Friday, July 5, 2019

Bits: What Should Your City Do if It’s Hit by Ransomware?

Catch up on everything you missed from the world of tech this week.
View in Browser | Add nytdirect@nytimes.com to your address book.
What Should Your City Do if It's Hit by Ransomware?
Baltimore refused to pay a $75,000 ransom to hackers who locked down its computer systems. It will cost millions to restore them.

Baltimore refused to pay a $75,000 ransom to hackers who locked down its computer systems. It will cost millions to restore them. Alex Wroblewski/Getty Images

Each week, we review the week's news, offering analysis about the most important developments in the tech industry. 
Hi, I'm Jamie Condliffe. Greetings from London. Here's a look at the week's tech news:
Imagine you're a mayor trying to spend your city's money wisely. You've heard about ransomware attacks, where hackers locking I.T. systems using encryption and demanding money for their release. But what should you do about them?
Ideally, you'd ensure systems are up-to-date and properly backed up. But it's "unrealistic" to expect many cities to afford big security overhauls, according to Gregory Falco, a cybersecurity entrepreneur who teaches at Columbia, Harvard and M.I.T. as well as researching at Stanford.
And it might never happen, right?
Only:
"More than half a dozen cities and public services across the country have fallen to ransomware so far in 2019, on a near-monthly basis; the Administrative Office of the Georgia Courts became the latest victim on Saturday."
Cities are now seen as low-hanging fruit by hackers, because of "legacy systems and lack of budget" to upgrade, said Jennifer Daffron, a risk researcher at the University of Cambridge. They're also great places to cause chaos, and hackers, especially nation-state ones, "love to cause chaos to get street cred," Mr. Falco said.
And what if your city does get hit, mayor? There are a few options.
You could take a principled stand and not pay — an approach the F.B.I. endorses — and then repair the damage. That's what Baltimore did in May, refusing to pay about $75,000. It now expects to spend $10 million restoring its systems, and the disruption may have cost $8 million more.
That's created a "post-Baltimore mind-set," Mr. Falco said: Paying the ransom now potentially looks cheaper and faster. See, for instance, Riviera Beach and Lake City, both in Florida, which paid a combined $1.1 million in late June to recover their systems. But that encourages more attacks, Ms. Daffron said, by signaling that a city is willing to pay and doesn't have an effective response plan. It will be interesting to see if the Florida cities suffer follow-up attacks.
There's always negotiation, too. "If the motive is to cause chaos," Mr. Falco said, then maybe hackers "want to hear the city calling for mercy."
None of these options is perfect: Each is expensive or risky.
For now, until security becomes an affordable norm for cities, the best option is to be proactive: Spend some money improving security, have contingency plans in place, and take out cyber insurance. (Though insurers may soon become more stringent about what they'll pay, said John Zanni, the chief executive of the security firm Acronis SCS.)
One thing cities shouldn't do: ignore the threat. As municipal infrastructure digitizes, there will be more entry points for hackers, Mr. Falco said. "This is here to stay as a risk," he said.
What is a national security threat?
Sorry, trick question: It's a moving target.
In May the United States government blocked the sale of American products and services to Huawei and other Chinese tech companies over national security concerns. Last weekend, the stance appeared to soften: During talks with President Xi Jinping of China at the Group of 20 meeting in Japan, President Trump agreed to allow American companies to restart selling products and services to Huawei "where there is no great national emergency."
That is to say: Not all the products that the administration said were national security threats were national security threats.
United States chip makers, who mounted a significant lobbying effort, may benefit. Some of their products are widely available from foreign suppliers, and are thought to present little national security risk.
More broadly, little may change. Larry Kudlow, chairman of the National Economic Council told Fox that "this is not a general amnesty." Huawei will remain blacklisted, according to a Commerce Department memo that Reuters saw. And the Justice Department on Wednesday supported a ban on federal agencies buying Huawei equipment.
But the flip-flop is troubling. The Trump administration is still trying to persuade countries like Britain and Germany to shun Huawei over national security issues, but its own inability to make up its mind is unlikely to help. And companies will rightly wonder whether American policies are ever more than transient.
"It reinforces the view that the U.S. is not going to be all that trustworthy on this issue," said Adam Segal, the director of the digital and cyberspace policy program at the Council on Foreign Relations.
Superhuman's super-creepy week
If you paid $30 a month for a premium email experience and it offered the option to see when and where someone read your messages, you'd probably use it. For $30 you deserve special features, right?
But:
"One of the most hyped new email clients, Superhuman, has decided to embed hidden tracking pixels inside of the emails its customers send out. Superhuman calls this feature "Read Receipts" and turns it on by default for its customers, without the consent of its recipients."
Tracking pixels — tiny, hidden images that report information when an email is opened — are not new. They appear in plenty of emails, like newsletters. But what Superhuman was doing meant that any recipient of an individual's message was unknowingly being tracked — a one-sided practice that riled privacy advocates because of the ways it could be used nefariously.
The backlash was strong enough for Superhuman to scrap the location tracking and turn the read-receipt feature off by default.
But the situation, and the company's apology, revealed a shortsightedness. "We focused only on the needs of our customers," wrote Rahul Vohra, the founder and chief executive of Superhuman. "We did not consider potential bad actors."
Some stories you shouldn't miss
■ Facebook's Libra cryptocurrency faces serious skepticism. Four House Democrats asked Facebook to enact a moratorium on it. And a survey by the investment bank Jefferies found that 80 percent of respondents were unlikely to make use of it at first.
■ Was there tension at the top of Apple? The Wall Street Journal reported that Jony Ive, its outgoing chief design officer, was "dispirited" by Tim Cook's lack of interest in product design. Mr. Cook called the report "absurd."
■ G.M. says it needs to embrace tech to survive, but thousands of workers may lose their jobs in the process. "The Weekly," which airs on FX at 10 p.m. Sunday and streams on Hulu starting Monday, will dig into the issue.
■ Facebook still struggles with racial issues. An audit called its policies on white supremacy "too narrow." And the United States Customs and Border Protection agency is investigating a secret Facebook group where agents joke about migrant mistreatment.
■ China snares tourists' phones in a surveillance dragnet. Border agents routinely install an app on the phones of people entering the Xinjiang region and use it to gather their personal data.
■ Broadcom is said to be in talks to buy Symantec, underscoring how the chip maker has had to shift its focus to software after a failed attempt to buy Qualcomm last year.
■ The E.U. could get even tougher on tech. Its new leadership has been vocal about reining in America's tech giants.
■ Digital fingerprinting is one the rise as a way to track us online. Here's what you can do to avoid it.
■ Is it too easy to sell food via meal delivery services? A BBC journalist grilled burgers in his yard and successfully had them delivered by Uber Eats.
■ It's been 40 years with music in your ears, everywhere. The first ever Sony Walkman — the TPS-L2, sticker price $150, or about $530 in today's money — went on sale on July 1, 1979.

HOW ARE WE DOING?

We'd love your feedback on this newsletter. Please email thoughts and suggestions to bits_newsletter@nytimes.com .

ADVERTISEMENT

LIKE THIS EMAIL?

Forward it to your friends, and let them know they can sign up here.

In Case You Missed It
Every day, about 50 truckloads of merchandise arrive at Amazon's Staten Island warehouse. While the center is highly automated, some tasks are likely to remain in human hands for years to come.
Inside an Amazon Warehouse, Robots' Ways Rub Off on Humans
By NOAM SCHEIBER

A machine-dominated workplace can make employees more mechanical themselves. But there is room for initiative, and small acts of rebellion.

Surveillance cameras are ubiquitous in China's Xinjiang region.
China Snares Tourists' Phones in Surveillance Dragnet by Adding Secret App
By RAYMOND ZHONG

Border authorities routinely install the app on the phones of people entering the Xinjiang region by land from Central Asia, gathering personal data and scanning for material considered objectionable.

Any deal would most likely value Symantec at more than $15 billion, two people briefed on the matter said.
Broadcom Said to Be in Talks to Buy Symantec, the Security Software Maker
By MICHAEL J. DE LA MERCED AND DON CLARK

If an agreement is reached, it will underline how much Broadcom, a semiconductor giant, has had to change its acquisition strategy after a humbling takeover defeat last year.

Tech Fix
'Fingerprinting' to Track Us Online Is on the Rise. Here's What to Do.
By BRIAN X. CHEN

Advertisers are increasingly turning to an invisible method that pulls together information about your device to pinpoint your identity.

The Horrible Place Between the Apps
By JOHN HERRMAN

Many of us have half-quit apps like Twitter and Instagram. It's awful.

Chelsea Handler's talk show on Netflix,
Netflix Has a Talk Show Problem
By JOHN KOBLIN

For sitcoms, dramas and reality shows, the jump to streaming was easy. But talk shows? It's tricky.

R.J. Scaringe, the founder of Rivian, at the company's plant in Normal, Ill.
Meet the Man Quietly Building the Tesla of Trucks, With Jeff Bezos Aboard
By NELSON D. SCHWARTZ

R. J. Scaringe's company, Rivian, has raised $1.7 billion from Amazon, Ford Motor and others without selling a single pickup truck and sport utility vehicle.

A border guard watching a Rohingya man at a checkpoint in the Muslim quarter of Maungdaw, in Rakhine State in Myanmar, in May.
The Government Cut Their Internet. Will Abuses Now Remain Hidden?
By HANNAH BEECH AND SAW NANG

With ethnic conflict spreading in Rakhine State in Myanmar, a government-led online shutdown could hide human rights abuses and leave vulnerable populations in the dark.

NEED HELP?
Review our newsletter help page or contact us for assistance.

ADVERTISEMENT
|
Get unlimited access to NYTimes.com and our NYTimes apps. Subscribe »
Copyright 2019 The New York Times Company
620 Eighth Avenue New York, NY 10018

No comments:

Post a Comment