Advertisements

A Hotbed for the Virus..What Travelers Experienced Returning From Europe to Overwhelmed U.S. Airports

Eric DiMarzio and his fiancé returned home to Houston after a one-week vacation in Iceland. They were only supposed to be at Chicago’s O’Hare International Airport for a one-hour layover.

On Wednesday, President Donald Trump announced he would suspend all travel from Europe to the U.S. for 30 days to prevent the rising spread of the new coronavirus, officially known as COVID-19. The ban did not apply to U.S. citizens and it prompted a stampede of Americans out of the continent. Those returning would be subject to “enhanced” health screenings, however.

DiMarzio and his fiancé were waiting in line, along with what they estimated as a “few thousand” others, for hours at the Chicago airport on Saturday. They stood alongside couples with infants, college students traveling back from disrupted study abroad programs and elderly people, who are particularly high-risk for COVID-19. About 3,000 Americans returning from Europe were stuck for hours inside the customs area at O’Hare International Airport on Saturday, according to the Associated Press. Return flights from Europe were being funneled through 13 airports in the U.S.

“Just being around that many different people in that close quarters was worrying,” DiMarzio tells TIME, adding that he and his fiancé, both 31, were at the airport from about 7 p.m. until 11 p.m. One older woman who appeared to be tired kept almost falling asleep as the line kept trudging along slowly, he added.

Travelers across American airports have raised concerns this weekend that the screenings designed to limit the spread of COVID-19, may actually be making the disease more likely to spread as passengers are crammed in with people from different flights and countries as they make their way through long, winding lines. These packed spaces run counter to federal COVID-19 guidelines that recommend “social distancing” and avoiding large gatherings of people. The virus typically spreads between people who are in close contact — within about six feet of each other — through respiratory droplets that are produced when a person coughs or sneezes.

As situations at airports grew more concerning, some state officials blasted the federal government for allowing the build up of big crowds. Illinois Gov. J.B. Pritzker was quick to criticize the Trump administration for the long lines at O’Hare and sent out a series of frustrated tweets on Saturday night, saying that “The federal government needs to get its s@#t together. NOW.”

On Sunday, Pritzker said that federal officials told him U.S. Customs and Border Patrol would be increasing staff at O’Hare today.

But passengers who had to deal with earlier crowds wonder if the experience may have increased the possibility of exposure. DiMarzio said in a Facebook post that “if there was someone with coronavirus on any of the international flights that arrived today, you could not plan a better way of exposing them to as many people as possible.” He wrote that he was kept in a customs room with thousands of other international travelers for four hours and the the line was “shuffled so many times” that “we frequently found ourselves beside more and more different travelers from different flights.”

DiMarzio and his fiancé missed a connecting flight from Chicago to Texas and ended up having to pay for a hotel out-of-pocket.

He told TIME he didn’t mind the long wait time if it helped contain the disease but worried that the cramped lines could have led to the spread of the coronavirus. “If (waiting) is the part that we have to play in all of this to lower the impact of this disease, then we’re happy to do our part,” DiMarzio said. “We just hope that something like this didn’t make things worse,” he added. DiMarzio says he hoped that “lessons are learned quickly” and that “the consequences from this weekend are not any bigger than just an inconvenienced day of travel for us.”

Dallas/Fort Worth International Airport was also packed with long lines this weekend and even those who flew back from outside Europe were caught in the crowd.

“There was total confusion. It was chaos,” Nasreen Zeb told TIME. Zeb is a Dallas resident who identified her age as “above 50” and had just flown back from Pakistan. She said it took about five hours from the moment she exited the plane until when she got her luggage and that she and other travelers were not offered food or water.

Zeb wore a mask but said she was still nervous being within less one foot of other travelers, which included elderly people and young babies crying. She was also “shocked” that no one took her temperature before she went home.

College students whose study abroad programs were abruptly cut short were also among those stuck in O’Hare’s long lines. Sophie Bair, a 19-year-old Columbia University student who was studying abroad at the University of Amsterdam told TIME she booked a flight for Saturday, “not knowing how crazy it would be.” She spent more than four hours standing in lines. “It was concerning being around that many people,” Bair said but notes that she was less worried about herself as she is young and more worried about older travelers.

Tim Clancy, a 20-year-old University of Southern California student was studying abroad in Greece and flew back to the U.S. on Saturday morning.

Clancy said the lines at O’Hare “snaked around” and in some areas it would be a “huge clump of people together so i just felt like it was a hotbed for the virus to travel around.”

“I was more nervous that I contracted coronavirus in the span of getting on the flight and going through customs than I did through my entire time in Greece,” Clancy said.Clancy’s mother tweeted that “if he’s not sick now, odds are he will be soon.”

Clancy is now back home in Madison, Wisc., with his parents and sister but he is staying isolated from them in a guesthouse for the time-being.

By Sanya Mansoor March 15, 2020

Source: ‘A Hotbed for the Virus.’ What Travelers Experienced Returning From Europe to Overwhelmed U.S. Airports

Please follow my Instagram: http://instagram.com/arminhamidian67

A day before the Europe travel ban went into effect, passengers arriving to Dulles International Airport and San Francisco International Airport describe their anxiety and travel woes. Subscribe to The Washington Post on YouTube: https://wapo.st/2QOdcqK Follow us: Twitter: https://twitter.com/washingtonpost Instagram: https://www.instagram.com/washingtonp… Facebook: https://www.facebook.com/washingtonpost/

Advertisements

Emirates to Implement Thermal Screening on All US Bound Flights

 

DUBAI, UAE 12 March 2020: Emirates will be implementing thermal screening measures for all passengers travelling on US flights departing from Dubai International Airport, effective tonight, 12 March 2020. Thermal scanners will be placed at departure gates for all US gateways, starting with EK 231 to Washington Dulles International Airport. If a passenger is found to have a higher than normal temperature, they will undergo further testing. This is in addition to the thermal screenings done for all passengers on arrival as they pass through customs.

In addition, Emirates has suspended its flights between Dubai and Italy starting from today, with the final flight operating on 15th of March. The airline is working with the relevant authorities to monitor the developments closely as the COVID-19 situation evolves.

The measures are being taken as part of the airline’s overall response to the latest developments around the COVID-19 pandemic. Emirates has been coordinating efforts in conjunction with local health and regulatory authorities, including the Dubai Health Authority, so that the airline meets or exceeds local and international guidelines and directives around COVID-19. Emirates plans to gradually roll out thermal screening procedures for all of its flights departing Dubai to ensure the health and safety of its customers travelling abroad.

Passengers are advised to observe the general recommended time of arrival at the airport, which is 3 hours ahead of departure, to ensure seamless check-in procedures and to complete their immigration formalities.

In addition to thermal screening procedures at the airport, Emirates has also implemented proactive and voluntary measures to ensure a safe flying experience with enhanced cleaning and complete disinfection protocols in over 248 aircraft departing Dubai each day. The airline utilises high-grade cleaning chemicals proven to kill viruses and germs, leaving a long-lasting protective coating against viruses, bacteria and fungi on surfaces. The comprehensive cleaning process includes a thorough wiping down all cabin surfaces, in addition to other normal procedures such as changing head rest covers on all seats, replacement of reading materials, vacuuming, amongst other cleaning activities.

On any aircraft found to have transported a suspected or confirmed COVID-19 case, Emirates implements further deep cleaning including the defogging of cabin interiors and misting with disinfectant across all soft furnishings, and replacement of seat covers and cushions in the affected area. The aircraft’s state-of-the-art air circulation system, utilising HEPA cabin air filters, will also be replaced.

The airline has also offering passengers additional peace of mind with the ability to change their travel dates without change and reissuance fees on any bookings made prior to 31 March 2020. Cancellation and refund fees will also be waived for bookings made between 7 March and 31 March 2020, regardless of travel date. Visit emirates.com for more details on the waiver.

Source: Emirates to implement thermal screening on all US bound flights

Emirates has implemented thermal screening measures for all passengers travelling on US flights departing from Dubai International Airport. This is in addition to the thermal screenings done for all passengers on arrival as they pass through customs. Emirates plans to gradually roll out thermal screening procedures for all of its flights departing Dubai to ensure the health and safety of its customers travelling abroad. The measures are being taken as part of the airline’s overall response to the latest developments around the COVID-19 pandemic.

CEOs Are Feeling Better About Data Security–but Hackers Aren’t Far Behind

No matter what you do to protect your business from hackers, cybersecurity will always be a moving target.

Increasingly sophisticated hacking techniques mean CEOs always have to stay one step ahead of the latest ploys. A November Inc. survey of CEOs and other senior executives from more than 150 Inc. 5000 companies asked respondents about their level of confidence in the security of both their company and personal data. The results: 53 percent of respondents said they feel more confident about the security of their company’s data now compared to five years ago, while just 28 percent said the same about their personal data.

Matt Singley, founder of Chicago real estate firm Pinnacle Furnished Suites, is concerned about new methods being used by hackers, but feels confident in his company’s defenses against them. One way the company minimizes the potential impact of a breach is by storing customer information only when necessary. Pinnacle also performs regular audits to purge its system of data it doesn’t need. “The only way to be completely secure with your data,” he says, “is to not store it.”

John Kailunas II, CEO of wealth management firm Regal Financial Group, says that the external threats his company faces have increased in both quantity and complexity. The company has countered this by adding required security awareness training for every employee and hiring cybersecurity consultants to recommend changes. Kailunas says cybersecurity is an issue that requires constant examination. “Still,” he adds, “we have seen a significant improvement in our ability to identify potential threats.”

Advances in hacking practices aren’t the only factor that have made security more challenging. “More and more, people are working from different devices that companies own,” says Shana Cosgrove, CEO of cloud software firm Nyla Technology Solutions, which provides software and cybersecurity services to the Department of Defense. “It’s a lot harder to handle security when you don’t own the entire platform.”

Jack Wight, CEO of device rebate company Buyback Boss, says his company is under near-constant attack from hackers trying to access bank account information. Scammers will spoof the company’s vendors over email and ask for wire payments, so Buyback Boss has implemented a policy of always calling vendors before sending payments. “Five years ago there just wasn’t as much of this going on,” he says. “Now we’re dealing with scammers almost on a daily basis.”

Claude Burns used to work in data security for the U.S. Navy before founding corporate beverage service Office Libations. He says his knowledge of the cybersecurity field has led him to be constantly on guard. “I don’t think any information is safe or secure,” he says. “Your personal information is out there. Companies whose whole job is to protect it, like Equifax, are getting breached and hacked repeatedly.”

Burns compares being hacked to getting in a car accident: Drive enough miles, and it’s going to happen eventually. For him, the key is making sure that if something does look weird, his team can detect it quickly. “That way,” he says, “when something does happen, you’re able to mitigate the damage from it. In other words, wear your seat belt.”

Source: CEOs Are Feeling Better About Data Security–but Hackers Aren’t Far Behind

Thanks Bitdefender for sponsoring this video! Try Bitdefender Total Security 2019 FREE for 90 days at https://lmg.gg/tqbitdefender There have been plenty of headlines about data breaches lately…but where does all that data go once it’s been stolen? Techquickie Merch Store: https://www.lttstore.com Follow: http://twitter.com/linustech Join the community: http://linustechtips.com Leave a reply with your requests for future episodes, or tweet them here: http://twitter.com/jmart604

Phishing Is Getting More Sophisticated. Here’s What to Look Out For

Many CEOs live in fear that their companies will suffer a data breach. That’s for good reason: In 2019 the average breach of U.S. companies cost $73,000. And the cost of the attendant reputational damage with vendors and customers can be far greater.

It’s probably no surprise, then, that in a recent Inc. survey, senior executives said their two greatest worries on a wide-ranging list of technology-related developments were having sensitive data stolen and being the victim of a ransomware attack. Some respondents know the pain firsthand–8 percent said their company has experienced a breach within the past two years, while 12 percent say they’ve experienced one in the past five years. With that in mind, Inc. spoke with cybersecurity experts to find out the latest when it comes to company breaches.

The first thing they made clear is that the 12 percent figure is probably low, since there are likely an increasing number of breaches that companies aren’t aware of and don’t report. Something that might play into that: hackers’ new methods of choice.

More than half of all breaches last year were not performed using malware, according to a January report fromcybersecurity firm Crowdstrike. That’s important because malware often is easily detectable. Increasingly, hackers are finding ways to access your company’s network using its existing systems, like logging on with an employees’ stolen credentials, says Shawn Henry, Crowdstrike chief security officer.

“More time undetected means more success for them,” Henry says, noting that the average adversary spent 95 days in an organization’s network before being detected, up from 85 days a year ago. “It’s similar to why you go for a colonoscopy, or you go to the dermatologist to be checked for unusual marks. It’s preventive maintenance. If something is there for months or years undetected, you’re in trouble.”

Gone phishing

Hackers can find their way into your system in a number of ways, with phishing scams being one of the most prevalent. These attacks are becoming more sophisticated, according to Joseph Steinberg, author of Cybersecurity for Dummies and a former Inc. columnist.

In some cases, a hacker might spoof the email address of an executive, send a note telling employees they’ve been laid off, and instruct them to log onto the network as soon as possible to fill out a form to receive their severance. The employees then click a link to their company’s network and, not realizing it’s actually a fake, enter their usernames and passwords. Suddenly, the hackers have a working set of login credentials–or many of them.

What’s more, now hackers are more often studying a company’s personnel and learning their manner of speaking by email before spoofing them, Steinberg says. They’ll glean personal information through the social media accounts of executives or their family members to find out, say, that they’re about to head off on vacation.

“Then they send a message to the CFO that sounds real and say, ‘I’m getting on my flight to Disneyland, so don’t bother calling me. Just take action.’ ” Suddenly, an employee is sending sensitive information–or even a wire payment–to a bad actor.

“Phishing 10 or 15 years ago was a shotgun,” Steinberg says. “I’m going to fire out hundreds of shells and hopefully some of them hit the target, whereas this is much more like a rifle. I’m trying to get this one person, but I’m hitting with a much more accurate and stronger attack.”

Shifting your mindset

Though it’s detectable once it’s in your system, malware is infiltrating more discreetly than ever before. Last year saw a trend away from the use of malware in email attachments–which many employees have learned to recognize as a red flag–and toward links instead, according to cybersecurity firm Proofpoint. “The increasing prevalence of cloud applications and storage means that we are all conditioned to click through links to view, share, and interact with a variety of content,” the company wrote in a December report.

Adversaries increasingly are using URL shorteners to make links in emails appear legitimate, the firm says. Hackers sometimes use URLs that are just one character different than the real thing, like a letter with a line under it, which is tough to spot in hyperlinked text, according to Steinberg.

The best ways to combat hackers

So how to prevent against all this? While companies need to make sure they invest in cybersecurity measures, of course, the experts offer additional tips.

1. Make sure all employees are properly trained and educated.
Have procedures in place for everything, Steinberg says. “And those procedures don’t go away just because the CEO is getting on a flight to Miami,” he says.

2. Get help from your rivals.
Share information about attacks to competitors in your industry with the hopes that they’ll do the same, Henry advises. “It’s understanding that if they targeted my transportation company this week, they’re going to target your transportation company next week,” he says. “Let’s share this intelligence with you so that you can better protect yourselves.”

3. Never think you’re immune.
Perhaps most important is understanding that your company can become a target, no matter how small or how secure, Steinberg says. “When that mindset changes from, ‘Nobody would be interested in hacking me’ to ‘I’m skeptical about everything that comes to me because I know there are criminals targeting me,’ it changes the way you react,” he says. “It changes the way you do lots of things, so that these types of attacks become a lot less likely to succeed.”

 

By Kevin J. Ryan Staff writer, Inc.@wheresKR

 

Source: Phishing Is Getting More Sophisticated. Here’s What to Look Out For

Image result for banggood big banners for clothingImage result for banggood big banners for clothing

What You Need To Know About Flying With The Upcoming REAL ID Deadline

You may have seen “REAL ID” in the news or at the airport. But what is it? What do you need to know about it? Do you need one? How will it impact your travel? All these questions are important to ask so that you can be prepared and avoid any travel delays or problems.

What Is REAL ID?

REAL ID is the result of an act passed by Congress in 2005. Congress was attempting to cut down on domestic terrorism threats following 9/11. They decided that across-the-board, minimum security standards needed to be put in place for issuing driver’s licenses and other ID cards that normally are overseen by the state and used for air travel.

Getting a REAL ID requires more paperwork than you might need for a traditional license in the past. Additionally, REAL IDs are made using advanced technology that makes them more difficult to fake.

Of course, rolling a country-wide change to identification out across all states takes some time, which is why, 14 years after the act was passed, it’s still not totally solidified. However, by Oct. 1, 2020, every state must be in compliance with the act. That means starting Oct. 1, 2020, you’ll need a REAL ID in order to fly domestically.

Today In: Lifestyle

I Have A New Driver’s License — Do I Need Another One?

Maybe not. If you have a driver’s license with a black or gold star, a black or gold circle with an outline of the star in the center, or a bear in the upper right corner of the card, then you have a REAL ID. To know where you stand, the best bet is to check with your state government.

If your new license says “Not for Federal Identification” or “Federal Limits Apply,” then that means it is not a REAL ID. You won’t be able to use it for flying domestically starting next October.

To make matters even more confusing, some states are issuing driver’s licenses that are a form of REAL ID, in that they’re not normal driver’s licenses, but you can’t use them for air travel. This is called an Enhanced Driver’s License.

Note that you can only use them for getting into the Caribbean, Canada or Mexico via land or sea (so a good option for someone taking a cruise, maybe). You cannot use them for air travel. States issuing Enhanced Driver’s Licenses include Michigan, Minnesota, New York, Vermont and Washington State.

Also, did you physically get your new license at a DMV office and did you present the clerk with your birth certificate, passport, social security card and/or other forms of identification proof? If not, you probably didn’t get a REAL ID.

Bottom line — if you’re not 100 percent sure that you have a REAL ID, it’s best to check. States aren’t giving out the REAL ID licenses automatically, so you have to actively choose to get one. Check out the Department of Homeland Security’s page for more information.

I Have A Passport. Do I Still Need A REAL ID?

Nope. If you have a passport or another form of TSA-approved identification, then you can still fly domestically using that. You also don’t need a REAL ID if you’re flying and you’re under 18 years of age.

If, though, you don’t have a passport or the equivalent, you’re going to need to get that REAL ID in order to fly domestically.

What Can I Expect When Flying Next Year?

If you are aware of the REAL ID requirements and you have yourself covered ahead of any flights taking place after Oct. 1, 2020, then you’re in the clear. However, that doesn’t mean that flying shortly after the REAL ID deadline will be easy.

The U.S. Travel Association released a statement regarding a survey conducted that said three out of four of all Americans are totally unprepared for the REAL ID deadline. Furthermore, millions of people could be prevented from boarding their planes shortly after the deadline falls.

Currently, 72 percent of Americans either don’t have a REAL ID or are unsure whether or not they have a REAL ID. Plus, 57 percent said they didn’t even know about the deadline. The U.S. Travel Association also said that, if REAL ID standards are fully enforced starting Oct. 1, 2020, as many as 78,500 air travelers could be turned away at TSA that day.

Not only would this cost the U.S. economy $40.3 million in lost travel-related spending, but it means a lot of frustrations at the airport and likely longer lines at TSA for those who do have their REAL ID.

In order to minimize the impact of travelers not being prepared for next year’s deadline, the U.S. Travel Association recommends that Congress amends its REAL ID Act to allow for mobile REAL ID applications, making it easier for travelers to get their REAL ID without going to the DMV. It also asks for it to allow for other forms of travel identification, such as enrollment in a program like TSA PreCheck, to stand in for a REAL ID.

I’m a value maximizer always on the hunt for the next great deal. I specialize in rewards travel and travel products. I’ve earned and redeemed millions of rewards points over the last few years. I’ve created multiple consumer guides that inform readers about rewards redemption, travel maximizing and consumer value opportunities. Since starting my own rewards travel blog in 2011, my work has been featured on HuffingtonPost.com, TechCrunch.com, Hyatt.com, Yahoo Finance, and Inc.com.

Source: What You Need To Know About Flying With The Upcoming REAL ID Deadline

547K subscribers
By October of 2020, travelers won’t be able to board a flight without a REAL ID or alternative identification. At airports across the U.S., TSA officers are reminding customers. Kris Van Cleave reports. Subscribe to the “CBS Evening News” Channel HERE: http://bit.ly/1S7Dhik Watch Full Episodes of the “CBS Evening News” HERE: http://cbsn.ws/23XekKA Watch the latest installment of “On the Road,” only on the “CBS Evening News,” HERE: http://cbsn.ws/23XwqMH Follow “CBS Evening News” on Instagram: http://bit.ly/1T8icTO Like “CBS Evening News” on Facebook HERE: http://on.fb.me/1KxYobb Follow the “CBS Evening News” on Twitter HERE: http://bit.ly/1O3dTTe Follow the “CBS Evening News” on Google+ HERE: http://bit.ly/1Qs0aam Get your news on the go! Download CBS News mobile apps HERE: http://cbsn.ws/1Xb1WC8 Get new episodes of shows you love across devices the next day, stream local news live, and watch full seasons of CBS fan favorites anytime, anywhere with CBS All Access. Try it free! http://bit.ly/1OQA29B — The “CBS Evening News” premiered as a half-hour broadcast on Sept. 2, 1963. Check local listings for CBS Evening News broadcast times.

 

Stunning Huawei Confirmation—1 Million Cyberattacks Every Day

China’s under fire Huawei is being attacked by more than just the U.S., says a company exec. The Chinese tech giant endures around a million cyberattacks per day on its computers and networks—and that’s according to its security chief, John Suffolk. This will be the most unexpected Huawei cyberattack story of the year so far.

As reported in the Japanese press, Suffolk implied such attacks are focused on IP-theft, which given Huawei leads the world for 5G network innovation and files more patents than any other company in the world, will come as little surprise. That said, the company has also accused the U.S. government of mounting cyberattacks as part of its concerted campaign against them.

In September, Huawei alleged in the media that U.S. law enforcement has “threatened, coerced and enticed” existing and former employees, and has executed “cyberattacks to infiltrate Huawei’s intranet and internal information systems.”

Today In: Innovation

Suffolk did hot attribute the attacks to any country or particular threat actor—including the U.S., and did not confirm whether they were from nation-states or competitors. But he did acknowledge that although almost all are defended, some attacks on older systems get through. The implication of this was not clear, although the media reported that these “cyberattacks have included a type of theft of confidential information by sending a computer virus by email.”

Such phishing or business email compromise attacks are universal, it would be more surprising if Huawei didn’t receive its fair share. They often rely on social engineering to trick employees into installing malware disguised as attachments, or visiting fake sites or viewing social media clips that are laced with harmful code.

Suffolk used the media to confirm his claims that although Huawei is embroiled in its own allegations around cybersecurity, no tangible backdoors or cyber compromises have been found. He also reiterated the company’s pledge to work with customers to shore up their cyber defences when using equipment from the Chinese company.

The focus of the U.S. allegations is that in addition to receiving Chinese state support, Huawei is vulnerable to intelligence tasking by Beijing within overseas markets—either to steal or disrupt. Suffolk told the media that if the company’s CEO Ren Zhengfei was ever asked to compromise the company, “he would blankly refuse to do that—if he was pressurized to do that, he would close the company down.”

Earlier in the week, a surprise EU report warned that the combination of new technologies and 5G networks risks hostile state control of critical infrastructure, logistics, transportation even law enforcement. The report didn’t name China or Huawei, but did reference sole 5G suppliers from countries “with poor democratic standards,” for which the reference to Huawei and China was clear.

There will more surprises with this latest revelation from Huawei—the sheer scale of the cyberattacks will raise eyebrows, as will the obvious references back to the company’s claims against the U.S. last month.

October could prove to be a significantly better month for the tech giant than September. Having managed to launch the Mate 30 Series absent U.S. tech, and with U.S. President Trump now signalling a softening in blacklist restrictions and progress in trade talks with China, Huawei execs will be hopeful of some welcome relief from both the sanctions and the headlines.

Follow me on Twitter or LinkedIn.

I am the Founder/CEO of Digital Barriers, developing AI surveillance solutions for national security, counter-terrorism and critical infrastructure organisations in the US, EMEA and Asia. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. I also focus on the appropriate balance of privacy and public safety. Contact me at zakd@me.com.

Source: Stunning Huawei Confirmation—1 Million Cyberattacks Every Day

 

Nasty New Malware Waits Until You Visit A Pornsite, Then Starts Recording

4.jpg

At the end of last week, ESET’s security researchers disclosed the discovery of a new strain of malware that takes the trend for sextortion to a new level. Varenyky, as the malware was named by its finders, monitors the activity on infected computers, watching until a pornographic website is visited, and then starts recording the screen.

According to the ESET team, Varenyky first came to light in May, when a malware spike was identified in France. And this is the other twist with Varenyky—it has been designed to specifically target French computer users. For now.

Varenyky is aimed at Orange customers in France, sending out fake invoices as Microsoft Word attachments to load the malware. When those documents are opened, a macro is executed which ensures the computer and its user are indeed French, if not the malware slips away with no damage done. But if the targeted computer ticks its boxes, Varenyky checks back with its C&C to determine what elements of malware to download, executing further macros to install software that can “steal passwords and spy on victims’ screens using FFmpeg when they watch pornographic content online.

When trigger keywords (a myriad of common and more specialised sexual terms) or websites (including YouPorn, PornHub and Brazzers) are detected, “the malware records a computer’s screen using an FFmpeg executable—the recorded video is then uploaded to the C&C server.” The clear risk is for advanced levels of sextortion or even blackmail. And while the current findings appear relatively generic (at least to the French), there is the potential for the malware to be targeted at individuals.

The spam emails—as many as 1500 per hour have been sent—focus on “win a smartphone competitions—an iPhone X, a Galaxy S9 or S10.” The victim is asked for personal information and then, as the scam progresses, credit card details as well. None of this is related to the video capture of sex sites, it is a broad-brush approach.

Varenyky is interesting because of its specific national targeting and its mix of credential theft and sextortion campaigning. The triggered screen recording, though, is grabbing the headlines. Not because of this particular campaign—there is no evidence of the videos having been used maliciously yet, but because it’s a nasty twist on a theme, and we can expect to hear more about it. As ESET warns, “this shows that operators are inclined to experiment with new features that could bring a better monetization of their work.”

A week ago, I reported that phishing defense specialist Cofense had published more than 200 million email addresses, that the company says are “being targeted by a large sextortion scam.” You can actually search the database for your own email address here. The usual sextortion concept of operations is to take breached email accounts—user names and passwords—and include those in a large-scale mail-out campaign to attempt to trick account holders into thinking they have been compromised, with passwords used as a convincer. It’s a numbers game. Small percentages returning lucrative rewards.

Now there is the potential for the use of video as a twist on what we have seen before—shades of Black Mirror episodes coming to life.

And so, the usual advice pertains. Don’t fall for scam promotions. Think before you click on attachments from unfamiliar senders. Don’t share personal information and definitely don’t share credit card details. And always keep your software and virus protection up to date.

There are many functions of Varenyky, ESET warns, “related to possible extortion or blackmail of victims watching pornographic content.” And the hackers behind the malware are already in the sextortion business even though the videos have not yet been used. ESET reports that Varenyky “is under heavy development and it has changed a lot since the first time we saw it,” which suggests functionality and sophistication will increase.

What we know for sure, though, is that this malware is now out there, and so the risk is very real.

Find me on Twitter or Linkedin or email zakd@me.com. Disclosure: I cover security and surveillance, the sector in which Digital Barriers operates. Direct conflicts are highlighted.

I am the Founder/CEO of Digital Barriers, a provider of video surveillance and analytics technologies to security and defense agencies as well as commercial organizations. I cover the sectors in which DB operates, potential conflicts are highlighted.

 

Who’s The Face Behind FaceApp? Meet The Rich Russian Who Built The Wildly Viral App

He’s worked on Windows Mobile for Microsoft. He was cofounder of a company that sold to Russia’s Google, Yandex, in a reported $38 million deal that made him wealthy.

But Yaroslav Goncharov’s biggest success (and stress) has come with a company that’s miniscule by comparison: FaceApp. Leading a staff of just 12, the geeky, excitable 40-year-old has created what’s currently the world’s hottest (and possibly most controversial) app, which uses artificial intelligence-powered filters to gender-swap or radically age selfies.

It topped the download charts for both Android and iPhone this past week after millions followed celebrities like Dwyane Wade, Drake and Iggy Azalea in doing the “FaceApp Challenge.” The “challenge” was simple: take a photo, apply the aging filter and post an image on Instagram, Twitter, wherever, of the older you.

But no sooner had the FaceApp virality reached fever pitch than fear about the provenance and motives of the app’s creators emerged. First there were concerns—which swiftly proved to be unfounded—that FaceApp wasn’t just accessing submitted photos but grabbing entire camera rolls from users’ phones. Then Russophobes fretted about where all Americans’ face data was going, leading Senator Chuck Schumer to call for an FBI investigation into the app.

Goncharov, who promises more transparency with an updated privacy policy, was overwhelmed. “Last Thursday, I tried to count the number of calls I was getting. … I counted 200  in three hours or so,” he says. “We couldn’t do our daily work.” He’s speaking from his St. Petersburg HQ in his first interview with an English-language publication, recovering from a week in which his little company went into “crisis mode.”

Now he tells Forbes about plans to calm the privacy storm. The new FaceApp terms and policy will likely remove references to the rights that the company claimed over people’s images, he says. The current terms grant FaceApp almost complete ownership over submitted faces, letting the company use, alter and sell the photo however it wants, with no compensation for the user. “People got scared because they think everything we say in this policy we do, which of course is not the case at all,” he says.

Goncharov said those terms were so broad because he had planned earlier to turn FaceApp into a “social network for faces.” “To do this kind of product, our privacy policy had to be very similar to what Instagram had. Our current privacy policy is very similar to what Instagram has … but nobody blames Instagram, because it’s Instagram,” he adds.

Now there’s no need to mirror the privacy policy of the Facebook-owned app. “It’s my personal top priority to fix our privacy policy and terms of use,” he says, adding that he will be drafting fresh policies over the next month. “Hopefully it won’t take too long.”

He reiterates that the company deletes photos in 48 hours, asking the Amazon and Google servers, on which FaceApp runs, to automatically wipe data that’s been on the system for that time. He also notes that photos aren’t used for any commercial purposes. As for why the company stores faces on a server for 48 hours, the CEO says that users don’t want to have to re-upload a photo every time they apply a new filter. So the image has to stay on the server temporarily.

Little will therefore change at the code level, though there’s now a notification when opening the app, asking the user to confirm that they are happy that photos will be taken to a remote cloud. Besides, it’s not FaceApp that users should be worried about when it comes to privacy, but all the other apps they’re already using, Goncharov argues. “There are so many other apps that collect much more data,” he says. “We just don’t.”

An “unusual success”

At Microsoft in the early 2000s, Goncharov got a taste of the smartphone-obsessed future. He was a software developer on what was then Windows Mobile long before the iPhone and Android became a reality. He thought he was creating the first open, large-scale cellphone operating system, something like Android long before Google’s OS existed. “I was sure I was building the future,” he recalls of his time in Redmond.

But the working for a startup in his home city of St. Petersburg was too much of a draw. He joined SPB Software as chief technology officer and was one of three partners alongside Vassili Philippov and Sebastian-Justus Schmidt. The company started out developing alternative home screens for Windows Phone—a platform Goncharov was very familiar with from his time in Washington state. But SPB had to pivot when Windows began to flounder in the face of Apple’s and Google’s rival platforms. Goncharov laments that after he left, Windows tried to compete with Apple by producing a closed system, rather than choose the open, partner-led focus that Android took. “When I think about it, it still hurts.”

Not long after SPB had refocused on Android, Russian search engine Yandex came calling with a $38 million check in 2011. The FaceApp founder won’t disclose how much he made from the deal, other than to tell Forbes: “Let’s say that I had enough money to start my own company and not worry about looking for additional investments.” Cofounder Schmidt also declined to provide confirmation on figures.

During his time at Microsoft and then at Yandex, Goncharov, ever the engineer, became fascinated by neural networks—hardware and software that try to learn and process information like the human brain. He was particularly drawn to the idea that an algorithm could generate a face from given attributes, like gender or hair color. “The quality at that point was terrible, but there was still some magic.” He says that after six months of tinkering, the quality of the images his neural nets were creating were much better than what was previously available.

Once he left Yandex in 2013, he moved on to creating his own products, one of his first being a hotel Wi-Fi testing tool that garnered some success. But, wanting to create a product from those face-generating algorithms, he starting working on FaceApp in 2016. It launched in 2017, still in what Goncharov describes as a beta version. Even in its basic form, it went viral for the first time after a “hotness” filter made people prettier.

With millions of users enamored with the app, Goncharov quickly had to formulate a business plan. His idea was that people would pay for an automated photo editor, so he added a paid-for subscription offer that would remove the FaceApp watermark and irritating ads, as well as add some premium features. Effectively, FaceApp was to replace PhotoShop editors with AI, Goncharov ventured.

FaceApp making millions

It has paid off, according to the CEO. “We have success, but very unusual success,” boasts Goncharov, who owns 100% of the business.

Without providing substantiating data, he claims FaceApp has been profitable since the first launch two years ago, with “good” revenue and growth figures. “We’re very profitable,” he says. “I could easily have got investment from Silicon Valley… but we had enough to grow organically.” While Goncharov has no need for Silicon Valley investors for now (he says he may approach VCs in the future), others in the bubbly business of photo apps have either taken big funding rounds or been acquired. Snapchat snapped up Looksery for a reported $150 million in 2015 and Teleport for $8 million in 2018 to help grow its library of AI-powered filters, while Oakland-based photo app VSCO raised $90 million over two rounds.

FaceApp makes money from nothing more than a paid-for subscription service. But the founder declines to say how much revenue that’s drawing in or how many paying customers he has. He also won’t disclose user numbers.

Goncharov does, however, disclose that the paying customer base was roughly 1%. And looking at the number of downloads (not active users) revealed on Google Play, there are in excess of 100 million. Even taking a conservative estimate of 100 million users across Android and iOS, and just 1% signing up for a single month’s premium use at $3.99, the company is making at least $4 million per annum, and potentially a lot more if it’s locking in more users. (It’s also possible to pay $20 for a year’s access or $40 for lifetime use). Goncharov declined to comment on that estimate. But it’s not bad for a 12-employee business that’s been profitable for two years, by Goncharov’s account at least.

As for what’s next, video is on the horizon. Though other companies like Snapchat already do this with live filters, Goncharov doesn’t want to launch something that’s anything less than “magical.” He’s hoping that magic isn’t diminished by another privacy panic.

Follow me on Twitter. Check out my website. Send me a secure tip.

I cover security and privacy for Forbes. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals. I like to hear from hackers who are breaking things for either fun or profit and researchers who’ve uncovered nasty things on the web. Tip me on Signal at 447837496820. I use WhatsApp and Treema too. Or you can email me at TBrewster@forbes.com, or tbthomasbrewster@gmail.com.

Source: Who’s The Face Behind FaceApp? Meet The Rich Russian Who Built The Wildly Viral App

%d bloggers like this:
Skip to toolbar