Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)

Social media companies accelerate removals of online hate speech

A man reads tweets on his phone in front of a displayed Twitter logo in Bordeaux, southwestern France, March 10, 2016. REUTERS/Regis

By Julia Fioretti

BRUSSELS (Reuters) – Social media companies Facebook, Twitter and Google’s YouTube have accelerated removals of online hate speech in the face of a potential European Union crackdown.

The EU has gone as far as to threaten social media companies with new legislation unless they increase efforts to fight the proliferation of extremist content and hate speech on their platforms.

Microsoft, Twitter, Facebook and YouTube signed a code of conduct with the EU in May 2016 to review most complaints within a 24-hour timeframe. Instagram and Google+ will also sign up to the code, the European Commission said.

The companies managed to review complaints within a day in 81 percent of cases during monitoring of a six-week period towards the end of last year, EU figures released on Friday show, compared with 51 percent in May 2017 when the Commission last examined compliance with the code of conduct.

On average, the companies removed 70 percent of the content flagged to them, up from 59.2 percent in May last year.

EU Justice Commissioner Vera Jourova has said that she does not want to see a 100 percent removal rate because that could impinge on free speech.

She has also said she is not in favor of legislating as Germany has done. A law providing for fines of up to 50 million euros ($61.4 million) for social media companies that do not remove hate speech quickly enough went into force in Germany this year.

Jourova said the results unveiled on Friday made it less likely that she would push for legislation on the removal of illegal hate speech.

‘NO FREE PASS’

“The fact that our collaborative approach on illegal hate speech brings good results does not mean I want to give a free pass to the tech giants,” she told a news conference.

Facebook reviewed complaints in less than 24 hours in 89.3 percent of cases, YouTube in 62.7 percent of cases and Twitter in 80.2 percent of cases.

“These latest results and the success of the code of conduct are further evidence that the Commission’s current self-regulatory approach is effective and the correct path forward.” said Stephen Turner, Twitter’s head of public policy.

Of the hate speech flagged to the companies, almost half of it was found on Facebook, the figures show, while 24 percent was on YouTube and 26 percent on Twitter.

The most common ground for hatred identified by the Commission was ethnic origin, followed by anti-Muslim hatred and xenophobia, including expressions of hatred against migrants and refugees.

Pressure from several European governments has prompted social media companies to step up efforts to tackle extremist online content, including through the use of artificial intelligence.

YouTube said it was training machine learning models to flag hateful content at scale.

“Over the last two years we’ve consistently improved our review and action times for this type of content on YouTube, showing that our policies and processes are effective, and getting better over time,” said Nicklas Lundblad, Google’s vice president of public policy in EMEA.

“We’ve learned valuable lessons from the process, but there is still more we can do.”

The Commission is likely to issue a recommendation at the end of February on how companies should take down extremist content related to militant groups, an EU official said.

(Reporting by Julia Fioretti; Additional reporting by Foo Yun Chee; Editing by Grant McCool and David Goodman)

Tech companies wage war on disease-carrying mosquitoes

Researcher Ethan Jackson places the Project Premonition mosquito trap in the wild in this handout photo obtained by Reuters June 30, 2017. Microsoft/Handout via REUTERS

By Julie Steenhuysen

CHICAGO (Reuters) – American technology companies are bringing automation and robotics to the age-old task of battling mosquitoes in a bid to halt the spread of Zika and other mosquito-borne maladies worldwide.

Firms including Microsoft Corp and California life sciences company Verily are forming partnerships with public health officials in several U.S. states to test new high-tech tools.

In Texas, Microsoft is testing a smart trap to isolate and capture Aedes aegypti mosquitoes, known Zika carriers, for study by entomologists to give them a jump on predicting outbreaks.

Verily, Alphabet’s life sciences division based in Mountain View, California, is speeding the process for creating sterile male mosquitoes to mate with females in the wild, offering a form of birth control for the species.

While it may take years for these advances to become widely available, public health experts say new players brings fresh thinking to vector control, which still relies heavily on traditional defenses such as larvicides and insecticides. “It’s exciting when technology companies come on board,” said Anandasankar Ray, an associate professor of entomology at the University of California, Riverside. “Their approach to a biological challenge is to engineer a solution.”

SMART TRAPS

The Zika epidemic that emerged in Brazil in 2015 and left thousands of babies suffering from birth defects has added urgency to the effort.

While cases there have slowed markedly, mosquitoes capable of carrying the virus – Aedes aegypti and Aedes albopictus – are spreading in the Americas, including large swaths of the southern United States.

(For a map of U.S. mosquito territory, see http://tmsnrt.rs/2tqlJHa)

The vast majority of the 5,365 Zika cases reported in the United States so far are from travelers who contracted the virus elsewhere. Still, two states – Texas and Florida – have recorded cases transmitted by local mosquitoes, making them prime testing grounds for new technology.

In Texas, 10 mosquito traps made by Microsoft are operating in Harris County, which includes the city of Houston.

Roughly the size of large birdhouses, the devices use robotics, infrared sensors, machine learning and cloud computing to help health officials keep tabs on potential disease carriers.

Texas recorded six cases of local mosquito transmission of Zika in November and December of last year. Experts believe the actual number is likely higher because most infected people do not develop symptoms.

Pregnant women are at high risk because they can pass the virus to their fetuses, resulting in a variety of birth defects. Those include microcephaly, a condition in which infants are born with undersized skulls and brains. The World Health Organization declared Zika a global health emergency in February 2016.

Most conventional mosquito traps capture all comers – moths, flies, other mosquito varieties – leaving a pile of specimens for entomologists to sort through. The Microsoft machines differentiate insects by measuring a feature unique to each species: the shadows cast by their beating wings. When a trap detects an Aedes aegypti in one of its 64 chambers, the door slams shut.

The machine “makes a decision about whether to trap it,” said Ethan Jackson, a Microsoft engineer who is developing the device.

The Houston tests, begun last summer, showed the traps could detect Aedes aegypti and other medically important mosquitoes with 85 percent accuracy, Jackson said.

The machines also record shadows made by other insects as well as environmental conditions such as temperature and humidity. The data can be used to build models to predict where and when mosquitoes are active.

Mustapha Debboun, director of Harris County’s mosquito and vector control division, said the traps save time and give researchers more insight into mosquito behavior. “For science and research, this is a dream come true,” he said.

The traps are prototypes now. But Microsoft’s Jackson said the company eventually hopes to sell them for a few hundred dollars each, roughly the price of conventional traps. The goal is to spur wide adoption, particularly in developing countries, to detect potential epidemics before they start.

“What we hope is (the traps) will allow us to bring more precision to public health,” Jackson said.

SORTING MOSQUITOES WITH ROBOTS

Other companies, meanwhile, are developing technology to shrink mosquito populations by rendering male Aedes aegypti mosquitoes sterile. When these sterile males mate with females in the wild, their eggs don’t hatch.

The strategy offers an alternative to chemical pesticides. But it requires the release of millions of laboratory-bred mosquitoes into the outdoors. Males don’t bite, which has made this an easier sell to places now hosting tests.

Oxitec, an Oxford, England-based division of Germantown, Maryland-based Intrexon Corp, is creating male mosquitoes genetically modified to be sterile. It has already deployed them in Brazil, and is seeking regulatory approval for tests in Florida and Texas.

MosquitoMate Inc, a startup formed by researchers at the University of Kentucky, is using a naturally occurring bacterium called Wolbachia to render male mosquitoes sterile.

One of the biggest challenges is sorting the sexes.

At MosquitoMate’s labs in Lexington, immature mosquitoes are forced through a sieve-like mechanism that separates the smaller males from the females. These mosquitoes are then hand sorted to weed out any stray females that slip through.

“That’s basically done using eyeballs,” said Stephen Dobson, MosquitoMate’s chief executive.

Enter Verily. The company is automating mosquito sorting with robots to make it faster and more affordable. Company officials declined to be interviewed. But on its website, Verily says it’s combining sensors, algorithms and “novel engineering” to speed the process.

Verily and MosquitoMate have teamed up to test their technology in Fresno, California, where Aedes aegypti arrived in 2013.

Officials worry that residents who contract Zika elsewhere could spread it in Fresno if they’re bitten by local mosquitoes that could pass the virus to others.

“That is very much of a concern because it is the primary vector for diseases such as dengue, chikungunya and obviously Zika,” said Steve Mulligan, manager of the Consolidated Mosquito Abatement District in Fresno County.

The study, which still needs state and federal approval, is slated for later this summer.

(Editing by Marla Dickerson)

Russia causing cyber mayhem, should face retaliation: ex-UK spy chief

The director of Britain's GCHQ Robert Hannigan delivers a speech at Government Communications Headquarters in Cheltenham, November 17, 2015.

By Michael Holden

LONDON (Reuters) – Russia is causing cyberspace mayhem and should face retaliation if it continues to undermine democratic institutions in the West, the former head of Britain’s GCHQ spy agency said on Monday.

Russia denies allegations from governments and intelligence services that it is behind a growing number of cyber attacks on commercial and political targets around the world, including the hackings of recent U.S. and French presidential election campaigns.

Asked if the Russian authorities were a threat to the democratic process, Robert Hannigan, who stepped down as head of the UK’s intelligence service in March, said: “Yes … There is a disproportionate amount of mayhem in cyberspace coming from Russia from state activity.”

In his first interview since leaving GCHQ, Hannigan told BBC radio that it was positive that French President Emmanuel Macron and German Chancellor Angela Merkel had publicly “called this out recently”.

Standing alongside Russian President Vladimir Putin in May, Macron said state-funded Russian news outlets had sought to destabilize his campaign while the head of Germany’s domestic intelligence agency said last week it was expecting Russia to try to influence the German election in September.

“Ultimately people will have to push back against Russian state activity and show that it’s unacceptable,” he said.

“It doesn’t have to be by cyber retaliation, but it may be that is necessary at some time in the future. It may be sanctions and other measures, just to put down some red lines and say that this behavior is unacceptable.”

Hannigan also said it would be a mistake to force social media companies to allow intelligence agencies to access services protected by encryption through so-called “back door” access.

“The best you can do with end-to-end encryption is work with companies in a cooperative way to find ways around it frankly,” he said. He said such “back doors” would weaken systems.

Hannigan also said governments should wait to see how a global working group on tackling online extremism established by Facebook, Google’s YouTube, Twitter and Microsoft performed before seeking new laws.

“Legislation is a blunt last resort because frankly extremism is very difficult to define in law and you could spend all your time in court arguing about whether a particular video crosses the line or not,” he said.

Last month, Germany approved a plan to fine social media networks up to 50 million euros ($57 million) if they failed to remove hateful postings promptly. Britain has also mooted bringing in possible sanctions for tech firms that failed to remove extremist content.

 

 

(Editing by Raissa Kasolowsky)

 

Security experts find clues to ransomware worm’s lingering risks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

(Corrects spelling of first name in paragraph 22 of this May 18 story to Salim from Samil)

By Eric Auchard

FRANKFURT (Reuters) – Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.

Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia, believing that identifying “patient zero” could help catch its criminal authors.

They are having more luck dissecting flaws that limited its spread.

Security experts warn that while computers at more than 300,000 internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.

“Some organizations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are short-staffed,” said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit.

“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.

WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7, said Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity.

Data from BitSight covering 160,000 internet-connected computers hit by WannaCry, shows that Windows 7 accounts for 67 percent of infections, although it represents less than half of the global distribution of Windows PC users.

Computers running older versions, such as Windows XP used in Britain’s NHS health system, while individually vulnerable to attack, appear incapable of spreading infections and played a far smaller role in the global attack than initially reported.

In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.

Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, BitSight estimated.

COMPUTER BASICS

Any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical” when it was released on March 14 on all computers on their networks are immune, experts agree.

Those hit by WannaCry also failed to heed warnings last year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.

“Clearly people who run supported versions of Windows and patched quickly were not affected”, Trustwave’s Mador said.

Microsoft has faced criticism since 2014 for withdrawing support for older versions of Windows software such as 16-year-old Windows XP and requiring users to pay hefty annual fees instead. The British government canceled a nationwide NHS support contract with Microsoft after a year, leaving upgrades to local trusts.

Seeking to head off further criticism in the wake of the WannaCry outbreak, the U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers.(http://reut.rs/2qvSPUR)

Microsoft declined to comment for this story.

On Sunday, the U.S. software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet (http://reut.rs/2qAOdLm).

Half of all internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 percent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.(http://tmsnrt.rs/2qIUckv)

DUMB AND SOPHISTICATED

The ransomware mixes copycat software loaded with amateur coding mistakes and recently leaked spy tools widely believed to have been stolen from the U.S. National Security Agency, creating a vastly potent class of crimeware.

“What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption”, said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.

Last Friday, the company’s British-based 22-year-old data breach research chief, Marcus Hutchins, created a “kill-switch”, which security experts have widely hailed as the decisive step in halting the ransomware’s rapid spread around the globe.

WannaCry appears to target mainly enterprises rather than consumers: Once it infects one machine, it silently proliferates across internal networks which can connect hundreds or thousands of machines in large firms, unlike individual consumers at home.

An unknown number of computers sit behind the 300,000 infected internet connections identified by Kryptos.

Because of the way WannaCry spreads sneakily inside organization networks, a far larger total of ransomed computers sitting behind company firewalls may be hit, possibly numbering upward of a million machines. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday.

Liran Eshel, chief executive of cloud storage provider CTERA Networks, said: “The attack shows how sophisticated ransomware has become, forcing even unaffected organizations to rethink strategies.”

ESCAPE ROUTE

Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.

However, a bug in WannaCry code means the attackers cannot use unique bitcoin addresses to track payments, security researchers at Symantec found this week. The result: “Users unlikely to get files restored”, the company’s Security Response team tweeted.

The rapid recovery by many organizations with unpatched computers caught out by the attack may largely be attributed to back-up and retrieval procedures they had in place, enabling technicians to re-image infected machines, experts said.

While encrypting individual computers it infects, WannaCry code does not attack network data-backup systems, as more sophisticated ransomware packages typically do, security experts who have studied WannaCry code agree.

These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.

Less than 300 payments worth around $83,000 had been paid into WannaCry blackmail accounts by Thursday (1800 GMT), six days after the attack began and one day before the ransomware threatens to start locking up victim computers forever. (Reuters graphic: [http://tmsnrt.rs/2rqaLyz)

The Verizon 2017 Data Breach Investigations Report, the most comprehensive annual survey of security breakdowns, found that it takes three months before at least half of organizations install major new software security patches.

WannaCry landed nine weeks after Microsoft’s patch arrived.

“The same things are causing the same problems. That’s what the data shows,” MWR research head Pratley said.

“We haven’t seen many organizations fall over and that’s because they did some of the security basics,” he said.

For a graphic on WannaCry worm, click http://fingfx.thomsonreuters.com/gfx/rngs/CYBER-ATTACK/010041552FY/index.html

(Editing by Philippa Fletcher)

More disruptions feared from cyber attack; Microsoft slams government secrecy

Indonesia's Minister of Communications and Information, Rudiantara, speaks to journalists during a press conference about the recent cyber attack, at a cafe in Jakarta, Indonesia

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware worm that disrupted operations at car factories, hospitals, shops and schools, while Microsoft on Sunday pinned blame on the U.S. government for not disclosing more software vulnerabilities.

Cyber security experts said the spread of the worm dubbed WannaCry – “ransomware” that locked up more than 200,000 computers in more than 150 countries – had slowed but that the respite might only be brief amid fears new versions of the worm will strike.

In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the U.S. National Security Agency, that leaked online in April.

“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. He added that governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.

Economic experts offered differing views on how much the attack, and associated computer outages, would cost businesses and governments.

The non-profit U.S. Cyber Consequences Unit research institute estimated that total losses would range in the hundreds of millions of dollars, but not exceed $1 billion.

Most victims were quickly able to recover infected systems with backups, said the group’s chief economist, Scott Borg.

California-based cyber risk modeling firm Cyence put the total economic damage at $4 billion, citing costs associated with businesses interruption.

U.S. President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an “emergency meeting” to assess the threat posed by the global attack, a senior administration official told Reuters.

Senior U.S. security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the NSA were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

The investigations into the attack were in the early stages, however, and attribution for cyber attacks is notoriously difficult.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet last month by a hacking group known as the Shadow Brokers.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

MONDAY MORNING RUSH?

Monday was expected to be a busy day, especially in Asia, which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.

“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

The attack hit organizations of all sizes.

Renault said it halted manufacturing at plants in France and Romania to prevent the spread of ransomware.

Other victims include is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and international shipper FedEx Corp

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records.

Account addresses hard-coded into the malicious WannaCry virus appear to show the attackers had received just under $32,500 in anonymous bitcoin currency as of (1100 GMT) 7 a.m. EDT on Sunday, but that amount could rise as more victims rush to pay ransoms of $300 or more.

The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm’s spread by registering a web address to which he noticed the malware was trying to connect.

Security experts said his move bought precious time for organizations seeking to block the attacks.

(Additional reporting by Jim Finkle, Neil Jerome Morales, Masayuki Kitano, Kiyoshi Takenaka, Jose Rodriguez, Elizabeth Piper, Emmanuel Jarry, Orathai Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold, Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen and Nick Zieminski; Editing by Mark Heinrich and Peter Cooney)

‘Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president

microsoft president brad smith

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

Countries need to develop and abide by global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two, Smith said. Technology companies, he added, need to preserve trust and stability online by pledging neutrality in cyber conflict.

“We need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a blog post.

Smith outlined his proposal during keynote remarks at this week’s RSA cybersecurity conference in San Francisco, following a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.

Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Smith said President Donald Trump has an opportunity to build on those agreements by sitting down with Russian President Vladimir Putin to “hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.”

A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.

(Reporting by Dustin Volz; Editing by Dan Grebler)

Microsoft to continue to invest over $1 billion a year on cyber security

Microsoft

By Tova Cohen

TEL AVIV (Reuters) – U.S. software firm Microsoft Corp <MSFT.O> will continue to invest over $1 billion annually on cyber security research and development in the coming years, a senior executive said.

This amount does not include acquisitions Microsoft may make in the sector, Bharat Shah, Microsoft vice president of security, told Reuters on the sidelines of the firm’s BlueHat cyber security conference in Tel Aviv.

“As more and more people use cloud, that spending has to go up,” Shah said.

While the number of attempted cyber attacks was 20,000 a week two or three years ago, that figure had now risen to 600,000-700,000, according to Microsoft data.

Long known for its Windows software, Microsoft has shifted focus to the cloud where it is dueling with larger rival Amazon.com <AMZN.O> to control the still fledgling market.

In October it said quarterly sales from its flagship cloud product Azure, which businesses can use to host their websites, apps or data, rose 116 percent.

In addition to its internal security investments, Microsoft has bought three security firms, all in Israel, in a little over two years: enterprise security startup Aorato, cloud security firm Adallom, and Secure Islands, whose data and file protection technology has been integrated into cloud service Azure Information Protection.

Financial details of these deals were not disclosed.

“If you are talking about an ecosystem with more than 400 start-ups it’s not really a coincidence. Israel is huge in security,” said Secure Islands founder Yuval Eldar.

Microsoft’s venture arm has also made three cyber security investments in Israel, including this week an undisclosed amount in Illusive Networks, which uses deception technology to detect attacks and has been installed at banks and retailers.

Earlier this month Microsoft said it invested in Israel’s Team8, which created Illusive Networks.

Though Microsoft does not have any near-term plans to implement deception technology, “we look at lots of different technologies that might be of use in the future,” Shah said.

Shah believes that in the next year or so progress should be made in moving toward broader implementation of user authentication without need for a password.

Microsoft’s Windows 10 operating system includes Windows Hello, which allows users to scan their face, iris or fingerprints to verify their identity and sign in.

(Reporting by Tova Cohen; Editing by Steven Scheer and Adrian Croft)

EU-U.S. commercial data transfer pact enters into force

Servers in Iceland

By Julia Fioretti

BRUSSELS (Reuters) – A new commercial data pact between the European Union and the United States entered into force on Tuesday, ending months of uncertainty over cross-border data flows, and companies such as Google <GOOGL.O>, Facebook <FB.O> and Microsoft <MSFT.O> can sign up from Aug. 1.

The EU-U.S. Privacy Shield will give businesses moving personal data across the Atlantic – from human resources information to people’s browsing histories to hotel bookings – an easy way to do so without falling foul of tough EU data transferral rules.

The previous such framework, Safe Harbour, was struck down by the EU’s top court in October on the grounds that it allowed U.S. agents too much access to Europeans’ data.

Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and stoked mistrust of big U.S. tech companies.

In the months that followed the EU ruling companies have had to rely on other more cumbersome mechanisms for legally transferring data to the United States.

The Privacy Shield will underpin over $250 billion dollars of transatlantic trade in digital services annually.

Google and Microsoft said they would sign up to the Privacy Shield and would work with European data protection authorities in case of inquiries.

A person familiar with social network Facebook’s thinking said the company had not yet decided whether to sign up.

“It’s too early to say as we haven’t seen the full text yet but like other companies we will be evaluating the text in the coming weeks,” the person said.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.

However the framework also faces criticism from privacy advocates for not going far enough in protecting Europeans’ data and is widely expected to be challenged in court.

Max Schrems, the Austrian law student who successfully challenged Safe Harbour, said the Privacy Shield was “little more than a little upgrade to Safe Harbour”. However he added that he did not have plans to challenge it himself for the time being.

“We are confident the framework will withstand further scrutiny,” Penny Pritzker, U.S. Secretary of Commerce, told a news conference.

EU data protection authorities, who had demanded improvements to the Privacy Shield in April, said they were analyzing the framework and would finalize a position by July 25.

(Editing by Alexandra Hudson and Louise Heavens)

Pakistan, Indonesia lead in malware attacks

An illustration picture shows a projection of text on the face of a woman in Berlin

SAN FRANCISCO (Reuters) – Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal attract the highest rates of attempted malware attacks, according to Microsoft Corp.

Countries that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a new study, based on sensors in systems running Microsoft anti-malware software.

“We look at north of 10 million attacks on identities every day,” said Microsoft manager Alex Weinert, although attacks do not always succeed.

About half of all attacks originate in Asia and one-fifth in Latin America.

Millions occur each year when the attacker has valid credentials, Microsoft said, meaning the attacker knows a user’s login and password. A technology known as machine learning can often detect those attacks by looking for data points such as whether the location of the user is familiar.

On average, 240 days elapse between a security breach in a computer system and detection of that breach, said Tim Rains, director of security at Microsoft. The study, Microsoft Security Intelligence report, comes out Thursday.

(This story corrects headline to Indonesia, not India)

(Reporting by Sarah McBride; Editing by David Gregorio)