Trump: U.S. should get ‘substantial portion’ of TikTok operations sale price

By David Shepardson and Jeff Mason

WASHINGTON (Reuters) – U.S. President Donald Trump said Monday the U.S. government should get a “substantial portion” of the sales price of the U.S. operations of TikTok and warned he will ban the service in the United States on September 15 without a sale.

The turnaround came after Trump Friday he said he was planning to ban the Chinese-owned video app’s U.S. operations as soon as Saturday after dismissing a possible sale to Microsoft.

Reuters reported last week that some investors are valuing TikTok at about $50 billion, citing people familiar with the matter.

“I did say that if you buy it, whatever the price is that goes to whoever owns it, because I guess it’s China essentially … I said a very substantial portion of that price is going to have to come into the Treasury of the United States because we’re making it possible for this deal to happen,” Trump said.

It was not clear how the U.S. government would receive part of the purchase price.

He added it “will close down on September 15 unless Microsoft or somebody else is able to buy it and work out a deal, an appropriate deal so the Treasury … of the United States gets a lot of money.

Daniel Elman, analyst at Nucleus Research, said a sale “could foreshadow a growing wave of U.S. company acquisition of Chinese internet properties, particularly if the geopolitical tensions continue to mount.”

Elman said that could impact Tencent’s WeChat.

Secretary of State Mike Pompeo referenced WeChat on Sunday and said Trump “will take action in the coming days with respect to a broad array of national security risks that are presented by software connected to the Chinese Communist Party.”

U.S. officials have said TikTok poses a national risk because of the personal data it handles. TikTok CEO Kevin Mayer said in a blog post last week that the company was committed to following U.S. laws and was allowing experts to observe its moderation policies and examine the code that drives its algorithms.

Trump’s comments confirmed a Reuters report Sunday that he had agreed to give China’s ByteDance 45 days to negotiate a sale of popular short-video app TikTok to Microsoft.

Trump, a former New York real estate developer, compared TikTok to the landlord tenant relationship, suggesting TikTok is like a tenant. “Without a lease, the tenant has nothing – so they pay what’s called key money or they pay something.”

He said he did not mind “whether it’s Microsoft or somebody else – a big company, a secure company, very, very American company buy it.”

Microsoft said Sunday that CEO Satya Nadella had spoken to Trump and “is prepared to continue discussions to explore a purchase of TikTok in the United States.”

Microsoft said Sunday it is “committed to acquiring TikTok subject to a complete security review and providing proper economic benefits to the United States, including the United States Treasury.”

Many prominent Republicans, including House Republican Leader Kevin McCarthy, issued statements in support of a Microsoft acquisition of TikTok’s U.S. operations. Some congressional aides are worried about a backlash by younger voters against the party if Trump banned TikTok, which has 100 million American users.

Microsoft and TikTok parent ByteDance gave the U.S. government a notice of intent to explore a preliminary proposal for Microsoft to purchase the TikTok service in the United States, Canada, Australia, and New Zealand.

U.S. Senate Democratic leader Chuck Schumer also backed the sale, while a senior White House adviser raised concerns about a sale to Microsoft.

“A U.S. company should buy TikTok so everyone can keep using it and your data is safe,” Schumer said on Twitter, adding: “This is about privacy. With TikTok in China, it’s subject to Chinese Communist Party laws that may require handing over data to their government.”

White House trade adviser Peter Navarro suggested on Monday that Microsoft could divest its holdings in China if it were to buy TikTok.

“So the question is, is Microsoft going to be compromised?” Navarro said in an interview with CNN. “Maybe Microsoft could divest its Chinese holdings?”

Navarro said the Chinese government and military use Microsoft software “to do all the things they do.”

(Reporting by David Shepardson, Doina Chiacu, Susan Heavey, Alexandra Alper, Echo Wang, Greg Roumeliotis, Paresh Dave and Pete Schroeder; Editing by Nick Zieminski and Lisa Shumaker)

LinkedIn cuts 960 jobs as pandemic puts the brakes on corporate hiring

By Supantha Mukherjee

(Reuters) – Microsoft Corp’s professional networking site LinkedIn said on Tuesday it would cut about 960 jobs, or 6% of its global workforce, as the coronavirus pandemic is having a sustained impact on demand for its recruitment products.

California-based LinkedIn helps employers assess a candidate’s suitability for a role and employees use the platform to find a new job.

Jobs will be cut across sales and hiring divisions of the group globally. Announcing the plan in a message posted on LinkedIn’s website, Chief Executive Ryan Roslansky said the company would provide at least 10 weeks of severance pay as well as health insurance for a year for U.S. employees, and will hire for newly-created roles from laid-off staff.

“I want you to know these are the only layoffs we are planning,” Roslansky said in his message. Affected staff, who have not yet been told, would be able to keep company-issued cell phones, laptops, and recently purchased equipment to help them work from home while making career transitions, he said.

As lockdowns to contain the coronavirus have hit businesses around the world, LinkedIn’s business has been hit as companies lay off staff or sharply curtail hiring.

LinkedIn said employees affected by its job cuts will be informed this week and they will start receiving invitations in the next few hours to meetings to learn more about next steps.

“If you don’t receive a meeting invite, you are not directly impacted by this change,” Roslansky said.

(Reporting by Supantha Mukherjee; Editing by Susan Fenton)

U.S. tech giants eye Artificial Intelligence key to unlock China push

A Google sign is seen during the WAIC (World Artificial Intelligence Conference) in Shanghai, China, September 17, 2018. REUTERS/Aly Song

By Cate Cadell

SHANGHAI (Reuters) – U.S. technology giants, facing tighter content rules in China and the threat of a trade war, are targeting an easier way into the world’s second-largest economy – artificial intelligence.

Google, Microsoft Inc and Amazon Inc showcased their AI wares at a state-backed forum held in Shanghai this week against the backdrop of Beijing’s plans to build a $400 billion AI industry by 2025.

China’s government and companies may compete against U.S. rivals in the global AI race, but they are aware that gaining ground won’t be easy without a certain amount of collaboration.

“Hey Google, let’s make humanity great again,” Tang Xiao’ou, CEO of Chinese AI and facial recognition unicorn Sensetime, said in a speech on Monday.

Amazon and Microsoft announced plans on Monday to build new AI research labs in Shanghai. Google also showcased a growing suite of China-focused AI tools at its packed event on Tuesday.

Google in the past year has launched AI-backed products including a translate app and a drawing game, its first new consumer products in China since its search engine was largely blocked in 2010.

The World Artificial Intelligence Conference, which ends on Wednesday, is hosted by China’s top economic planning agency alongside its cyber and industry ministries. The conference aims to show the country’s growing might as a global AI player.

China’s ambition to be a world leader in AI has created an opening for U.S. firms, which attract the majority of top global AI talents and are keen to tap into China’s vast data.

The presence of global AI research projects is also a boon for China, which aims to become a global technology leader in the next decade.

Liu He, China’s powerful vice premier and the key negotiator in trade talks with the United States, said his country wanted a more collaborative approach to AI technology.

“As members of a global village, I hope countries can show inclusive understanding and respect for each other, deal with the double-sword technologies can bring, and embrace AI challenges together,” he told the forum.

Beijing took an aggressive stance when it laid out its AI roadmap last year, urging companies, the government and military to give China a “competitive edge” over its rivals.

STATE-BACKED AI

Chinese attendees at the forum were careful to cite the guiding role of the state in the country’s AI sector.

“The development of AI is led by government and executed by companies,” a Chinese presenter said in between speeches on Monday by China’s top tech leaders, including Alibaba Holding Ltd chairman Jack Ma, Tencent Holdings Ltd chief Pony Ma and Baidu Inc CEO Robin Li.

While China may have enthusiasm for foreign AI projects, there is little indication that building up local AI operations will open doors for foreign firms in other areas.

China’s leaders still prefer to view the Internet as a sovereign project. Google’s search engine remains blocked, while Amazon had to step back from its cloud business in China.

Censorship and local data rules have also hardened in China over the past two years, creating new hoops for foreign firms to jump through if they want to tap the booming internet sector.

Nevertheless, some speakers paid tribute to foreign AI products, including Xiami Corp chief executive Lei Jun, who hailed Google’s Alpha Go board game program as a major milestone, saying he was a fan of the game himself.

Alibaba’s Ma said innovation needed space to develop and it was not the government’s role to protect business.

“The government needs to do what the government should do, and companies need to do what they should do,” he said.

(Reporting by Cate Cadell; Editing by Adam Jourdan and Darren Schuettler)

Russian hackers targeted U.S. Senate, think tanks: Microsoft

FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Phot

By Brendan O’Brien

(Reuters) – Microsoft Corp charged that hackers linked to Russia’s government sought to launch cyber attacks on the U.S. Senate and conservative American think tanks, warning that Moscow is broadening attacks ahead of November’s congressional elections.

The world’s biggest software company said late on Monday that it last week took control of six web domains that hackers had created to mimic sites belonging to the Senate and the think tanks. Users who visited the fake sites were asked to enter login credentials.

It is the latest in a string of actions Microsoft has taken to thwart what it charges are Russian government hacking attempts. The company said it has shut down 84 fake websites in 12 court-approved actions over the past two years.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith said in a blog post.

Microsoft said it had no evidence that the hackers had succeeded in compromising any user credentials before it took control of the malicious sites.

The Kremlin rejected the Microsoft allegations and said there was no evidence to support them.

“We don’t know what hackers they are talking about,” Kremlin spokesman Dmitry Peskov told reporters. “Who exactly are they talking about? We don’t understand what the proof and the basis is for them drawing these kind of conclusions. Such information (proof) is lacking.”

Moscow has repeatedly dismissed allegations that it has used hackers to influence U.S. elections and political opinion.

The targets, Microsoft said, included the International Republican Institute, whose high-profile Republican board members include Senator John McCain of Arizona, who has criticized U.S. President Donald Trump’s interactions with Russia and Moscow’s rights record.

The Hudson Institute, another target, has hosted discussions on topics including cyber security, according to Microsoft. It has also examined the rise of kleptocracy, especially in Russia, and has been critical of the Russian government.

Other malicious domains were used to mimic legitimate sites used by the U.S. Senate and Microsoft’s Office software suite, the company said.

CYBER TENSIONS

Microsoft’s report came amid increasing tensions between Moscow and Washington ahead of midterm elections in November.

A U.S. federal grand jury indicted 12 Russian intelligence officers in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.

Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether Trump’s campaign worked with Russians to sway the vote. Russia denies interfering in the elections and Trump has denied any collusion.

The type of attack is known as “spear fishing,” in which the hackers trick victims into entering their username and password into a fake site in order to steal their credentials.

Facebook Inc said late last month it had removed 32 pages and fake accounts from its platforms in a bid to combat foreign meddling ahead of the U.S. votes.

The company stopped short of identifying the source of the misinformation. But members of Congress who had been briefed by Facebook on the matter said the methodology of the influence campaign suggested Russian involvement.

(Reporting by Brendan O’Brien; Additional reporting by Andrew Osborn and Tom Balmforth in Moscow; Editing by Jim Finkle and Steve Orlofsky)

Nasdaq surges at open after strong Amazon, Microsoft earnings

(Reuters) – The tech-heavy Nasdaq opened 1 percent higher on Friday after stellar results from Amazon, Microsoft and Intel, while a 3 percent drop in Exxon weighed on the Dow and S&P.

The Dow Jones Industrial Average rose 19.80 points, or 0.08 percent, at the open to 24,342.14. The S&P 500 opened higher by 8.53 points, or 0.32 percent, at 2,675.47. The Nasdaq Composite gained 76.84 points, or 1.08 percent, to 7,195.52 at the opening bell.

(Reporting by Sruthi Shankar in Bengaluru; Editing by Shounak Dasgupta)

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)

Social media companies accelerate removals of online hate speech

A man reads tweets on his phone in front of a displayed Twitter logo in Bordeaux, southwestern France, March 10, 2016. REUTERS/Regis

By Julia Fioretti

BRUSSELS (Reuters) – Social media companies Facebook, Twitter and Google’s YouTube have accelerated removals of online hate speech in the face of a potential European Union crackdown.

The EU has gone as far as to threaten social media companies with new legislation unless they increase efforts to fight the proliferation of extremist content and hate speech on their platforms.

Microsoft, Twitter, Facebook and YouTube signed a code of conduct with the EU in May 2016 to review most complaints within a 24-hour timeframe. Instagram and Google+ will also sign up to the code, the European Commission said.

The companies managed to review complaints within a day in 81 percent of cases during monitoring of a six-week period towards the end of last year, EU figures released on Friday show, compared with 51 percent in May 2017 when the Commission last examined compliance with the code of conduct.

On average, the companies removed 70 percent of the content flagged to them, up from 59.2 percent in May last year.

EU Justice Commissioner Vera Jourova has said that she does not want to see a 100 percent removal rate because that could impinge on free speech.

She has also said she is not in favor of legislating as Germany has done. A law providing for fines of up to 50 million euros ($61.4 million) for social media companies that do not remove hate speech quickly enough went into force in Germany this year.

Jourova said the results unveiled on Friday made it less likely that she would push for legislation on the removal of illegal hate speech.

‘NO FREE PASS’

“The fact that our collaborative approach on illegal hate speech brings good results does not mean I want to give a free pass to the tech giants,” she told a news conference.

Facebook reviewed complaints in less than 24 hours in 89.3 percent of cases, YouTube in 62.7 percent of cases and Twitter in 80.2 percent of cases.

“These latest results and the success of the code of conduct are further evidence that the Commission’s current self-regulatory approach is effective and the correct path forward.” said Stephen Turner, Twitter’s head of public policy.

Of the hate speech flagged to the companies, almost half of it was found on Facebook, the figures show, while 24 percent was on YouTube and 26 percent on Twitter.

The most common ground for hatred identified by the Commission was ethnic origin, followed by anti-Muslim hatred and xenophobia, including expressions of hatred against migrants and refugees.

Pressure from several European governments has prompted social media companies to step up efforts to tackle extremist online content, including through the use of artificial intelligence.

YouTube said it was training machine learning models to flag hateful content at scale.

“Over the last two years we’ve consistently improved our review and action times for this type of content on YouTube, showing that our policies and processes are effective, and getting better over time,” said Nicklas Lundblad, Google’s vice president of public policy in EMEA.

“We’ve learned valuable lessons from the process, but there is still more we can do.”

The Commission is likely to issue a recommendation at the end of February on how companies should take down extremist content related to militant groups, an EU official said.

(Reporting by Julia Fioretti; Additional reporting by Foo Yun Chee; Editing by Grant McCool and David Goodman)

Tech companies wage war on disease-carrying mosquitoes

Researcher Ethan Jackson places the Project Premonition mosquito trap in the wild in this handout photo obtained by Reuters June 30, 2017. Microsoft/Handout via REUTERS

By Julie Steenhuysen

CHICAGO (Reuters) – American technology companies are bringing automation and robotics to the age-old task of battling mosquitoes in a bid to halt the spread of Zika and other mosquito-borne maladies worldwide.

Firms including Microsoft Corp and California life sciences company Verily are forming partnerships with public health officials in several U.S. states to test new high-tech tools.

In Texas, Microsoft is testing a smart trap to isolate and capture Aedes aegypti mosquitoes, known Zika carriers, for study by entomologists to give them a jump on predicting outbreaks.

Verily, Alphabet’s life sciences division based in Mountain View, California, is speeding the process for creating sterile male mosquitoes to mate with females in the wild, offering a form of birth control for the species.

While it may take years for these advances to become widely available, public health experts say new players brings fresh thinking to vector control, which still relies heavily on traditional defenses such as larvicides and insecticides. “It’s exciting when technology companies come on board,” said Anandasankar Ray, an associate professor of entomology at the University of California, Riverside. “Their approach to a biological challenge is to engineer a solution.”

SMART TRAPS

The Zika epidemic that emerged in Brazil in 2015 and left thousands of babies suffering from birth defects has added urgency to the effort.

While cases there have slowed markedly, mosquitoes capable of carrying the virus – Aedes aegypti and Aedes albopictus – are spreading in the Americas, including large swaths of the southern United States.

(For a map of U.S. mosquito territory, see http://tmsnrt.rs/2tqlJHa)

The vast majority of the 5,365 Zika cases reported in the United States so far are from travelers who contracted the virus elsewhere. Still, two states – Texas and Florida – have recorded cases transmitted by local mosquitoes, making them prime testing grounds for new technology.

In Texas, 10 mosquito traps made by Microsoft are operating in Harris County, which includes the city of Houston.

Roughly the size of large birdhouses, the devices use robotics, infrared sensors, machine learning and cloud computing to help health officials keep tabs on potential disease carriers.

Texas recorded six cases of local mosquito transmission of Zika in November and December of last year. Experts believe the actual number is likely higher because most infected people do not develop symptoms.

Pregnant women are at high risk because they can pass the virus to their fetuses, resulting in a variety of birth defects. Those include microcephaly, a condition in which infants are born with undersized skulls and brains. The World Health Organization declared Zika a global health emergency in February 2016.

Most conventional mosquito traps capture all comers – moths, flies, other mosquito varieties – leaving a pile of specimens for entomologists to sort through. The Microsoft machines differentiate insects by measuring a feature unique to each species: the shadows cast by their beating wings. When a trap detects an Aedes aegypti in one of its 64 chambers, the door slams shut.

The machine “makes a decision about whether to trap it,” said Ethan Jackson, a Microsoft engineer who is developing the device.

The Houston tests, begun last summer, showed the traps could detect Aedes aegypti and other medically important mosquitoes with 85 percent accuracy, Jackson said.

The machines also record shadows made by other insects as well as environmental conditions such as temperature and humidity. The data can be used to build models to predict where and when mosquitoes are active.

Mustapha Debboun, director of Harris County’s mosquito and vector control division, said the traps save time and give researchers more insight into mosquito behavior. “For science and research, this is a dream come true,” he said.

The traps are prototypes now. But Microsoft’s Jackson said the company eventually hopes to sell them for a few hundred dollars each, roughly the price of conventional traps. The goal is to spur wide adoption, particularly in developing countries, to detect potential epidemics before they start.

“What we hope is (the traps) will allow us to bring more precision to public health,” Jackson said.

SORTING MOSQUITOES WITH ROBOTS

Other companies, meanwhile, are developing technology to shrink mosquito populations by rendering male Aedes aegypti mosquitoes sterile. When these sterile males mate with females in the wild, their eggs don’t hatch.

The strategy offers an alternative to chemical pesticides. But it requires the release of millions of laboratory-bred mosquitoes into the outdoors. Males don’t bite, which has made this an easier sell to places now hosting tests.

Oxitec, an Oxford, England-based division of Germantown, Maryland-based Intrexon Corp, is creating male mosquitoes genetically modified to be sterile. It has already deployed them in Brazil, and is seeking regulatory approval for tests in Florida and Texas.

MosquitoMate Inc, a startup formed by researchers at the University of Kentucky, is using a naturally occurring bacterium called Wolbachia to render male mosquitoes sterile.

One of the biggest challenges is sorting the sexes.

At MosquitoMate’s labs in Lexington, immature mosquitoes are forced through a sieve-like mechanism that separates the smaller males from the females. These mosquitoes are then hand sorted to weed out any stray females that slip through.

“That’s basically done using eyeballs,” said Stephen Dobson, MosquitoMate’s chief executive.

Enter Verily. The company is automating mosquito sorting with robots to make it faster and more affordable. Company officials declined to be interviewed. But on its website, Verily says it’s combining sensors, algorithms and “novel engineering” to speed the process.

Verily and MosquitoMate have teamed up to test their technology in Fresno, California, where Aedes aegypti arrived in 2013.

Officials worry that residents who contract Zika elsewhere could spread it in Fresno if they’re bitten by local mosquitoes that could pass the virus to others.

“That is very much of a concern because it is the primary vector for diseases such as dengue, chikungunya and obviously Zika,” said Steve Mulligan, manager of the Consolidated Mosquito Abatement District in Fresno County.

The study, which still needs state and federal approval, is slated for later this summer.

(Editing by Marla Dickerson)

Russia causing cyber mayhem, should face retaliation: ex-UK spy chief

The director of Britain's GCHQ Robert Hannigan delivers a speech at Government Communications Headquarters in Cheltenham, November 17, 2015.

By Michael Holden

LONDON (Reuters) – Russia is causing cyberspace mayhem and should face retaliation if it continues to undermine democratic institutions in the West, the former head of Britain’s GCHQ spy agency said on Monday.

Russia denies allegations from governments and intelligence services that it is behind a growing number of cyber attacks on commercial and political targets around the world, including the hackings of recent U.S. and French presidential election campaigns.

Asked if the Russian authorities were a threat to the democratic process, Robert Hannigan, who stepped down as head of the UK’s intelligence service in March, said: “Yes … There is a disproportionate amount of mayhem in cyberspace coming from Russia from state activity.”

In his first interview since leaving GCHQ, Hannigan told BBC radio that it was positive that French President Emmanuel Macron and German Chancellor Angela Merkel had publicly “called this out recently”.

Standing alongside Russian President Vladimir Putin in May, Macron said state-funded Russian news outlets had sought to destabilize his campaign while the head of Germany’s domestic intelligence agency said last week it was expecting Russia to try to influence the German election in September.

“Ultimately people will have to push back against Russian state activity and show that it’s unacceptable,” he said.

“It doesn’t have to be by cyber retaliation, but it may be that is necessary at some time in the future. It may be sanctions and other measures, just to put down some red lines and say that this behavior is unacceptable.”

Hannigan also said it would be a mistake to force social media companies to allow intelligence agencies to access services protected by encryption through so-called “back door” access.

“The best you can do with end-to-end encryption is work with companies in a cooperative way to find ways around it frankly,” he said. He said such “back doors” would weaken systems.

Hannigan also said governments should wait to see how a global working group on tackling online extremism established by Facebook, Google’s YouTube, Twitter and Microsoft performed before seeking new laws.

“Legislation is a blunt last resort because frankly extremism is very difficult to define in law and you could spend all your time in court arguing about whether a particular video crosses the line or not,” he said.

Last month, Germany approved a plan to fine social media networks up to 50 million euros ($57 million) if they failed to remove hateful postings promptly. Britain has also mooted bringing in possible sanctions for tech firms that failed to remove extremist content.

 

 

(Editing by Raissa Kasolowsky)

 

Security experts find clues to ransomware worm’s lingering risks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

(Corrects spelling of first name in paragraph 22 of this May 18 story to Salim from Samil)

By Eric Auchard

FRANKFURT (Reuters) – Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.

Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia, believing that identifying “patient zero” could help catch its criminal authors.

They are having more luck dissecting flaws that limited its spread.

Security experts warn that while computers at more than 300,000 internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.

“Some organizations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are short-staffed,” said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit.

“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.

WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7, said Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity.

Data from BitSight covering 160,000 internet-connected computers hit by WannaCry, shows that Windows 7 accounts for 67 percent of infections, although it represents less than half of the global distribution of Windows PC users.

Computers running older versions, such as Windows XP used in Britain’s NHS health system, while individually vulnerable to attack, appear incapable of spreading infections and played a far smaller role in the global attack than initially reported.

In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.

Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, BitSight estimated.

COMPUTER BASICS

Any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical” when it was released on March 14 on all computers on their networks are immune, experts agree.

Those hit by WannaCry also failed to heed warnings last year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.

“Clearly people who run supported versions of Windows and patched quickly were not affected”, Trustwave’s Mador said.

Microsoft has faced criticism since 2014 for withdrawing support for older versions of Windows software such as 16-year-old Windows XP and requiring users to pay hefty annual fees instead. The British government canceled a nationwide NHS support contract with Microsoft after a year, leaving upgrades to local trusts.

Seeking to head off further criticism in the wake of the WannaCry outbreak, the U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers.(http://reut.rs/2qvSPUR)

Microsoft declined to comment for this story.

On Sunday, the U.S. software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet (http://reut.rs/2qAOdLm).

Half of all internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 percent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.(http://tmsnrt.rs/2qIUckv)

DUMB AND SOPHISTICATED

The ransomware mixes copycat software loaded with amateur coding mistakes and recently leaked spy tools widely believed to have been stolen from the U.S. National Security Agency, creating a vastly potent class of crimeware.

“What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption”, said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.

Last Friday, the company’s British-based 22-year-old data breach research chief, Marcus Hutchins, created a “kill-switch”, which security experts have widely hailed as the decisive step in halting the ransomware’s rapid spread around the globe.

WannaCry appears to target mainly enterprises rather than consumers: Once it infects one machine, it silently proliferates across internal networks which can connect hundreds or thousands of machines in large firms, unlike individual consumers at home.

An unknown number of computers sit behind the 300,000 infected internet connections identified by Kryptos.

Because of the way WannaCry spreads sneakily inside organization networks, a far larger total of ransomed computers sitting behind company firewalls may be hit, possibly numbering upward of a million machines. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday.

Liran Eshel, chief executive of cloud storage provider CTERA Networks, said: “The attack shows how sophisticated ransomware has become, forcing even unaffected organizations to rethink strategies.”

ESCAPE ROUTE

Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.

However, a bug in WannaCry code means the attackers cannot use unique bitcoin addresses to track payments, security researchers at Symantec found this week. The result: “Users unlikely to get files restored”, the company’s Security Response team tweeted.

The rapid recovery by many organizations with unpatched computers caught out by the attack may largely be attributed to back-up and retrieval procedures they had in place, enabling technicians to re-image infected machines, experts said.

While encrypting individual computers it infects, WannaCry code does not attack network data-backup systems, as more sophisticated ransomware packages typically do, security experts who have studied WannaCry code agree.

These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.

Less than 300 payments worth around $83,000 had been paid into WannaCry blackmail accounts by Thursday (1800 GMT), six days after the attack began and one day before the ransomware threatens to start locking up victim computers forever. (Reuters graphic: [http://tmsnrt.rs/2rqaLyz)

The Verizon 2017 Data Breach Investigations Report, the most comprehensive annual survey of security breakdowns, found that it takes three months before at least half of organizations install major new software security patches.

WannaCry landed nine weeks after Microsoft’s patch arrived.

“The same things are causing the same problems. That’s what the data shows,” MWR research head Pratley said.

“We haven’t seen many organizations fall over and that’s because they did some of the security basics,” he said.

For a graphic on WannaCry worm, click http://fingfx.thomsonreuters.com/gfx/rngs/CYBER-ATTACK/010041552FY/index.html

(Editing by Philippa Fletcher)