws just do not mix.
According to a decision made in 2020 by the Court of Justice of the European Union (CJEU,) policies that force website providers in the US to provide personal user data to authorities are against the GDPR. While this may not seem that related to Google Analytics at the first glance, it very much is. Some of the information readily collected by US providers is in direct violation with the GDPR, which in theory means that these websites would have to stop collecting private information in order to legally operate within Europe. In practice, it seems that not much has changed since 2018.
Google Analytics is now completely illegal in Austria
Prior to 2020, a law called the Privacy Shield was in place that allowed European data to be transferred to the United States. However, the shield was invalidated by the CJEU on July 16, 2020. Since then, US-based websites were not allowed to transfer the data of European citizens to the US. Of course, this only applies to data that falls under the GDPR, which only includes identifiable information about any given person. However, according to FieldFisher, this also includes IP addresses, as that is regarded as an “online identifier.”
Regardless of the 2020 ruling made by the CJEU, many providers continued to send personal data to the US — including Google Analytics. As stated by Max Schrems, honorary chair of NOYB, an European non-profit focused on digital rights, “Instead of actually adapting services to be GDPR compliant, US companies have tried to simply add some text to their privacy policies and ignore the Court of Justice. Many EU companies have followed the lead instead of switching to legal options.”
The Austrian Data Protection Authority has now followed up on what the CJEU ruled back in 2020 and made the use of Google Analytics completely illegal. The ruling comes into effect immediately, so all the websites that service Austrian citizens need to act quickly in order to not be fined for violating the local laws.
What will the new court ruling change?
Many companies that operate in Europe will now have to decide between continuing to use Google Analytics and swapping to an alternative website traffic tool. Refusing to comply may result in hefty fines. However, it could be that providers will continue to ignore the European laws and risk the fines: After all, not every such business will be caught or reported. If caught, the price could be high: NOYB has described a case where the Irish Data Protection Commission issued a fine of 225 million euro on WhatsApp for violating data protection laws.
Ultimately, US-based companies will have to think of workarounds for European privacy laws. Simply hosting customer data in Europe would be helpful, although this would of course limit the type of data that can be freely collected and distributed. For the time being, websites that continue to use Google Analytics will need to obtain consent from each visitor prior to collecting any data.
The choice to ban Google Analytics in Austria may be the first step in a larger revolution. Other countries in the European Union are likely to follow, so while Austria may be the first bit of bad news for Google, there is likely much more to come.
Retired FBI agent has new theory about who betrayed Anne Frank’s family to Nazis
Enlarge / Anne Frank in 1940. A new book, The Betrayal of Anne Frank: A Cold Case Investigation, by Rosemary...
This is the real voice behind Google Assistant
When using Google Assistant, most of us don’t even consider who the voice is coming from — after all, it’s...
A white supremacist website got hacked, airing all its dirty laundry
Enlarge / Patriot Front members spray painting in Springfield, IL. Unicornriot.ninja Chat messages, images, and videos leaked from the server...
What happens if a space elevator breaks
TCD | Prod.DB | Apple TV+/ | lamy In the first episode of the Foundation series on Apple TV, we...
Judge’s order slaps Roblox player with permanent game ban
Enlarge / A court order has led to a longtime Roblox player being banned from the popular game. Aurich Lawson...
Social2 years ago
CrashPlan for Small Business Review
Gadgets3 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile3 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Social3 years ago
iPhone XS priciest yet in South Korea
Security3 years ago
Google latest cloud to be Australian government certified
Social3 years ago
Apple’s new iPad Pro aims to keep enterprise momentum
Cars3 years ago
SK Telecom and Samsung to collaborate on 5G for enterprise