Digital Sovereignty & Cyber Security

A century ago, a single square mile in the capital of the then Austro-Hungarian Empire was home to some of the most remarkable men of the 20th Century, as it played host to Adolf Hitler, Leon Trotsky, Joseph Tito, Sigmund Freud and Joseph Stalin.

The BBC telles us that "in January 1913, a man whose passport bore the name Stavros Papadopoulos disembarked from the Krakow train at Vienna's North Terminal station.

Of dark complexion, he sported a large peasant's moustache and carried a very basic wooden suitcase.

"I was sitting at the table," wrote the man he had come to meet, years later, "when the door opened with a knock and an unknown man entered.

"He was short... thin... his greyish-brown skin covered in pockmarks... I saw nothing in his eyes that resembled friendliness."

The writer of these lines was a dissident Russian intellectual, the editor of a radical newspaper called Pravda (Truth). His name was Leon Trotsky.

The man he described was not, in fact, Papadopoulos.

He had been born Iosif Vissarionovich Dzhugashvili, was known to his friends as Koba and is now remembered as Joseph Stalin.

Trotsky and Stalin were just two of a number of men who lived in central Vienna in 1913 and whose lives were destined to mould, indeed to shatter, much of the 20th century.

It was a disparate group. The two revolutionaries, Stalin and Trotsky, were on the run. Sigmund Freud was already well established.

The psychoanalyst, exalted by followers as the man who opened up the secrets of the mind, lived and practised on the city's Berggasse.

The young Josip Broz, later to find fame as Yugoslavia's leader Marshal Tito, worked at the Daimler automobile factory in Wiener Neustadt, a town south of Vienna, and sought employment, money and good times.

Then there was the 24-year-old from the north-west of Austria whose dreams of studying painting at the Vienna Academy of Fine Arts had been twice dashed and who now lodged in a doss-house in Meldermannstrasse near the Danube, one Adolf Hitler."

WhatsApp has filed a suit in federal court accusing Israeli mobile surveillance maker NSO Group of creating an exploit that was used hundreds of times to hack into target’s phone.

The lawsuit, filed in a California federal court, said the mobile surveillance outfit “developed their malware in order to access messages and other communications after they were decrypted” on target devices.

The attack worked by exploiting an audio-calling vulnerability in WhatsApp. Users may  appear to get an ordinary call, but the malware would quietly infect the device with spyware, giving the attackers full access to the device.

In some cases it happened so quickly, the target’s phone may not have rung at all.

Because WhatsApp is end-to-end encrypted, it’s near-impossible to access the messages as they traverse the internet. But in recent years, governments and mobile spyware companies have begun targeting the devices where the messages were sent or received. The logic goes that if you hack the device, you can obtain its data.

That’s what WhatsApp says happened.

WhatsApp, owned by Facebook, quickly patched the vulnerability. Although blame fell fast on NSO Group, WhatsApp did not publicly accuse the company at the time — until now.

In an op-ed posted shortly after the suit was filed, WhatsApp head Will Cathcart said the messaging giant “learned that the attackers used servers and Internet-hosting services that were previously associated” with NSO Group, and that certain WhatsApp accounts used during the attacks were traced back to the company.

“While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful,” said Cathcart.

The attack involved disguising the malicious code as call settings, allowing the surveillance outfit to deliver the code as if it came from WhatsApp’s signaling servers. Once the malicious calls were delivered to the target’s phone, they “injected the malicious code into the memory of the target device — even when the target did not answer the call,” the complaint read. When the code was run, it sent a request to the surveillance company’s servers, and downloaded additional malware to the target’s device.

In total, some 1,400 targeted devices were affected by the exploit, the lawsuit said.

Most people were unaffected by the WhatsApp exploit. But WhatsApp said that more than 100 human rights defenders, journalists and “other members of civil society” were targeted by the attack.

Other targets included government officials and diplomats.

In a statement, NSO Group said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them.”

PayPal is withdrawing from Facebook’s Libra Association, the company announced Friday.

“PayPal has made the decision to forgo further participation in the Libra Association at this time and to continue to focus on advancing our existing mission and business priorities as we strive to democratize access to financial services for underserved populations,” PayPal said in a statement.

David Marcus, who leads the project at Facebook, was previously the president of PayPal. PayPal said it is still “supportive of Libra’s aspirations” and that it will continue to partner with Facebook in the future.

Dante Disparte, head of policy and communications for the Libra Association, said in an emailed statement, “We recognize that change is hard, and that each organization that started this journey will have to make its own assessment of risks and rewards of being committed to seeing through the change that Libra promises.”

Libra was greeted with widespread criticism after the cryptocurrency was announced in June. Facebook’s involvement caught the attention of senior congressional finance committee members, global regulators, former lawmakers and industry insiders who questioned Facebook’s motives.

Federal Reserve Chairman Jerome Powell said this summer that libra raises “serious concerns regarding privacy, money laundering, consumer protection, financial stability” and the Fed had launched a working group to examine it.

Rep. Maxine Waters, D-Calif., chairwoman of the House Financial Services Committee, told CNBC in June that “it’s very important for them to stop right now what they’re doing so that we can get a handle on this” and Congress would “move aggressively” to deal with it.

Facebook has tried to mitigate lawmakers’ fears of libra in part by assuring them that Facebook would not have unilateral control of the currency.

The Libra Association had been made up of 28 corporate backers, including Facebook, who are meant to help govern libra. All founding members were expected to invest a minimum of $10 million to fund the operating costs of the association and launch an incentive program to drive adoption, according to Facebook’s initial announcement of the project, but those investments had not yet been made.

PayPal’s public defection could indicate the alliance is starting to fray.

On Wednesday, The Wall Street Journal reported that Visa, Mastercard and other financial partners that signed on are “reconsidering” involvement following a backlash from government officials.

Rep. Sylvia Garcia, D-Tex., a member of the House Financial Services Committee, said on a call with reporters Friday that PayPal’s decision to back out is “a clear indication that something’s amiss.” Garcia said she already had concerns about the members of the association, since Facebook seemed to be able to select its founding members.

“If I’m doing the inviting, then that’s controlling the entire agenda,” she said.

Lawmakers in the House Financial Services Committee are now seeking to bring Facebook’s top executives back to Capitol Hill to testify on libra, CNBC reported Friday. Two sources familiar with the situation told CNBC that the committee has been in talks with Facebook about bringing COO Sheryl Sandberg to testify this month, but that the hearing would be contingent on CEO Mark Zuckerberg’s agreement to appear before the committee.

No one's better at hacking than the NSA. And now one if its powerful tools is available to everyone for free.

The National Security Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable exampleshadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a "contribution to the nation’s cybersecurity community" in announcing it at RSA, it will no doubt be used far beyond the United States.

You can't use Ghidra to hack devices; it's instead a reverse-engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended.

"If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end," Joyce said. "Ghidra is a software reverse-engineering tool built for our internal use at NSA. We're not claiming that this is the one that’s going to be replacing everything out there—it's not. But it helped us address some things in our workflow."

Similar reverse-engineering products exist on the market, including a popular disassembler and debugger called IDA. But Joyce emphasized that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind, which makes it a powerful and particularly usable tool. Products like IDA also cost money, whereas making Ghidra open source marks the first time that a tool of its caliber will be available for free—a major contribution in training the next generation of cybersecurity defenders. (Like other open source code, though, expect it to have some bugs.) Joyce also noted that the NSA views the release of Ghidra as a sort of recruiting strategy, making it easier for new hires to enter the NSA at a higher level or for cleared contractors to lend their expertise without needing to first come up to speed on the tool.

The NSA announced Joyce’s RSA talk, and Ghidra’s imminent release, in early January. But knowledge of the tool was already public thanks to WikiLeaks’ March 2017 “Vault 7” disclosure, which discussed a number of hacking tools used by the CIA and repeatedly referenced Ghidra as a reverse-engineering tool created by the NSA. The actual code hadn’t seen the light of day, though, until Tuesday—all 1.2 million lines of it. Ghidra runs on Windows, MacOS, and Linux and has all the components security researchers would expect. But Joyce emphasized the tool's customizability. It is also designed to facilitate collaborative work among multiple people on the same reversing project—a concept that isn't as much of a priority in other platforms.

Ghidra also has user-interface touches and features meant to make reversing as easy as possible, given how tedious and generally challenging it can be. Joyce's personal favorite? An undo/redo mechanism that allows users to try out theories about how the code they are analyzing may work, with an easy way to go back a few steps if the idea doesn't pan out.

The NSA has made other code open source over the years, like its Security-Enhanced Linux and Security-Enhanced Android initiatives. But Ghidra seems to speak more directly to the discourse and tension at the heart of cybersecurity right now. By being free and readily available, it will likely proliferate and could inform both defense and offense in unforeseen ways. If it seems like releasing the tool could give malicious hackers an advantage in figuring out how to evade the NSA, though Dave Aitel, a former NSA researcher who is now chief security technology officer at the secure infrastructure firm Cyxtera, said that that isn't a concern.

“Malware authors already know how to make it annoying to reverse their code,” Aitel said. “There’s really no downside” to releasing Ghidra.

No matter what comes next for the NSA's powerful reversing tool, Joyce emphasized on Tuesday that it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. "There’s no backdoor in Ghidra," he said. "Come on, no backdoor. On the record. Scout's honor."

The story is developing and looks more and more as a (digital) sovereignty challenge

It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind.

The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor. A ship’s mast carrying the Danish flag is planted by the building’s northeastern corner, and six stories of blue-tinted windows look out over the water, facing a dock where the Danish royal family parks its yacht. In the building’s basement, employees can browse a corporate gift shop, stocked with Maersk-branded bags and ties, and even a rare Lego model of the company’s gargantuan Triple-E container ship, a vessel roughly as large as the Empire State Building laid on its side, capable of carrying another Empire State Building–sized load of cargo stacked on top of it.

That gift shop also houses a technology help center, a single desk manned by IT troubleshooters next to the shop’s cashier. And on the afternoon of June 27, 2017, confused Maersk staffers began to gather at that help desk in twos and threes, almost all of them carrying laptops. On the machines’ screens were messages in red and black lettering. Some read “repairing file system on C:” with a stark warning not to turn off the computer. Others, more surreally, read “oops, your important files are encrypted” and demanded a payment of $300 worth of bitcoin to decrypt them.

He quietly swore under his breath. Jensen assumed the unplanned reboot was a typically brusque move by Maersk’s central IT department, a little-loved entity in England that oversaw most of the corporate empire, whose eight business units ranged from ports to logistics to oil drilling, in 574 offices in 130 countries around the globe.

Jensen looked up to ask if anyone else in his open-plan office of IT staffers had been so rudely interrupted. And as he craned his head, he watched every other computer screen around the room blink out in rapid succession.

“I saw a wave of screens turning black. Black, black, black. Black black black black black,” he says. The PCs, Jensen and his neighbors quickly discovered, were irreversibly locked. Restarting only returned them to the same black screen.

All across Maersk headquarters, the full scale of the crisis was starting to become clear. Within half an hour, Maersk employees were running down hallways, yelling to their colleagues to turn off computers or disconnect them from Maersk’s network before the malicious software could infect them, as it dawned on them that every minute could mean dozens or hundreds more corrupted PCs. Tech workers ran into conference rooms and unplugged machines in the middle of meetings. Soon staffers were hurdling over locked key-card gates, which had been paralyzed by the still-mysterious malware, to spread the warning to other sections of the building.

Disconnecting Maersk’s entire global network took the company’s IT staff more than two panicky hours. By the end of that process, every employee had been ordered to turn off their computer and leave it at their desk. The digital phones at every cubicle, too, had been rendered useless in the emergency network shutdown.

Around 3 pm, a Maersk executive walked into the room where Jensen and a dozen or so of his colleagues were anxiously awaiting news and told them to go home. Maersk’s network was so deeply corrupted that even IT staffers were helpless. A few of the company’s more old-school managers told their teams to remain at the office. But many employees—rendered entirely idle without computers, servers, routers, or desk phones—simply left.

Jensen walked out of the building and into the warm air of a late June afternoon. Like the vast majority of Maersk staffers, he had no idea when he might return to work. The maritime giant that employed him, responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.

On the edge of the trendy Podil neighborhood in the Ukrainian capital of Kiev, coffee shops and parks abruptly evaporate, replaced by a grim industrial landscape. Under a highway overpass, across some trash-strewn railroad tracks, and through a concrete gate stands the four-story headquarters of Linkos Group, a small, family-run Ukrainian software business.

Up three flights of stairs in that building is a server room, where a rack of pizza-box-sized computers is connected by a tangle of wires and marked with handwritten, numbered labels. On a normal day, these servers push out routine updates—bug fixes, security patches, new features—to a piece of accounting software called M.E.Doc, which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used by nearly anyone who files taxes or does business in the country.

But for a moment in 2017, those machines served as ground zero for the most devastating cyberattack since the invention of the internet—an attack that began, at least, as an assault on one nation by another.

For the past four and a half years, Ukraine has been locked in a grinding, undeclared war with Russia that has killed more than 10,000 Ukrainians and displaced millions more. The conflict has also seen Ukraine become a scorched-earth testing ground for Russian cyberwar tactics. In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organizations and companies. They penetrated the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data. The attacks followed a sadistic seasonal cadence. In the winters of both years, the saboteurs capped off their destructive sprees by causing widespread power outages—the first confirmed blackouts induced by hackers.

But those attacks still weren’t Sandworm’s grand finale. In the spring of 2017, unbeknownst to anyone at Linkos Group, Russian military hackers hijacked the company’s update servers to allow them a hidden back door into the thousands of PCs around the country and the world that have M.E.Doc installed. Then, in June 2017, the saboteurs used that back door to release a piece of malware called ­NotPetya, their most vicious cyberweapon yet.

The code that the hackers pushed out was honed to spread automatically, rapidly, and indiscriminately. “To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze Not­Petya. “By the second you saw it, your data center was already gone.”

NotPetya was propelled by two powerful hacker exploits working in tandem: One was a penetration tool known as EternalBlue, created by the US National Security Agency but leaked in a disastrous breach of the agency’s ultrasecret files earlier in 2017. EternalBlue takes advantage of a vulnerability in a particular Windows protocol, allowing hackers free rein to remotely run their own code on any unpatched machine.

NotPetya’s architects combined that digital skeleton key with an older invention known as Mimikatz, created as a proof of concept by French security researcher Benjamin Delpy in 2011. Delpy had originally released Mimikatz to demonstrate that Windows left users’ passwords lingering in computers’ memory. Once hackers gained initial access to a computer, Mimikatz could pull those passwords out of RAM and use them to hack into other machines accessible with the same credentials. On networks with multiuser computers, it could even allow an automated attack to hopscotch from one machine to the next.

Before NotPetya’s launch, Microsoft had released a patch for its EternalBlue vulnerability. But EternalBlue and Mimikatz together nonetheless made a virulent combination. “You can infect computers that aren’t patched, and then you can grab the passwords from those computers to infect other computers that are patched,” Delpy says.

NotPetya took its name from its resemblance to the ransomware Petya, a piece of criminal code that surfaced in early 2016 and extorted victims to pay for a key to unlock their files. But NotPetya’s ransom messages were only a ruse: The malware’s goal was purely destructive. It irreversibly encrypted computers’ master boot records, the deep-seated part of a machine that tells it where to find its own operating system. Any ransom payment that victims tried to make was futile. No key even existed to reorder the scrambled noise of their computer’s contents.

The weapon’s target was Ukraine. But its blast radius was the entire world. “It was the equivalent of using a nuclear bomb to achieve a small tactical victory,” Bossert says.

The release of NotPetya was an act of cyberwar by almost any definition—one that was likely more explosive than even its creators intended. Within hours of its first appearance, the worm raced beyond Ukraine and out to countless machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It crippled multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread back to Russia, striking the state oil company Rosneft.

The result was more than $10 billion in total damages, according to a White House assessment confirmed to WIRED by former Homeland Security adviser Tom Bossert, who at the time of the attack was President Trump’s most senior cybersecurity-­focused official. Bossert and US intelligence agencies also confirmed in February that Russia’s military—the prime suspect in any cyberwar attack targeting Ukraine—was responsible for launching the malicious code. (The Russian foreign ministry declined to answer repeated requests for comment.)

To get a sense of the scale of NotPetya’s damage, consider the nightmarish but more typical ransomware attack that paralyzed the city government of Atlanta this past March: It cost up to $10 million, a tenth of a percent of NotPetya’s price. Even WannaCry, the more notorious worm that spread a month before NotPetya in May 2017, is estimated to have cost between $4 billion and $8 billion. Nothing since has come close. “While there was no loss of life, it was the equivalent of using a nuclear bomb to achieve a small tactical victory,” Bossert says. “That’s a degree of recklessness we can’t tolerate on the world stage.”

In the year since NotPetya shook the world, WIRED has delved into the experience of one corporate goliath brought to its knees by Russia’s worm: Maersk, whose malware fiasco uniquely demonstrates the danger that cyberwar now poses to the infrastructure of the modern world. The executives of the shipping behemoth, like every other non-Ukrainian victim WIRED approached to speak about NotPetya, declined to comment in any official capacity for this story. WIRED’s account is instead assembled from current and former Maersk sources, many of whom chose to remain anonymous.

But the story of NotPetya isn’t truly about Maersk, or even about Ukraine. It’s the story of a nation-state’s weapon of war released in a medium where national borders have no meaning, and where collateral damage travels via a cruel and unexpected logic: Where an attack aimed at Ukraine strikes Maersk, and an attack on Maersk strikes everywhere at once.

Like many social mouvement nowadays, the “Gilets Jaunes” (Yellow Vests) began online. The protests started as a peaceful demonstration against the increase of gas tax. And suddenly violence is rising…

Let’s have a look at @Pascal66616113, with the infamous 8 digits that are often characteristic to bots. The account has been created in December 2018 and from the API we can notice his interface is configured in English (en). How peculiar, for what seems to be a French patriot! Moreover his activity is only during week days from Monday to Thursday and is just relaying anti-Macron pictures. At this point there’s no way to tell if this is a legit French yellow vest or just a fake profile being controlled from a remote location, but it sure does look like it.

In fact, there are plenty of these “throw away” accounts trying to polarize and incite violence throughout France, and the hard part is putting it all together. To which extent are we being manipulated here? What percentage of these accounts are true protesters?

.../...

Make your own opinion and fact check everything you read online.

In a world where a click is more valuable than the truth (gotta keep that pay-per-click model running), even French media are tempted to surrender to sensationalized stories popping up on the Internet. I’d like to see more people use their common sense during times like this. Conspiracy theories are going wild on social networks, and it is our duty to stop disinformation: verify information with tools like AFP’s factcheck.afp.com.

It’s sad to see France becoming another playground for ideologists spreading false information in order to excite people even more. Paris isn’t on fire, France is fine. But tough times ahead…

Peace.

“The supreme art of war is to subdue the enemy without fighting.” — Sun Tzu

Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter.

Marriott said last week that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system.

Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company’s private probe into the attack.

That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.

While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood’s computer networks since 2014, said one of the sources.

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

(from Bloomberg Business Week through Clément Epié)

-----------How the Hack Worked, According to U.S. Officials

① A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.

② The microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards.

③ The compromised motherboards were built into servers assembled by Supermicro.

④ The sabotaged servers made their way inside data centers operated by dozens of companies.

⑤ When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.
-------------------------------------------

"In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

There are two ways for spies to alter the guts of computer equipment. One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves seeding changes from the very beginning.

One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”

But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.

In emailed statements, Amazon (which announced its acquisition of Elemental in September 2015), Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote. “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote. “We remain unaware of any such investigation,” wrote a spokesman for Supermicro, Perry Hayes. The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.

The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information.

One government official says China’s goal was long-term access to high-value corporate secrets and sensitive government networks. No consumer data is known to have been stolen.

The ramifications of the attack continue to play out. The Trump administration has made computer and networking hardware, including motherboards, a focus of its latest round of trade sanctions against China, and White House officials have made it clear they think companies will begin shifting their supply chains to other countries as a result. Such a shift might assuage officials who have been warning for years about the security of the supply chain—even though they’ve never disclosed a major reason for their concerns.

Back in 2006, three engineers in Oregon had a clever idea. Demand for mobile video was about to explode, and they predicted that broadcasters would be desperate to transform programs designed to fit TV screens into the various formats needed for viewing on smartphones, laptops, and other devices. To meet the anticipated demand, the engineers started Elemental Technologies, assembling what one former adviser to the company calls a genius team to write code that would adapt the superfast graphics chips being produced for high-end video-gaming machines. The resulting software dramatically reduced the time it took to process large video files. Elemental then loaded the software onto custom-built servers emblazoned with its leprechaun-green logos.

Elemental servers sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company. Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.

Elemental also started working with American spy agencies. In 2009 the company announced a development partnership with In-Q-Tel Inc., the CIA’s investment arm, a deal that paved the way for Elemental servers to be used in national security missions across the U.S. government. Public documents, including the company’s own promotional materials, show that the servers have been used inside Department of Defense data centers to process drone and surveillance-camera footage, on Navy warships to transmit feeds of airborne missions, and inside government buildings to enable secure videoconferencing. NASA, both houses of Congress, and the Department of Homeland Security have also been customers. This portfolio made Elemental a target for foreign adversaries.

Supermicro had been an obvious choice to build Elemental’s servers. Headquartered north of San Jose’s airport, up a smoggy stretch of Interstate 880, the company was founded by Charles Liang, a Taiwanese engineer who attended graduate school in Texas and then moved west to start Supermicro with his wife in 1993. Silicon Valley was then embracing outsourcing, forging a pathway from Taiwanese, and later Chinese, factories to American consumers, and Liang added a comforting advantage: Supermicro’s motherboards would be engineered mostly in San Jose, close to the company’s biggest clients, even if the products were manufactured overseas.

Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards—its core product—are nearly all manufactured by contractors in China.

The company’s pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. The majority of its workforce in San Jose is Taiwanese or Chinese, and Mandarin is the preferred language, with hanzi filling the whiteboards, according to six former employees. Chinese pastries are delivered every week, and many routine calls are done twice, once for English-only workers and again in Mandarin. The latter are more productive, according to people who’ve been on both. These overseas ties, especially the widespread use of Mandarin, would have made it easier for China to gain an understanding of Supermicro’s operations and potentially to infiltrate the company. (A U.S. official says the government’s probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack.)

With more than 900 customers in 100 countries by 2015, Supermicro offered inroads to a bountiful collection of sensitive targets. “Think of Supermicro as the Microsoft of the hardware world,” says a former U.S. intelligence official who’s studied Supermicro and its business model. “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”

Well before evidence of the attack surfaced inside the networks of U.S. companies, American intelligence sources were reporting that China’s spies had plans to introduce malicious microchips into the supply chain. The sources weren’t specific, according to a person familiar with the information they provided, and millions of motherboards are shipped into the U.S. annually. But in the first half of 2014, a different person briefed on high-level discussions says, intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.

The specificity of the information was remarkable, but so were the challenges it posed. Issuing a broad warning to Supermicro’s customers could have crippled the company, a major American hardware maker, and it wasn’t clear from the intelligence whom the operation was targeting or what its ultimate aims were. Plus, without confirmation that anyone had been attacked, the FBI was limited in how it could respond. The White House requested periodic updates as information came in, the person familiar with the discussions says.

Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally. Government investigators were still chasing clues on their own when Amazon made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.

The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon’s security team. Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches.

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.

This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser. To understand the power that would give them, take this hypothetical example: Somewhere in the Linux operating system, which runs in many servers, is code that authorizes a user by verifying a typed password against a stored encrypted one. An implanted chip can alter part of that code so the server won’t check for a password—and presto! A secure machine is open to any and all users. A chip can also steal encryption keys for secure communications, block security updates that would neutralize the attack, and open up new pathways to the internet. Should some anomaly be noticed, it would likely be cast as an unexplained oddity. “The hardware opens whatever door it wants,” says Joe FitzPatrick, founder of Hardware Security Resources LLC, a company that trains cybersecurity professionals in hardware hacking techniques.

U.S. officials had caught China experimenting with hardware tampering before, but they’d never seen anything of this scale and ambition. The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet. What remained for investigators to learn was how the attackers had so thoroughly infiltrated Supermicro’s production process—and how many doors they’d opened into American targets.

Unlike software-based hacks, hardware manipulation creates a real-world trail. Components leave a wake of shipping manifests and invoices. Boards have serial numbers that trace to specific factories. To track the corrupted chips to their source, U.S. intelligence agencies began following Supermicro’s serpentine supply chain in reverse, a person briefed on evidence gathered during the probe says.

As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai. When such suppliers are choked with big orders, they sometimes parcel out work to subcontractors. In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.

As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

Provided details of Businessweek’s reporting, China’s Ministry of Foreign Affairs sent a statement that said “China is a resolute defender of cybersecurity.” The ministry added that in 2011, China proposed international guarantees on hardware security along with other members of the Shanghai Cooperation Organization, a regional security body. The statement concluded, “We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.”

The Supermicro attack was on another order entirely from earlier episodes attributed to the PLA. It threatened to have reached a dizzying array of end users, with some vital ones in the mix. Apple, for its part, has used Supermicro hardware in its data centers sporadically for years, but the relationship intensified after 2013, when Apple acquired a startup called Topsy Labs, which created superfast technology for indexing and searching vast troves of internet content. By 2014, the startup was put to work building small data centers in or near major global cities. This project, known internally as Ledbelly, was designed to make the search function for Apple’s voice assistant, Siri, faster, according to the three senior Apple insiders.

Documents seen by Businessweek show that in 2014, Apple planned to order more than 6,000 Supermicro servers for installation in 17 locations, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore, and Tokyo, plus 4,000 servers for its existing North Carolina and Oregon data centers. Those orders were supposed to double, to 20,000, by 2015. Ledbelly made Apple an important Supermicro customer at the exact same time the PLA was found to be manipulating the vendor’s hardware.

Project delays and early performance problems meant that around 7,000 Supermicro servers were humming in Apple’s network by the time the company’s security team found the added chips. Because Apple didn’t, according to a U.S. official, provide government investigators with access to its facilities or the tampered hardware, the extent of the attack there remained outside their view.

American investigators eventually figured out who else had been hit. Since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected. Although the investigators couldn’t be sure they’d found every victim, a person familiar with the U.S. probe says they ultimately concluded that the number was almost 30 companies.

That left the question of whom to notify and how. U.S. officials had been warning for years that hardware made by two Chinese telecommunications giants, Huawei Corp. and ZTE Corp., was subject to Chinese government manipulation. (Both Huawei and ZTE have said no such tampering has occurred.) But a similar public alert regarding a U.S. company was out of the question. Instead, officials reached out to a small number of important Supermicro customers. One executive of a large web-hosting company says the message he took away from the exchange was clear: Supermicro’s hardware couldn’t be trusted. “That’s been the nudge to everyone—get that crap out,” the person says.

Amazon, for its part, began acquisition talks with an Elemental competitor, but according to one person familiar with Amazon’s deliberations, it reversed course in the summer of 2015 after learning that Elemental’s board was nearing a deal with another buyer. Amazon announced its acquisition of Elemental in September 2015, in a transaction whose value one person familiar with the deal places at $350 million. Multiple sources say that Amazon intended to move Elemental’s software to AWS’s cloud, whose chips, motherboards, and servers are typically designed in-house and built by factories that Amazon contracts from directly.

A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says. (Amazon denies that AWS knew of servers found in China containing malicious chips.)

China has long been known to monitor banks, manufacturers, and ordinary citizens on its own soil, and the main customers of AWS’s China cloud were domestic companies or foreign entities with operations there. Still, the fact that the country appeared to be conducting those operations inside Amazon’s cloud presented the company with a Gordian knot. Its security team determined that it would be difficult to quietly remove the equipment and that, even if they could devise a way, doing so would alert the attackers that the chips had been found, according to a person familiar with the company’s probe. Instead, the team developed a method of monitoring the chips. In the ensuing months, they detected brief check-in communications between the attackers and the sabotaged servers but didn’t see any attempts to remove data. That likely meant either that the attackers were saving the chips for a later operation or that they’d infiltrated other parts of the network before the monitoring began. Neither possibility was reassuring.

When in 2016 the Chinese government was about to pass a new cybersecurity law—seen by many outside the country as a pretext to give authorities wider access to sensitive data—Amazon decided to act, the person familiar with the company’s probe says. In August it transferred operational control of its Beijing data center to its local partner, Beijing Sinnet, a move the companies said was needed to comply with the incoming law. The following November, Amazon sold the entire infrastructure to Beijing Sinnet for about $300 million. The person familiar with Amazon’s probe casts the sale as a choice to “hack off the diseased limb.”

As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any servers were removed.) In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident.

That August, Supermicro’s CEO, Liang, revealed that the company had lost two major customers. Although he didn’t name them, one was later identified in news reports as Apple. He blamed competition, but his explanation was vague. “When customers asked for lower price, our people did not respond quickly enough,” he said on a conference call with analysts. Hayes, the Supermicro spokesman, says the company has never been notified of the existence of malicious chips on its motherboards by either customers or U.S. law enforcement.

Concurrent with the illicit chips’ discovery in 2015 and the unfolding investigation, Supermicro has been plagued by an accounting problem, which the company characterizes as an issue related to the timing of certain revenue recognition. After missing two deadlines to file quarterly and annual reports required by regulators, Supermicro was delisted from the Nasdaq on Aug. 23 of this year. It marked an extraordinary stumble for a company whose annual revenue had risen sharply in the previous four years, from a reported $1.5 billion in 2014 to a projected $3.2 billion this year.

One Friday in late September 2015, President Barack Obama and Chinese President Xi Jinping appeared together at the White House for an hourlong press conference headlined by a landmark deal on cybersecurity. After months of negotiations, the U.S. had extracted from China a grand promise: It would no longer support the theft by hackers of U.S. intellectual property to benefit Chinese companies. Left out of those pronouncements, according to a person familiar with discussions among senior officials across the U.S. government, was the White House’s deep concern that China was willing to offer this concession because it was already developing far more advanced and surreptitious forms of hacking founded on its near monopoly of the technology supply chain.

In the weeks after the agreement was announced, the U.S. government quietly raised the alarm with several dozen tech executives and investors at a small, invite-only meeting in McLean, Va., organized by the Pentagon. According to someone who was present, Defense Department officials briefed the technologists on a recent attack and asked them to think about creating commercial products that could detect hardware implants. Attendees weren’t told the name of the hardware maker involved, but it was clear to at least some in the room that it was Supermicro, the person says.

The problem under discussion wasn’t just technological. It spoke to decisions made decades ago to send advanced production work to Southeast Asia. In the intervening years, low-cost Chinese manufacturing had come to underpin the business models of many of America’s largest technology companies. Early on, Apple, for instance, made many of its most sophisticated electronics domestically. Then in 1992, it closed a state-of-the-art plant for motherboard and computer assembly in Fremont, Calif., and sent much of that work overseas.

Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest. “You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”

In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”

Bloomberg LP has been a Supermicro customer. According to a Bloomberg LP spokesperson, the company has found no evidence to suggest that it has been affected by the hardware issues raised in the article."

LAST SUMMER, A sign appeared on the door to a stuffy, windowless room at the office of Manhattan artificial-intelligence startup Clarifai. “Chamber of secrets,” it read, according to three people who saw it.

The notice was a joking reference to how the small team working inside was not permitted to discuss its work with others at Clarifai. Former and current employees say the group was working on a controversial Pentagon project using machine-learning algorithms to interpret drone-surveillance imagery—and that Clarifai’s secrets were less safe than they should have been.

A lawsuit filed by former employee Amy Liu this month alleges that Clarifai’s computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military to an adversary. The lawsuit says Clarifai learned of the breach last November, but that Clarifai’s CEO and other executives did not promptly report it to the Pentagon.

In her complaint, Liu, a former Air Force captain who worked in military intelligence, says she was unfairly terminated from her position as director of marketing for arguing that the company needed to disclose the incident. Another former employee told WIRED that his concerns over executives’ handling of the hack prompted him to leave the company.

India will enlist the help of artificial intelligence to develop weapons, defense, and surveillance systems, government officials announced today.

“The world is moving towards an artificial intelligence-driven ecosystem,” Dr. Ajay Kumar, secretary at the defense ministry, said in a statement. “India is also taking necessary steps to prepare our defense forces for the war of the future.”

A 17-person task force is working on an AI roadmap for India’s armed forces, the Times of India reports. Within the next two years, the task force will recommend ways machine learning can be incorporated into the country’s aviation, naval, land, cybersecurity, nuclear, and biological resources, specifically as it relates to the areas of autonomous weapons systems and unmanned surveillance.

The elite group of stakeholders, which is headed by Tata Sons chairman Natarajan Chandrasekaran and includes members of the Army, Navy Air Force, Atomic Energy Commission, and Finance Ministry, was established in February and is expected to submit its first report in the next three months.

“The task force will make recommendations on […] establishing tactical deterrence in the region and visualizing potential transformative weaponry, [and] developing intelligent, autonomous robotic systems, and bolstering cyber defence,” an official told The Times of India.

The push for AI-enhanced defense platforms is a top priority for India Prime Minister Narendra Modi, who said at the Defence Expo 2018 in Chennai, India in April that AI and robots would be “the most important determinants” of the readiness of future militaries. “India, with its leadership in [the] information technology domain, [will] strive to use this technology to its advantage,” he said.

The development follows hard on the heels of news that China is testing autonomous tanks, aircraft, reconnaissance robots, and supply convoys as part of a 1.11 trillion yuan ($173.5 billion) plan to modernize its armed forces.

Russia is also believed to be investing in AI-enabled defense. Its new T-14 Armata battle tank, part of its Universal Combat Platform, is said to have autonomous capabilities.

Amid the global AI arms race, prominent researchers are protesting the use of AI in the development of weapons.

EBay, Stripe, Mastercard and Visa are all dropping out of Facebook’s libra cryptocurrency project, the companies announced Friday. The news comes one week after PayPal announced its withdrawal as government regulators continue to scrutinize the plans.

In statements following the news, the companies said they respect and see potential in the project, but have chosen to focus on other efforts. A Stripe spokesperson said in a statement that the company “is supportive of projects that aim to make online commerce more accessible for people around the world.” Stripe will “remain open to working with the Libra Association at a later stage,” the spokesperson said.

A Visa spokesperson said the company “will continue to evaluate and our ultimate decision will be determined by a number of factors, including the Association’s ability to fully satisfy all requisite regulatory expectations. Visa’s continued interest in Libra stems from our belief that well-regulated blockchain-based networks could extend the value of secure digital payments to a greater number of people and places, particularly in emerging and developing markets.”

The original coalition of 28 corporate backers of the libra cryptocurrency seems to be dwindling as lawmakers continue to question how it will impact sovereign currencies and how the project’s leaders can ensure consumers’ protection. Mercadopago and PayU are now the only two payments companies continuing to back the cryptocurrency as of Friday afternoon. Original backers Uber and Lyft told CNBC there has been no change to their involvement in the project.

The backers abandoning the project may have found safety in numbers after PayPal announced its exit last week. News that eBay, Stripe and Mastercard were each dropping out quickly followed one another Friday afternoon, indicating all three had likely been thinking about leaving during the same period. The decisions come ahead of a planned Libra Association Council meeting on Oct. 14. A week later, libra’s cryptocurrency project will take center stage in front of U.S. lawmakers once again when Facebook CEO Mark Zuckerberg testifies in front of the House Financial Services Committee later this month.

David Marcus, who leads the libra project and was previously the president of PayPal, weighed in on Twitter hours after the announcements. He cautioned “against reading the fate of Libra into this update.”

In the UK and Germany, the proportion is even higher: one in three. In the Netherlands, fully 43 percent want AI to decide policy.

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.

The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software.

GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

According to these documents, GHIDRA is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux.

GHIDRA can also analyze binaries for all major operating systems, such as Windows, Mac, Linux, Android, and iOS, and a modular architecture allows users to add packages in case they need extra features.

According to GHIDRA's description in the RSA conference session intro, the tool "includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed."

US government workers to whom ZDNet has spoken today said the tool is well-known and liked, and generally used by operators in defensive roles, who normally analyze malware found on government networks.

Some people who know and used the tool and have shared opinions on social media, such as HackerNews, Reddit, and Twitter, have compared GHIDRA with IDA, a well-known reverse engineering tool -but also very expensive, with licenses priced in the range of thousands of dollars.

Most users say that GHIDRA is slower and buggier than IDA, but by open-sourcing it, the NSA will benefit from free maintenance from the open source community, allowing GHIDRA to quickly catch up and maybe surpass IDA.

The news of the NSA open-sourcing one of its internal tools should not surprise you. The NSA has open-sourced all sorts of tools over the past few years, with the most successful of them being Apache NiFi, a project for automating large data transfers between web apps, and which has become a favorite on the cloud computing scene.

In total, the NSA has open-sourced 32 projects as part of its Technology Transfer Program (TTP) so far and has most recently even opened an official GitHub account.

GHIDRA will be demoed at the RSA conference on March 5 and is expected to be released soon after on the agency's Code page and GitHub account.

This is happening in the city of Tianjin, about an hour’s drive south of Beijing, within a gleaming office building that belongs to iFlytek, one of China’s rapidly rising artificial-intelligence companies. Beyond guarded gates, inside a glitzy showroom, the US president is on a large TV screen heaping praise on the Chinese company. It’s Trump’s voice and face, but the recording is, of course, fake—a cheeky demonstration of the cutting-edge AI technology iFlytek is developing.

Jiang Tao chuckles and leads the way to some other examples of iFlytek’s technology. Throughout the tour, Tao, one of the company’s cofounders, uses another remarkable innovation: a hand-held device that converts his words from Mandarin into English almost instantly. At one point he speaks into the machine, and then grins as it translates: “I find that my device solves the communication problem.”

iFlytek’s translator shows off AI capabilities that rival those found anywhere in the world. But it also highlights a big hole in China’s plan, unveiled in 2017, to be the world leader in AI by 2030. The algorithms inside were developed by iFlytek, but the hardware—the microchips that bring those algorithms to life—was designed and made elsewhere. While China manufactures most of the world’s electronic gadgets, it has failed, time and again, to master the production of these tiny, impossibly intricate silicon structures. Its dependence on foreign integrated circuits could potentially cripple its AI ambitions.

However, AI itself could change all that. New types of chips are being invented to fully exploit advances in AI, by training and running deep neural networks for tasks such as voice recognition and image processing. These chips handle data in a fundamentally different way from the silicon logic circuits that have defined the cutting edge of hardware for decades. It means reinventing microchips for the first time in ages.

China won’t be playing catch-up with these new chips, as it has done with more conventional chips for decades. Instead, its existing strength in AI and its unparalleled access to the quantities

of data required to train AI algorithms could give it an edge in designing chips optimized to run them.

China’s chip ambitions have geopolitical implications, too. Advanced chips are key to new weapons systems, better cryptography, and more powerful supercomputers. They are also central to the increasing trade tensions between the US and China. A successful chip industry would make China more economically competitive and independent. To many, in both Washington and Beijing, national strength and security are at stake.

Silicon visions

On the outskirts of Wuhan, a sprawling city a few days’ cruise up the Yangtze from Shanghai, stands a factory that would span several football fields. It belongs to Tsinghua Unigroup, a state-backed microchip manufacturer. By the end of 2019, the factory will be producing silicon wafers that will then be cut into advanced memory chips.

Tsinghua Unigroup aims to expand the Wuhan facility to three times its current size, at a total cost of $24 billion. It’s developing two similar sites, one along the Yangtze in Nanjing and another further west in Chengdu, at similar cost. They will be the largest and most sophisticated chip factories ever built by a Chinese company.

It’s all part of an effort by China to drag its chipmaking industry forward. In 2014, the government established the National Integrated Circuits Industry Investment Fund, a subsidy program that plans to raise $180 billion from local-government-backed funds and state-owned enterprises. A year later, it released Made in China 2025, a sweeping blueprint for upgrading China’s entire manufacturing industry. This set the hugely ambitious goal of producing $305 billion worth of chips per year and meeting 80% of domestic demand for chips by 2030, up from $65 billion and 33%, respectively, in 2016. Today global production stands at $412 billion.

The company told Reuters it was aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique.

The privacy standard-bearer of the tech industry said it will change default settings in the iPhone operating system to cut off communication through the USB port when the phone has not been unlocked in the past hour.

That port is how machines made by forensic companies GrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can be made before the device freezes them out or erases data. Now they will be unable to run code on the devices after the hour is up.

These companies have marketed their machines to law enforcement in multiple countries this year, offering the machines themselves for thousands of dollars but also per-phone pricing as low as $50.

Apple representatives said the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under U.S. law. They also noted that criminals, spies and unscrupulous people often use the same techniques. Even some of the methods most prized by intelligence agencies have been leaked on the internet.

“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a prepared statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”

Apple began working on the USB issue before learning it was a favorite of law enforcement.

• China is building a new space station, and officials say the whole world is invited to participate.
• The move comes after President Donald Trump announced plans to scale back the US's funding commitments for the International Space Station earlier than originally planned.
• China's new station could be operational as soon as 2022.